diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/keypair.cpp | 7 | ||||
-rw-r--r-- | src/pk_filts.cpp | 2 | ||||
-rw-r--r-- | src/pubkey.cpp | 14 | ||||
-rw-r--r-- | src/x509_ca.cpp | 10 | ||||
-rw-r--r-- | src/x509_obj.cpp | 3 | ||||
-rw-r--r-- | src/x509self.cpp | 5 |
6 files changed, 25 insertions, 16 deletions
diff --git a/src/keypair.cpp b/src/keypair.cpp index 242937668..940f0c028 100644 --- a/src/keypair.cpp +++ b/src/keypair.cpp @@ -49,9 +49,10 @@ void check_key(RandomNumberGenerator& rng, SecureVector<byte> signature; - try { - signature = sig->sign_message(message); - } + try + { + signature = sig->sign_message(message, rng); + } catch(Encoding_Error) { return; diff --git a/src/pk_filts.cpp b/src/pk_filts.cpp index 6da6dabfd..85ba6638a 100644 --- a/src/pk_filts.cpp +++ b/src/pk_filts.cpp @@ -56,7 +56,7 @@ void PK_Signer_Filter::write(const byte input[], u32bit length) *************************************************/ void PK_Signer_Filter::end_msg() { - send(signer->signature()); + send(signer->signature(global_state().prng_reference())); } /************************************************* diff --git a/src/pubkey.cpp b/src/pubkey.cpp index 80f49fcad..d51bed70f 100644 --- a/src/pubkey.cpp +++ b/src/pubkey.cpp @@ -144,18 +144,20 @@ void PK_Signer::set_output_format(Signature_Format format) /************************************************* * Sign a message * *************************************************/ -SecureVector<byte> PK_Signer::sign_message(const byte msg[], u32bit length) +SecureVector<byte> PK_Signer::sign_message(const byte msg[], u32bit length, + RandomNumberGenerator& rng) { update(msg, length); - return signature(); + return signature(rng); } /************************************************* * Sign a message * *************************************************/ -SecureVector<byte> PK_Signer::sign_message(const MemoryRegion<byte>& msg) +SecureVector<byte> PK_Signer::sign_message(const MemoryRegion<byte>& msg, + RandomNumberGenerator& rng) { - return sign_message(msg, msg.size()); + return sign_message(msg, msg.size(), rng); } /************************************************* @@ -185,10 +187,8 @@ void PK_Signer::update(const MemoryRegion<byte>& in) /************************************************* * Create a signature * *************************************************/ -SecureVector<byte> PK_Signer::signature() +SecureVector<byte> PK_Signer::signature(RandomNumberGenerator& rng) { - RandomNumberGenerator& rng = global_state().prng_reference(); - SecureVector<byte> encoded = emsa->encoding_of(emsa->raw_data(), key.max_input_bits(), rng); diff --git a/src/x509_ca.cpp b/src/x509_ca.cpp index d3737108b..e7557cea5 100644 --- a/src/x509_ca.cpp +++ b/src/x509_ca.cpp @@ -88,12 +88,14 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer, const X509_DN& subject_dn, const Extensions& extensions) { + RandomNumberGenerator& rng = global_state().prng_reference(); + const u32bit X509_CERT_VERSION = 3; const u32bit SERIAL_BITS = 128; - BigInt serial_no(global_state().prng_reference(), SERIAL_BITS); + BigInt serial_no(rng, SERIAL_BITS); - DataSource_Memory source(X509_Object::make_signed(signer, sig_algo, + DataSource_Memory source(X509_Object::make_signed(signer, rng, sig_algo, DER_Encoder().start_cons(SEQUENCE) .start_explicit(0) .encode(X509_CERT_VERSION-1) @@ -194,7 +196,9 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked, new Cert_Extension::Authority_Key_ID(cert.subject_key_id())); extensions.add(new Cert_Extension::CRL_Number(crl_number)); - DataSource_Memory source(X509_Object::make_signed(signer, ca_sig_algo, + RandomNumberGenerator& rng = global_state().prng_reference(); + + DataSource_Memory source(X509_Object::make_signed(signer, rng, ca_sig_algo, DER_Encoder().start_cons(SEQUENCE) .encode(X509_CRL_VERSION-1) .encode(ca_sig_algo) diff --git a/src/x509_obj.cpp b/src/x509_obj.cpp index ac6eef3b9..e78790949 100644 --- a/src/x509_obj.cpp +++ b/src/x509_obj.cpp @@ -195,6 +195,7 @@ bool X509_Object::check_signature(Public_Key& pub_key) const * Apply the X.509 SIGNED macro * *************************************************/ MemoryVector<byte> X509_Object::make_signed(PK_Signer* signer, + RandomNumberGenerator& rng, const AlgorithmIdentifier& algo, const MemoryRegion<byte>& tbs_bits) { @@ -202,7 +203,7 @@ MemoryVector<byte> X509_Object::make_signed(PK_Signer* signer, .start_cons(SEQUENCE) .raw_bytes(tbs_bits) .encode(algo) - .encode(signer->sign_message(tbs_bits), BIT_STRING) + .encode(signer->sign_message(tbs_bits, rng), BIT_STRING) .end_cons() .get_contents(); } diff --git a/src/x509self.cpp b/src/x509self.cpp index c2c8e49e9..b9e558b7a 100644 --- a/src/x509self.cpp +++ b/src/x509self.cpp @@ -9,6 +9,7 @@ #include <botan/der_enc.h> #include <botan/config.h> #include <botan/look_pk.h> +#include <botan/libstate.h> #include <botan/oids.h> #include <botan/pipe.h> #include <memory> @@ -159,7 +160,9 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts, .end_cons(); DataSource_Memory source( - X509_Object::make_signed(signer.get(), sig_algo, + X509_Object::make_signed(signer.get(), + global_state().prng_reference(), + sig_algo, tbs_req.get_contents()) ); |