diff options
| author | lloyd <[email protected]> | 2008-06-11 01:15:31 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2008-06-11 01:15:31 +0000 |
| commit | 184fe79523ad605ea3c820b83e984362433b2a7a (patch) | |
| tree | feca060d82d2e0cbdbddc2f29f00c7b7db682974 | |
| parent | 7253964aba9ca41a88261557d8cd91df39cd4b88 (diff) | |
Modify X509_CA::make_cert and X509_CA::sign_request to take a RNG reference
argument in favor of referencing the global PRNG argument
| -rw-r--r-- | checks/x509.cpp | 15 | ||||
| -rw-r--r-- | include/x509_ca.h | 2 | ||||
| -rw-r--r-- | src/x509_ca.cpp | 6 | ||||
| -rw-r--r-- | src/x509self.cpp | 4 |
4 files changed, 16 insertions, 11 deletions
diff --git a/checks/x509.cpp b/checks/x509.cpp index 459f3b62f..6a61ad361 100644 --- a/checks/x509.cpp +++ b/checks/x509.cpp @@ -69,11 +69,13 @@ u32bit check_against_copy(const Private_Key& orig) void do_x509_tests() { + RandomNumberGenerator& rng = global_state().prng_reference(); + std::cout << "Testing X.509 CA/CRL/cert/cert request: " << std::flush; /* Create the CA's key and self-signed cert */ std::cout << '.' << std::flush; - RSA_PrivateKey ca_key(1024, global_state().prng_reference()); + RSA_PrivateKey ca_key(1024, rng); std::cout << '.' << std::flush; X509_Certificate ca_cert = X509::create_self_signed_cert(ca_opts(), ca_key); @@ -81,15 +83,14 @@ void do_x509_tests() /* Create user #1's key and cert request */ std::cout << '.' << std::flush; - DSA_PrivateKey user1_key(DL_Group("dsa/jce/1024"), - global_state().prng_reference()); + DSA_PrivateKey user1_key(DL_Group("dsa/jce/1024"), rng); std::cout << '.' << std::flush; PKCS10_Request user1_req = X509::create_cert_req(req_opts1(), user1_key); /* Create user #2's key and cert request */ std::cout << '.' << std::flush; - RSA_PrivateKey user2_key(1024, global_state().prng_reference()); + RSA_PrivateKey user2_key(1024, rng); std::cout << '.' << std::flush; PKCS10_Request user2_req = X509::create_cert_req(req_opts2(), user2_key); @@ -101,11 +102,11 @@ void do_x509_tests() /* Sign the requests to create the certs */ std::cout << '.' << std::flush; X509_Certificate user1_cert = - ca.sign_request(user1_req, X509_Time("2008-01-01"), - X509_Time("2100-01-01")); + ca.sign_request(user1_req, rng, + X509_Time("2008-01-01"), X509_Time("2100-01-01")); std::cout << '.' << std::flush; - X509_Certificate user2_cert = ca.sign_request(user2_req, + X509_Certificate user2_cert = ca.sign_request(user2_req, rng, X509_Time("2008-01-01"), X509_Time("2100-01-01")); std::cout << '.' << std::flush; diff --git a/include/x509_ca.h b/include/x509_ca.h index 1f0e35261..7d4e21748 100644 --- a/include/x509_ca.h +++ b/include/x509_ca.h @@ -22,6 +22,7 @@ class BOTAN_DLL X509_CA { public: X509_Certificate sign_request(const PKCS10_Request& req, + RandomNumberGenerator& rng, const X509_Time& not_before, const X509_Time& not_after); @@ -32,6 +33,7 @@ class BOTAN_DLL X509_CA u32bit = 0) const; static X509_Certificate make_cert(PK_Signer*, + RandomNumberGenerator&, const AlgorithmIdentifier&, const MemoryRegion<byte>&, const X509_Time&, const X509_Time&, diff --git a/src/x509_ca.cpp b/src/x509_ca.cpp index e7557cea5..024803ab4 100644 --- a/src/x509_ca.cpp +++ b/src/x509_ca.cpp @@ -43,6 +43,7 @@ X509_CA::X509_CA(const X509_Certificate& c, * Sign a PKCS #10 certificate request * *************************************************/ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, + RandomNumberGenerator& rng, const X509_Time& not_before, const X509_Time& not_after) { @@ -70,7 +71,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, extensions.add( new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name())); - return make_cert(signer, ca_sig_algo, req.raw_public_key(), + return make_cert(signer, rng, ca_sig_algo, req.raw_public_key(), not_before, not_after, cert.subject_dn(), req.subject_dn(), extensions); @@ -80,6 +81,7 @@ X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, * Create a new certificate * *************************************************/ X509_Certificate X509_CA::make_cert(PK_Signer* signer, + RandomNumberGenerator& rng, const AlgorithmIdentifier& sig_algo, const MemoryRegion<byte>& pub_key, const X509_Time& not_before, @@ -88,8 +90,6 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, const X509_DN& subject_dn, const Extensions& extensions) { - RandomNumberGenerator& rng = global_state().prng_reference(); - const u32bit X509_CERT_VERSION = 3; const u32bit SERIAL_BITS = 128; diff --git a/src/x509self.cpp b/src/x509self.cpp index b9e558b7a..9e035ff7d 100644 --- a/src/x509self.cpp +++ b/src/x509self.cpp @@ -91,7 +91,9 @@ X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, extensions.add( new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit)); - return X509_CA::make_cert(signer.get(), sig_algo, pub_key, + RandomNumberGenerator& rng = global_state().prng_reference(); + + return X509_CA::make_cert(signer.get(), rng, sig_algo, pub_key, opts.start, opts.end, subject_dn, subject_dn, extensions); |