From f18d0e557ce7644af8ccf3feae789afc4915daa5 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Tue, 16 Dec 2003 11:30:57 +0000
Subject: * seckey-cert.c (protect_secret_key): Use gry_create_nonce for the
 IV; there is not need for real strong random here and it even better protect
 the random bits used for the key.

---
 g10/ChangeLog     | 6 ++++++
 g10/seckey-cert.c | 3 +--
 2 files changed, 7 insertions(+), 2 deletions(-)

(limited to 'g10')

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 897836191..849e6931a 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,9 @@
+2003-12-15  Werner Koch  <wk@gnupg.org>
+
+	* seckey-cert.c (protect_secret_key): Use gry_create_nonce for the
+	IV; there is not need for real strong random here and it even
+	better protect the random bits used for the key.
+
 2003-11-16  Moritz Schulte  <mo@g10code.com>
 
 	* signal.c: Removed unused file.
diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c
index 5b0238240..7356cb224 100644
--- a/g10/seckey-cert.c
+++ b/g10/seckey-cert.c
@@ -346,8 +346,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek )
 	    assert( sk->protect.ivlen <= DIM(sk->protect.iv) );
 	    if( sk->protect.ivlen != 8 && sk->protect.ivlen != 16 )
 		BUG(); /* yes, we are very careful */
-	    gcry_randomize (sk->protect.iv, sk->protect.ivlen,
-                            GCRY_STRONG_RANDOM);
+	    gcry_create_nonce (sk->protect.iv, sk->protect.ivlen);
 	    gcry_cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen );
 	    if( sk->version >= 4 ) {
                 unsigned char *bufarr[PUBKEY_MAX_NSKEY];
-- 
cgit v1.2.3