diff options
Diffstat (limited to 'src/build-data')
-rw-r--r-- | src/build-data/buildh.in | 73 | ||||
-rw-r--r-- | src/build-data/cc/clang.txt | 10 | ||||
-rw-r--r-- | src/build-data/cc/gcc.txt | 7 | ||||
-rw-r--r-- | src/build-data/makefile/gmake.in | 2 | ||||
-rw-r--r-- | src/build-data/makefile/nmake.in | 2 | ||||
-rw-r--r-- | src/build-data/os/freebsd.txt | 4 | ||||
-rw-r--r-- | src/build-data/policy/bsi.txt | 23 | ||||
-rw-r--r-- | src/build-data/policy/modern.txt (renamed from src/build-data/policy/sane.txt) | 68 | ||||
-rw-r--r-- | src/build-data/sphinx/conf.py | 6 |
9 files changed, 111 insertions, 84 deletions
diff --git a/src/build-data/buildh.in b/src/build-data/buildh.in index d6201be19..e943973a0 100644 --- a/src/build-data/buildh.in +++ b/src/build-data/buildh.in @@ -2,8 +2,8 @@ #define BOTAN_BUILD_CONFIG_H__ /* -* This file was automatically generated %{timestamp} UTC by -* %{user}@%{hostname} running '%{command_line}' +* This file was automatically generated running +* '%{command_line}' * * Target * - Compiler: %{cxx} %{cxx_abi_flags} %{cc_compile_flags} @@ -98,14 +98,20 @@ #define BOTAN_PRIVATE_KEY_STRONG_CHECKS_ON_GENERATE 1 /* -* RNGs will automatically poll the system for additional seed material -* after producing this many bytes of output. +* Userspace RNGs like HMAC_DRBG will reseed after a specified number +* of outputs are generated. Set to zero to disable automatic reseeding. */ -#define BOTAN_RNG_MAX_OUTPUT_BEFORE_RESEED 4096 -#define BOTAN_RNG_RESEED_POLL_BITS 128 +#define BOTAN_RNG_DEFAULT_RESEED_INTERVAL 1024 +#define BOTAN_RNG_RESEED_POLL_BITS 256 #define BOTAN_RNG_AUTO_RESEED_TIMEOUT std::chrono::milliseconds(10) #define BOTAN_RNG_RESEED_DEFAULT_TIMEOUT std::chrono::milliseconds(50) +/** +* Controls how AutoSeeded_RNG is instantiated +*/ +#define BOTAN_AUTO_RNG_DRBG HMAC_DRBG +#define BOTAN_AUTO_RNG_HMAC "HMAC(SHA-384)" + /* * Specifies (in order) the list of entropy sources that will be used * to seed an in-memory RNG. The first few in the default list @@ -140,41 +146,12 @@ #define BOTAN_ENTROPY_SAFE_PATHS { "/bin", "/sbin", "/usr/bin", "/usr/sbin" } /* -* Defines the static entropy estimates which each type of source uses. -* These values are expressed as the bits of entropy per byte of -* output (in double format) and should be conservative. These are used -* unless an entropy source has some more specific opinion on the entropy -* of the underlying source. -*/ - -// We include some high resolution timestamps because it can't hurt -#define BOTAN_ENTROPY_ESTIMATE_TIMESTAMPS 0 - -// Data which is system or process specific, but otherwise static -#define BOTAN_ENTROPY_ESTIMATE_STATIC_SYSTEM_DATA 0 - -// Binary system data of some kind -#define BOTAN_ENTROPY_ESTIMATE_SYSTEM_DATA 0.5 - -// Human readable text which has entropy -#define BOTAN_ENTROPY_ESTIMATE_SYSTEM_TEXT (1.0 / 64) - -/* -The output of a hardware RNG such as RDRAND / RDSEED - -By default such RNGs are used but not trusted, so that the standard -softare-based entropy polling is still used. -*/ -#define BOTAN_ENTROPY_ESTIMATE_HARDWARE_RNG 0.0 - -/* -How often should the RdRand/RdSeed RNGs be polled - -Each poll generates 32 bit entropy +How many times to read from the RDRAND/RDSEED RNGs. +Each read generates 32 bits of output */ #define BOTAN_ENTROPY_INTEL_RNG_POLLS 32 -// According to Intel RdRand is guaranteed to generate a random number within 10 retries on a working CPU +// According to Intel, RDRAND is guaranteed to generate a random number within 10 retries on a working CPU #define BOTAN_ENTROPY_RDRAND_RETRIES 10 /* @@ -183,10 +160,6 @@ Each poll generates 32 bit entropy */ #define BOTAN_ENTROPY_RDSEED_RETRIES 20 -// The output of a PRNG we are trusting to be strong -#define BOTAN_ENTROPY_ESTIMATE_STRONG_RNG 7.0 - - /* * Compiler and target specific flags */ @@ -297,4 +270,20 @@ Each poll generates 32 bit entropy // The struct is only declared to force the semicolon, it is never defined. #define BOTAN_FORCE_SEMICOLON struct BOTAN_DUMMY_STRUCT +#if defined(BOTAN_TARGET_ARCH_IS_X86_64) && (\ + (defined(_MSC_VER) && !defined(_WIN64)) || \ + (defined(__clang__) && !defined(__x86_64__)) || \ + (defined(__GNUG__) && !defined(__x86_64__)) \ +) + #error "Trying to compile Botan configured as x86_64 with non-x86_64 compiler." +#endif + +#if defined(BOTAN_TARGET_ARCH_IS_X86_32) && (\ + (defined(_MSC_VER) && defined(_WIN64)) || \ + (defined(__clang__) && !defined(__i386__)) || \ + (defined(__GNUG__) && !defined(__i386__)) \ +) + #error "Trying to compile Botan configured as x86_32 with non-x86_32 compiler." +#endif + #endif diff --git a/src/build-data/cc/clang.txt b/src/build-data/cc/clang.txt index 2585190c4..8c5baf7ca 100644 --- a/src/build-data/cc/clang.txt +++ b/src/build-data/cc/clang.txt @@ -11,12 +11,13 @@ add_framework_option "-framework " lang_flags "-std=c++11 -D_REENTRANT -fstack-protector" warning_flags "-Wall -Wextra -Wpedantic -Wshadow -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wunreachable-code" -maintainer_warning_flags "-Qunused-arguments -Werror -Wno-error=unused-parameter -Wno-error=unused-variable -Wno-error=unreachable-code" +maintainer_warning_flags "-Qunused-arguments -Werror -Wno-error=unused-parameter -Wno-error=unused-variable -Wno-error=unreachable-code -Wno-error=deprecated-declarations" compile_flags "-c" debug_info_flags "-g" optimization_flags "-O3" -sanitizer_flags "-fsanitize=address,undefined -fsanitize-coverage=edge,indirect-calls,8bit-counters -fno-sanitize-recover=undefined" +#sanitizer_flags "-fsanitize=address,undefined -fsanitize-coverage=edge,indirect-calls,8bit-counters -fno-sanitize-recover=undefined" +sanitizer_flags "-fsanitize=address,undefined" shared_flags "-fPIC" coverage_flags "--coverage" @@ -40,6 +41,8 @@ darwin -> "$(LINKER) -headerpad_max_install_names" darwin-debug -> "$(LINKER) -headerpad_max_install_names" linux -> "$(LINKER) -Wl,-rpath=\$$ORIGIN" linux-debug -> "$(LINKER) -Wl,-rpath=\$$ORIGIN" +freebsd -> "$(LINKER) -Wl,-rpath=\$$ORIGIN" +freebsd-debug -> "$(LINKER) -Wl,-rpath=\$$ORIGIN" default -> "$(LINKER)" default-debug -> "$(LINKER)" </binary_link_commands> @@ -59,6 +62,7 @@ altivec -> "-maltivec" </isa_flags> <mach_opt> +x86_32 -> "-march=SUBMODEL" x86_64 -> "-march=SUBMODEL" nehalem -> "-march=corei7" sandybridge -> "-march=corei7-avx" @@ -68,8 +72,10 @@ ivybridge -> "-march=core-avx-i" <mach_abi_linking> all -> "-pthread" +x86_32 -> "-m32" x86_64 -> "-m64" ppc64 -> "-m64" +darwin -> "-stdlib=libc++" netbsd -> "-D_NETBSD_SOURCE" </mach_abi_linking> diff --git a/src/build-data/cc/gcc.txt b/src/build-data/cc/gcc.txt index 0687a6dd0..7d795d4e1 100644 --- a/src/build-data/cc/gcc.txt +++ b/src/build-data/cc/gcc.txt @@ -8,8 +8,11 @@ add_lib_dir_option -L add_lib_option -l lang_flags "-std=c++11 -D_REENTRANT" -maintainer_warning_flags "-Wold-style-cast -Werror -Wno-error=old-style-cast -Wno-error=zero-as-null-pointer-constant -Wno-error=unused-parameter -Wno-error=unused-variable -Wno-error=strict-overflow -Wsuggest-override" -warning_flags "-Wall -Wextra -Wpedantic -Wshadow -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wzero-as-null-pointer-constant -Wnon-virtual-dtor" + +# This should only contain flags which are included in GCC 4.8 +warning_flags "-Wall -Wextra -Wpedantic -Wstrict-aliasing -Wstrict-overflow=5 -Wcast-align -Wmissing-declarations -Wpointer-arith -Wcast-qual -Wzero-as-null-pointer-constant -Wnon-virtual-dtor" + +maintainer_warning_flags "-Wold-style-cast -Wsuggest-override -Wshadow -Werror -Wno-error=old-style-cast -Wno-error=zero-as-null-pointer-constant -Wno-error=unused-parameter -Wno-error=unused-variable -Wno-error=strict-overflow -Wno-error=deprecated-declarations" compile_flags "-c" debug_info_flags "-g" diff --git a/src/build-data/makefile/gmake.in b/src/build-data/makefile/gmake.in index d68db271c..60ff6d58d 100644 --- a/src/build-data/makefile/gmake.in +++ b/src/build-data/makefile/gmake.in @@ -58,7 +58,7 @@ clean: -$(RM) %{libobj_dir}/* -$(RM) %{testobj_dir}/* -$(RM) %{cliobj_dir}/* - -$(RM) $(SONAME) $(SYMLINK) + -$(RM) $(SONAME_ABI) $(SONAME_BASE) -$(RM) $(LIBRARIES) $(CLI) $(TEST) distclean: clean diff --git a/src/build-data/makefile/nmake.in b/src/build-data/makefile/nmake.in index 119e91849..4075ccbbf 100644 --- a/src/build-data/makefile/nmake.in +++ b/src/build-data/makefile/nmake.in @@ -14,7 +14,7 @@ RM_R = $(RM) /S RMDIR = @rmdir # Executable targets -CLI = %{out_dir}\botan%{program_suffix} +CLI = %{out_dir}\botan-cli%{program_suffix} TEST = %{out_dir}\botan-test%{program_suffix} # Library targets diff --git a/src/build-data/os/freebsd.txt b/src/build-data/os/freebsd.txt index dfe3d2edf..9d6ed3614 100644 --- a/src/build-data/os/freebsd.txt +++ b/src/build-data/os/freebsd.txt @@ -1,5 +1,9 @@ os_type unix +soname_pattern_base "libbotan-{version_major}.{version_minor}.so" +soname_pattern_abi "libbotan-{version_major}.{version_minor}.so.{abi_rev}" +soname_pattern_patch "libbotan-{version_major}.{version_minor}.so.{abi_rev}.{version_patch}" + <target_features> clock_gettime gettimeofday diff --git a/src/build-data/policy/bsi.txt b/src/build-data/policy/bsi.txt index b8d47a5fd..048f63892 100644 --- a/src/build-data/policy/bsi.txt +++ b/src/build-data/policy/bsi.txt @@ -19,6 +19,11 @@ keccak cmac hmac +# kdf +kdf1_iso18033 +sp800_108 +sp800_56c + # pk_pad eme_oaep emsa_pssr @@ -31,11 +36,12 @@ rsa dsa ecdsa ecgdsa +ecies +eckcdsa ecdh # rng auto_rng -hmac_rng hmac_drbg </required> @@ -52,14 +58,16 @@ beos_stats cryptoapi_rng darwin_secrandom dev_random -egd hres_timer proc_walk rdrand rdseed -system_rng win32_stats +# rng +rdrand_rng +system_rng + # utils locking_allocator simd_altivec @@ -111,6 +119,11 @@ ofb rc4 salsa20 +# kdf +kdf1 +kdf2 +prf_x942 + # pubkey curve25519 elgamal @@ -118,6 +131,7 @@ gost_3410 mce mceies nr +rfc6979 rw # pk_pad @@ -152,6 +166,9 @@ x919_mac # rng x931_rng + +# entropy sources +egd unix_procs </prohibited> diff --git a/src/build-data/policy/sane.txt b/src/build-data/policy/modern.txt index f75242266..a98ec5077 100644 --- a/src/build-data/policy/sane.txt +++ b/src/build-data/policy/modern.txt @@ -22,28 +22,59 @@ poly1305 siphash pbkdf2 +bcrypt +compression # required for private key encryption pbes2 -# required for TLS -prf_tls - curve25519 ecdh ecdsa rsa +rfc6979 eme_oaep emsa_pssr emsa1 auto_rng -hmac_rng +hmac_drbg ffi </required> +<if_available> +tls +prf_tls + +clmul +locking_allocator + +aes_ni +aes_ssse3 +serpent_simd +threefish_avx2 + +simd_scalar +simd_sse2 +simd_altivec + +rdrand_rng +system_rng + +# entropy sources +beos_stats +cryptoapi_rng +darwin_secrandom +dev_random +hres_timer +proc_walk +rdrand +rdseed +win32_stats +</if_available> + <prohibited> cast des @@ -91,32 +122,9 @@ x931_rng passhash9 cryptobox + +# questionable entropy sources +egd unix_procs </prohibited> -<if_available> -clmul -locking_allocator - -aes_ni -aes_ssse3 -serpent_simd -threefish_avx2 - -simd_scalar -simd_sse2 -simd_altivec - -# entropy sources -beos_stats -cryptoapi_rng -darwin_secrandom -dev_random -egd -hres_timer -proc_walk -rdrand -rdseed -system_rng -win32_stats -</if_available> diff --git a/src/build-data/sphinx/conf.py b/src/build-data/sphinx/conf.py index f506b461a..ff927c8bd 100644 --- a/src/build-data/sphinx/conf.py +++ b/src/build-data/sphinx/conf.py @@ -32,11 +32,11 @@ templates_path = ['templates'] if is_website_build and use_disqus: templates_path += ['disqus'] -files_dir = 'http://botan.randombit.net/releases' +files_dir = 'https://botan.randombit.net/releases' extlinks = { 'wikipedia': ('https://en.wikipedia.org/wiki/%s', ''), - 'botan-devel': ('http://lists.randombit.net/pipermail/botan-devel/%s.html', None), + 'botan-devel': ('https://lists.randombit.net/pipermail/botan-devel/%s.html', None), 'cve': ('https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-%s', 'CVE-'), @@ -177,7 +177,7 @@ html_show_copyright = False # contain a <link> tag referring to it. The value of this option must be the # base URL from which the finished HTML is served. if is_website_build: - html_use_opensearch = 'http://botan.randombit.net/' + html_use_opensearch = 'https://botan.randombit.net/' else: html_use_opensearch = '' |