| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Defined in build.h, all equal to BOTAN_DLL so ties into existing
system for exporting symbols.
|
| |
|
|
| |
Ugh Windows headers y u so nasty.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This OS has its own crypto API and does not support CryptGenRandom.
Splits System_RNG_Impl into distinct declarations one per implementation
type. Easier to read now that we are up to 4 distinct versions.
Removes the CryptoAPI entropy source, and replaces it with an entropy
source that calls the system RNG. This is nominally a bit less flexible
in that the entropy source allowed polling multiple providers (though
we didn't actually make use of that). Plus side is it works on all
systems.
Currently the dev_random entropy source is still there because we do
actually use it to poll both /dev/random and /dev/urandom, and it
might be useful (on certain systems) to also poll a HW RNG, which
are often assigned their own device node. This could debatably also
be removed in favor of just reading the system RNG.
|
| |
|
|
| |
Caught by GCC cross compiling. Also fix a couple 0-as-null warnings.
|
| | |
|
| |
|
|
|
|
| |
All minimum compiler versions in rdseed are less or equal the minimum
compiler version for the Botan 2.x branch. Remove those explicit
restrictions to allow users with unknown cc_version to compile rdseed
|
| |
|
|
|
| |
See comments in
https://github.com/randombit/botan/commit/7f019174bfcf3c2b31bda74fe40ce35727db1cef
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This comes up recently to support CPU extensions by Intel (#826) and
ARM (#844) since the intrinsic functions were only added in compiler
versions more recent than the minimums we generally support, but might
actually be useful for all kinds of things in the future since one can
add a (new, otherwise optional) C++14 or C++17 module in 2.x branch
while continuing to support the current set of supported compiler
versions for the main library functionality.
Uses RDSEED as the test case, to ensure version detection/comparisons
work on all platforms.
|
| |
|
|
|
|
|
|
|
| |
* fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations)
* `default` specifier instead of `{}` in some places(probably all)
* removal of unreachable code (for example `return` after `throw`)
* removal of compilation unit only visible, but not used functions
* fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT`
* removed not needed semicolons
|
| | |
|
| |
|
|
|
|
| |
The OpenBSD system limit for getentropy(2) is 256 bytes. It does
not make sense to use the BOTAN_SYSTEM_RNG_POLL_REQUEST define here.
As it is only used in one place, another define would be overkill.
|
| |
|
|
|
| |
The /proc file system was disabled for years. With OpenBSD 5.7 the
implementation has been removed from the kernel sources.
|
| |
|
|
|
|
|
|
| |
Gather entropy from system call getentropy(2). This is available
since in OpenBSD 5.6 and Solaris 11.3. It can provide up to 256
bytes entropy from the kernel without blocking. As a system call
it does not need a file descriptor and works in chroot(2) environments
without device nodes.
|
| | |
|
| |\ |
|
| | | |
|
| | |
| |
| |
| | |
module doesn't exist anymore
|
| |/ |
|
| | |
|
| |
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
| |
|
|
|
|
| |
Kind of a vestigial thing from an earlier iteration of the module
design, and never useful to specify anymore since taking all the cpp
files is what you want exactly 100% of the time.
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
Have the /proc setting in build.h actually control the entropy source
configuration (!)
GH #708
|
| |
|
|
|
| |
Change AutoSeeded_RNG to use SHA-384, SHA-256, SHA-3(256), or SHA-1,
whichever is available (in that order).
|
| |
|
|
|
| |
If opening /dev/*random resulted in fd 0, we would both not use
that RNG and leak the file descriptor. Found with Coverity.
|
| | |
|
| |
|
|
|
|
|
|
| |
Also emit `#pragma GCC target` in the ISA specific amalgamation files.
This allows compiling without any special compiler flags, at least
with GCC 6.2 and Clang 3.8. The ISA annotations are ignored in MSVC,
which just emits whatever instruction the intrinsic requires.
|
| | |
|
| |
|
|
|
|
| |
With no provider specified, Win32_CAPI_EntropySource::poll does not call
::CryptGenRandom and returns 0, leading to subsequent PRNG_Unseeded
exceptions.
|
| |
|
|
| |
Fixes GH #644
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Convert Travis build configuration to a single var instead of 4 tuple.
Makes it much easier to review the builds in the Travis web UI.
Adds sanitizer builds for Clang on both Linux and OS X. Clang is a different
compiler from GCC and its sanitizers may catch things GCC does not.
I have no idea if Apple's Clang has some magic sanitizer sauce stock
LLVM does not, so maybe sanitizer build on OS X can be skipped.
Adds Linux cross compile targets for ARM32, ARM64, PPC64, and MinGW x86
using the cross compiler available in Trusty. All of them build and are
set up to run through qemu/wine. All of the tests currently fail and
so are marked as expected fail in the Travis matrix.
The ARM test runs seem to have thread problems; ARM32 thread creation just fails
with an exception, as if pthreads was disabled. All other tests pass ok for ARM32.
On Aarch64, it looks like there is a hard crash the first time the library tries
creating a thread. Both of these might be due to statically linking the binary?
I have been unable to convince Ubuntu's qemu-ppc64 to execute binaries compiled by
Ubuntu's ppc64 cross compiler. I'm downloading an Ubuntu ISO to try this in a VM.
Running under Wine exposes several issues, both in Wine and Botan. Many functions are
stubs and it appears that entropy collection fails as a result. This triggers a bug
in the FFI tests which causes a crash there.
A pox on time zones; _mkgmtime is a MSVC extension and is not available on MinGW GCC.
Add a last resort call that just uses the localzone variant instead.
Adds valgrind target, remove a bogus poison in pubkey.cpp (it was effectively
asserting that all of RSA was const time which is sadly not true at all).
Moves -Wshadow to maintainer mode for GCC - GCC 4.8 has a noisy variant of -Wshadow
which warns if a parameter masks a function name, but this comes up all the time
in constructors. Later GCCs no longer warn about this (even with -Wshadow), so the
warnings are never fixed, but they cause noise in CI output and hide interesting
warnings like
warning: vec_lvsl is deprecated for little endian; use assignment for unaligned loads and stores [-Wdeprecated]
__vector unsigned char perm = vec_lvsl(0, static_cast<u32bit*>(nullptr));
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change reseed interval logic to count calls to `randomize` rather than
bytes, to match SP 800-90A
Changes RNG reseeding API: there is no implicit reference to the
global entropy sources within the RNGs anymore. The entropy sources
must be supplied with the API call. Adds support for reseding directly
from another RNG (such as a system or hardware RNG).
Stateful_RNG keeps optional references to both an RNG and a set of
entropy sources. During a reseed, both sources are used if set.
These can be provided to HMAC_DRBG constructor.
For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes
per DRBG request. We treat requests longer than that as if the caller
had instead made several sequential maximum-length requests. This
means it is possible for one or more reseeds to trigger even in the
course of generating a single (long) output (generate a 256-bit key
and use ChaCha or HKDF if this is a problem).
Adds RNG::randomize_with_ts_input which takes timestamps and uses them
as the additional_data DRBG field. Stateful_RNG overrides this to also
include the process ID and the reseed counter. AutoSeeded_RNG's
`randomize` uses this.
Officially deprecates RNG::make_rng and the Serialized_RNG construtor
which creates an AutoSeeded_RNG. With these removed, it would be
possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all
(eg, for applications which only use the system RNG).
Tests courtesy @cordney in GH PRs #598 and #600
|
| |
|
|
|
|
|
|
| |
For those that are willing to trust uninspectible hardware. :)
Changes RDRAND entropy source to call RDRAND_RNG
Add --rdrand flag to rng cmdlet
|
| | |
|
| |
|
|
|
|
| |
Fix BeOS stat reader - was calling wrong function on the rng.
Remove entropy estimate defines from build.h, no longer used.
|
| | |
|
| |
|
|
|
| |
Remove Entropy_Accumulator, instead have entropy sources directly
add entropy to the RNG.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handles fork checking for HMAC_RNG and HMAC_DRBG
AutoSeeded_RNG change - switch to HMAC_DRBG as default.
Start removing the io buffer from entropy poller.
Update default RNG poll bits to 256.
Fix McEliece test, was using wrong RNG API.
Update docs.
|
| |
|
|
|
|
|
|
|
|
| |
In 10.8 (and presumably older) versions, the header for SecRandomCopyBytes
is SecRandom.h, and Security.h does not include SecRandom.h
With this change, the include of Security.h may be redundant for all versions,
but I have no way to test this.
GH #528
|
| | |
|
| |\
| |
| |
| | |
The Intel RNG may fail if heavily contended, so retry as needed.
|
| | |
| |
| |
| | |
prevents filtering out any 0x00000000 outputs from RDRAND/RDSEED
|
| | |
| |
| |
| |
| |
| |
| |
| | |
* no spaces around if(), for() etc
* snake_case for plain functions
* anonymous namespace function instead private and static
* don't propagate failed poll to the calling application
* RdRand retires configurable in build.h
|
| | |
| |
| |
| |
| | |
* Make it configurable how often RdRand and RdSeed is polled
* Make it configurable how many RdSeed retries are executed
|
| | | |
|
| | |
| |
| |
| | |
explicit.
|
| | | |
|
