3 files changed, 15 insertions, 12 deletions
diff --git a/checks/x509.cpp b/checks/x509.cpp
index 30c4dbd53..7fa605411 100644
--- a/checks/x509.cpp
+++ b/checks/x509.cpp
@@ -117,7 +117,7 @@ void do_x509_tests()
                                                  X509_Time("2100-01-01"));
    std::cout << '.' << std::flush;
 
-   X509_CRL crl1 = ca.new_crl();
+   X509_CRL crl1 = ca.new_crl(rng);
 
    /* Verify the certs */
    X509_Store store;
@@ -137,7 +137,7 @@ void do_x509_tests()
    std::vector<CRL_Entry> revoked;
    revoked.push_back(user2_cert);
 
-   X509_CRL crl2 = ca.update_crl(crl1, revoked);
+   X509_CRL crl2 = ca.update_crl(crl1, revoked, rng);
 
    if(store.add_crl(crl2) != VERIFIED)
       std::cout << "\nFAILED: CRL #2 did not validate" << std::endl;
diff --git a/include/x509_ca.h b/include/x509_ca.h
index 7d4e21748..969e62558 100644
--- a/include/x509_ca.h
+++ b/include/x509_ca.h
@@ -28,8 +28,10 @@ class BOTAN_DLL X509_CA
 
       X509_Certificate ca_certificate() const;
 
-      X509_CRL new_crl(u32bit = 0) const;
-      X509_CRL update_crl(const X509_CRL&, const std::vector<CRL_Entry>&,
+      X509_CRL new_crl(RandomNumberGenerator& rng, u32bit = 0) const;
+      X509_CRL update_crl(const X509_CRL&,
+                          const std::vector<CRL_Entry>&,
+                          RandomNumberGenerator& rng,
                           u32bit = 0) const;
 
       static X509_Certificate make_cert(PK_Signer*,
@@ -46,7 +48,8 @@ class BOTAN_DLL X509_CA
       X509_CA(const X509_CA&) {}
       X509_CA& operator=(const X509_CA&) { return (*this); }
 
-      X509_CRL make_crl(const std::vector<CRL_Entry>&, u32bit, u32bit) const;
+      X509_CRL make_crl(const std::vector<CRL_Entry>&,
+                        u32bit, u32bit, RandomNumberGenerator&) const;
 
       AlgorithmIdentifier ca_sig_algo;
       X509_Certificate cert;
diff --git a/src/x509_ca.cpp b/src/x509_ca.cpp
index 024803ab4..a1bac73bb 100644
--- a/src/x509_ca.cpp
+++ b/src/x509_ca.cpp
@@ -4,7 +4,6 @@
 *************************************************/
 
 #include <botan/x509_ca.h>
-#include <botan/libstate.h>
 #include <botan/x509stor.h>
 #include <botan/der_enc.h>
 #include <botan/ber_dec.h>
@@ -129,10 +128,11 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer,
 /*************************************************
 * Create a new, empty CRL                        *
 *************************************************/
-X509_CRL X509_CA::new_crl(u32bit next_update) const
+X509_CRL X509_CA::new_crl(RandomNumberGenerator& rng,
+                          u32bit next_update) const
    {
    std::vector<CRL_Entry> empty;
-   return make_crl(empty, 1, next_update);
+   return make_crl(empty, 1, next_update, rng);
    }
 
 /*************************************************
@@ -140,6 +140,7 @@ X509_CRL X509_CA::new_crl(u32bit next_update) const
 *************************************************/
 X509_CRL X509_CA::update_crl(const X509_CRL& crl,
                              const std::vector<CRL_Entry>& new_revoked,
+                             RandomNumberGenerator& rng,
                              u32bit next_update) const
    {
    std::vector<CRL_Entry> already_revoked = crl.get_revoked();
@@ -173,14 +174,15 @@ X509_CRL X509_CA::update_crl(const X509_CRL& crl,
    std::unique_copy(all_revoked.begin(), all_revoked.end(),
                     std::back_inserter(cert_list));
 
-   return make_crl(cert_list, crl.crl_number() + 1, next_update);
+   return make_crl(cert_list, crl.crl_number() + 1, next_update, rng);
    }
 
 /*************************************************
 * Create a CRL                                   *
 *************************************************/
 X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked,
-                           u32bit crl_number, u32bit next_update) const
+                           u32bit crl_number, u32bit next_update,
+                           RandomNumberGenerator& rng) const
    {
    const u32bit X509_CRL_VERSION = 2;
 
@@ -196,8 +198,6 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked,
       new Cert_Extension::Authority_Key_ID(cert.subject_key_id()));
    extensions.add(new Cert_Extension::CRL_Number(crl_number));
 
-   RandomNumberGenerator& rng = global_state().prng_reference();
-
    DataSource_Memory source(X509_Object::make_signed(signer, rng, ca_sig_algo,
          DER_Encoder().start_cons(SEQUENCE)
             .encode(X509_CRL_VERSION-1)