diff options
author | Jack Lloyd <[email protected]> | 2018-03-14 21:31:47 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-03-14 21:31:47 -0400 |
commit | 5b948bec654fb1cbe269601874c0cbb7d1aef245 (patch) | |
tree | b53eadbf6885e784c4ee6acd878940b9e0ca3041 | |
parent | 84f54b95b2698d71f4f1e6dc333812694bab3903 (diff) | |
parent | cfdb729661c6ea3f6fcbbfdc09cf86d0e7cc127c (diff) |
Merge GH #1494 Use RtlGenRandom instead of CryptoAPI/CryptoNG
-rwxr-xr-x | configure.py | 23 | ||||
-rw-r--r-- | doc/manual/deprecated.rst | 2 | ||||
-rw-r--r-- | doc/os.rst | 7 | ||||
-rw-r--r-- | news.rst | 2 | ||||
-rw-r--r-- | src/build-data/buildh.in | 15 | ||||
-rw-r--r-- | src/build-data/os/mingw.txt | 2 | ||||
-rw-r--r-- | src/build-data/os/windows.txt | 2 | ||||
-rw-r--r-- | src/build-data/os/winphone.txt | 1 | ||||
-rw-r--r-- | src/lib/rng/system_rng/info.txt | 11 | ||||
-rw-r--r-- | src/lib/rng/system_rng/system_rng.cpp | 91 | ||||
-rw-r--r-- | src/lib/utils/dyn_load/dyn_load.cpp | 2 |
11 files changed, 55 insertions, 103 deletions
diff --git a/configure.py b/configure.py index 678a43e64..5799e6201 100755 --- a/configure.py +++ b/configure.py @@ -659,7 +659,7 @@ def lex_me_harder(infofile, allowed_groups, allowed_maps, name_val_pairs): return group.replace(':', '_') lexer = shlex.shlex(open(infofile), infofile, posix=True) - lexer.wordchars += '|:.<>/,-!+*' # handle various funky chars in info.txt + lexer.wordchars += ':.<>/,-!?+*' # handle various funky chars in info.txt groups = allowed_groups + allowed_maps for group in groups: @@ -937,11 +937,20 @@ class ModuleInfo(InfoObject): return supported_isa_flags(ccinfo, arch) and supported_compiler(ccinfo, cc_min_version) - def dependencies(self): + def dependencies(self, osinfo): # base is an implicit dep for all submodules - deps = self.requires + ['base'] + deps = ['base'] if self.parent_module != None: deps.append(self.parent_module) + + for req in self.requires: + if req.find('?') != -1: + (cond, dep) = req.split('?') + if osinfo is None or cond in osinfo.target_features: + deps.append(dep) + else: + deps.append(req) + return deps def dependencies_exist(self, modules): @@ -950,9 +959,9 @@ class ModuleInfo(InfoObject): about any that do not """ - all_deps = [s.split('|') for s in self.dependencies()] + missing = [s for s in self.dependencies(None) if s not in modules] - for missing in [s for s in flatten(all_deps) if s not in modules]: + if missing: logging.error("Module '%s', dep of '%s', does not exist" % ( missing, self.basename)) @@ -1572,7 +1581,7 @@ def generate_build_info(build_paths, modules, cc, arch, osinfo): if src in module_that_owns: module = module_that_owns[src] isas = module.need_isa - if 'simd' in module.dependencies(): + if 'simd' in module.dependencies(osinfo): isas.append('simd') return cc.get_isa_specific_flags(isas, arch) @@ -2072,7 +2081,7 @@ class ModulesChooser(object): def _modules_dependency_table(self): out = {} for modname in self._modules: - out[modname] = self._modules[modname].dependencies() + out[modname] = self._modules[modname].dependencies(self._osinfo) return out def _resolve_dependencies_for_all_modules(self): diff --git a/doc/manual/deprecated.rst b/doc/manual/deprecated.rst index 05e83e4ed..c91730cf3 100644 --- a/doc/manual/deprecated.rst +++ b/doc/manual/deprecated.rst @@ -36,6 +36,8 @@ in the source. - Platform support for Google Native Client +- Platform support for Windows Phone + - Support for PathScale and HP compilers - TLS: 3DES and SEED ciphersuites diff --git a/doc/os.rst b/doc/os.rst index 2d869138b..a4edd564b 100644 --- a/doc/os.rst +++ b/doc/os.rst @@ -34,9 +34,7 @@ A summary of OS features as defined in ``src/build-data/os``. :header: "Feature", "a", "a", "c", "d", "d", "f", "h", "h", "h", "i", "i", "l", "l", "m", "n", "n", "o", "q", "s", "w", "w" "arc4random", " ", " ", " ", "X", "X", "X", " ", " ", " ", " ", "X", " ", " ", " ", " ", "X", "X", " ", " ", " ", " " - "clock_gettime", "X", "X", " ", " ", "X", "X", " ", "X", " ", " ", " ", "X", " ", " ", " ", "X", "X", "X", "X", " ", " " - "cryptgenrandom", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X", " " - "crypto_ng", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X" + "clock_gettime", "X", "X", " ", " ", "X", "X", "X", "X", "X", " ", " ", "X", " ", " ", " ", "X", "X", "X", "X", " ", " " "dev_random", "X", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", " ", " ", " ", "X", "X", "X", "X", " ", " " "explicit_bzero", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " " "filesystem", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", "X", "X", "X", " ", "X", "X", "X", "X", "X", "X" @@ -44,9 +42,10 @@ A summary of OS features as defined in ``src/build-data/os``. "getentropy", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " " "posix1", "X", "X", "X", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", " ", " ", "X", "X", "X", "X", " ", " " "proc_fs", "X", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", "X", " ", " " + "rtlgenrandom", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X", " " "rtlsecurezeromemory", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", "X" "security_framework", " ", " ", " ", "X", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " " - "sockets", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", "X", " ", "X", " ", "X", "X", "X", "X", "X", "X" + "sockets", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", "X", " ", " ", " ", "X", "X", "X", "X", " ", " " "stl_filesystem_msvc", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " " "threads", "X", "X", "X", "X", "X", "X", "X", "X", "X", " ", "X", "X", " ", "X", "X", "X", "X", "X", "X", "X", "X" "virtual_lock", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", " ", "X", " ", " ", " ", " ", " ", "X", " " @@ -86,6 +86,8 @@ Version 2.5.0, Not Yet Released is still maintained by the original author at https://github.com/OlivierJG/botansqlite3 +* Support for Windows Phone is deprecated. + Version 2.4.0, 2018-01-08 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index b2bc0ea4b..d42e85ac4 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -153,6 +153,7 @@ */ #define BOTAN_RNG_DEFAULT_RESEED_INTERVAL 1024 #define BOTAN_RNG_RESEED_POLL_BITS 256 + #define BOTAN_RNG_AUTO_RESEED_TIMEOUT std::chrono::milliseconds(10) #define BOTAN_RNG_RESEED_DEFAULT_TIMEOUT std::chrono::milliseconds(50) @@ -174,14 +175,6 @@ * These control the RNG used by the system RNG interface */ #define BOTAN_SYSTEM_RNG_DEVICE "/dev/urandom" -#define BOTAN_SYSTEM_RNG_CRYPTOAPI_PROV_TYPE PROV_RSA_FULL - -/* -* These paramaters control how many bytes to read from the system -* PRNG, and how long to block if applicable. -* -* Timeout is ignored on Windows as CryptGenRandom doesn't block -*/ #define BOTAN_SYSTEM_RNG_POLL_DEVICES { "/dev/urandom", "/dev/random", "/dev/srandom" } /* @@ -192,10 +185,14 @@ */ #define BOTAN_ENTROPY_PROC_FS_PATH "/proc" +/* +* These paramaters control how many bytes to read from the system +* PRNG, and how long to block if applicable. The timeout only applies +* to reading /dev/urandom and company. +*/ #define BOTAN_SYSTEM_RNG_POLL_REQUEST 64 #define BOTAN_SYSTEM_RNG_POLL_TIMEOUT_MS 20 - /* How many times to read from the RDRAND/RDSEED RNGs. Each read generates 32 bits of output diff --git a/src/build-data/os/mingw.txt b/src/build-data/os/mingw.txt index b74aa2d49..bbe17e084 100644 --- a/src/build-data/os/mingw.txt +++ b/src/build-data/os/mingw.txt @@ -16,7 +16,7 @@ mingw32.* <target_features> win32 -cryptgenrandom +rtlgenrandom virtual_lock threads diff --git a/src/build-data/os/windows.txt b/src/build-data/os/windows.txt index 500013897..db6245a83 100644 --- a/src/build-data/os/windows.txt +++ b/src/build-data/os/windows.txt @@ -19,7 +19,7 @@ doc_dir docs win32 winsock2 -cryptgenrandom +rtlgenrandom rtlsecurezeromemory virtual_lock diff --git a/src/build-data/os/winphone.txt b/src/build-data/os/winphone.txt index bc0179c12..fdeae6783 100644 --- a/src/build-data/os/winphone.txt +++ b/src/build-data/os/winphone.txt @@ -11,7 +11,6 @@ doc_dir docs win32 winsock2 -crypto_ng rtlsecurezeromemory threads diff --git a/src/lib/rng/system_rng/info.txt b/src/lib/rng/system_rng/info.txt index 8f25bf84c..4dc5be758 100644 --- a/src/lib/rng/system_rng/info.txt +++ b/src/lib/rng/system_rng/info.txt @@ -5,12 +5,9 @@ SYSTEM_RNG -> 20141202 <os_features> dev_random,posix1 arc4random -crypto_ng -cryptgenrandom +rtlgenrandom </os_features> -<libs> -windows -> advapi32.lib -winphone -> bcrypt.lib -mingw -> advapi32 -</libs> +<requires> +rtlgenrandom?dyn_load +</requires> diff --git a/src/lib/rng/system_rng/system_rng.cpp b/src/lib/rng/system_rng/system_rng.cpp index cec3deab1..32dabbe9f 100644 --- a/src/lib/rng/system_rng/system_rng.cpp +++ b/src/lib/rng/system_rng/system_rng.cpp @@ -1,25 +1,22 @@ /* * System RNG -* (C) 2014,2015,2017 Jack Lloyd +* (C) 2014,2015,2017,2018 Jack Lloyd * * Botan is released under the Simplified BSD License (see license.txt) */ #include <botan/system_rng.h> -#if defined(BOTAN_TARGET_OS_HAS_CRYPTGENRANDOM) - #define NOMINMAX 1 - #define _WINSOCKAPI_ // stop windows.h including winsock.h - #include <windows.h> - #include <wincrypt.h> - -#elif defined(BOTAN_TARGET_OS_HAS_CRYPTO_NG) - #include <bcrypt.h> +#if defined(BOTAN_TARGET_OS_HAS_RTLGENRANDOM) + #include <botan/dyn_load.h> + #define NOMINMAX 1 + #define _WINSOCKAPI_ // stop windows.h including winsock.h + #include <windows.h> #elif defined(BOTAN_TARGET_OS_HAS_ARC4RANDOM) #include <stdlib.h> -#else +#elif defined(BOTAN_TARGET_OS_HAS_DEV_RANDOM) #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> @@ -31,82 +28,32 @@ namespace Botan { namespace { -#if defined(BOTAN_TARGET_OS_HAS_CRYPTGENRANDOM) +#if defined(BOTAN_TARGET_OS_HAS_RTLGENRANDOM) class System_RNG_Impl final : public RandomNumberGenerator { public: - System_RNG_Impl() - { - if(!CryptAcquireContext(&m_prov, nullptr, nullptr, - BOTAN_SYSTEM_RNG_CRYPTOAPI_PROV_TYPE, CRYPT_VERIFYCONTEXT)) - throw Exception("System_RNG failed to acquire crypto provider"); - } - - ~System_RNG_Impl() + System_RNG_Impl() : m_advapi("advapi32.dll") { - ::CryptReleaseContext(m_prov, 0); + // This throws if the function is not found + m_rtlgenrandom = m_advapi.resolve<RtlGenRandom_f>("SystemFunction036"); } void randomize(uint8_t buf[], size_t len) override { - ::CryptGenRandom(m_prov, static_cast<DWORD>(len), buf); - } - - void add_entropy(const uint8_t in[], size_t length) override - { - /* - There is no explicit ConsumeRandom, but all values provided in - the call are incorporated into the state. - */ - std::vector<uint8_t> buf(in, in + length); - ::CryptGenRandom(m_prov, static_cast<DWORD>(buf.size()), buf.data()); + if(m_rtlgenrandom(buf, len) == false) + throw Exception("RtlGenRandom failed"); } + void add_entropy(const uint8_t[], size_t) override { /* ignored */ } bool is_seeded() const override { return true; } void clear() override { /* not possible */ } - std::string name() const override { return "cryptoapi"; } + std::string name() const override { return "RtlGenRandom"; } private: - HCRYPTPROV m_prov; - }; + typedef BOOL (*RtlGenRandom_f)(PVOID, ULONG); -#elif defined(BOTAN_TARGET_OS_HAS_CRYPTO_NG) - -class System_RNG_Impl final : public RandomNumberGenerator - { - public: - System_RNG_Impl() - { - NTSTATUS ret = ::BCryptOpenAlgorithmProvider(&m_prov, - BCRYPT_RNG_ALGORITHM, - MS_PRIMITIVE_PROVIDER, 0); - if(ret != STATUS_SUCCESS) - throw Exception("System_RNG failed to acquire crypto provider"); - } - - ~System_RNG_Impl() - { - ::BCryptCloseAlgorithmProvider(m_prov, 0); - } - - void randomize(uint8_t buf[], size_t len) override - { - ::BCryptGenRandom(m_prov, static_cast<PUCHAR>(buf), static_cast<ULONG>(len), 0); - } - - void add_entropy(const uint8_t in[], size_t length) override - { - /* - There is a flag BCRYPT_RNG_USE_ENTROPY_IN_BUFFER to provide - entropy inputs, but it is ignored in Windows 8 and later. - */ - } - - bool is_seeded() const override { return true; } - void clear() override { /* not possible */ } - std::string name() const override { return "crypto_ng"; } - private: - BCRYPT_ALG_HANDLE m_handle; + Dynamically_Loaded_Library m_advapi; + RtlGenRandom_f m_rtlgenrandom; }; #elif defined(BOTAN_TARGET_OS_HAS_ARC4RANDOM) @@ -127,7 +74,7 @@ class System_RNG_Impl final : public RandomNumberGenerator std::string name() const override { return "arc4random"; } }; -#else +#elif defined(BOTAN_TARGET_OS_HAS_DEV_RANDOM) // Read a random device diff --git a/src/lib/utils/dyn_load/dyn_load.cpp b/src/lib/utils/dyn_load/dyn_load.cpp index b7f2649ef..1bbcffbdb 100644 --- a/src/lib/utils/dyn_load/dyn_load.cpp +++ b/src/lib/utils/dyn_load/dyn_load.cpp @@ -71,7 +71,7 @@ void* Dynamically_Loaded_Library::resolve_symbol(const std::string& symbol) if(!addr) throw Exception("Failed to resolve symbol " + symbol + - " in " + m_lib_name); + " in " + m_lib_name); return addr; } |