aboutsummaryrefslogtreecommitdiffstats
path: root/src/entropy/unix_procs
Commit message (Collapse)AuthorAgeFilesLines
* Shuffle things around. Add NIST X.509 test to build.lloyd2014-01-014-437/+0
|
* Give everything setting a feature test macro in build.h a version codelloyd2013-11-281-1/+1
| | | | | | so application code can check for the specific API it expects without having to keep track of what versions APIs x,y,z changed. Arbitrarily set all current API versions to 20131128.
* Enable all the GCC warning flags, as we now require at least GCC 4.7 anywaylloyd2013-11-161-2/+2
| | | | Fix a few nullptr and cast warnings.
* Add includes needed by OS Xlloyd2013-11-121-0/+2
|
* Split off Unix_EntropySource's fast_poll to a new sourcelloyd2013-11-102-25/+10
|
* Make the process running entropy source much faster by running multiple commandslloyd2013-11-099-556/+429
| | | | | | | in parallel. On my laptop, a reseed using only process running takes .22 s wall clock in trunk and .06 s with this change - and that's after increasing the amount we read by 5 times (by reducing the entropy estimate per byte from .005 bits to 1/1024 bits).
* Use a page size buffer as we are reading from a pipelloyd2013-11-081-1/+1
|
* Add a patch from Markus Wanner that extends DataSource (includinglloyd2012-07-092-0/+10
| | | | | Pipe) with get_bytes_read() which returns the number of bytes read so far from that source.
* Replace 0 and NULL pointer constants with nullptr. Also fix an oldlloyd2012-05-182-12/+12
| | | | style cast in secmem.h
* Fairly huge update that replaces the old secmem types with std::vectorlloyd2012-05-181-1/+1
| | | | | | using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
* FD_ZERO on Solaris uses memset, and assumes we included string.hlloyd2011-05-241-0/+1
| | | | already. Reported by Jeremy C. Reed <[email protected]>
* Enable unix_procs for FreeBSD. It was disabled in 2006 to worklloyd2011-04-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | around a bug in FreeBSD 6.1, which is long EOL. If we can't figure out the CPU in configure.py, if running verbosely dump the entire list of CPUs we know about. Some doc cleanups. Rename the 'beos' target to 'haiku', since testing shows that botan can't compile under the old BeOS GCC 2.95 anyway. Remove the call to idle_time in the stats entropy source - it causes a crash on Haiku R1-alpha2 somewhere inside a system DLL. I didn't bother debugging it beyond looking at the backtrace. Add a 'bepc' alias for i386 as that is what Haiku reports its processor as. Fix the install dirs to match Haiku R1, though apparently they will change in R2 anyway when they add package management. Enable use of gmtime_r on Haiku.
* Use size_t instead of u32bit in entropy and rnglloyd2010-10-123-13/+13
|
* Use size_t in filterslloyd2010-10-122-8/+10
| | | | | This breaks API for anyone creating their own Filter types, but it had to happen eventually.
* Remove more uses of vector to pointer implicit conversionslloyd2010-09-131-1/+1
|
* Anywhere where we use MemoryRegion::begin to get access to the raw pointerlloyd2010-09-131-1/+1
| | | | | representation (rather than in an interator context), instead use &buf[0], which works for both MemoryRegion and std::vector
* Fix comparison functorlloyd2010-09-031-3/+3
|
* Clean up the unix process running entropy source a little bit. Tweaklloyd2010-09-033-24/+35
| | | | | | priorities slightly, pushing netstat -s and netstat -an higher since they change freqently and don't have a huge amount of output. Use the -n flag with lsof, which inhibits name lookups which we don't need.
* Remove calling getsid, it causes problems with too many differentlloyd2010-09-031-3/+1
| | | | | various compilers/platforms, and likely doesn't contribute much of anything. Also only grab real uid and gid, ignoring effective ids.
* Doxygenlloyd2010-06-211-0/+11
|
* More Doxygenlloyd2010-06-161-0/+4
|
* Use "/*" instead of "/**" in starting comments at the begining of a file.lloyd2010-06-071-1/+1
| | | | | This caused Doxygen to think this was markup meant for it, which really caused some clutter in the namespace page.
* Add constructor and destructor for pipe_wrapper to handle init and closelloyd2010-06-021-5/+5
|
* Make many more headers internal-only.lloyd2009-12-162-2/+2
| | | | | | | | | | | | | Fixes for the amalgamation generator for internal headers. Remove BOTAN_DLL exporting macros from all internal-only headers; the classes/functions there don't need to be exported, and avoiding the PIC/GOT indirection can be a big win. Add missing BOTAN_DLLs where necessary, mostly gfpmath and cvc For GCC, use -fvisibility=hidden and set BOTAN_DLL to the visibility __attribute__ to export those classes/functions.
* Full working amalgamation build, plus internal-only headers concept.lloyd2009-12-165-6/+15
|
* Move most code that relies heavily on Filters into src/filters.lloyd2009-11-171-9/+0
| | | | | | Remove support for (unused) modset settings. Move tss, fpe, cryptobox, and aont to new dir constructs
* Remove the 'realname' attribute on all modules and cc/cpu/os info files.lloyd2009-10-291-2/+0
| | | | | Pretty much useless and unused, except for listing the module names in build.h and the short versions totally suffice for that.
* Move some files around to break up dependencies between directorieslloyd2009-07-161-0/+4
|
* Thomas Moschny passed along a request from the Fedora packagers which camelloyd2009-03-305-4/+14
| | | | | | | | | | | | | | | up during the Fedora submission review, that each source file include some text about the license. One handy Perl script later and each file now has the line Distributed under the terms of the Botan license after the copyright notices. While I was in there modifying every file anyway, I also stripped out the remainder of the block comments (lots of astericks before and after the text); this is stylistic thing I picked up when I was first learning C++ but in retrospect it is not a good style as the structure makes it harder to modify comments (with the result that comments become fewer, shorter and are less likely to be updated, which are not good things).
* In es_unix, two changeslloyd2009-01-311-6/+3
| | | | | | | | | | | Make the fast poll significantly more pessimistic/realistic about how many bits of randomness we're getting from getrusage and stat. Don't cut out from execing programs if the desired poll bits is under 128. Simply poll until either the accumulator says we're done or we run out of sources. Assumption is that the poll won't be run at all unless it is ncessary (es_unix comes late in the list of sources to use since it is pretty slow).
* Check in a branch with a major redesign on how entropy polling is performed.lloyd2009-01-275-124/+103
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Combine the fast and slow polls, into a single poll() operation. Instead of being given a buffer to write output into, the EntropySource is passed an Entropy_Accumulator. This handles the RLE encoding that xor_into_buf used to do. It also contains a cached I/O buffer so entropy sources do not individually need to allocate memory for that with each poll. When data is added to the accumulator, the source specifies an estimate of the number of bits of entropy per byte, as a double. This is tracked in the accumulator. Once the estimated entropy hits a target (set by the constructor), the accumulator's member function predicate polling_goal_achieved flips to true. This signals to the PRNG that it can stop performing polling on sources, also polls that take a long time periodically check this flag and return immediately. The Win32 and BeOS entropy sources have been updated, but blindly; testing is needed. The test_es example program has been modified: now it polls twice and outputs the XOR of the two collected results. That helps show if the output is consistent across polls (not a good thing). I have noticed on the Unix entropy source, occasionally there are many 0x00 bytes in the output, which is not optimal. This also needs to be investigated. The RLE is not actually RLE anymore. It works well for non-random inputs (ASCII text, etc), but I noticed that when /dev/random output was fed into it, the output buffer would end up being RR01RR01RR01 where RR is a random byte and 00 is the byte count. The buffer sizing also needs to be examined carefully. It might be useful to choose a prime number for the size to XOR stuff into, to help ensure an even distribution of entropy across the entire buffer space. Or: feed it all into a hash function? This change should (perhaps with further modifications) help WRT the concerns Zack W raised about the RNG on the monotone-dev list.
* In the Unix entropy source fast poll, clear the stat buf beforelloyd2009-01-031-0/+1
| | | | | | | | | | we call stat. Apparently on 32-bit Linux (or at least on Ubuntu 8.04/x86), struct stat has some padding bytes, which are not written to by the syscall, but valgrind doesn't realize that this is OK, and warns about uninitialized memory access when we read the contents of the struct. Since this data is then fed into the PRNG, the PRNG state and output becomes tainted, which makes valgrind's output rather useless.
* Rickard Bondesson reported on botan-devel about some problems buildinglloyd2008-12-021-8/+0
| | | | | | | | | | | | | | | | | | | | on Solaris 10 with GCC 3.4.3. First, remove the definition of _XOPEN_SOURCE_EXTENDED=1 in mmap_mem.cpp and unix_cmd.cpp, because apparently on Solaris defining this macro breaks C++ compilation entirely with GCC: http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6395191 In es_egd.cpp and es_dev.cpp, include <fcntl.h> to get the declaration of open(), which is apparently where open(2) lives on Solaris - this matches the include the *BSD man pages for open(2) show, though AFAIK the BSDs all compiled fine without it (probably due to greater efforts to be source-compatible with Linux systems by *BSD developers). I have not been able to test these changes personally on Solaris but Rickard reports that with these changes everything compiles OK. Update lib version to 1.8.0-pre. ZOMG. Finally.
* Previously es_unix would always try to get 16K, then return. Now itlloyd2008-11-231-4/+3
| | | | | | | tries to get an amount cooresponding with the size of the output buffer, specifically 128 times the output size. So, assuming we have enough working sources, each output byte will be the XOR of (at least) 128 bytes of text from the output programs. (Though RLE may reduce that somewhat)
* Limit the output size of fast polls by the BeOS, Unix, and Win32 entropylloyd2008-11-231-0/+1
| | | | pollers that grab basic statistical data to 32 bytes.
* Fix indexing of ids array. Don't zeroize stat/rusage bufs before uselloyd2008-11-231-8/+4
|
* Use template version of xor_into_buf wherever useful in es_unix.cpplloyd2008-11-231-3/+3
|
* Use template version of xor_into_buf in es_unixlloyd2008-11-231-1/+1
|
* Change unix_procs entropy source to be a plain EntropySource instead oflloyd2008-11-233-24/+47
| | | | | | | | | | | | | a Buffered_EntropySource. Data used in the poll is directly accumulated into the output buffer using XOR, wrapping around as needed. The implementation uses xor_into_buf from xor_buf.h This is simpler and more convincingly secure than the method used by Buffered_EntropySource. In particular the collected data is persisted in the buffer there much longer than needed. It is also much harder for entropy sources to signal errors or a failure to collected data using Buffered_EntropySource. And, with the simple xor_into_buf function, it is actually quite easy to remove without major changes.
* Split base.h into block_cipher.h and stream_cipher.hlloyd2008-11-081-0/+2
| | | | | | It turned out many files were including base.h merely to get other includes (like types.h, secmem.h, and exceptn.h). Those have been changed to directly include the files containing the declarations that code needs.
* Substantially change Randpool's reseed logic. Now when a reseedlloyd2008-10-272-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | is requested, Randpool will first do a fast poll on each entropy source that has been registered. It will count these poll results towards the collected entropy count, with a maximum of 96 contributed bits of entropy per poll (only /dev/random reaches this, others measure at 50-60 bits typically), and a maximum of 256 for sum contribution of the fast polls. Then it will attempt slow polls of all devices until it thinks enough entropy has been collected (using the rather naive entropy_estimate function). It will count any slow poll for no more than 256 bits (100 or so is typical for every poll but /dev/random), and will attempt to collect at least 512 bits of (estimated/guessed) entropy. This tends to cause Randpool to use significantly more sources. Previously it was common, especially on systems with a /dev/random, for only one or a few sources to be used. This change helps assure that even if /dev/random and company are broken or compromised the RNG output remains secure (assuming at least some amount of entropy unguessable by the attacker can be collected via other sources). Also change AutoSeeded_RNG do an automatic poll/seed when it is created.
* Add BOTAN_DLL macro to public class definitions that were missing it.lloyd2008-10-092-2/+2
|
* Rename all modinfo.txt files to info.txt, since they are all (none) oflloyd2008-09-291-0/+0
| | | | | them modules now. In any case there is no distinction so info.txt seems better.
* Move buf_es into module, add deps where neededlloyd2008-09-281-0/+4
|
* Move all modules into src/ directorylloyd2008-09-286-0/+532