aboutsummaryrefslogtreecommitdiffstats
path: root/src/build-data/buildh.in
Commit message (Collapse)AuthorAgeFilesLines
* Make template variable misc_config more specificSimon Warta2017-04-181-1/+1
|
* Use getentropy(2) as random source.Alexander Bluhm2017-03-291-1/+1
| | | | | | | | Gather entropy from system call getentropy(2). This is available since in OpenBSD 5.6 and Solaris 11.3. It can provide up to 256 bytes entropy from the kernel without blocking. As a system call it does not need a file descriptor and works in chroot(2) environments without device nodes.
* Converge on a single side channel silent ec mp alg: randomizedNever2017-02-221-12/+5
| | | | | Montgomery ladder with order.bits()/2 bit scalar blinding and point randomization
* Remove minor number from header include dirJack Lloyd2017-01-091-1/+1
| | | | | | Already pkg-config had this, was missed in GH #802 See also GH #830
* remove "timestamp" and "proc_info" from BOTAN_ENTROPY_DEFAULT_SOURCESDaniel Neus2017-01-061-4/+4
| | | | these don't exist anymore
* Fix amalgamationJack Lloyd2016-11-271-2/+2
|
* Add compiler.h macro header extracted from build.hJack Lloyd2016-11-261-176/+40
| | | | | | | | All this is just standard C that the user should not touch, so it doesn't really make sense to have it in the build.h template file. Remove BOTAN_TARGET_CPU_HAS_KNOWN_ENDIANESS - only used twice (in loadstor.h) and that code is clearer without it.
* Add Cilk/OpenMP supportJack Lloyd2016-11-261-0/+46
|
* Add BOTAN_WARN_UNUSED_RESULT macroJack Lloyd2016-11-091-0/+6
| | | | Only works for GCC and Clang
* Add an in-house EC curve for TLS at compile-timeRené Korthaus2016-11-031-0/+5
| | | | | | One additional, application-specific curve can be added at compile time, using the new configure.py --house-curve=curve.pem,funky311,1.2.3.4,FEFF.
* Remove unused values from build.hJack Lloyd2016-11-031-3/+8
| | | | | | | Have the /proc setting in build.h actually control the entropy source configuration (!) GH #708
* Remove automatic self-testing of public and private keysJack Lloyd2016-11-031-5/+0
| | | | | | | | | | | | | Rarely expected and often causes performance problems, especially for private keys. Instead applications should call check_key explicitly to validate keys when necessary. Note this removal doesn't apply to tests like ECDH on-the-curve tests, where a check on the public key is required for security of our own key. Updates most APIs to remove RNG calls, where they are no longer required. Exception is PKCS8 interface, pending further work there (see GH #685) it just ignores the RNG argument now.
* Import fuzzer driversJack Lloyd2016-10-301-0/+2
| | | | | | | | | | | Originally from https://github.com/randombit/botan-fuzzers but merging to the main tree (without the corpus files, since I suspect the corpus files in that repo are not useful anymore) Adds --unsafe-fuzzer-mode which can be used to selectively disable cryptographic checks which get in the way of fuzzer testing. This setting is reflected in build.h and in the version string. Right now it doesn't actually disable anything.
* Remove HMAC_RNG, X9.31-RNG, BeOS stats, EGD reader, Unix process runnerJack Lloyd2016-10-281-8/+19
| | | | | Change AutoSeeded_RNG to use SHA-384, SHA-256, SHA-3(256), or SHA-1, whichever is available (in that order).
* Add ISA annotations to functions using SIMD, AES, etcJack Lloyd2016-10-141-1/+8
| | | | | | | | Also emit `#pragma GCC target` in the ISA specific amalgamation files. This allows compiling without any special compiler flags, at least with GCC 6.2 and Clang 3.8. The ISA annotations are ignored in MSVC, which just emits whatever instruction the intrinsic requires.
* RNG changes (GH #593)Jack Lloyd2016-08-241-6/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change reseed interval logic to count calls to `randomize` rather than bytes, to match SP 800-90A Changes RNG reseeding API: there is no implicit reference to the global entropy sources within the RNGs anymore. The entropy sources must be supplied with the API call. Adds support for reseding directly from another RNG (such as a system or hardware RNG). Stateful_RNG keeps optional references to both an RNG and a set of entropy sources. During a reseed, both sources are used if set. These can be provided to HMAC_DRBG constructor. For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes per DRBG request. We treat requests longer than that as if the caller had instead made several sequential maximum-length requests. This means it is possible for one or more reseeds to trigger even in the course of generating a single (long) output (generate a 256-bit key and use ChaCha or HKDF if this is a problem). Adds RNG::randomize_with_ts_input which takes timestamps and uses them as the additional_data DRBG field. Stateful_RNG overrides this to also include the process ID and the reseed counter. AutoSeeded_RNG's `randomize` uses this. Officially deprecates RNG::make_rng and the Serialized_RNG construtor which creates an AutoSeeded_RNG. With these removed, it would be possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all (eg, for applications which only use the system RNG). Tests courtesy @cordney in GH PRs #598 and #600
* Merge GH #586 Remove information from build.h making build non-reproducible. ↵Jack Lloyd2016-08-171-2/+2
|\ | | | | | | See also GH #587
| * Remove configure extra information from build.hSimon Warta2016-08-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Removes user and hostname: as mentioned by a downstream maintainer, the information should not be included in packages. In our projects, the information is contained in the amalgamation check-in commit message. Removes timestamp: this ensures that the header content is equal in two equal configure runs. Both changes together make it possible to effectively use compiler caches for Botan (ccache on Unix, in direct mode; clcache on Windows).
* | Check configured CPU arch against compiler settingSimon Warta2016-08-161-0/+16
|/ | | | | | | | | | | | | | This adds a fast fail when trying to build Botan configured for 32 bit using a 64 bit compiler or vice versa. Check running python configure.py --cpu="x86_32" && make python configure.py --cpu="x86_64" && make or python configure.py && nmake on 64 bit Windows in a 32 bit Command Prompt. Closes #456.
* Fix proc_walk - would always return 0 entropy collected.Jack Lloyd2016-07-181-36/+3
| | | | | | Fix BeOS stat reader - was calling wrong function on the rng. Remove entropy estimate defines from build.h, no longer used.
* Address some review comments from @cordneyJack Lloyd2016-07-171-1/+1
| | | | | | | | | Use consistent naming for the max output before reseed parameter. The constant (default) value is renamed to BOTAN_RNG_DEFAULT_MAX_OUTPUT_BEFORE_RESEED, since without the DEFAULT_ it reads like a compile time maximum instead. Use uint8_t instead of byte.
* Add Stateful_RNGJack Lloyd2016-07-171-4/+11
| | | | | | | | | | | | | | Handles fork checking for HMAC_RNG and HMAC_DRBG AutoSeeded_RNG change - switch to HMAC_DRBG as default. Start removing the io buffer from entropy poller. Update default RNG poll bits to 256. Fix McEliece test, was using wrong RNG API. Update docs.
* Make the DRBG hash selectable in build.h with BOTAN_AUTO_RNG_DRBG_HASH_FUNCTIONJack Lloyd2016-07-171-0/+1
| | | | Add some missing overrides
* Turn MSVC warnings to /W4 and enable C4267Jack Lloyd2016-05-061-6/+0
| | | | | | Move disabling C4250 and C4251 to cmd line instead of header pragma. This means these warnings will show up in application code. But disabling warnings inside a library header is probably not good form.
* Merge GH #373 RDRAND/RDSEED logic changesJack Lloyd2016-03-061-0/+16
|\ | | | | | | The Intel RNG may fail if heavily contended, so retry as needed.
| * review changesDaniel Neus2015-12-211-0/+3
| | | | | | | | | | | | | | | | * no spaces around if(), for() etc * snake_case for plain functions * anonymous namespace function instead private and static * don't propagate failed poll to the calling application * RdRand retires configurable in build.h
| * RdRand and RdSeed logic changesDaniel Neus2015-12-201-0/+13
| | | | | | | | | | * Make it configurable how often RdRand and RdSeed is polled * Make it configurable how many RdSeed retries are executed
* | enable noexcept on VS 2015Daniel Neus2016-02-191-1/+1
| |
* | Add --with-valgrindJack Lloyd2016-02-131-6/+0
| |
* | Get rid of "extra ';'" warnings and force semicolon after macrosSimon Warta2016-01-111-0/+4
| |
* | fix BOTAN_NORETURN macroDaniel Neus2016-01-081-1/+1
| |
* | add BOTAN_NORETURN macro and mark those functions that do not return with itDaniel Neus2016-01-081-0/+16
| |
* | Valgrind is not supposed to be enabled in the default buildJack Lloyd2016-01-031-1/+1
| |
* | Use valgrind's memcheck API for checking const time annotationsJack Lloyd2016-01-031-3/+3
| | | | | | | | | | | | | | Has the same effect as using ctgrind, but without requiring a custom-compiled valgrind binary. Add ct checking annotations to the SSSE3 AES code.
* | some trivial compiler/PVS-Studio warning fixesDaniel Neus2015-12-221-1/+1
|/
* Move estimate of RDRAND/RDSEED entropy to build.hJack Lloyd2015-12-191-0/+13
| | | | GH #370 for background
* add support for Intel RdSeedDaniel Neus2015-12-181-1/+1
|
* Add OS utility headerJack Lloyd2015-12-051-0/+6
| | | | | | | | Provide abstractions for the locking allocator (allocate and free locked pages) to decouple it from the platform dependent code. Should make it easy to write a Windows version using VirtualAlloc+VirtualLock. Exposes max mlock limit as a build.h toggle
* Avoid ever returning 0 from CPUID::cache_line_sizeJack Lloyd2015-12-021-0/+11
| | | | | | | | Take the value from build.h if we have no way of getting it dynamically. Fixes an infinite loop in AES on non-x86 introduced in ebf2164a, as otherwise it does for(size_t i = 0; i != ...; i += 0) {} while iterating over the TE tables.
* Push the hardcoded entropy estimates up to build.hJack Lloyd2015-11-281-0/+23
| | | | Defaults should be fine for everyone but it makes the values more transparent
* New reseed_with_sources call on RNGsJack Lloyd2015-11-241-2/+35
| | | | | | | | | | | | | Provides an easier way for an application to configure a list of entropy sources they'd like to use, or add a custom entropy source to their seeding. Exposes some toggles for the global/default entropy sources to build.h Adds basic entropy tests which runs the polls and does sanity checking on the results, including compression tests if available. These are less useful for the CSPRNG outputs but a good check for the ones producing plain ASCII like the /proc reader.
* Remove --build-mode and add individual toggles for optimization, debug,Jack Lloyd2015-10-261-1/+1
| | | | | | sanitizers and coverage as all 4 are usefully set independently. Use GCC 4.9 on CircleCI as it seems to be supported. Add ASan + UBSan test.
* Remove the strange conjoining of debug and optimization flags.Jack Lloyd2015-10-261-1/+1
| | | | | | | | | | | | | | | | | | | Previously a build had optimizations disabled completely when debug info was emitted. But there are many reasons to use optimized builds with debug symbols (running under valgrind, against afl, with Asan/Ubsan, in prod, etc). And personally I find even debugging at -O2 or -O3 is fine most of the time and worth it for the speed. Use the (now documented!) --no-optimizations flag if no optimization is desired while debugging. This also removes the distinction between library and application compile flags; there is a single optimization level that is probably good enough for everything. On Win32 it removes definding _CONSOLE for the application. This seems to be some mythical value that may have been required at some point, but is not documented anywhere I can find. Who knows what VC thinks, hoping I don't have to add this back. It also drops defining `EBUG` which is what happens when you tell cl.exe to '/DEBUG'. LOL.
* Make PKCS #1 and OAEP decoding constant time to avoid oracle attacksJack Lloyd2015-10-161-0/+6
| | | | | | | | via timing channels. Add annotations for checking constant-time code using ctgrind to PKCS #1 and OAEP, as well as IDEA and Curve25519 which were already written as constant time code.
* Periodically reinitialize the blinding sequence instead of alwaysJack Lloyd2015-10-151-2/+13
| | | | deriving it by squaring the previous value.
* Move GF(p) side channel countermeasure toggles to build.hJack Lloyd2015-08-281-0/+16
| | | | Some tweaks for point multiplication using fixed windows.
* Rename template variable cc -> cxxSimon Warta2015-07-211-2/+1
|
* Avoid 0-defining BOTAN_USE_GCC_INLINE_ASMsimon2015-05-311-4/+0
| | | | GH #103
* Avoid putting very small values in mlock memorylloyd2015-03-231-2/+6
|
* Add timeouts to HMAC_RNG entropy pollinglloyd2015-03-181-4/+6
|