aboutsummaryrefslogtreecommitdiffstats
path: root/src/build-data
diff options
context:
space:
mode:
Diffstat (limited to 'src/build-data')
-rw-r--r--src/build-data/buildh.in73
-rw-r--r--src/build-data/cc/clang.txt10
-rw-r--r--src/build-data/cc/gcc.txt7
-rw-r--r--src/build-data/makefile/gmake.in2
-rw-r--r--src/build-data/makefile/nmake.in2
-rw-r--r--src/build-data/os/freebsd.txt4
-rw-r--r--src/build-data/policy/bsi.txt23
-rw-r--r--src/build-data/policy/modern.txt (renamed from src/build-data/policy/sane.txt)68
-rw-r--r--src/build-data/sphinx/conf.py6
9 files changed, 111 insertions, 84 deletions
diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in
index d6201be19..e943973a0 100644
--- a/src/build-data/buildh.in
+++ b/src/build-data/buildh.in
@@ -2,8 +2,8 @@
#define BOTAN_BUILD_CONFIG_H__
/*
-* This file was automatically generated %{timestamp} UTC by
-* %{user}@%{hostname} running '%{command_line}'
+* This file was automatically generated running
+* '%{command_line}'
*
* Target
* - Compiler: %{cxx} %{cxx_abi_flags} %{cc_compile_flags}
@@ -98,14 +98,20 @@
#define BOTAN_PRIVATE_KEY_STRONG_CHECKS_ON_GENERATE 1
/*
-* RNGs will automatically poll the system for additional seed material
-* after producing this many bytes of output.
+* Userspace RNGs like HMAC_DRBG will reseed after a specified number
+* of outputs are generated. Set to zero to disable automatic reseeding.
*/
-#define BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED 4096
-#define BOTAN_RNG_RESEED_POLL_BITS 128
+#define BOTAN_RNG_DEFAULT_RESEED_INTERVAL 1024
+#define BOTAN_RNG_RESEED_POLL_BITS 256
#define BOTAN_RNG_AUTO_RESEED_TIMEOUT std::chrono::milliseconds(10)
#define BOTAN_RNG_RESEED_DEFAULT_TIMEOUT std::chrono::milliseconds(50)
+/**
+* Controls how AutoSeeded_RNG is instantiated
+*/
+#define BOTAN_AUTO_RNG_DRBG HMAC_DRBG
+#define BOTAN_AUTO_RNG_HMAC "HMAC(SHA-384)"
+
/*
* Specifies (in order) the list of entropy sources that will be used
* to seed an in-memory RNG. The first few in the default list
@@ -140,41 +146,12 @@
#define BOTAN_ENTROPY_SAFE_PATHS { "/bin", "/sbin", "/usr/bin", "/usr/sbin" }
/*
-* Defines the static entropy estimates which each type of source uses.
-* These values are expressed as the bits of entropy per byte of
-* output (in double format) and should be conservative. These are used
-* unless an entropy source has some more specific opinion on the entropy
-* of the underlying source.
-*/
-
-// We include some high resolution timestamps because it can't hurt
-#define BOTAN_ENTROPY_ESTIMATE_TIMESTAMPS 0
-
-// Data which is system or process specific, but otherwise static
-#define BOTAN_ENTROPY_ESTIMATE_STATIC_SYSTEM_DATA 0
-
-// Binary system data of some kind
-#define BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA 0.5
-
-// Human readable text which has entropy
-#define BOTAN_ENTROPY_ESTIMATE_SYSTEM_TEXT (1.0 / 64)
-
-/*
-The output of a hardware RNG such as RDRAND / RDSEED
-
-By default such RNGs are used but not trusted, so that the standard
-softare-based entropy polling is still used.
-*/
-#define BOTAN_ENTROPY_ESTIMATE_HARDWARE_RNG 0.0
-
-/*
-How often should the RdRand/RdSeed RNGs be polled
-
-Each poll generates 32 bit entropy
+How many times to read from the RDRAND/RDSEED RNGs.
+Each read generates 32 bits of output
*/
#define BOTAN_ENTROPY_INTEL_RNG_POLLS 32
-// According to Intel RdRand is guaranteed to generate a random number within 10 retries on a working CPU
+// According to Intel, RDRAND is guaranteed to generate a random number within 10 retries on a working CPU
#define BOTAN_ENTROPY_RDRAND_RETRIES 10
/*
@@ -183,10 +160,6 @@ Each poll generates 32 bit entropy
*/
#define BOTAN_ENTROPY_RDSEED_RETRIES 20
-// The output of a PRNG we are trusting to be strong
-#define BOTAN_ENTROPY_ESTIMATE_STRONG_RNG 7.0
-
-
/*
* Compiler and target specific flags
*/
@@ -297,4 +270,20 @@ Each poll generates 32 bit entropy
// The struct is only declared to force the semicolon, it is never defined.
#define BOTAN_FORCE_SEMICOLON struct BOTAN_DUMMY_STRUCT
+#if defined(BOTAN_TARGET_ARCH_IS_X86_64) && (\
+ (defined(_MSC_VER) && !defined(_WIN64)) || \
+ (defined(__clang__) && !defined(__x86_64__)) || \
+ (defined(__GNUG__) && !defined(__x86_64__)) \
+)
+ #error "Trying to compile Botan configured as x86_64 with non-x86_64 compiler."
+#endif
+
+#if defined(BOTAN_TARGET_ARCH_IS_X86_32) && (\
+ (defined(_MSC_VER) && defined(_WIN64)) || \
+ (defined(__clang__) && !defined(__i386__)) || \
+ (defined(__GNUG__) && !defined(__i386__)) \
+)
+ #error "Trying to compile Botan configured as x86_32 with non-x86_32 compiler."
+#endif
+
#endif
diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt
index 2585190c4..8c5baf7ca 100644
--- a/src/build-data/cc/clang.txt
+++ b/src/build-data/cc/clang.txt
@@ -11,12 +11,13 @@ add_framework_option "-framework "
lang_flags "-std=c++11 -D_REENTRANT -fstack-protector"
warning_flags "-Wall -Wextra -Wpedantic -Wshadow -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wunreachable-code"
-maintainer_warning_flags "-Qunused-arguments -Werror -Wno-error=unused-parameter -Wno-error=unused-variable -Wno-error=unreachable-code"
+maintainer_warning_flags "-Qunused-arguments -Werror -Wno-error=unused-parameter -Wno-error=unused-variable -Wno-error=unreachable-code -Wno-error=deprecated-declarations"
compile_flags "-c"
debug_info_flags "-g"
optimization_flags "-O3"
-sanitizer_flags "-fsanitize=address,undefined -fsanitize-coverage=edge,indirect-calls,8bit-counters -fno-sanitize-recover=undefined"
+#sanitizer_flags "-fsanitize=address,undefined -fsanitize-coverage=edge,indirect-calls,8bit-counters -fno-sanitize-recover=undefined"
+sanitizer_flags "-fsanitize=address,undefined"
shared_flags "-fPIC"
coverage_flags "--coverage"
@@ -40,6 +41,8 @@ darwin -> "$(LINKER) -headerpad_max_install_names"
darwin-debug -> "$(LINKER) -headerpad_max_install_names"
linux -> "$(LINKER) -Wl,-rpath=\$$ORIGIN"
linux-debug -> "$(LINKER) -Wl,-rpath=\$$ORIGIN"
+freebsd -> "$(LINKER) -Wl,-rpath=\$$ORIGIN"
+freebsd-debug -> "$(LINKER) -Wl,-rpath=\$$ORIGIN"
default -> "$(LINKER)"
default-debug -> "$(LINKER)"
</binary_link_commands>
@@ -59,6 +62,7 @@ altivec -> "-maltivec"
</isa_flags>
<mach_opt>
+x86_32 -> "-march=SUBMODEL"
x86_64 -> "-march=SUBMODEL"
nehalem -> "-march=corei7"
sandybridge -> "-march=corei7-avx"
@@ -68,8 +72,10 @@ ivybridge -> "-march=core-avx-i"
<mach_abi_linking>
all -> "-pthread"
+x86_32 -> "-m32"
x86_64 -> "-m64"
ppc64 -> "-m64"
+darwin -> "-stdlib=libc++"
netbsd -> "-D_NETBSD_SOURCE"
</mach_abi_linking>
diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt
index 0687a6dd0..7d795d4e1 100644
--- a/src/build-data/cc/gcc.txt
+++ b/src/build-data/cc/gcc.txt
@@ -8,8 +8,11 @@ add_lib_dir_option -L
add_lib_option -l
lang_flags "-std=c++11 -D_REENTRANT"
-maintainer_warning_flags "-Wold-style-cast -Werror -Wno-error=old-style-cast -Wno-error=zero-as-null-pointer-constant -Wno-error=unused-parameter -Wno-error=unused-variable -Wno-error=strict-overflow -Wsuggest-override"
-warning_flags "-Wall -Wextra -Wpedantic -Wshadow -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wzero-as-null-pointer-constant -Wnon-virtual-dtor"
+
+# This should only contain flags which are included in GCC 4.8
+warning_flags "-Wall -Wextra -Wpedantic -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wzero-as-null-pointer-constant -Wnon-virtual-dtor"
+
+maintainer_warning_flags "-Wold-style-cast -Wsuggest-override -Wshadow -Werror -Wno-error=old-style-cast -Wno-error=zero-as-null-pointer-constant -Wno-error=unused-parameter -Wno-error=unused-variable -Wno-error=strict-overflow -Wno-error=deprecated-declarations"
compile_flags "-c"
debug_info_flags "-g"
diff --git a/src/build-data/makefile/gmake.in b/src/build-data/makefile/gmake.in
index d68db271c..60ff6d58d 100644
--- a/src/build-data/makefile/gmake.in
+++ b/src/build-data/makefile/gmake.in
@@ -58,7 +58,7 @@ clean:
-$(RM) %{libobj_dir}/*
-$(RM) %{testobj_dir}/*
-$(RM) %{cliobj_dir}/*
- -$(RM) $(SONAME) $(SYMLINK)
+ -$(RM) $(SONAME_ABI) $(SONAME_BASE)
-$(RM) $(LIBRARIES) $(CLI) $(TEST)
distclean: clean
diff --git a/src/build-data/makefile/nmake.in b/src/build-data/makefile/nmake.in
index 119e91849..4075ccbbf 100644
--- a/src/build-data/makefile/nmake.in
+++ b/src/build-data/makefile/nmake.in
@@ -14,7 +14,7 @@ RM_R = $(RM) /S
RMDIR = @rmdir
# Executable targets
-CLI = %{out_dir}\botan%{program_suffix}
+CLI = %{out_dir}\botan-cli%{program_suffix}
TEST = %{out_dir}\botan-test%{program_suffix}
# Library targets
diff --git a/src/build-data/os/freebsd.txt b/src/build-data/os/freebsd.txt
index dfe3d2edf..9d6ed3614 100644
--- a/src/build-data/os/freebsd.txt
+++ b/src/build-data/os/freebsd.txt
@@ -1,5 +1,9 @@
os_type unix
+soname_pattern_base "libbotan-{version_major}.{version_minor}.so"
+soname_pattern_abi "libbotan-{version_major}.{version_minor}.so.{abi_rev}"
+soname_pattern_patch "libbotan-{version_major}.{version_minor}.so.{abi_rev}.{version_patch}"
+
<target_features>
clock_gettime
gettimeofday
diff --git a/src/build-data/policy/bsi.txt b/src/build-data/policy/bsi.txt
index b8d47a5fd..048f63892 100644
--- a/src/build-data/policy/bsi.txt
+++ b/src/build-data/policy/bsi.txt
@@ -19,6 +19,11 @@ keccak
cmac
hmac
+# kdf
+kdf1_iso18033
+sp800_108
+sp800_56c
+
# pk_pad
eme_oaep
emsa_pssr
@@ -31,11 +36,12 @@ rsa
dsa
ecdsa
ecgdsa
+ecies
+eckcdsa
ecdh
# rng
auto_rng
-hmac_rng
hmac_drbg
</required>
@@ -52,14 +58,16 @@ beos_stats
cryptoapi_rng
darwin_secrandom
dev_random
-egd
hres_timer
proc_walk
rdrand
rdseed
-system_rng
win32_stats
+# rng
+rdrand_rng
+system_rng
+
# utils
locking_allocator
simd_altivec
@@ -111,6 +119,11 @@ ofb
rc4
salsa20
+# kdf
+kdf1
+kdf2
+prf_x942
+
# pubkey
curve25519
elgamal
@@ -118,6 +131,7 @@ gost_3410
mce
mceies
nr
+rfc6979
rw
# pk_pad
@@ -152,6 +166,9 @@ x919_mac
# rng
x931_rng
+
+# entropy sources
+egd
unix_procs
</prohibited>
diff --git a/src/build-data/policy/sane.txt b/src/build-data/policy/modern.txt
index f75242266..a98ec5077 100644
--- a/src/build-data/policy/sane.txt
+++ b/src/build-data/policy/modern.txt
@@ -22,28 +22,59 @@ poly1305
siphash
pbkdf2
+bcrypt
+compression
# required for private key encryption
pbes2
-# required for TLS
-prf_tls
-
curve25519
ecdh
ecdsa
rsa
+rfc6979
eme_oaep
emsa_pssr
emsa1
auto_rng
-hmac_rng
+hmac_drbg
ffi
</required>
+<if_available>
+tls
+prf_tls
+
+clmul
+locking_allocator
+
+aes_ni
+aes_ssse3
+serpent_simd
+threefish_avx2
+
+simd_scalar
+simd_sse2
+simd_altivec
+
+rdrand_rng
+system_rng
+
+# entropy sources
+beos_stats
+cryptoapi_rng
+darwin_secrandom
+dev_random
+hres_timer
+proc_walk
+rdrand
+rdseed
+win32_stats
+</if_available>
+
<prohibited>
cast
des
@@ -91,32 +122,9 @@ x931_rng
passhash9
cryptobox
+
+# questionable entropy sources
+egd
unix_procs
</prohibited>
-<if_available>
-clmul
-locking_allocator
-
-aes_ni
-aes_ssse3
-serpent_simd
-threefish_avx2
-
-simd_scalar
-simd_sse2
-simd_altivec
-
-# entropy sources
-beos_stats
-cryptoapi_rng
-darwin_secrandom
-dev_random
-egd
-hres_timer
-proc_walk
-rdrand
-rdseed
-system_rng
-win32_stats
-</if_available>
diff --git a/src/build-data/sphinx/conf.py b/src/build-data/sphinx/conf.py
index f506b461a..ff927c8bd 100644
--- a/src/build-data/sphinx/conf.py
+++ b/src/build-data/sphinx/conf.py
@@ -32,11 +32,11 @@ templates_path = ['templates']
if is_website_build and use_disqus:
templates_path += ['disqus']
-files_dir = 'http://botan.randombit.net/releases'
+files_dir = 'https://botan.randombit.net/releases'
extlinks = {
'wikipedia': ('https://en.wikipedia.org/wiki/%s', ''),
- 'botan-devel': ('http://lists.randombit.net/pipermail/botan-devel/%s.html', None),
+ 'botan-devel': ('https://lists.randombit.net/pipermail/botan-devel/%s.html', None),
'cve': ('https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-%s', 'CVE-'),
@@ -177,7 +177,7 @@ html_show_copyright = False
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
if is_website_build:
- html_use_opensearch = 'http://botan.randombit.net/'
+ html_use_opensearch = 'https://botan.randombit.net/'
else:
html_use_opensearch = ''