| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
128 bits of RDRAND output is plenty, and including a timestamp means
the AD changes even in RDRAND gets stuck as in the buggy AMD CPUs.
|
| |
|
|
|
|
|
|
|
|
|
| |
Avoid throwing base Botan::Exception type, as it is difficult to
determine what the error is in that case.
Add Exception::error_code and Exception::error_type which allows
(for error code) more information about the error and (for error type)
allows knowing the error type without requiring a sequence of catches.
See GH #1742
|
| | |
|
| | |
|
| |
|
|
|
|
| |
ISO C++ reserves names with double underscores in them
Closes #512
|
| |
|
|
|
| |
Defined in build.h, all equal to BOTAN_DLL so ties into existing
system for exporting symbols.
|
| | |
|
| |
|
|
| |
Instead of giving subclasses access to the variable directly.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Looking into SP808-90A, it mentions that the max
security strength is the security strength
of the hash function for pre-image resistance.
The current implementation however always only
uses half of the output length, therefore only providing
half of the security strength possible.
However, SP800-90A supports only up to 256 bit
security strength, so we fix it to this upper limit.
In a second change, add_entropy() now also resets
the reseed counter if enough entropy input provided.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Now let it return 0 if we have no hardware timestamp, and add
OS::get_high_resolution_clock for best available clock.
This is mainly because it's confusing for get_processor_timestamp to return
something that is not a processor timestamp and because it simplifies adding
cycles/byte output if we know that something is or is not a cycle counter.
Also adds Windows SEH version of run_cpu_instruction_probe. Untested, uncompiled.
|
| |
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
| | |
|
| | |
|
|
|
Change reseed interval logic to count calls to `randomize` rather than
bytes, to match SP 800-90A
Changes RNG reseeding API: there is no implicit reference to the
global entropy sources within the RNGs anymore. The entropy sources
must be supplied with the API call. Adds support for reseding directly
from another RNG (such as a system or hardware RNG).
Stateful_RNG keeps optional references to both an RNG and a set of
entropy sources. During a reseed, both sources are used if set.
These can be provided to HMAC_DRBG constructor.
For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes
per DRBG request. We treat requests longer than that as if the caller
had instead made several sequential maximum-length requests. This
means it is possible for one or more reseeds to trigger even in the
course of generating a single (long) output (generate a 256-bit key
and use ChaCha or HKDF if this is a problem).
Adds RNG::randomize_with_ts_input which takes timestamps and uses them
as the additional_data DRBG field. Stateful_RNG overrides this to also
include the process ID and the reseed counter. AutoSeeded_RNG's
`randomize` uses this.
Officially deprecates RNG::make_rng and the Serialized_RNG construtor
which creates an AutoSeeded_RNG. With these removed, it would be
possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all
(eg, for applications which only use the system RNG).
Tests courtesy @cordney in GH PRs #598 and #600
|
