| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
had been denoted with @{var:NAME}, this has changed to %{NAME}. This is
pretty much a wash for configure.pl but it makes it much easier to process
the templates using Python's string.Template. The logic being the 'var:'
prefix had been to support conditional statements in the templates (using
an 'if:' prefix), but this functionality was not being used and support
for it is removed from configure.pl in this revision.
For a similiar reason, rename a number of template variables with hyphens
in their name to use underscores instead. This is slightly more consistent
anyway (since many variable names had already used _ instead of -) but more
importantly makes them much easier to deal with using aforementioned Python
template code.
This should not result in any user-visible change (unless I messed up).
|
| |
|
|
|
|
| |
bytes. Bug noted by Falko Strenzke, fix by M. Braun. (bug id 31)
|
| |
|
|
|
|
|
|
| |
I don't know that having same_mem be sensitive to input would actually
allow any form of timing attack in the current codebase, but it seemed
like a prudent thing to do in any case.
|
|
|
|
|
|
|
|
|
|
|
| |
When a reseed is attempted, up to poll_bits attempts will be made, running
in order through the set of available sources. So for instance if poll_bits
is set to the default 256, then up to 256 polls will be performed (some of
which might not provide any entropy, of course) before stopping; of course
if the accumulators goal is achived before that point, then the polling stops.
This should greatly help to resolve the recent rash of PRNG unseeded problems
some people have been having.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
statement (at least as far as the calling code is concerned)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GostR3411_94_TestParamSet, this is compatible with the implementations in
Crypto++ and OpenSSL. This is not backwards compatible, though once the
implementation supports multiple param sets (which is required, unfortunately,
for compatability with various standards by CryptoCom, who have defined not
one but at least 4 (!!!) different sboxes to use with GOST), I may offer
Botan's previous sbox set as an option.
Since adding the GOST hash function (34.11) and signing algorithm (34.10)
are on the long term agenda (request by Rickard Bondesson, as the Russian
authorities want to use their local standards for their DNSSEC use), I
renamed the block cipher class (which had been just 'GOST') to GOST_28147_89
to minimize future name clashes.
|
|
|
|
| |
Patch from David X Callaway.
|
|
|
|
| |
submitted by Charles Brockman in bug 41
|
|\
| |
| |
| | |
and 'b4c266ae827b5a19f0cc07dc9b55a95fd4915a1e'
|
| |
| |
| |
| |
| |
| | |
a number of bugs in the documentation, mostly typos, grammatical errors,
poorly worded sentences, and idioms likely to be confusing to non-English
speakers.
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
of 64 bytes. Not ideal but at least gives a sense of what it is putting
out.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Combine the fast and slow polls, into a single poll() operation.
Instead of being given a buffer to write output into, the EntropySource is
passed an Entropy_Accumulator. This handles the RLE encoding that xor_into_buf
used to do. It also contains a cached I/O buffer so entropy sources do not
individually need to allocate memory for that with each poll. When data
is added to the accumulator, the source specifies an estimate of the number
of bits of entropy per byte, as a double. This is tracked in the accumulator.
Once the estimated entropy hits a target (set by the constructor), the
accumulator's member function predicate polling_goal_achieved flips to true.
This signals to the PRNG that it can stop performing polling on sources,
also polls that take a long time periodically check this flag and return
immediately.
The Win32 and BeOS entropy sources have been updated, but blindly; testing
is needed.
The test_es example program has been modified: now it polls twice and outputs
the XOR of the two collected results. That helps show if the output is consistent
across polls (not a good thing). I have noticed on the Unix entropy source,
occasionally there are many 0x00 bytes in the output, which is not optimal.
This also needs to be investigated.
The RLE is not actually RLE anymore. It works well for non-random inputs
(ASCII text, etc), but I noticed that when /dev/random output was fed into
it, the output buffer would end up being RR01RR01RR01 where RR is a random
byte and 00 is the byte count.
The buffer sizing also needs to be examined carefully. It might be useful
to choose a prime number for the size to XOR stuff into, to help ensure an
even distribution of entropy across the entire buffer space. Or: feed it
all into a hash function?
This change should (perhaps with further modifications) help WRT the
concerns Zack W raised about the RNG on the monotone-dev list.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
we call stat. Apparently on 32-bit Linux (or at least on Ubuntu
8.04/x86), struct stat has some padding bytes, which are not
written to by the syscall, but valgrind doesn't realize that this
is OK, and warns about uninitialized memory access when we read
the contents of the struct. Since this data is then fed into the
PRNG, the PRNG state and output becomes tainted, which makes
valgrind's output rather useless.
|
|
|
|
|
|
|
|
|
|
|
|
| |
to the regular BSD license Botan is distributed under. Seems silly to have
the one single file under a different (and more restrictive) license than
everything else.
As I am the only copyright holder I believe it is within my rights to do
this. The only other contributor to api.tex I can think of is Ken Perano
of Sandia Labs, who sent me several patches to api.tex that fixed minor
grammatical issues, but which (AFAIK (IANAL)) were too small/trivial
to be copyrightable.
|
|
|
|
|
|
|
|
|
|
| |
occur because PKCS #5 v2.0 doesn't support empty passphrases (though
maybe it should?). In this case pbe->set_key would throw an exception,
causing the stack to be unwound without the (dynamically created) PBE
object being deleted. Use auto_ptr to hold the PBE*, then .release()
it when passing it to the Pipe (since Pipe takes ownership of its Filters).
Noticed when looking at valgrind analysis of monotone's sync command.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
on Solaris 10 with GCC 3.4.3.
First, remove the definition of _XOPEN_SOURCE_EXTENDED=1 in mmap_mem.cpp
and unix_cmd.cpp, because apparently on Solaris defining this macro breaks
C++ compilation entirely with GCC:
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6395191
In es_egd.cpp and es_dev.cpp, include <fcntl.h> to get the declaration of
open(), which is apparently where open(2) lives on Solaris - this matches
the include the *BSD man pages for open(2) show, though AFAIK the BSDs
all compiled fine without it (probably due to greater efforts to be
source-compatible with Linux systems by *BSD developers).
I have not been able to test these changes personally on Solaris but
Rickard reports that with these changes everything compiles OK.
Update lib version to 1.8.0-pre. ZOMG. Finally.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
add a digest identifier. This was a feature requested on the mailing list.
Apparently this scheme is called CKM_RSA_PKCS in PKCS #11, and is supported
by a number of libraries, including QCA.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a discrepency between OpenSSL and Botan when generating SHA-512/EMSA3
signatures. In fact it turns out that the EMSA3 identifier for SHA-512
contained a typo and was incorrect.
Unfortunately this means that SHA-512/EMSA3 signatures generated by
Botan up until now will not be accepted by other implementations, and
the signatures by other implementations would not be accepted by Botan.
Currently I am not making any provision for backwards compatability with
the old incorrect hash identifier, since I am assuming/guessing that
SHA-512/EMSA3 is not a very common combination.
|
|
|
|
| |
and slow) and prints the data it gets back to the screen for inspection.
|
|
|
|
|
| |
just continue on instead of returning the length of the buffer recv'ed
from EGD.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
stable release.
|