From ce63e95d06907d1cf4c5e78d512be54f0f6a2f01 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Wed, 16 Apr 2014 16:06:08 +0700
Subject: A SecureRandom should not be created or stored if not needed

---
 .../java/org/bouncycastle/crypto/signers/DSASigner.java    | 14 +++++++++++---
 .../java/org/bouncycastle/crypto/signers/ECDSASigner.java  | 14 +++++++++++---
 2 files changed, 22 insertions(+), 6 deletions(-)

(limited to 'core/src/main/java/org/bouncycastle/crypto/signers')

diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java b/core/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java
index 292c4087..f3614f39 100644
--- a/core/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java
+++ b/core/src/main/java/org/bouncycastle/crypto/signers/DSASigner.java
@@ -45,18 +45,19 @@ public class DSASigner
         boolean                 forSigning,
         CipherParameters        param)
     {
+        SecureRandom providedRandom = null;
+
         if (forSigning)
         {
             if (param instanceof ParametersWithRandom)
             {
-                ParametersWithRandom    rParam = (ParametersWithRandom)param;
+                ParametersWithRandom rParam = (ParametersWithRandom)param;
 
-                this.random = rParam.getRandom();
                 this.key = (DSAPrivateKeyParameters)rParam.getParameters();
+                providedRandom = rParam.getRandom();
             }
             else
             {
-                this.random = new SecureRandom();
                 this.key = (DSAPrivateKeyParameters)param;
             }
         }
@@ -64,6 +65,8 @@ public class DSASigner
         {
             this.key = (DSAPublicKeyParameters)param;
         }
+
+        this.random = initSecureRandom(forSigning && !kCalculator.isDeterministic(), providedRandom);
     }
 
     /**
@@ -157,4 +160,9 @@ public class DSASigner
             return new BigInteger(1, trunc);
         }
     }
+
+    protected SecureRandom initSecureRandom(boolean needed, SecureRandom provided)
+    {
+        return !needed ? null : (provided != null) ? provided : new SecureRandom();
+    }
 }
diff --git a/core/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java b/core/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java
index 8ea2a5b9..5fce1121 100644
--- a/core/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java
+++ b/core/src/main/java/org/bouncycastle/crypto/signers/ECDSASigner.java
@@ -49,18 +49,19 @@ public class ECDSASigner
         boolean                 forSigning,
         CipherParameters        param)
     {
+        SecureRandom providedRandom = null;
+
         if (forSigning)
         {
             if (param instanceof ParametersWithRandom)
             {
-                ParametersWithRandom    rParam = (ParametersWithRandom)param;
+                ParametersWithRandom rParam = (ParametersWithRandom)param;
 
-                this.random = rParam.getRandom();
                 this.key = (ECPrivateKeyParameters)rParam.getParameters();
+                providedRandom = rParam.getRandom();
             }
             else
             {
-                this.random = new SecureRandom();
                 this.key = (ECPrivateKeyParameters)param;
             }
         }
@@ -68,6 +69,8 @@ public class ECDSASigner
         {
             this.key = (ECPublicKeyParameters)param;
         }
+
+        this.random = initSecureRandom(forSigning && !kCalculator.isDeterministic(), providedRandom);
     }
 
     // 5.3 pg 28
@@ -186,4 +189,9 @@ public class ECDSASigner
     {
         return new FixedPointCombMultiplier();
     }
+
+    protected SecureRandom initSecureRandom(boolean needed, SecureRandom provided)
+    {
+        return !needed ? null : (provided != null) ? provided : new SecureRandom();
+    }
 }
-- 
cgit v1.2.3