aboutsummaryrefslogtreecommitdiffstats
path: root/src/build-data
Commit message (Collapse)AuthorAgeFilesLines
* configure - Better handling of filesystem feature bitJack Lloyd2016-10-1219-1/+39
|
* Add IncludeOS target. Make filesystem support optional.Jack Lloyd2016-10-101-0/+4
|
* Update BSI policyRené Korthaus2016-10-041-0/+3
|
* Maintainer mode fixes.Jack Lloyd2016-09-211-1/+1
| | | | | | Mostly unused args and missing override notations. Fix DH - load_check calls were commented out for debugging.
* Update policy files wrt algorithm removalsJack Lloyd2016-09-022-13/+0
|
* Remove deprecated ciphers MARS, RC2, RC5, RC6, SAFER-SK and TEAJack Lloyd2016-09-022-12/+0
| | | | | XTEA was also deprecated but has been spared, it does seem to be somewhat common (eg, included in the Go x/crypto library)
* Check for non-existent modules in policy files.Jack Lloyd2016-09-012-9/+2
| | | | | | Fix policy files. GH #614
* Maintainer mode fixesJack Lloyd2016-08-312-2/+2
|
* Remove HMAC_RNG from BSI policy, not needed after #520/#593Jack Lloyd2016-08-291-1/+0
|
* Travis CI additions and cleanupJack Lloyd2016-08-282-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Convert Travis build configuration to a single var instead of 4 tuple. Makes it much easier to review the builds in the Travis web UI. Adds sanitizer builds for Clang on both Linux and OS X. Clang is a different compiler from GCC and its sanitizers may catch things GCC does not. I have no idea if Apple's Clang has some magic sanitizer sauce stock LLVM does not, so maybe sanitizer build on OS X can be skipped. Adds Linux cross compile targets for ARM32, ARM64, PPC64, and MinGW x86 using the cross compiler available in Trusty. All of them build and are set up to run through qemu/wine. All of the tests currently fail and so are marked as expected fail in the Travis matrix. The ARM test runs seem to have thread problems; ARM32 thread creation just fails with an exception, as if pthreads was disabled. All other tests pass ok for ARM32. On Aarch64, it looks like there is a hard crash the first time the library tries creating a thread. Both of these might be due to statically linking the binary? I have been unable to convince Ubuntu's qemu-ppc64 to execute binaries compiled by Ubuntu's ppc64 cross compiler. I'm downloading an Ubuntu ISO to try this in a VM. Running under Wine exposes several issues, both in Wine and Botan. Many functions are stubs and it appears that entropy collection fails as a result. This triggers a bug in the FFI tests which causes a crash there. A pox on time zones; _mkgmtime is a MSVC extension and is not available on MinGW GCC. Add a last resort call that just uses the localzone variant instead. Adds valgrind target, remove a bogus poison in pubkey.cpp (it was effectively asserting that all of RSA was const time which is sadly not true at all). Moves -Wshadow to maintainer mode for GCC - GCC 4.8 has a noisy variant of -Wshadow which warns if a parameter masks a function name, but this comes up all the time in constructors. Later GCCs no longer warn about this (even with -Wshadow), so the warnings are never fixed, but they cause noise in CI output and hide interesting warnings like warning: vec_lvsl is deprecated for little endian; use assignment for unaligned loads and stores [-Wdeprecated] __vector unsigned char perm = vec_lvsl(0, static_cast<u32bit*>(nullptr));
* RNG changes (GH #593)Jack Lloyd2016-08-243-7/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change reseed interval logic to count calls to `randomize` rather than bytes, to match SP 800-90A Changes RNG reseeding API: there is no implicit reference to the global entropy sources within the RNGs anymore. The entropy sources must be supplied with the API call. Adds support for reseding directly from another RNG (such as a system or hardware RNG). Stateful_RNG keeps optional references to both an RNG and a set of entropy sources. During a reseed, both sources are used if set. These can be provided to HMAC_DRBG constructor. For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes per DRBG request. We treat requests longer than that as if the caller had instead made several sequential maximum-length requests. This means it is possible for one or more reseeds to trigger even in the course of generating a single (long) output (generate a 256-bit key and use ChaCha or HKDF if this is a problem). Adds RNG::randomize_with_ts_input which takes timestamps and uses them as the additional_data DRBG field. Stateful_RNG overrides this to also include the process ID and the reseed counter. AutoSeeded_RNG's `randomize` uses this. Officially deprecates RNG::make_rng and the Serialized_RNG construtor which creates an AutoSeeded_RNG. With these removed, it would be possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all (eg, for applications which only use the system RNG). Tests courtesy @cordney in GH PRs #598 and #600
* Merge GH #584 Changes to support Windows debuggingJack Lloyd2016-08-171-1/+1
|\
| * change botan CLI filename to botan-cli.exeDaniel Neus2016-08-172-2/+2
| | | | | | | | instead of no PDB output for CLI and tests
| * No PDB output for CLI and testsDaniel Neus2016-08-161-1/+1
| | | | | | | | | | | | Fixes GH #432 : Previously the Botan CLI PDB file has overwritten the Botan lib PDB file. Furthermore the output filename of the lib is changed to botand in debug mode.
* | Merge GH #586 Remove information from build.h making build non-reproducible. ↵Jack Lloyd2016-08-171-2/+2
|\ \ | | | | | | | | | See also GH #587
| * | Remove configure extra information from build.hSimon Warta2016-08-161-2/+2
| |/ | | | | | | | | | | | | | | | | | | | | | | Removes user and hostname: as mentioned by a downstream maintainer, the information should not be included in packages. In our projects, the information is contained in the amalgamation check-in commit message. Removes timestamp: this ensures that the header content is equal in two equal configure runs. Both changes together make it possible to effectively use compiler caches for Botan (ccache on Unix, in direct mode; clcache on Windows).
* / Check configured CPU arch against compiler settingSimon Warta2016-08-161-0/+16
|/ | | | | | | | | | | | | | This adds a fast fail when trying to build Botan configured for 32 bit using a 64 bit compiler or vice versa. Check running python configure.py --cpu="x86_32" && make python configure.py --cpu="x86_64" && make or python configure.py && nmake on 64 bit Windows in a 32 bit Command Prompt. Closes #456.
* fix compile issue on Mac OS if MACOSX_DEPLOYMENT_TARGET<=10.8Bi112016-08-101-0/+1
|
* Fix x86 32-bit building for clang on Mac OSBi112016-08-101-0/+2
|
* Add RDRAND_RNGJack Lloyd2016-07-192-0/+2
| | | | | | | | For those that are willing to trust uninspectible hardware. :) Changes RDRAND entropy source to call RDRAND_RNG Add --rdrand flag to rng cmdlet
* Fix proc_walk - would always return 0 entropy collected.Jack Lloyd2016-07-181-36/+3
| | | | | | Fix BeOS stat reader - was calling wrong function on the rng. Remove entropy estimate defines from build.h, no longer used.
* Address some review comments from @cordneyJack Lloyd2016-07-171-1/+1
| | | | | | | | | Use consistent naming for the max output before reseed parameter. The constant (default) value is renamed to BOTAN_RNG_DEFAULT_MAX_OUTPUT_BEFORE_RESEED, since without the DEFAULT_ it reads like a compile time maximum instead. Use uint8_t instead of byte.
* Add Stateful_RNGJack Lloyd2016-07-173-6/+12
| | | | | | | | | | | | | | Handles fork checking for HMAC_RNG and HMAC_DRBG AutoSeeded_RNG change - switch to HMAC_DRBG as default. Start removing the io buffer from entropy poller. Update default RNG poll bits to 256. Fix McEliece test, was using wrong RNG API. Update docs.
* Make the DRBG hash selectable in build.h with BOTAN_AUTO_RNG_DRBG_HASH_FUNCTIONJack Lloyd2016-07-171-0/+1
| | | | Add some missing overrides
* Rename policy 'sane' to 'modern' which better reflects intent.Jack Lloyd2016-07-111-29/+36
| | | | | Add RFC 6979 which became optional along the line. Also add bcrypt and compression, and add TLS by default. Prohibit EGD.
* Remove egd entropy sources from BSI module policyRené Korthaus2016-07-111-1/+1
|
* Various fixes with bsi module policyRené Korthaus2016-07-041-0/+12
|
* Compile shared libraries (too) on FreeBSDLauri Nurmi2016-07-022-0/+6
| | | | Soname_patterns and link commands are identical to those used with Linux
* Use https:// urls for randombit.net links.Jack Lloyd2016-06-191-3/+3
| | | | | | | | | Previously avoided since many clients don't have the CACert root, but now that Let's Encrypt is used instead anyone with a recent trust root should accept the certs for botan.randombit.net and lists.randombit.net [ci skip]
* Merge GH #487 Remove CVC certificates and EMSA1_BSI signature encodingJack Lloyd2016-06-171-1/+5
|\
| * remove EMSA1_BSI (no longer recommended by BSI)Daniel Neus2016-04-301-1/+5
| |
* | Merge GH #489 Add support probabilistic DSA & ECDSAJack Lloyd2016-06-071-0/+1
|\ \
| * | Add support probabilistic DSA & ECDSARené Korthaus2016-05-081-0/+1
| | | | | | | | | | | | | | | | | | | | | Adds support for probabilistic, aka the standard, DSA and ECDSA. Can be enabled by disabling the rfc6979 module. Includes test vectors from NIST CAVP. Adds rfc6979 to the list of prohibited modules in BSI policy.
* | | Clean symlinks to shared libraries properlyLauri Nurmi2016-06-071-1/+1
|/ / | | | | | | The 'clean' target left dangling symlinks because undefined variables were used in Makefile.
* / Turn MSVC warnings to /W4 and enable C4267Jack Lloyd2016-05-062-7/+1
|/ | | | | | Move disabling C4250 and C4251 to cmd line instead of header pragma. This means these warnings will show up in application code. But disabling warnings inside a library header is probably not good form.
* Add ECGDSARené Korthaus2016-04-191-0/+1
|
* Fixed shared library behaviour on Darwin/OS X.Alastair Houghton2016-04-073-2/+8
|
* Add proc_walk, egd, Darwin entropy sources to policy.Jack Lloyd2016-03-062-9/+11
| | | | Prohibit unix_procs in BSI policy. See discussion in GH #446
* Allow EMSA1 in BSI policyJack Lloyd2016-03-061-1/+1
|
* Merge GH #446 add --module-policy optionJack Lloyd2016-03-062-0/+276
|\
| * Add option --module-policyJack Lloyd2016-03-062-0/+276
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A module policy is a file specifying three types of modules: ones which are required, ones which are prohibited, and ones which should be used if otherwise available (this is mostly for platform specific modules). Finally there are whatever modules which exist in the library of which the policy makes no mention. These will be included if an explicit dependency of some other module pulls them in (so there is no reason to mention base, utils, ... in the file) but skipped otherwise. For example policy 'sane' does not mention 'utils' or 'twofish' either way. Since utils is a dependency of other modules which are included, but Twofish does not. However unlike an explicitly prohibited module, not mentioned can still be requested as part of the build (here with --enable-module=twofish) Also fixes some test bugs noticed by compiling in different build configs. DLIES test didn't check that the KDF and MAC existed. Adds a typedef for MessageAuthenticationCode because typing it twice in a single line in the DLIES test made me think it's way too long. :) Also fix some fuzzer build problems. Due to a copy and paste bug the PKCS certificate (it was not). Inspired by GH #439
* | Merge GH #373 RDRAND/RDSEED logic changesJack Lloyd2016-03-061-0/+16
|\ \ | |/ |/| | | The Intel RNG may fail if heavily contended, so retry as needed.
| * review changesDaniel Neus2015-12-211-0/+3
| | | | | | | | | | | | | | | | * no spaces around if(), for() etc * snake_case for plain functions * anonymous namespace function instead private and static * don't propagate failed poll to the calling application * RdRand retires configurable in build.h
| * RdRand and RdSeed logic changesDaniel Neus2015-12-201-0/+13
| | | | | | | | | | * Make it configurable how often RdRand and RdSeed is polled * Make it configurable how many RdSeed retries are executed
* | Merge GH #427 Fix remaining Wshadow warningsJack Lloyd2016-02-202-2/+2
|\ \
| * | Fix remaining Wshadow warnings and enable on gcc and clangRené Korthaus2016-02-182-2/+2
| | |
* | | enable noexcept on VS 2015Daniel Neus2016-02-191-1/+1
|/ /
* | Add --with-valgrindJack Lloyd2016-02-131-6/+0
| |
* | Add missing overrides and fix -Wpedantic 'extra ;' warningsJack Lloyd2016-01-171-1/+1
| | | | | | | | | | | | | | | | | | | | Remove -Wsuggest-attribute=noreturn from maintainer mode flags as it seems like outside of the assertion failure macro any other suggestion would always be a false positive (an unimplemented function or the like). Or at least, if such a function needing noreturn to assist with static analysis is added in the future it will be obvious, by virtue of the static analyzer warnings which occur due to the missing noreturn preventing the analyzer from understanding code flow.
* | Enable -Wpedantic on gcc and clangRené Korthaus2016-01-132-2/+2
| |