aboutsummaryrefslogtreecommitdiffstats
path: root/doc
Commit message (Collapse)AuthorAgeFilesLines
* Document new configure.pylloyd2009-07-021-1/+1
|
* Change the makefile template language somewhat. Previously variableslloyd2009-07-011-4/+5
| | | | | | | | | | | | | | | | | had been denoted with @{var:NAME}, this has changed to %{NAME}. This is pretty much a wash for configure.pl but it makes it much easier to process the templates using Python's string.Template. The logic being the 'var:' prefix had been to support conditional statements in the templates (using an 'if:' prefix), but this functionality was not being used and support for it is removed from configure.pl in this revision. For a similiar reason, rename a number of template variables with hyphens in their name to use underscores instead. This is slightly more consistent anyway (since many variable names had already used _ instead of -) but more importantly makes them much easier to deal with using aforementioned Python template code. This should not result in any user-visible change (unless I messed up).
* Mention change in preferece for /dev/*random deviceslloyd2009-07-011-0/+1
|
* DataSource::discard_next did not actually return the number of discardedlloyd2009-06-241-0/+1
| | | | bytes. Bug noted by Falko Strenzke, fix by M. Braun. (bug id 31)
* Fix one of the examples, call bits_of() on OctetString before assigninglloyd2009-06-231-1/+1
|
* Use an input insensitive implementation of same_mem instead of memcmp.lloyd2009-06-221-0/+1
| | | | | | I don't know that having same_mem be sensitive to input would actually allow any form of timing attack in the current codebase, but it seemed like a prudent thing to do in any case.
* Improve handling of low-entropy situations in HMAC_RNG and Randpool.lloyd2009-06-211-3/+4
| | | | | | | | | | | When a reseed is attempted, up to poll_bits attempts will be made, running in order through the set of available sources. So for instance if poll_bits is set to the default 256, then up to 256 polls will be performed (some of which might not provide any entropy, of course) before stopping; of course if the accumulators goal is achived before that point, then the polling stops. This should greatly help to resolve the recent rash of PRNG unseeded problems some people have been having.
* Fix Gentoo bug 272242lloyd2009-06-061-0/+1
|
* Add an implementation of Skein-512lloyd2009-06-021-0/+1
|
* Document adding a default param for AutoSeeded_RNG::reseedlloyd2009-04-221-0/+1
|
* Bump version to 0.8.3-prelloyd2009-04-161-0/+3
|
* Update for 1.8.2 release 2009-04-071.8.2lloyd2009-04-081-1/+1
|
* Add the GOST 34.11 hash function. Pretty slow, but functional.lloyd2009-04-071-0/+1
|
* Clean up the GOST_2ROUND macro a bit. Put in do/while block so it is alloyd2009-04-071-2/+2
| | | | statement (at least as far as the calling code is concerned)
* s/NYC/Vermont/lloyd2009-04-011-1/+1
|
* GOST was using a completely non-standard set of sboxes. Change it to uselloyd2009-03-271-0/+1
| | | | | | | | | | | | | | | GostR3411_94_TestParamSet, this is compatible with the implementations in Crypto++ and OpenSSL. This is not backwards compatible, though once the implementation supports multiple param sets (which is required, unfortunately, for compatability with various standards by CryptoCom, who have defined not one but at least 4 (!!!) different sboxes to use with GOST), I may offer Botan's previous sbox set as an option. Since adding the GOST hash function (34.11) and signing algorithm (34.10) are on the long term agenda (request by Rickard Bondesson, as the Russian authorities want to use their local standards for their DNSSEC use), I renamed the block cipher class (which had been just 'GOST') to GOST_28147_89 to minimize future name clashes.
* Add LibraryInitializers to the examples, instead of relying on lazy init.lloyd2009-03-1739-10/+67
| | | | Patch from David X Callaway.
* Expand some acronyms and various grammatical fixes to the tutorial document,lloyd2009-03-061-23/+24
| | | | submitted by Charles Brockman in bug 41
* merge of '4d21273f3094d6b2c2bc149c76383d54ce0a0006'lloyd2009-02-112-56/+62
|\ | | | | | | and 'b4c266ae827b5a19f0cc07dc9b55a95fd4915a1e'
| * Apply a set of patches by Charles Brockman <[email protected]> fixinglloyd2009-02-112-56/+62
| | | | | | | | | | | | a number of bugs in the documentation, mostly typos, grammatical errors, poorly worded sentences, and idioms likely to be confusing to non-English speakers.
* | Mention merge of n.r.b.entropy-poll-redesignlloyd2009-02-081-0/+1
| |
* | Update examples for changed EntropySource and RandomNumberGenerator interfaceslloyd2009-01-312-11/+14
| |
* | Fix test_es for new Entropy_Accumulator interface. It XORs into a blocklloyd2009-01-271-21/+27
| | | | | | | | | | of 64 bytes. Not ideal but at least gives a sense of what it is putting out.
* | Check in a branch with a major redesign on how entropy polling is performed.lloyd2009-01-272-17/+24
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Combine the fast and slow polls, into a single poll() operation. Instead of being given a buffer to write output into, the EntropySource is passed an Entropy_Accumulator. This handles the RLE encoding that xor_into_buf used to do. It also contains a cached I/O buffer so entropy sources do not individually need to allocate memory for that with each poll. When data is added to the accumulator, the source specifies an estimate of the number of bits of entropy per byte, as a double. This is tracked in the accumulator. Once the estimated entropy hits a target (set by the constructor), the accumulator's member function predicate polling_goal_achieved flips to true. This signals to the PRNG that it can stop performing polling on sources, also polls that take a long time periodically check this flag and return immediately. The Win32 and BeOS entropy sources have been updated, but blindly; testing is needed. The test_es example program has been modified: now it polls twice and outputs the XOR of the two collected results. That helps show if the output is consistent across polls (not a good thing). I have noticed on the Unix entropy source, occasionally there are many 0x00 bytes in the output, which is not optimal. This also needs to be investigated. The RLE is not actually RLE anymore. It works well for non-random inputs (ASCII text, etc), but I noticed that when /dev/random output was fed into it, the output buffer would end up being RR01RR01RR01 where RR is a random byte and 00 is the byte count. The buffer sizing also needs to be examined carefully. It might be useful to choose a prime number for the size to XOR stuff into, to help ensure an even distribution of entropy across the entire buffer space. Or: feed it all into a hash function? This change should (perhaps with further modifications) help WRT the concerns Zack W raised about the RNG on the monotone-dev list.
* Bump to 1.8.2-prelloyd2009-01-211-0/+3
|
* Fix paths in dist script1.8.1lloyd2009-01-201-3/+2
|
* Update readme and release notes for 1.8.1 release 2008-01-20lloyd2009-01-201-1/+2
|
* In the Unix entropy source fast poll, clear the stat buf beforelloyd2009-01-031-0/+1
| | | | | | | | | | we call stat. Apparently on 32-bit Linux (or at least on Ubuntu 8.04/x86), struct stat has some padding bytes, which are not written to by the syscall, but valgrind doesn't realize that this is OK, and warns about uninitialized memory access when we read the contents of the struct. Since this data is then fed into the PRNG, the PRNG state and output becomes tainted, which makes valgrind's output rather useless.
* Relicense api.tex from the Creative Commons Attribution-Share Alike licenselloyd2008-12-142-5/+2
| | | | | | | | | | | | to the regular BSD license Botan is distributed under. Seems silly to have the one single file under a different (and more restrictive) license than everything else. As I am the only copyright holder I believe it is within my rights to do this. The only other contributor to api.tex I can think of is Ken Perano of Sandia Labs, who sent me several patches to api.tex that fixed minor grammatical issues, but which (AFAIK (IANAL)) were too small/trivial to be copyrightable.
* Fix a memory leak in PKCS #8 load_key and encrypt_key that wouldlloyd2008-12-121-0/+3
| | | | | | | | | | occur because PKCS #5 v2.0 doesn't support empty passphrases (though maybe it should?). In this case pbe->set_key would throw an exception, causing the stack to be unwound without the (dynamically created) PBE object being deleted. Use auto_ptr to hold the PBE*, then .release() it when passing it to the Pipe (since Pipe takes ownership of its Filters). Noticed when looking at valgrind analysis of monotone's sync command.
* Update readme and log for 1.8.0 release 2008-12-081.8.0lloyd2008-12-081-1/+1
|
* Rickard Bondesson reported on botan-devel about some problems buildinglloyd2008-12-021-0/+3
| | | | | | | | | | | | | | | | | | | | on Solaris 10 with GCC 3.4.3. First, remove the definition of _XOPEN_SOURCE_EXTENDED=1 in mmap_mem.cpp and unix_cmd.cpp, because apparently on Solaris defining this macro breaks C++ compilation entirely with GCC: http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6395191 In es_egd.cpp and es_dev.cpp, include <fcntl.h> to get the declaration of open(), which is apparently where open(2) lives on Solaris - this matches the include the *BSD man pages for open(2) show, though AFAIK the BSDs all compiled fine without it (probably due to greater efforts to be source-compatible with Linux systems by *BSD developers). I have not been able to test these changes personally on Solaris but Rickard reports that with these changes everything compiles OK. Update lib version to 1.8.0-pre. ZOMG. Finally.
* Update log file for 1.7.24 release 2008-12-011.7.24lloyd2008-12-011-1/+1
|
* Consolidate the useful stuff from doc/info.txt into readme.txtlloyd2008-11-301-63/+0
|
* s/modinfo.txt/info.txt/glloyd2008-11-301-2/+2
|
* New paths in dist scriptlloyd2008-11-291-4/+6
|
* Add XLC release date. Mention OpenSSL's AES crashes have unknown causelloyd2008-11-281-2/+2
|
* Reorg 1.7.24 release notes. Mention adding test vectors.lloyd2008-11-281-5/+6
|
* Add a variant of EMSA3 called EMSA3_Raw which does not hash the data orlloyd2008-11-281-0/+2
| | | | | | | add a digest identifier. This was a feature requested on the mailing list. Apparently this scheme is called CKM_RSA_PKCS in PKCS #11, and is supported by a number of libraries, including QCA.
* Rickard Bondesson reported on the mailing list that he had noticedlloyd2008-11-282-1/+5
| | | | | | | | | | | | | | a discrepency between OpenSSL and Botan when generating SHA-512/EMSA3 signatures. In fact it turns out that the EMSA3 identifier for SHA-512 contained a typo and was incorrect. Unfortunately this means that SHA-512/EMSA3 signatures generated by Botan up until now will not be accepted by other implementations, and the signatures by other implementations would not be accepted by Botan. Currently I am not making any provision for backwards compatability with the old incorrect hash identifier, since I am assuming/guessing that SHA-512/EMSA3 is not a very common combination.
* Add test_es, a program that polls each enabled entropy source (both fastlloyd2008-11-251-0/+101
| | | | and slow) and prints the data it gets back to the screen for inspection.
* If the read succeceed in EGD_EntropySource::slow_poll, the loop wouldlloyd2008-11-251-0/+1
| | | | | just continue on instead of returning the length of the buffer recv'ed from EGD.
* Drop todo.txt - moved to http://botan.randombit.net/todo.htmllloyd2008-11-251-160/+0
|
* Document disabling OpenSSL AESlloyd2008-11-241-0/+1
|
* Rephrase some log entrieslloyd2008-11-241-5/+5
|
* Update PGP keyslloyd2008-11-241-88/+80
|
* Mention integer overflow being fixedlloyd2008-11-241-0/+1
|
* Add an example taken from the tutoriallloyd2008-11-241-0/+55
|
* Update build instructionslloyd2008-11-241-10/+19
|
* Update readme and info files to reflect that 1.8.0 will be a (theoretically)lloyd2008-11-241-0/+4
| | | | stable release.