* encrypt.c (init_dek): Use gry_create_nonce for the IV; there is

not need for real strong random here and it even better protect the random bits used for the key.
2025-07-02 22:46:30 +02:00 · 2003-12-16 11:31:46 +00:00 · 2003-12-16 11:31:46 +00:00 · d0fbe288b2
commit d0fbe288b2
parent f18d0e557c
5 changed files with 12 additions and 6 deletions
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@ -61,7 +61,7 @@ struct encrypt_cb_parm_s {



-/* initialize the data encryptionkey (session key) */
+/* Initialize the data encryption key (session key). */
 static int
 init_dek (DEK dek)
 {
@ -112,7 +112,7 @@ init_dek (DEK dek)
      return rc;
    }

-  gcry_randomize (dek->iv, dek->ivlen, GCRY_STRONG_RANDOM);
+  gcry_create_nonce (dek->iv, dek->ivlen);
  rc = gcry_cipher_setiv (dek->chd, dek->iv, dek->ivlen);
  if (rc)
    {