diff options
Diffstat (limited to 'src/build-data/buildh.in')
| -rw-r--r-- | src/build-data/buildh.in | 37 |
1 files changed, 35 insertions, 2 deletions
diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index 31277ff0c..a289fbcd8 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -101,10 +101,43 @@ * RNGs will automatically poll the system for additional seed material * after producing this many bytes of output. */ -#define BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED 512 +#define BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED 4096 #define BOTAN_RNG_RESEED_POLL_BITS 128 #define BOTAN_RNG_AUTO_RESEED_TIMEOUT std::chrono::milliseconds(10) -#define BOTAN_RNG_RESEED_DEFAULT_TIMEOUT std::chrono::milliseconds(100) +#define BOTAN_RNG_RESEED_DEFAULT_TIMEOUT std::chrono::milliseconds(50) + +/* +* Specifies (in order) the list of entropy sources that will be used +* to seed an in-memory RNG. The first few in the default list +* ("timer", "proc_info", etc) do not count as contributing any entropy +* but are included as they are fast and help protect against a +* seriously broken system RNG. +*/ +#define BOTAN_ENTROPY_DEFAULT_SOURCES \ + { "timestamp", "rdrand", "proc_info", \ + "darwin_secrandom", "dev_random", "win32_cryptoapi", "egd", \ + "proc_walk", "system_stats", "unix_procs" } + +/* +* These control the RNG used by the system RNG interface +*/ +#define BOTAN_SYSTEM_RNG_DEVICE "/dev/urandom" +#define BOTAN_SYSTEM_RNG_CRYPTOAPI_PROV_TYPE PROV_RSA_FULL + +/* +* These paramaters control how many bytes to read from the system +* PRNG, and how long to block if applicable. +* +* Timeout is ignored on Windows as CryptGenRandom doesn't block +*/ +#define BOTAN_SYSTEM_RNG_POLL_DEVICES { "/dev/urandom", "/dev/random", "/dev/srandom" } + +#define BOTAN_SYSTEM_RNG_POLL_REQUEST 64 +#define BOTAN_SYSTEM_RNG_POLL_TIMEOUT_MS 20 + +#define BOTAN_ENTROPY_EGD_PATHS { "/var/run/egd-pool", "/dev/egd-pool" } +#define BOTAN_ENTROPY_PROC_FS_PATH "/proc" +#define BOTAN_ENTROPY_SAFE_PATHS { "/bin", "/sbin", "/usr/bin", "/usr/sbin" } /* Should we use GCC-style inline assembler? */ #if !defined(BOTAN_USE_GCC_INLINE_ASM) && defined(__GNUG__) |