aboutsummaryrefslogtreecommitdiffstats
path: root/src/entropy/proc_walk
Commit message (Collapse)AuthorAgeFilesLines
* Replace 0 and NULL pointer constants with nullptr. Also fix an oldlloyd2012-05-181-7/+7
| | | | style cast in secmem.h
* Fairly huge update that replaces the old secmem types with std::vectorlloyd2012-05-181-1/+1
| | | | | | using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
* Merge fixupslloyd2012-02-201-4/+2
|
* Avoid having more than one directory open at a time by just keeping alloyd2012-02-201-28/+49
| | | | | list of directory names (without the open DIRs) plus the one currently active dir.
* Be more conservative about entropy estimates. In particular, insteadlloyd2012-02-171-3/+3
| | | | | | | | | | | | | of giving /dev/random, EGD, and CryptoAPI a full 8 bits per byte of entropy, estimate at 6 bits. In the proc walker, allow more files to be read, read more of any particular file, and count each bit for 1/10 as much as before. Reading more of the file seems especially valuable, as some files are quite random, whereas others are very static, and this should ensure we read more of the actually unpredictable inputs. Prefer /dev/random over /dev/urandom
* Use size_t instead of u32bit in entropy and rnglloyd2010-10-121-2/+2
|
* Anywhere where we use MemoryRegion::begin to get access to the raw pointerlloyd2010-09-131-2/+2
| | | | | representation (rather than in an interator context), instead use &buf[0], which works for both MemoryRegion and std::vector
* Enable the /proc walker on NetBSD. The version that had problemslloyd2010-06-161-5/+2
| | | | | (2.0.2) is a solid 5 years old at this point. Haven't tested; don't have access to any NetBSD machines at the moment.
* Hide File_Descriptor_Sourcelloyd2010-06-162-12/+16
|
* More Doxygen updates/fixeslloyd2010-06-151-1/+3
|
* Make many more headers internal-only.lloyd2009-12-161-1/+1
| | | | | | | | | | | | | Fixes for the amalgamation generator for internal headers. Remove BOTAN_DLL exporting macros from all internal-only headers; the classes/functions there don't need to be exported, and avoiding the PIC/GOT indirection can be a big win. Add missing BOTAN_DLLs where necessary, mostly gfpmath and cvc For GCC, use -fvisibility=hidden and set BOTAN_DLL to the visibility __attribute__ to export those classes/functions.
* Full working amalgamation build, plus internal-only headers concept.lloyd2009-12-162-2/+8
|
* Move most code that relies heavily on Filters into src/filters.lloyd2009-11-171-6/+0
| | | | | | Remove support for (unused) modset settings. Move tss, fpe, cryptobox, and aont to new dir constructs
* Remove the 'realname' attribute on all modules and cc/cpu/os info files.lloyd2009-10-291-2/+0
| | | | | Pretty much useless and unused, except for listing the module names in build.h and the short versions totally suffice for that.
* Add support for GNU/Hurdlloyd2009-10-071-0/+1
|
* Add support for Dragonfly BSD (a fork of FreeBSD).lloyd2009-07-251-0/+1
| | | | Contributed by Patrick Georgi
* Two changes to proc_walk:lloyd2009-07-251-2/+2
| | | | | | | | | | | | | | Don't read any file that is not world-readable. This avoids trouble when running as root, since on Linux various special files can cause odd interactions and/or blocking behavior when read (for instance /proc/kmsg). ssumption is that no such files are world-readable. This also avoids any issue of reading data that is potentially sensitive. Instead of reading the first 1 KB of each file, only read the first 128 bytes. This prevents large files (like /proc/config.gz or /proc/kallsyms) from swamping the input buffer; these inputs are pretty static and shouldn't count for much. Reducing to 128 bytes causes a poll to read about 400 different files, rather than ~30.
* Move some files around to break up dependencies between directorieslloyd2009-07-161-0/+4
|
* Thomas Moschny passed along a request from the Fedora packagers which camelloyd2009-03-302-8/+12
| | | | | | | | | | | | | | | up during the Fedora submission review, that each source file include some text about the license. One handy Perl script later and each file now has the line Distributed under the terms of the Botan license after the copyright notices. While I was in there modifying every file anyway, I also stripped out the remainder of the block comments (lots of astericks before and after the text); this is stylistic thing I picked up when I was first learning C++ but in retrospect it is not a good style as the structure makes it harder to modify comments (with the result that comments become fewer, shorter and are less likely to be updated, which are not good things).
* Double the static estimate in es_ftw. To collect 256 bits of estimatedlloyd2009-01-281-1/+1
| | | | | entropy, the proc walker will read about 256K bytes. This seems plenty sufficient to me.
* Check in a branch with a major redesign on how entropy polling is performed.lloyd2009-01-272-33/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Combine the fast and slow polls, into a single poll() operation. Instead of being given a buffer to write output into, the EntropySource is passed an Entropy_Accumulator. This handles the RLE encoding that xor_into_buf used to do. It also contains a cached I/O buffer so entropy sources do not individually need to allocate memory for that with each poll. When data is added to the accumulator, the source specifies an estimate of the number of bits of entropy per byte, as a double. This is tracked in the accumulator. Once the estimated entropy hits a target (set by the constructor), the accumulator's member function predicate polling_goal_achieved flips to true. This signals to the PRNG that it can stop performing polling on sources, also polls that take a long time periodically check this flag and return immediately. The Win32 and BeOS entropy sources have been updated, but blindly; testing is needed. The test_es example program has been modified: now it polls twice and outputs the XOR of the two collected results. That helps show if the output is consistent across polls (not a good thing). I have noticed on the Unix entropy source, occasionally there are many 0x00 bytes in the output, which is not optimal. This also needs to be investigated. The RLE is not actually RLE anymore. It works well for non-random inputs (ASCII text, etc), but I noticed that when /dev/random output was fed into it, the output buffer would end up being RR01RR01RR01 where RR is a random byte and 00 is the byte count. The buffer sizing also needs to be examined carefully. It might be useful to choose a prime number for the size to XOR stuff into, to help ensure an even distribution of entropy across the entire buffer space. Or: feed it all into a hash function? This change should (perhaps with further modifications) help WRT the concerns Zack W raised about the RNG on the monotone-dev list.
* In es_ftw, remove check for if the return value of read() is largerlloyd2008-11-241-1/+1
| | | | | | than the value we gave it. This is pretty unlikely... also caused an annoying warning with some versions of GCC b/c it couldn't figure out the signed/unsigned comparison was safe in this case.
* Modify es_ftw to use xor_into_buflloyd2008-11-231-4/+4
|
* Remove dep on buf_es in proc_walk info.txtlloyd2008-11-211-4/+0
|
* Last minute es_ftw optimizations / logic changes. Performance of seedinglloyd2008-11-212-35/+27
| | | | | | | | | was too slow, it was noticably slowing down AutoSeeded_RNG. Reduce the amount of output gathered to 32 times the size of the output buffer, and instead of using Buffered_EntropySource, just xor the read file data directly into the output buffer. Read up to 4096 bytes per file, but only count the first 128 towards the total goal (/proc/config.gz being a major culprit - large, random looking, and entirely or almost static).
* Substantially change Randpool's reseed logic. Now when a reseedlloyd2008-10-272-7/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | is requested, Randpool will first do a fast poll on each entropy source that has been registered. It will count these poll results towards the collected entropy count, with a maximum of 96 contributed bits of entropy per poll (only /dev/random reaches this, others measure at 50-60 bits typically), and a maximum of 256 for sum contribution of the fast polls. Then it will attempt slow polls of all devices until it thinks enough entropy has been collected (using the rather naive entropy_estimate function). It will count any slow poll for no more than 256 bits (100 or so is typical for every poll but /dev/random), and will attempt to collect at least 512 bits of (estimated/guessed) entropy. This tends to cause Randpool to use significantly more sources. Previously it was common, especially on systems with a /dev/random, for only one or a few sources to be used. This change helps assure that even if /dev/random and company are broken or compromised the RNG output remains secure (assuming at least some amount of entropy unguessable by the attacker can be collected via other sources). Also change AutoSeeded_RNG do an automatic poll/seed when it is created.
* Add BOTAN_DLL macro to public class definitions that were missing it.lloyd2008-10-091-1/+1
|
* Rename all modinfo.txt files to info.txt, since they are all (none) oflloyd2008-09-291-0/+0
| | | | | them modules now. In any case there is no distinction so info.txt seems better.
* Move buf_es into module, add deps where neededlloyd2008-09-281-0/+4
|
* Move all modules into src/ directorylloyd2008-09-283-0/+207