There are some nasty API problems that are caused by having to pass a

PRNG everywhere. The removal of the global PRNG was generated by a
desire to remove the global library state entirely. However the real
point of this was to remove the use of globally visible _mutable_
state; of the mutable state, the PRNG is probably the least important,
and the most useful to share. And it seems unlikely that thread
contention would be a major issue in the PRNG.

Add back a global PRNG to Library_State. Use lazy initialization, so
apps that don't ever use a PRNG don't need a seeding step. Then have
AutoSeeded_RNG call that global PRNG.

Offer once again

RandomNumberGenerator& Library_State::global_rng();

which returns a reference to the global PRNG.

This RNG object serializes access to itself with a mutex.

Remove the hack known as Blinding::choose_nonce, replace with using
the global PRNG to choose a blinding nonce

1 files changed, 2 insertions, 1 deletions

diff --git a/src/pubkey/rsa/rsa.cpp b/src/pubkey/rsa/rsa.cpp
index 19ca27f40..3222b5113 100644
--- a/src/pubkey/rsa/rsa.cpp
+++ b/src/pubkey/rsa/rsa.cpp
@@ -6,6 +6,7 @@
 */
 
 #include <botan/rsa.h>
+#include <botan/libstate.h>
 #include <botan/parsing.h>
 #include <botan/numthry.h>
 #include <botan/keypair.h>
@@ -80,7 +81,7 @@ RSA_Private_Operation::RSA_Private_Operation(const RSA_PrivateKey& rsa) :
    powermod_d2_q(rsa.get_d2(), rsa.get_q()),
    mod_p(rsa.get_p())
    {
-   BigInt k = Blinder::choose_nonce(powermod_e_n(q), n);
+   BigInt k(global_state().global_rng(), n.bits() - 1);
    blinder = Blinder(powermod_e_n(k), inverse_mod(k, n), n);
    }