Revert PK_Verifier change (don't require RNG there).

Verification is deterministic and public, so really no RNG is ever needed. Change provider handling - accepts "base", "openssl", or empty, otherwise throws a Provider_Not_Found exception.
author: Jack Lloyd <[email protected]> 2016-09-14 16:33:37 -0400
committer: Jack Lloyd <[email protected]> 2016-10-07 19:27:58 -0400
commit: 239bdf36a617df86dc97efb11ec96d7c6d357534 (patch)
tree: 1011ccccee0a4aad5e58943fa3a4af621c968b8a /src/lib/tls
parent: 25b6fb53eec30620d084411fb1dbc8913142fc6d (diff)
5 files changed, 8 insertions, 12 deletions
diff --git a/src/lib/tls/msg_cert_verify.cpp b/src/lib/tls/msg_cert_verify.cpp
index cc162f8a0..ac8fa97fd 100644
--- a/src/lib/tls/msg_cert_verify.cpp
+++ b/src/lib/tls/msg_cert_verify.cpp
@@ -78,8 +78,7 @@ std::vector<byte> Certificate_Verify::serialize() const
 */
 bool Certificate_Verify::verify(const X509_Certificate& cert,
                                 const Handshake_State& state,
-                                const Policy& policy,
-                                RandomNumberGenerator& rng) const
+                                const Policy& policy) const
    {
    std::unique_ptr<Public_Key> key(cert.subject_public_key());
 
@@ -89,7 +88,7 @@ bool Certificate_Verify::verify(const X509_Certificate& cert,
       state.parse_sig_format(*key.get(), m_hash_algo, m_sig_algo,
                              true, policy);
 
-   PK_Verifier verifier(*key, rng, format.first, format.second);
+   PK_Verifier verifier(*key, format.first, format.second);
 
    return verifier.verify_message(state.hash().get_contents(), m_signature);
    }
diff --git a/src/lib/tls/msg_server_kex.cpp b/src/lib/tls/msg_server_kex.cpp
index 3df23955b..325e5d1b0 100644
--- a/src/lib/tls/msg_server_kex.cpp
+++ b/src/lib/tls/msg_server_kex.cpp
@@ -237,8 +237,7 @@ std::vector<byte> Server_Key_Exchange::serialize() const
 */
 bool Server_Key_Exchange::verify(const Public_Key& server_key,
                                  const Handshake_State& state,
-                                 const Policy& policy,
-                                 RandomNumberGenerator& rng) const
+                                 const Policy& policy) const
    {
    policy.check_peer_key_acceptable(server_key);
 
@@ -246,7 +245,7 @@ bool Server_Key_Exchange::verify(const Public_Key& server_key,
       state.parse_sig_format(server_key, m_hash_algo, m_sig_algo,
                              false, policy);
 
-   PK_Verifier verifier(server_key, rng, format.first, format.second);
+   PK_Verifier verifier(server_key, format.first, format.second);
 
    verifier.update(state.client_hello()->random());
    verifier.update(state.server_hello()->random());
diff --git a/src/lib/tls/tls_client.cpp b/src/lib/tls/tls_client.cpp
index 6bfbdc008..0e72b9a28 100644
--- a/src/lib/tls/tls_client.cpp
+++ b/src/lib/tls/tls_client.cpp
@@ -415,7 +415,7 @@ void Client::process_handshake_msg(const Handshake_State* active_state,
          {
          const Public_Key& server_key = state.get_server_public_Key();
 
-         if(!state.server_kex()->verify(server_key, state, policy(), rng()))
+         if(!state.server_kex()->verify(server_key, state, policy()))
             {
             throw TLS_Exception(Alert::DECRYPT_ERROR,
                                 "Bad signature on server key exchange");
diff --git a/src/lib/tls/tls_messages.h b/src/lib/tls/tls_messages.h
index 76421bf4a..25228c865 100644
--- a/src/lib/tls/tls_messages.h
+++ b/src/lib/tls/tls_messages.h
@@ -482,8 +482,7 @@ class BOTAN_DLL Certificate_Verify final : public Handshake_Message
       */
       bool verify(const X509_Certificate& cert,
                   const Handshake_State& state,
-                  const Policy& policy,
-                  RandomNumberGenerator& rng) const;
+                  const Policy& policy) const;
 
       Certificate_Verify(Handshake_IO& io,
                          Handshake_State& state,
@@ -552,8 +551,7 @@ class Server_Key_Exchange final : public Handshake_Message
 
       bool verify(const Public_Key& server_key,
                   const Handshake_State& state,
-                  const Policy& policy,
-                  RandomNumberGenerator& rng) const;
+                  const Policy& policy) const;
 
       // Only valid for certain kex types
       const Private_Key& server_kex_key() const;
diff --git a/src/lib/tls/tls_server.cpp b/src/lib/tls/tls_server.cpp
index 510a30421..82e7fad75 100644
--- a/src/lib/tls/tls_server.cpp
+++ b/src/lib/tls/tls_server.cpp
@@ -509,7 +509,7 @@ void Server::process_certificate_verify_msg(Server_Handshake_State& pending_stat
         pending_state.client_certs()->cert_chain();
 
     const bool sig_valid =
-       pending_state.client_verify()->verify ( client_certs[0], pending_state, policy(), rng() );
+       pending_state.client_verify()->verify ( client_certs[0], pending_state, policy() );
 
     pending_state.hash().update ( pending_state.handshake_io().format ( contents, type ) );
author	Jack Lloyd <[email protected]>	2016-09-14 16:33:37 -0400
committer	Jack Lloyd <[email protected]>	2016-10-07 19:27:58 -0400
commit	239bdf36a617df86dc97efb11ec96d7c6d357534 (patch)
tree	1011ccccee0a4aad5e58943fa3a4af621c968b8a /src/lib/tls
parent	25b6fb53eec30620d084411fb1dbc8913142fc6d (diff)