* seckey-cert.c (protect_secret_key): Use gry_create_nonce for the

IV; there is not need for real strong random here and it even better protect the random bits used for the key.
2024-12-22 10:19:57 +01:00 · 2003-12-16 11:30:57 +00:00 · 2003-12-16 11:30:57 +00:00 · f18d0e557c
commit f18d0e557c
parent d06cba6984
2 changed files with 7 additions and 2 deletions
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,9 @@
+2003-12-15  Werner Koch  <wk@gnupg.org>
+
+	* seckey-cert.c (protect_secret_key): Use gry_create_nonce for the
+	IV; there is not need for real strong random here and it even
+	better protect the random bits used for the key.
+
 2003-11-16  Moritz Schulte  <mo@g10code.com>

 	* signal.c: Removed unused file.
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@ -346,8 +346,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
 	    assert( sk->protect.ivlen <= DIM(sk->protect.iv) );
 	    if( sk->protect.ivlen != 8 && sk->protect.ivlen != 16 )
 		BUG(); /* yes, we are very careful */
-	    gcry_randomize (sk->protect.iv, sk->protect.ivlen,
-                            GCRY_STRONG_RANDOM);
+	    gcry_create_nonce (sk->protect.iv, sk->protect.ivlen);
 	    gcry_cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
 	    if( sk->version >= 4 ) {
                unsigned char *bufarr[PUBKEY_MAX_NSKEY];