aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/keypair.cpp7
-rw-r--r--src/pk_filts.cpp2
-rw-r--r--src/pubkey.cpp14
-rw-r--r--src/x509_ca.cpp10
-rw-r--r--src/x509_obj.cpp3
-rw-r--r--src/x509self.cpp5
6 files changed, 25 insertions, 16 deletions
diff --git a/src/keypair.cpp b/src/keypair.cpp
index 242937668..940f0c028 100644
--- a/src/keypair.cpp
+++ b/src/keypair.cpp
@@ -49,9 +49,10 @@ void check_key(RandomNumberGenerator& rng,
SecureVector<byte> signature;
- try {
- signature = sig->sign_message(message);
- }
+ try
+ {
+ signature = sig->sign_message(message, rng);
+ }
catch(Encoding_Error)
{
return;
diff --git a/src/pk_filts.cpp b/src/pk_filts.cpp
index 6da6dabfd..85ba6638a 100644
--- a/src/pk_filts.cpp
+++ b/src/pk_filts.cpp
@@ -56,7 +56,7 @@ void PK_Signer_Filter::write(const byte input[], u32bit length)
*************************************************/
void PK_Signer_Filter::end_msg()
{
- send(signer->signature());
+ send(signer->signature(global_state().prng_reference()));
}
/*************************************************
diff --git a/src/pubkey.cpp b/src/pubkey.cpp
index 80f49fcad..d51bed70f 100644
--- a/src/pubkey.cpp
+++ b/src/pubkey.cpp
@@ -144,18 +144,20 @@ void PK_Signer::set_output_format(Signature_Format format)
/*************************************************
* Sign a message *
*************************************************/
-SecureVector<byte> PK_Signer::sign_message(const byte msg[], u32bit length)
+SecureVector<byte> PK_Signer::sign_message(const byte msg[], u32bit length,
+ RandomNumberGenerator& rng)
{
update(msg, length);
- return signature();
+ return signature(rng);
}
/*************************************************
* Sign a message *
*************************************************/
-SecureVector<byte> PK_Signer::sign_message(const MemoryRegion<byte>& msg)
+SecureVector<byte> PK_Signer::sign_message(const MemoryRegion<byte>& msg,
+ RandomNumberGenerator& rng)
{
- return sign_message(msg, msg.size());
+ return sign_message(msg, msg.size(), rng);
}
/*************************************************
@@ -185,10 +187,8 @@ void PK_Signer::update(const MemoryRegion<byte>& in)
/*************************************************
* Create a signature *
*************************************************/
-SecureVector<byte> PK_Signer::signature()
+SecureVector<byte> PK_Signer::signature(RandomNumberGenerator& rng)
{
- RandomNumberGenerator& rng = global_state().prng_reference();
-
SecureVector<byte> encoded = emsa->encoding_of(emsa->raw_data(),
key.max_input_bits(),
rng);
diff --git a/src/x509_ca.cpp b/src/x509_ca.cpp
index d3737108b..e7557cea5 100644
--- a/src/x509_ca.cpp
+++ b/src/x509_ca.cpp
@@ -88,12 +88,14 @@ X509_Certificate X509_CA::make_cert(PK_Signer* signer,
const X509_DN& subject_dn,
const Extensions& extensions)
{
+ RandomNumberGenerator& rng = global_state().prng_reference();
+
const u32bit X509_CERT_VERSION = 3;
const u32bit SERIAL_BITS = 128;
- BigInt serial_no(global_state().prng_reference(), SERIAL_BITS);
+ BigInt serial_no(rng, SERIAL_BITS);
- DataSource_Memory source(X509_Object::make_signed(signer, sig_algo,
+ DataSource_Memory source(X509_Object::make_signed(signer, rng, sig_algo,
DER_Encoder().start_cons(SEQUENCE)
.start_explicit(0)
.encode(X509_CERT_VERSION-1)
@@ -194,7 +196,9 @@ X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked,
new Cert_Extension::Authority_Key_ID(cert.subject_key_id()));
extensions.add(new Cert_Extension::CRL_Number(crl_number));
- DataSource_Memory source(X509_Object::make_signed(signer, ca_sig_algo,
+ RandomNumberGenerator& rng = global_state().prng_reference();
+
+ DataSource_Memory source(X509_Object::make_signed(signer, rng, ca_sig_algo,
DER_Encoder().start_cons(SEQUENCE)
.encode(X509_CRL_VERSION-1)
.encode(ca_sig_algo)
diff --git a/src/x509_obj.cpp b/src/x509_obj.cpp
index ac6eef3b9..e78790949 100644
--- a/src/x509_obj.cpp
+++ b/src/x509_obj.cpp
@@ -195,6 +195,7 @@ bool X509_Object::check_signature(Public_Key& pub_key) const
* Apply the X.509 SIGNED macro *
*************************************************/
MemoryVector<byte> X509_Object::make_signed(PK_Signer* signer,
+ RandomNumberGenerator& rng,
const AlgorithmIdentifier& algo,
const MemoryRegion<byte>& tbs_bits)
{
@@ -202,7 +203,7 @@ MemoryVector<byte> X509_Object::make_signed(PK_Signer* signer,
.start_cons(SEQUENCE)
.raw_bytes(tbs_bits)
.encode(algo)
- .encode(signer->sign_message(tbs_bits), BIT_STRING)
+ .encode(signer->sign_message(tbs_bits, rng), BIT_STRING)
.end_cons()
.get_contents();
}
diff --git a/src/x509self.cpp b/src/x509self.cpp
index c2c8e49e9..b9e558b7a 100644
--- a/src/x509self.cpp
+++ b/src/x509self.cpp
@@ -9,6 +9,7 @@
#include <botan/der_enc.h>
#include <botan/config.h>
#include <botan/look_pk.h>
+#include <botan/libstate.h>
#include <botan/oids.h>
#include <botan/pipe.h>
#include <memory>
@@ -159,7 +160,9 @@ PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
.end_cons();
DataSource_Memory source(
- X509_Object::make_signed(signer.get(), sig_algo,
+ X509_Object::make_signed(signer.get(),
+ global_state().prng_reference(),
+ sig_algo,
tbs_req.get_contents())
);