From 704d754be3fb3e62c05f4c64bcb82a456ebb1b94 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <lloyd@randombit.net>
Date: Thu, 13 Oct 2016 15:24:47 -0400
Subject: Change Certificate_Store_in_SQL to take RNG as argument.

Previously it created a new AutoSeeded_RNG in each function, sometimes
without even using it.
---
 src/lib/cert/x509/certstor_sql/certstor_sql.cpp        | 17 ++++++++---------
 src/lib/cert/x509/certstor_sql/certstor_sql.h          |  7 +++++--
 src/lib/cert/x509/certstor_sqlite3/certstor_sqlite.cpp |  7 ++++---
 src/lib/cert/x509/certstor_sqlite3/certstor_sqlite.h   |  2 ++
 src/tests/test_certstor.cpp                            |  2 +-
 5 files changed, 20 insertions(+), 15 deletions(-)

(limited to 'src')

diff --git a/src/lib/cert/x509/certstor_sql/certstor_sql.cpp b/src/lib/cert/x509/certstor_sql/certstor_sql.cpp
index b80c063da..dfb8c5d78 100644
--- a/src/lib/cert/x509/certstor_sql/certstor_sql.cpp
+++ b/src/lib/cert/x509/certstor_sql/certstor_sql.cpp
@@ -11,7 +11,6 @@
 #include <botan/internal/filesystem.h>
 #include <botan/pkcs8.h>
 #include <botan/data_src.h>
-#include <botan/auto_rng.h>
 #include <botan/hash.h>
 #include <botan/hex.h>
 
@@ -19,8 +18,12 @@ namespace Botan {
 
 Certificate_Store_In_SQL::Certificate_Store_In_SQL(std::shared_ptr<SQL_Database> db,
                                                    const std::string& passwd,
-                                                   const std::string& table_prefix)
-: m_database(db), m_prefix(table_prefix), m_password(passwd)
+                                                   RandomNumberGenerator& rng,
+                                                   const std::string& table_prefix) :
+   m_rng(rng),
+   m_database(db),
+   m_prefix(table_prefix),
+   m_password(passwd)
    {
    m_database->create_table("CREATE TABLE IF NOT EXISTS " +
                              m_prefix + "certificates (                \
@@ -163,9 +166,8 @@ std::shared_ptr<const Private_Key> Certificate_Store_In_SQL::find_key(const X509
    while(stmt->step())
       {
       auto blob = stmt->get_blob(0);
-      AutoSeeded_RNG rng;
       DataSource_Memory src(blob.first,blob.second);
-      key.reset(PKCS8::load_key(src,rng,m_password));
+      key.reset(PKCS8::load_key(src, m_rng, m_password));
       }
 
    return key;
@@ -174,7 +176,6 @@ std::shared_ptr<const Private_Key> Certificate_Store_In_SQL::find_key(const X509
 std::vector<std::shared_ptr<const X509_Certificate>>
 Certificate_Store_In_SQL::find_certs_for_key(const Private_Key& key) const
    {
-   AutoSeeded_RNG rng;
    auto fpr = key.fingerprint("SHA-256");
    auto stmt = m_database->new_statement("SELECT certificate FROM " + m_prefix + "certificates WHERE priv_fingerprint == ?1");
 
@@ -197,8 +198,7 @@ bool Certificate_Store_In_SQL::insert_key(const X509_Certificate& cert, const Pr
    if(find_key(cert))
       return false;
 
-   AutoSeeded_RNG rng;
-   auto pkcs8 = PKCS8::BER_encode(key,rng,m_password);
+   auto pkcs8 = PKCS8::BER_encode(key, m_rng, m_password);
    auto fpr = key.fingerprint("SHA-256");
 
    auto stmt1 = m_database->new_statement(
@@ -220,7 +220,6 @@ bool Certificate_Store_In_SQL::insert_key(const X509_Certificate& cert, const Pr
 
 void Certificate_Store_In_SQL::remove_key(const Private_Key& key)
    {
-   AutoSeeded_RNG rng;
    auto fpr = key.fingerprint("SHA-256");
    auto stmt = m_database->new_statement("DELETE FROM " + m_prefix + "keys WHERE fingerprint == ?1");
 
diff --git a/src/lib/cert/x509/certstor_sql/certstor_sql.h b/src/lib/cert/x509/certstor_sql/certstor_sql.h
index 5b6a376c7..c1168b827 100644
--- a/src/lib/cert/x509/certstor_sql/certstor_sql.h
+++ b/src/lib/cert/x509/certstor_sql/certstor_sql.h
@@ -15,6 +15,8 @@
 
 namespace Botan {
 
+class RandomNumberGenerator;
+
 /**
  * Certificate and private key store backed by an SQL database.
  */
@@ -25,10 +27,12 @@ class BOTAN_DLL Certificate_Store_In_SQL : public Certificate_Store
       * Create/open a certificate store.
       * @param db underlying database storage
       * @param passwd password to encrypt private keys in the database
+      * @param rng used for encrypting keys
       * @param table_prefix optional prefix for db table names
       */
       explicit Certificate_Store_In_SQL(const std::shared_ptr<SQL_Database> db,
                                         const std::string& passwd,
+                                        RandomNumberGenerator& rng,
                                         const std::string& table_prefix = "");
 
       /**
@@ -89,8 +93,7 @@ class BOTAN_DLL Certificate_Store_In_SQL : public Certificate_Store
          find_crl_for(const X509_Certificate& issuer) const override;
 
    private:
-      std::string fingerprint_key(const Private_Key&) const;
-
+      RandomNumberGenerator& m_rng;
       std::shared_ptr<SQL_Database> m_database;
       std::string m_prefix;
       std::string m_password;
diff --git a/src/lib/cert/x509/certstor_sqlite3/certstor_sqlite.cpp b/src/lib/cert/x509/certstor_sqlite3/certstor_sqlite.cpp
index 89dfb3575..b7c066483 100644
--- a/src/lib/cert/x509/certstor_sqlite3/certstor_sqlite.cpp
+++ b/src/lib/cert/x509/certstor_sqlite3/certstor_sqlite.cpp
@@ -11,8 +11,9 @@
 namespace Botan {
 
 Certificate_Store_In_SQLite::Certificate_Store_In_SQLite(const std::string& db_path,
-                                                   const std::string& passwd,
-                                                   const std::string& table_prefix)
-: Certificate_Store_In_SQL(std::make_shared<Sqlite3_Database>(db_path), passwd, table_prefix)
+                                                         const std::string& passwd,
+                                                         RandomNumberGenerator& rng,
+                                                         const std::string& table_prefix) :
+   Certificate_Store_In_SQL(std::make_shared<Sqlite3_Database>(db_path), passwd, rng, table_prefix)
    {}
 }
diff --git a/src/lib/cert/x509/certstor_sqlite3/certstor_sqlite.h b/src/lib/cert/x509/certstor_sqlite3/certstor_sqlite.h
index c712b9526..11ad811ff 100644
--- a/src/lib/cert/x509/certstor_sqlite3/certstor_sqlite.h
+++ b/src/lib/cert/x509/certstor_sqlite3/certstor_sqlite.h
@@ -22,10 +22,12 @@ class BOTAN_DLL Certificate_Store_In_SQLite : public Certificate_Store_In_SQL
       * Create/open a certificate store.
       * @param db underlying database storage
       * @param passwd password to encrypt private keys in the database
+      * @param rng used for encrypting keys
       * @param table_prefix optional prefix for db table names
       */
       Certificate_Store_In_SQLite(const std::string& db_path,
                                   const std::string& passwd,
+                                  RandomNumberGenerator& rng,
                                   const std::string& table_prefix = "");
    };
 }
diff --git a/src/tests/test_certstor.cpp b/src/tests/test_certstor.cpp
index 59bedf759..b1b659050 100644
--- a/src/tests/test_certstor.cpp
+++ b/src/tests/test_certstor.cpp
@@ -214,7 +214,7 @@ class Certstor_Tests : public Test
 
                auto& rng = Test::rng();
                std::string passwd(reinterpret_cast<const char*>(rng.random_vec(8).data()),8);
-               Botan::Certificate_Store_In_SQLite store(fn.first + ".db",passwd);
+               Botan::Certificate_Store_In_SQLite store(fn.first + ".db", passwd, rng);
                std::vector<std::pair<Botan::X509_Certificate,std::shared_ptr<Botan::Private_Key>>> retrieve;
 
                for(auto&& cert_key_pair : test_data)
-- 
cgit v1.2.3