| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
|
|
| |
the prefetch is called for each block of input, and so a total of
(4096+256)/64 = 68 prefetches are executed for each block. This reduces
performance of iterative modes dramatically.
I'm not sure what the right approach for dealing with this is.
|
| |
|
| |
|
| |
|
|
|
|
| |
helper function for fetching both inputs and outputs of block ciphers.
|
| |
|
|
|
|
|
| |
that claim to be by defining __GNUG__ (such as Intel C++)) in new utils
header prefetch.h
|
|\
| |
| |
| | |
and 'bb55abb64b64ca63aeb361db40c6bc4692d4ce48'
|
| |
| |
| |
| | |
existing on the current CPU before returning an object.
|
| | |
|
|\|
| |
| |
| |
| |
| | |
1f4729658b70a340064bc9a33c923a44ecab84d8)
to branch 'net.randombit.botan' (head b9ca6596a127964cb9795d22bc2a5642fab5de84)
|
| |
| |
| |
| |
| |
| |
| | |
- rounding.h (round_up, round_down)
- workfactor.h (dl_work_factor)
- timer.h (system_time)
And update all users of the previous util.h
|
| |
| |
| |
| | |
Inline round_up and round_down
|
|/
|
|
| |
of preventing the bswap optimizations from being used. :(
|
|
|
|
|
|
|
|
|
|
|
| |
build (only libstate, utils, plus dependencies), which can be extended with
use of --enable-modules.
To add new modules to the set of always-loaded, use 'load_on always' in info.txt
Also fix a few small build problems that popped up when doing a minimal build.
Requested by a user.
|
| |
|
|
|
|
| |
used on Visual C++
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
the info.txt files with the right module dependencies.
Apply it across the codebase.
|
|
|
|
| |
needed, or replace with <iosfwd> or <ostream> where necessary.
|
| |
|
|
|
|
| |
bytes. Bug noted by Falko Strenzke, fix by M. Braun. (bug id 31)
|
|
|
|
|
|
| |
I don't know that having same_mem be sensitive to input would actually
allow any form of timing attack in the current codebase, but it seemed
like a prudent thing to do in any case.
|
|
|
|
|
| |
rotate.h, or when it was not needed at all. Remove or change the includes
as needed.
|
| |
|
|
|
|
| |
param isn't set.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
up during the Fedora submission review, that each source file include some
text about the license. One handy Perl script later and each file now has
the line
Distributed under the terms of the Botan license
after the copyright notices.
While I was in there modifying every file anyway, I also stripped out the
remainder of the block comments (lots of astericks before and after the
text); this is stylistic thing I picked up when I was first learning C++
but in retrospect it is not a good style as the structure makes it harder
to modify comments (with the result that comments become fewer, shorter and
are less likely to be updated, which are not good things).
|
| |
|
|\
| |
| |
| |
| |
| | |
4518ef63a5e28e22a61d21a6066d0d4a5cf0616e)
to branch 'net.randombit.botan.entropy-poll-redesign' (head c8e07f10a193b25bab726af99ea2ea77a0f30eaf)
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Combine the fast and slow polls, into a single poll() operation.
Instead of being given a buffer to write output into, the EntropySource is
passed an Entropy_Accumulator. This handles the RLE encoding that xor_into_buf
used to do. It also contains a cached I/O buffer so entropy sources do not
individually need to allocate memory for that with each poll. When data
is added to the accumulator, the source specifies an estimate of the number
of bits of entropy per byte, as a double. This is tracked in the accumulator.
Once the estimated entropy hits a target (set by the constructor), the
accumulator's member function predicate polling_goal_achieved flips to true.
This signals to the PRNG that it can stop performing polling on sources,
also polls that take a long time periodically check this flag and return
immediately.
The Win32 and BeOS entropy sources have been updated, but blindly; testing
is needed.
The test_es example program has been modified: now it polls twice and outputs
the XOR of the two collected results. That helps show if the output is consistent
across polls (not a good thing). I have noticed on the Unix entropy source,
occasionally there are many 0x00 bytes in the output, which is not optimal.
This also needs to be investigated.
The RLE is not actually RLE anymore. It works well for non-random inputs
(ASCII text, etc), but I noticed that when /dev/random output was fed into
it, the output buffer would end up being RR01RR01RR01 where RR is a random
byte and 00 is the byte count.
The buffer sizing also needs to be examined carefully. It might be useful
to choose a prime number for the size to XOR stuff into, to help ensure an
even distribution of entropy across the entire buffer space. Or: feed it
all into a hash function?
This change should (perhaps with further modifications) help WRT the
concerns Zack W raised about the RNG on the monotone-dev list.
|
|/
|
|
|
|
|
|
|
|
| |
of 0 (on the theory this is a mistake and the second and third arguments
were swapped). However the GCC inliner apparently is good enough that it
is triggering on code that just happens to create a zero length SecureVector
or equivalent - the constants get propagated so __builtin_constant_p returns
true.
Add an if(n) in clear_mem so we skip calling memset if the size is zero.
|
|
|
|
|
| |
zero bytes, etc (relatively common, especially with the statistical
pollers that use xor_into_buf) are removed. Counters wrap at 256.
|
| |
|
|
|
|
| |
xoring integer values in.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
was not the right place to keep track of this information. Also modify
all Algorithm_Factory constructor functions to take instead of a SCAN_Name
a pair of std::strings - the SCAN name and an optional provider name. If
a provider is specified, either that provider will be used or the request
will fail. Otherwise, the library will attempt best effort, based on
user-set algorithm implementation settings (combine with benchmark.h for
choosing the fastest implementation at runtime) or if not set, a static
ordering (preset in static_provider_weight in prov_weight.cpp, though it
would be nice to make this easier to toggle).
|
|
|
|
|
|
| |
As with HMAC_RNG, instead assume one bit of conditional entropy per byte
of polled material. Since they are no longer used, drop the entropy
estimation routines entirely.
|
| |
|
| |
|
| |
|
|
|
|
| |
couldn't really figure out how the semantics should work.
|
|
|
|
| |
this allows provider preferences to be passed down to sub-algorithms.
|
| |
|
| |
|
| |
|
| |
|