| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
| |
Done by a perl script which converted all classes to final, followed
by selective reversion where it caused compilation failures.
|
| |\ |
|
| | | |
|
| | | |
|
| |/
|
|
|
|
|
| |
Avoid including build.h or assert.h directly, instead always take
them though types.h
Avoid math.h in favor of cmath
|
| |
|
|
|
|
| |
ISO C++ reserves names with double underscores in them
Closes #512
|
| | |
|
| |
|
|
|
| |
Defined in build.h, all equal to BOTAN_DLL so ties into existing
system for exporting symbols.
|
| |
|
|
| |
Ugh Windows headers y u so nasty.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This OS has its own crypto API and does not support CryptGenRandom.
Splits System_RNG_Impl into distinct declarations one per implementation
type. Easier to read now that we are up to 4 distinct versions.
Removes the CryptoAPI entropy source, and replaces it with an entropy
source that calls the system RNG. This is nominally a bit less flexible
in that the entropy source allowed polling multiple providers (though
we didn't actually make use of that). Plus side is it works on all
systems.
Currently the dev_random entropy source is still there because we do
actually use it to poll both /dev/random and /dev/urandom, and it
might be useful (on certain systems) to also poll a HW RNG, which
are often assigned their own device node. This could debatably also
be removed in favor of just reading the system RNG.
|
| |
|
|
| |
Caught by GCC cross compiling. Also fix a couple 0-as-null warnings.
|
| |
|
|
|
| |
This is not necessary for setup, but we want to zero the key out
in the event someone calls clear explicitly.
|
| | |
|
| |
|
|
| |
Instead of giving subclasses access to the variable directly.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Looking into SP808-90A, it mentions that the max
security strength is the security strength
of the hash function for pre-image resistance.
The current implementation however always only
uses half of the output length, therefore only providing
half of the security strength possible.
However, SP800-90A supports only up to 256 bit
security strength, so we fix it to this upper limit.
In a second change, add_entropy() now also resets
the reseed counter if enough entropy input provided.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
OpenBSD provides the arc4random(3) function in libc for user land
programs that need good random data. Use this to implement the
Botan system random number generator. It has the advantage over
/dev/urandom that it works without file descriptors and in chroot(2)
environment. Internally libc is currently using a ChaCha20 cipher
as PRNG and getentropy(2) to reseed itself automatically.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Now let it return 0 if we have no hardware timestamp, and add
OS::get_high_resolution_clock for best available clock.
This is mainly because it's confusing for get_processor_timestamp to return
something that is not a processor timestamp and because it simplifies adding
cycles/byte output if we know that something is or is not a cycle counter.
Also adds Windows SEH version of run_cpu_instruction_probe. Untested, uncompiled.
|
| |
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
| |
|
|
|
|
| |
GH #726
[ci skip]
|
| |
|
|
|
|
|
|
| |
botan_rng_reseed: System_RNG write failed error 9
FFI ran 252 tests 1 FAILED
Failure 1: FFI botan_rng_reseed unexpectedly failed with error code -1
Signed-off-by: Alon Bar-Lev <[email protected]>
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
This caused Doxygen to dump the copyright notices for those files into
the Botan namespace description, which is not helpful.
[ci skip]
|
| |
|
|
|
| |
No need to strictly require it, and some applications may only want
system RNG or RDRAND.
|
| |
|
|
|
| |
Change AutoSeeded_RNG to use SHA-384, SHA-256, SHA-3(256), or SHA-1,
whichever is available (in that order).
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Also emit `#pragma GCC target` in the ISA specific amalgamation files.
This allows compiling without any special compiler flags, at least
with GCC 6.2 and Clang 3.8. The ISA annotations are ignored in MSVC,
which just emits whatever instruction the intrinsic requires.
|
| | |
|
| |
|
| |
Implement a backoff approach to opening the system RNG: if opening read-write fails, try to open read-only. This will allow the RNG to be used, but attempts to add entropy will fail. If opening as read-only also fails, only then throw an exception.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change reseed interval logic to count calls to `randomize` rather than
bytes, to match SP 800-90A
Changes RNG reseeding API: there is no implicit reference to the
global entropy sources within the RNGs anymore. The entropy sources
must be supplied with the API call. Adds support for reseding directly
from another RNG (such as a system or hardware RNG).
Stateful_RNG keeps optional references to both an RNG and a set of
entropy sources. During a reseed, both sources are used if set.
These can be provided to HMAC_DRBG constructor.
For HMAC_DRBG, SP800-90A requires we output no more than 2**16 bytes
per DRBG request. We treat requests longer than that as if the caller
had instead made several sequential maximum-length requests. This
means it is possible for one or more reseeds to trigger even in the
course of generating a single (long) output (generate a 256-bit key
and use ChaCha or HKDF if this is a problem).
Adds RNG::randomize_with_ts_input which takes timestamps and uses them
as the additional_data DRBG field. Stateful_RNG overrides this to also
include the process ID and the reseed counter. AutoSeeded_RNG's
`randomize` uses this.
Officially deprecates RNG::make_rng and the Serialized_RNG construtor
which creates an AutoSeeded_RNG. With these removed, it would be
possible to perform a build with no AutoSeeded_RNG/HMAC_DRBG at all
(eg, for applications which only use the system RNG).
Tests courtesy @cordney in GH PRs #598 and #600
|
| |
|
|
|
| |
configure.py expects all header guards to match a specific form,
for finding them when generating the amalgamation file.
|
| |
|
|
|
|
|
|
| |
For those that are willing to trust uninspectible hardware. :)
Changes RDRAND entropy source to call RDRAND_RNG
Add --rdrand flag to rng cmdlet
|
| |
|
|
|
|
|
|
|
| |
Use consistent naming for the max output before reseed
parameter. The constant (default) value is renamed to
BOTAN_RNG_DEFAULT_MAX_OUTPUT_BEFORE_RESEED, since without
the DEFAULT_ it reads like a compile time maximum instead.
Use uint8_t instead of byte.
|
| |
|
|
|
| |
Remove Entropy_Accumulator, instead have entropy sources directly
add entropy to the RNG.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handles fork checking for HMAC_RNG and HMAC_DRBG
AutoSeeded_RNG change - switch to HMAC_DRBG as default.
Start removing the io buffer from entropy poller.
Update default RNG poll bits to 256.
Fix McEliece test, was using wrong RNG API.
Update docs.
|
| |
|
|
| |
Add some missing overrides
|
| |
|
|
|
|
|
|
|
| |
That failure seems like an explicit system policy decision, so accept
it as such. Versus say EBADF or EFAULT which would instead suggest a
library bug.
This return is seen on OS X Travis CI, unclear if this is a problem
with OS X or with how Travis does OS X containers.
|
