aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Use Libs.private for listing dependencies in pkg-config, this leads tolloyd2009-03-281-1/+2
| | | | somewhat cleaner .so dependencies on ELF systems. Patch from Zack Weinberg.
* No reason to include mdx_hash.h in MD2 since it derives directly fromlloyd2009-03-272-24/+24
| | | | HashFunction; include hash.h instead
* Compile fix: missing a commalloyd2009-03-271-1/+1
|
* Check the return value of lseek in the mmap allocatorlloyd2009-03-271-1/+3
|
* Use u32bit instead of int for loop counter in ctzlloyd2009-03-271-1/+1
|
* GOST was using a completely non-standard set of sboxes. Change it to uselloyd2009-03-2711-336/+218
| | | | | | | | | | | | | | | GostR3411_94_TestParamSet, this is compatible with the implementations in Crypto++ and OpenSSL. This is not backwards compatible, though once the implementation supports multiple param sets (which is required, unfortunately, for compatability with various standards by CryptoCom, who have defined not one but at least 4 (!!!) different sboxes to use with GOST), I may offer Botan's previous sbox set as an option. Since adding the GOST hash function (34.11) and signing algorithm (34.10) are on the long term agenda (request by Rickard Bondesson, as the Russian authorities want to use their local standards for their DNSSEC use), I renamed the block cipher class (which had been just 'GOST') to GOST_28147_89 to minimize future name clashes.
* Add back the public key filters, at the request of Andreas Podgurski onlloyd2009-03-193-0/+204
| | | | the mailing list.
* Add LibraryInitializers to the examples, instead of relying on lazy init.lloyd2009-03-1739-10/+67
| | | | Patch from David X Callaway.
* Expand some acronyms and various grammatical fixes to the tutorial document,lloyd2009-03-061-23/+24
| | | | submitted by Charles Brockman in bug 41
* Fix misspelled words in algo_factory.{cpp,h}, from Charles Brockman in bug 40lloyd2009-03-022-12/+13
|
* Update some doxygen comments. Contributed by Charles Brockman in bug #39lloyd2009-03-023-28/+28
|
* merge of '4d21273f3094d6b2c2bc149c76383d54ce0a0006'lloyd2009-02-112-56/+62
|\ | | | | | | and 'b4c266ae827b5a19f0cc07dc9b55a95fd4915a1e'
| * Apply a set of patches by Charles Brockman <[email protected]> fixinglloyd2009-02-112-56/+62
| | | | | | | | | | | | a number of bugs in the documentation, mostly typos, grammatical errors, poorly worded sentences, and idioms likely to be confusing to non-English speakers.
* | Mention merge of n.r.b.entropy-poll-redesignlloyd2009-02-081-0/+1
| |
* | merge of '93d8e162df445b607d3085d0f966f4e7b286108a'lloyd2009-01-3112-123/+129
|\ \ | | | | | | | | | and 'fc89152d6d99043fb9ed1e9f2569fde3fee419e5'
| * | In es_unix, two changeslloyd2009-01-311-6/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make the fast poll significantly more pessimistic/realistic about how many bits of randomness we're getting from getrusage and stat. Don't cut out from execing programs if the desired poll bits is under 128. Simply poll until either the accumulator says we're done or we run out of sources. Assumption is that the poll won't be run at all unless it is ncessary (es_unix comes late in the list of sources to use since it is pretty slow).
| * | Recast to byte pointer in Entropy_Accumulator before passing to add_byteslloyd2009-01-311-4/+4
| | |
| * | Update examples for changed EntropySource and RandomNumberGenerator interfaceslloyd2009-01-312-11/+14
| | |
| * | propagate from branch 'net.randombit.botan' (head ↵lloyd2009-01-3135-863/+704
| |\ \ | | | | | | | | | | | | | | | | | | | | 4518ef63a5e28e22a61d21a6066d0d4a5cf0616e) to branch 'net.randombit.botan.entropy-poll-redesign' (head c8e07f10a193b25bab726af99ea2ea77a0f30eaf)
| | * | Remove the notion of counting entropy bits in HMAC_RNG or Randpool.lloyd2009-01-314-35/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead simply consider the PRNG seeded if a poll kicked off from reseed met its goal, or if the user adds data. Doing anything else prevents creating (for instance) a PRNG seeded with 64 bits of entropy, which is unsafe for some purposes (key generation) but quite possibly safe enough for others (generating salts and such).
| | * | Change the max amount read from /dev/*random to 128 bits.lloyd2009-01-311-9/+4
| | | | | | | | | | | | | | | | | | | | | | | | Also, change the wait time to bits/16 milliseconds. For instance if 64 bits of entropy are requested, the reader will wait at most 4 ms in the select loop.
| | * | Track the collected entropy as a double instead of a unsigned int. Otherwiselloyd2009-01-311-3/+5
| | | | | | | | | | | | | | | | | | | | | | | | inputs might end up not contributing anything to the count even when they should. This was paricularly noticable with the proc walker - it uses an estimate of .01 bits / byte, so if the file was < 100 bytes it would not count for anything at all.
| | * | Make Entropy_Accumulator a pure virtual to allow other accumulationlloyd2009-01-313-7/+28
| | | | | | | | | | | | | | | | | | | | techniques, with the one using BufferedComputation being the new subclass with the charming name Entropy_Accumulator_BufferedComputation.
| | * | In the X9.31 PRNG, move the code that rekeys the cipher and generates V tolloyd2009-01-312-44/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | a new member function rekey, calling it from both reseed and add_entropy. Previously add_entropy worked without this because the PRNG would reseed itself automatically if it was not at the point when randomize() was called, but once this was removed it was necessary to ensure a rekey kicked off, if appropriate, when calling add_entropy.
| * | | A new warning in glibc triggers if memset is called with a constant sizelloyd2009-01-311-8/+8
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | of 0 (on the theory this is a mistake and the second and third arguments were swapped). However the GCC inliner apparently is good enough that it is triggering on code that just happens to create a zero length SecureVector or equivalent - the constants get propagated so __builtin_constant_p returns true. Add an if(n) in clear_mem so we skip calling memset if the size is zero.
* | | Compilation fixes for the Win32 entropy sources.lloyd2009-01-282-4/+4
| |/ |/|
* | Double the static estimate in es_ftw. To collect 256 bits of estimatedlloyd2009-01-281-1/+1
| | | | | | | | | | entropy, the proc walker will read about 256K bytes. This seems plenty sufficient to me.
* | In the BeOS entropy poll, quit the loop early if the polling goal waslloyd2009-01-281-0/+3
| | | | | | | | achieved.
* | Go back to entropy bits per byte, instead of total estimated entropy oflloyd2009-01-281-4/+4
| | | | | | | | the buffer.
* | Fix test_es for new Entropy_Accumulator interface. It XORs into a blocklloyd2009-01-271-21/+27
| | | | | | | | | | of 64 bytes. Not ideal but at least gives a sense of what it is putting out.
* | Have Entropy_Accumulator dump everything into a BufferedComputation.lloyd2009-01-275-108/+26
| | | | | | | | | | | | | | | | | | | | | | | | Since both Randpool and HMAC_RNG fed the input into a MAC anyway, this works nicely. (It would be nicer to use tr1::function but, argh, don't want to fully depend on TR1 quite yet. C++0x cannot come soon enough). This avoids requiring to do run length encoding, it just dumps everything as-is into the MAC. This ensures the buffer is not a potential narrow pipe for the entropy (for instance, one might imagine an entropy source which outputs one random byte every 16 bytes, and the rest some repeating pattern - using a 16 byte buffer, you would only get 8 bits of entropy total, no matter how many times you sampled).
* | Major change in RNG semantics: you must call reseed before callinglloyd2009-01-273-20/+4
| | | | | | | | randomize, or PRNG_Unseeded will be thrown.
* | Check in a branch with a major redesign on how entropy polling is performed.lloyd2009-01-2737-776/+700
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Combine the fast and slow polls, into a single poll() operation. Instead of being given a buffer to write output into, the EntropySource is passed an Entropy_Accumulator. This handles the RLE encoding that xor_into_buf used to do. It also contains a cached I/O buffer so entropy sources do not individually need to allocate memory for that with each poll. When data is added to the accumulator, the source specifies an estimate of the number of bits of entropy per byte, as a double. This is tracked in the accumulator. Once the estimated entropy hits a target (set by the constructor), the accumulator's member function predicate polling_goal_achieved flips to true. This signals to the PRNG that it can stop performing polling on sources, also polls that take a long time periodically check this flag and return immediately. The Win32 and BeOS entropy sources have been updated, but blindly; testing is needed. The test_es example program has been modified: now it polls twice and outputs the XOR of the two collected results. That helps show if the output is consistent across polls (not a good thing). I have noticed on the Unix entropy source, occasionally there are many 0x00 bytes in the output, which is not optimal. This also needs to be investigated. The RLE is not actually RLE anymore. It works well for non-random inputs (ASCII text, etc), but I noticed that when /dev/random output was fed into it, the output buffer would end up being RR01RR01RR01 where RR is a random byte and 00 is the byte count. The buffer sizing also needs to be examined carefully. It might be useful to choose a prime number for the size to XOR stuff into, to help ensure an even distribution of entropy across the entire buffer space. Or: feed it all into a hash function? This change should (perhaps with further modifications) help WRT the concerns Zack W raised about the RNG on the monotone-dev list.
* Bump to 1.8.2-prelloyd2009-01-213-2/+5
|
* merge of '17ebb8fd6cdfe0a743092b2bf5b039a351cc23be'lloyd2009-01-219-17/+31
|\ | | | | | | and '76da4a953201fc0f0b510ea82d5a3986ec8ab44a'
| * Fix paths in dist script1.8.1lloyd2009-01-201-3/+2
| |
| * Update readme and release notes for 1.8.1 release 2008-01-20lloyd2009-01-202-2/+3
| |
| * Use printf instead of echo -n in botan-config, as according to bug reportslloyd2009-01-191-1/+1
| | | | | | | | | | | | | | | | | | echo -n does not work on (at least) Solaris 10 and MacOS X, while printf will do the right thing and is available at least as far back as 4.2 BSD (and as a policy, I'm not interested in supporting Unix distros that shipped before I was born). Patch from Markus Wanner.
| * Bump version in configure and readme to 1.8.1-prelloyd2009-01-032-2/+2
| |
| * In the Unix entropy source fast poll, clear the stat buf beforelloyd2009-01-032-0/+2
| | | | | | | | | | | | | | | | | | | | we call stat. Apparently on 32-bit Linux (or at least on Ubuntu 8.04/x86), struct stat has some padding bytes, which are not written to by the syscall, but valgrind doesn't realize that this is OK, and warns about uninitialized memory access when we read the contents of the struct. Since this data is then fed into the PRNG, the PRNG state and output becomes tainted, which makes valgrind's output rather useless.
| * Relicense api.tex from the Creative Commons Attribution-Share Alike licenselloyd2008-12-142-5/+2
| | | | | | | | | | | | | | | | | | | | | | | | to the regular BSD license Botan is distributed under. Seems silly to have the one single file under a different (and more restrictive) license than everything else. As I am the only copyright holder I believe it is within my rights to do this. The only other contributor to api.tex I can think of is Ken Perano of Sandia Labs, who sent me several patches to api.tex that fixed minor grammatical issues, but which (AFAIK (IANAL)) were too small/trivial to be copyrightable.
| * Fix a memory leak in PKCS #8 load_key and encrypt_key that wouldlloyd2008-12-122-5/+12
| | | | | | | | | | | | | | | | | | | | occur because PKCS #5 v2.0 doesn't support empty passphrases (though maybe it should?). In this case pbe->set_key would throw an exception, causing the stack to be unwound without the (dynamically created) PBE object being deleted. Use auto_ptr to hold the PBE*, then .release() it when passing it to the Pipe (since Pipe takes ownership of its Filters). Noticed when looking at valgrind analysis of monotone's sync command.
| * Add a ref to a paper describing a chosen ciphertext attack on OAEPlloyd2008-12-081-0/+8
| | | | | | | | since it is relevant to the implementation.
| * DL_Group constructor taking three BigInts had the order of q and g swappedlloyd2008-12-081-1/+1
| | | | | | | | in the header.
| * Update readme and log for 1.8.0 release 2008-12-081.8.0lloyd2008-12-082-2/+2
| |
* | Argh. Using printf in botan-config didn't work either, because somelloyd2009-01-211-3/+3
|/ | | | | | printfs would complain because it would think that the -L/lib/dir was an (unknown) option instead of the string. Instead use a plain echo in each branch of the if, slight code duplication but not a huge deal.
* Rickard Bondesson reported on botan-devel about some problems buildinglloyd2008-12-027-27/+17
| | | | | | | | | | | | | | | | | | | | on Solaris 10 with GCC 3.4.3. First, remove the definition of _XOPEN_SOURCE_EXTENDED=1 in mmap_mem.cpp and unix_cmd.cpp, because apparently on Solaris defining this macro breaks C++ compilation entirely with GCC: http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6395191 In es_egd.cpp and es_dev.cpp, include <fcntl.h> to get the declaration of open(), which is apparently where open(2) lives on Solaris - this matches the include the *BSD man pages for open(2) show, though AFAIK the BSDs all compiled fine without it (probably due to greater efforts to be source-compatible with Linux systems by *BSD developers). I have not been able to test these changes personally on Solaris but Rickard reports that with these changes everything compiles OK. Update lib version to 1.8.0-pre. ZOMG. Finally.
* Update log file for 1.7.24 release 2008-12-011.7.24lloyd2008-12-011-1/+1
|
* Update readme for 1.7.24. Clean up some of the textlloyd2008-11-301-19/+23
|
* Add some test vectors for EMSA3(Raw) with RSA generated using Crypto++lloyd2008-11-301-0/+58
|