diff options
Diffstat (limited to 'src/build-data/buildh.in')
| -rw-r--r-- | src/build-data/buildh.in | 53 |
1 files changed, 14 insertions, 39 deletions
diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index d6201be19..1d643248e 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -99,13 +99,21 @@ /* * RNGs will automatically poll the system for additional seed material -* after producing this many bytes of output. +* after producing this many bytes of output. Set to zero to disable +* automatic reseeding. */ -#define BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED 4096 -#define BOTAN_RNG_RESEED_POLL_BITS 128 +#define BOTAN_RNG_DEFAULT_MAX_OUTPUT_BEFORE_RESEED 16384 +#define BOTAN_RNG_RESEED_POLL_BITS 256 #define BOTAN_RNG_AUTO_RESEED_TIMEOUT std::chrono::milliseconds(10) #define BOTAN_RNG_RESEED_DEFAULT_TIMEOUT std::chrono::milliseconds(50) +/** +* Controls how AutoSeeded_RNG is instantiated +*/ +#define BOTAN_AUTO_RNG_DRBG HMAC_DRBG +#define BOTAN_AUTO_RNG_HASH "SHA-256" +#define BOTAN_AUTO_RNG_ENTROPY_TARGET 256 + /* * Specifies (in order) the list of entropy sources that will be used * to seed an in-memory RNG. The first few in the default list @@ -140,41 +148,12 @@ #define BOTAN_ENTROPY_SAFE_PATHS { "/bin", "/sbin", "/usr/bin", "/usr/sbin" } /* -* Defines the static entropy estimates which each type of source uses. -* These values are expressed as the bits of entropy per byte of -* output (in double format) and should be conservative. These are used -* unless an entropy source has some more specific opinion on the entropy -* of the underlying source. -*/ - -// We include some high resolution timestamps because it can't hurt -#define BOTAN_ENTROPY_ESTIMATE_TIMESTAMPS 0 - -// Data which is system or process specific, but otherwise static -#define BOTAN_ENTROPY_ESTIMATE_STATIC_SYSTEM_DATA 0 - -// Binary system data of some kind -#define BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA 0.5 - -// Human readable text which has entropy -#define BOTAN_ENTROPY_ESTIMATE_SYSTEM_TEXT (1.0 / 64) - -/* -The output of a hardware RNG such as RDRAND / RDSEED - -By default such RNGs are used but not trusted, so that the standard -softare-based entropy polling is still used. -*/ -#define BOTAN_ENTROPY_ESTIMATE_HARDWARE_RNG 0.0 - -/* -How often should the RdRand/RdSeed RNGs be polled - -Each poll generates 32 bit entropy +How many times to read from the RDRAND/RDSEED RNGs. +Each read generates 32 bits of output */ #define BOTAN_ENTROPY_INTEL_RNG_POLLS 32 -// According to Intel RdRand is guaranteed to generate a random number within 10 retries on a working CPU +// According to Intel, RDRAND is guaranteed to generate a random number within 10 retries on a working CPU #define BOTAN_ENTROPY_RDRAND_RETRIES 10 /* @@ -183,10 +162,6 @@ Each poll generates 32 bit entropy */ #define BOTAN_ENTROPY_RDSEED_RETRIES 20 -// The output of a PRNG we are trusting to be strong -#define BOTAN_ENTROPY_ESTIMATE_STRONG_RNG 7.0 - - /* * Compiler and target specific flags */ |