aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--checks/pk.cpp20
-rw-r--r--checks/pk_bench.cpp6
-rw-r--r--include/pubkey.h8
-rw-r--r--include/x509_ca.h3
-rw-r--r--include/x509_obj.h1
-rw-r--r--src/keypair.cpp7
-rw-r--r--src/pk_filts.cpp2
-rw-r--r--src/pubkey.cpp14
-rw-r--r--src/x509_ca.cpp10
-rw-r--r--src/x509_obj.cpp3
-rw-r--r--src/x509self.cpp5
11 files changed, 38 insertions, 41 deletions
diff --git a/checks/pk.cpp b/checks/pk.cpp
index 8c2231313..90b9e1b5d 100644
--- a/checks/pk.cpp
+++ b/checks/pk.cpp
@@ -19,10 +19,6 @@
#include <botan/filters.h>
#include <botan/look_pk.h>
#include <botan/numthry.h>
-
-#include <botan/x931_rng.h>
-#include <botan/randpool.h>
-#include <botan/libstate.h>
using namespace Botan;
#include "common.h"
@@ -165,12 +161,6 @@ u32bit do_pk_validation_tests(const std::string& filename)
std::cout << std::endl;
- global_state().set_prng(new ANSI_X931_RNG("AES-128",
- new Randpool("AES-256",
- "HMAC(SHA-256)")));
- for(u32bit j = 0; j != 2; j++)
- global_state().seed_prng(true, 384);
-
do_pk_keygen_tests();
do_x509_tests();
@@ -229,11 +219,11 @@ void validate_signature(PK_Verifier* v, PK_Signer* s, const std::string& algo,
const std::string& exp, bool& failure)
{
SecureVector<byte> message = decode_hex(input);
- global_state().set_prng(new Fixed_Output_RNG(decode_hex(random)));
SecureVector<byte> expected = decode_hex(exp);
- SecureVector<byte> sig = s->sign_message(message, message.size());
+ Fixed_Output_RNG rng(decode_hex(random));
+ SecureVector<byte> sig = s->sign_message(message, message.size(), rng);
if(sig != expected)
{
@@ -257,12 +247,6 @@ void validate_signature(PK_Verifier* v, PK_Signer* s, const std::string& algo,
failure = true;
}
- global_state().set_prng(new ANSI_X931_RNG("AES-128",
- new Randpool("AES-256",
- "HMAC(SHA-256)")));
- for(u32bit j = 0; j != 2; j++)
- global_state().seed_prng(true, 384);
-
delete v;
delete s;
}
diff --git a/checks/pk_bench.cpp b/checks/pk_bench.cpp
index c34827258..e6ab90153 100644
--- a/checks/pk_bench.cpp
+++ b/checks/pk_bench.cpp
@@ -295,7 +295,7 @@ void bench_sig(PK_Signer* sig, const std::string& algo_name,
global_state().randomize(msg, MSG_SIZE);
u64bit start = get_clock();
sig->update(msg, MSG_SIZE);
- sig->signature();
+ sig->signature(global_state().prng_reference());
clocks_used += get_clock() - start;
}
@@ -313,7 +313,7 @@ void bench_ver(PK_Signer* sig, PK_Verifier* ver,
global_state().randomize(msg, MSG_SIZE);
sig->update(msg, MSG_SIZE);
- SecureVector<byte> signature = sig->signature();
+ SecureVector<byte> signature = sig->signature(global_state().prng_reference());
u32bit runs = 0;
u64bit clocks_used = 0;
@@ -325,7 +325,7 @@ void bench_ver(PK_Signer* sig, PK_Verifier* ver,
{
global_state().randomize(msg, MSG_SIZE);
sig->update(msg, MSG_SIZE);
- signature = sig->signature();
+ signature = sig->signature(global_state().prng_reference());
}
runs++;
diff --git a/include/pubkey.h b/include/pubkey.h
index a5d332241..4890fe38d 100644
--- a/include/pubkey.h
+++ b/include/pubkey.h
@@ -51,14 +51,16 @@ class BOTAN_DLL PK_Decryptor
class BOTAN_DLL PK_Signer
{
public:
- SecureVector<byte> sign_message(const byte[], u32bit);
- SecureVector<byte> sign_message(const MemoryRegion<byte>&);
+ SecureVector<byte> sign_message(const byte[], u32bit,
+ RandomNumberGenerator&);
+ SecureVector<byte> sign_message(const MemoryRegion<byte>&,
+ RandomNumberGenerator&);
void update(byte);
void update(const byte[], u32bit);
void update(const MemoryRegion<byte>&);
- SecureVector<byte> signature();
+ SecureVector<byte> signature(RandomNumberGenerator&);
void set_output_format(Signature_Format);
diff --git a/include/x509_ca.h b/include/x509_ca.h
index f6564d045..1f0e35261 100644
--- a/include/x509_ca.h
+++ b/include/x509_ca.h
@@ -31,7 +31,8 @@ class BOTAN_DLL X509_CA
X509_CRL update_crl(const X509_CRL&, const std::vector<CRL_Entry>&,
u32bit = 0) const;
- static X509_Certificate make_cert(PK_Signer*, const AlgorithmIdentifier&,
+ static X509_Certificate make_cert(PK_Signer*,
+ const AlgorithmIdentifier&,
const MemoryRegion<byte>&,
const X509_Time&, const X509_Time&,
const X509_DN&, const X509_DN&,
diff --git a/include/x509_obj.h b/include/x509_obj.h
index 55065f6f5..2ec3740cf 100644
--- a/include/x509_obj.h
+++ b/include/x509_obj.h
@@ -24,6 +24,7 @@ class BOTAN_DLL X509_Object
AlgorithmIdentifier signature_algorithm() const;
static MemoryVector<byte> make_signed(class PK_Signer*,
+ RandomNumberGenerator&,
const AlgorithmIdentifier&,
const MemoryRegion<byte>&);
diff --git a/src/keypair.cpp b/src/keypair.cpp
index 242937668..940f0c028 100644
--- a/src/keypair.cpp
+++ b/src/keypair.cpp
@@ -49,9 +49,10 @@ void check_key(RandomNumberGenerator& rng,
SecureVector<byte> signature;
- try {
- signature = sig->sign_message(message);
- }
+ try
+ {
+ signature = sig->sign_message(message, rng);
+ }
catch(Encoding_Error)
{
return;
diff --git a/src/pk_filts.cpp b/src/pk_filts.cpp
index 6da6dabfd..85ba6638a 100644
--- a/src/pk_filts.cpp
+++ b/src/pk_filts.cpp
@@ -56,7 +56,7 @@ void PK_Signer_Filter::write(const byte input[], u32bit length)
*************************************************/
void PK_Signer_Filter::end_msg()
{
- send(signer->signature());
+ send(signer->signature(global_state().prng_reference()));
}
/*************************************************
diff --git a/src/pubkey.cpp b/src/pubkey.cpp
index 80f49fcad..d51bed70f 100644
--- a/src/pubkey.cpp
+++ b/src/pubkey.cpp
@@ -144,18 +144,20 @@ void PK_Signer::set_output_format(Signature_Format format)
/*************************************************
* Sign a message *
*************************************************/
-SecureVector<byte> PK_Signer::sign_message(const byte msg[], u32bit length)
+SecureVector<byte> PK_Signer::sign_message(const byte msg[], u32bit length,
+ RandomNumberGenerator& rng)
{
update(msg, length);
- return signature();
+ return signature(rng);
}
/*************************************************
* Sign a message *
*************************************************/
-SecureVector<byte> PK_Signer::sign_message(const MemoryRegion<byte>& msg)
+SecureVector<byte> PK_Signer::sign_message(const MemoryRegion<byte>& msg,
+ RandomNumberGenerator& rng)
{
- return sign_message(msg, msg.size());
+ return sign_message(msg, msg.size(), rng);
}
/*************************************************
@@ -185,10 +187,8 @@ void PK_Signer::update(const MemoryRegion<byte>& in)
/*************************************************
* Create a signature *
*************************************************/
-SecureVector<byte> PK_Signer::signature()
+SecureVector<byte> PK_Signer::signature(RandomNumberGenerator& rng)
{
- RandomNumberGenerator& rng = global_state().prng_reference();
-
SecureVector<byte> encoded = emsa->encoding_of(emsa->raw_data(),
key.max_input_bits(),
rng);
diff --git a/src/x509_ca.cpp b/src/x509_ca.cpp
index d3737108b..e7557cea5 100644
--- a/src/x509_ca.cpp
+++ b/src/x509_ca.cpp
@@ -88,12 +88,14 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer,
const X509_DN& subject_dn,
const Extensions& extensions)
{
+ RandomNumberGenerator& rng = global_state().prng_reference();
+
const u32bit X509_CERT_VERSION = 3;
const u32bit SERIAL_BITS = 128;
- BigInt serial_no(global_state().prng_reference(), SERIAL_BITS);
+ BigInt serial_no(rng, SERIAL_BITS);
- DataSource_Memory source(X509_Object::make_signed(signer, sig_algo,
+ DataSource_Memory source(X509_Object::make_signed(signer, rng, sig_algo,
DER_Encoder().start_cons(SEQUENCE)
.start_explicit(0)
.encode(X509_CERT_VERSION-1)
@@ -194,7 +196,9 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked,
new Cert_Extension::Authority_Key_ID(cert.subject_key_id()));
extensions.add(new Cert_Extension::CRL_Number(crl_number));
- DataSource_Memory source(X509_Object::make_signed(signer, ca_sig_algo,
+ RandomNumberGenerator& rng = global_state().prng_reference();
+
+ DataSource_Memory source(X509_Object::make_signed(signer, rng, ca_sig_algo,
DER_Encoder().start_cons(SEQUENCE)
.encode(X509_CRL_VERSION-1)
.encode(ca_sig_algo)
diff --git a/src/x509_obj.cpp b/src/x509_obj.cpp
index ac6eef3b9..e78790949 100644
--- a/src/x509_obj.cpp
+++ b/src/x509_obj.cpp
@@ -195,6 +195,7 @@ bool X509_Object::check_signature(Public_Key& pub_key) const
* Apply the X.509 SIGNED macro *
*************************************************/
MemoryVector<byte> X509_Object::make_signed(PK_Signer* signer,
+ RandomNumberGenerator& rng,
const AlgorithmIdentifier& algo,
const MemoryRegion<byte>& tbs_bits)
{
@@ -202,7 +203,7 @@ MemoryVector<byte> X509_Object::make_signed(PK_Signer* signer,
.start_cons(SEQUENCE)
.raw_bytes(tbs_bits)
.encode(algo)
- .encode(signer->sign_message(tbs_bits), BIT_STRING)
+ .encode(signer->sign_message(tbs_bits, rng), BIT_STRING)
.end_cons()
.get_contents();
}
diff --git a/src/x509self.cpp b/src/x509self.cpp
index c2c8e49e9..b9e558b7a 100644
--- a/src/x509self.cpp
+++ b/src/x509self.cpp
@@ -9,6 +9,7 @@
#include <botan/der_enc.h>
#include <botan/config.h>
#include <botan/look_pk.h>
+#include <botan/libstate.h>
#include <botan/oids.h>
#include <botan/pipe.h>
#include <memory>
@@ -159,7 +160,9 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
.end_cons();
DataSource_Memory source(
- X509_Object::make_signed(signer.get(), sig_algo,
+ X509_Object::make_signed(signer.get(),
+ global_state().prng_reference(),
+ sig_algo,
tbs_req.get_contents())
);