There are some nasty API problems that are caused by having to pass a

PRNG everywhere. The removal of the global PRNG was generated by a
desire to remove the global library state entirely. However the real
point of this was to remove the use of globally visible _mutable_
state; of the mutable state, the PRNG is probably the least important,
and the most useful to share. And it seems unlikely that thread
contention would be a major issue in the PRNG.

Add back a global PRNG to Library_State. Use lazy initialization, so
apps that don't ever use a PRNG don't need a seeding step. Then have
AutoSeeded_RNG call that global PRNG.

Offer once again

RandomNumberGenerator& Library_State::global_rng();

which returns a reference to the global PRNG.

This RNG object serializes access to itself with a mutex.

Remove the hack known as Blinding::choose_nonce, replace with using
the global PRNG to choose a blinding nonce

1 files changed, 2 insertions, 1 deletions

diff --git a/src/pubkey/dh/dh.cpp b/src/pubkey/dh/dh.cpp
index 1a6c6986d..f7d1838ce 100644
--- a/src/pubkey/dh/dh.cpp
+++ b/src/pubkey/dh/dh.cpp
@@ -7,6 +7,7 @@
 
 #include <botan/dh.h>
 #include <botan/numthry.h>
+#include <botan/libstate.h>
 #include <botan/internal/workfactor.h>
 
 namespace Botan {
@@ -78,7 +79,7 @@ MemoryVector<byte> DH_PrivateKey::public_value() const
 DH_KA_Operation::DH_KA_Operation(const DH_PrivateKey& dh) :
    p(dh.group_p()), powermod_x_p(dh.get_x(), p)
    {
-   BigInt k = Blinder::choose_nonce(powermod_x_p(dh.get_y()), p);
+   BigInt k(global_state().global_rng(), p.bits() - 1);
    blinder = Blinder(k, powermod_x_p(inverse_mod(k, p)), p);
    }