From f091a285891d3fc319c111a54e97f0ce1bdf7868 Mon Sep 17 00:00:00 2001 From: TLINDEN Date: Sat, 15 Aug 2015 13:04:30 +0200 Subject: [PATCH] use mzero instead of wasting randomness --- libpcp/key.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/libpcp/key.c b/libpcp/key.c index acfbd07..392b572 100644 --- a/libpcp/key.c +++ b/libpcp/key.c @@ -175,12 +175,9 @@ pcp_key_t *pcpkey_encrypt(PCPCTX *ptx, pcp_key_t *key, char *passphrase) { /* success */ memcpy(key->encrypted, encrypted, 176); ucfree(encrypted, es); - arc4random_buf(key->secret, 32); - arc4random_buf(key->edsecret, 64); - arc4random_buf(key->mastersecret, 64); - key->secret[0] = 0; - key->edsecret[0] = 0; - key->mastersecret[0] = 0; + memset(key->secret, 0, 32); + memset(key->edsecret, 0, 64); + memset(key->mastersecret, 0, 64); } else { fatal(ptx, "failed to encrypt the secret key!\n");