Ensure configured SecureRandom is passed on

1 files changed, 8 insertions, 4 deletions

diff --git a/crypto/test/src/test/PSSTest.cs b/crypto/test/src/test/PSSTest.cs
index de56886dd..3b5894c69 100644
--- a/crypto/test/src/test/PSSTest.cs
+++ b/crypto/test/src/test/PSSTest.cs
@@ -179,8 +179,8 @@ namespace Org.BouncyCastle.Tests
 			// Note: PSS minimum key size determined by hash/salt lengths
 //			PrivateKey priv2048Key = fact.generatePrivate(RSATest.priv2048KeySpec);
 //			PublicKey pub2048Key = fact.generatePublic(RSATest.pub2048KeySpec);
-			AsymmetricKeyParameter priv2048Key = RsaTest.priv2048KeySpec;
-			AsymmetricKeyParameter pub2048Key = RsaTest.pub2048KeySpec;
+			var priv2048Key = RsaTest.priv2048KeySpec;
+			var pub2048Key = RsaTest.pub2048KeySpec;
 
 			rawModeTest("SHA1withRSA/PSS", X509ObjectIdentifiers.IdSha1, priv2048Key, pub2048Key, random);
 			// FIXME
@@ -191,7 +191,7 @@ namespace Org.BouncyCastle.Tests
 		}
 
 		private void rawModeTest(string sigName, DerObjectIdentifier digestOID,
-			AsymmetricKeyParameter privKey, AsymmetricKeyParameter pubKey, SecureRandom random)
+			RsaPrivateCrtKeyParameters privKey, RsaKeyParameters pubKey, SecureRandom random)
 		{
 			byte[] sampleMessage = new byte[1000 + random.Next() % 100];
 			random.NextBytes(sampleMessage);
@@ -205,7 +205,11 @@ namespace Org.BouncyCastle.Tests
 			// FIXME
 //			int saltLen = spec.getSaltLength();
 //			byte[] fixedRandomBytes = new byte[saltLen];
-			byte[] fixedRandomBytes = new byte[128];
+
+			// TODO Consider a wrapping FixedSecureRandom to avoid exhaustion
+			// At least 20 for salt and enough to generate an RSA blind, but random blinding can theoretically draw more
+			int blindBytes = (pubKey.Modulus.BitLength + 7) / 8;
+			byte[] fixedRandomBytes = new byte[20 + blindBytes * 10];
 			random.NextBytes(fixedRandomBytes);
 
 			normalSig.Init(true, new ParametersWithRandom(privKey, FixedSecureRandom.From(fixedRandomBytes)));