aboutsummaryrefslogtreecommitdiffstats
path: root/src/utils
Commit message (Collapse)AuthorAgeFilesLines
* Move mutex.h from utils/ to mutex/ dir as more relevant arealloyd2009-07-012-57/+0
|
* DataSource::discard_next did not actually return the number of discardedlloyd2009-06-241-1/+1
| | | | bytes. Bug noted by Falko Strenzke, fix by M. Braun. (bug id 31)
* Use an input insensitive implementation of same_mem instead of memcmp.lloyd2009-06-221-1/+8
| | | | | | I don't know that having same_mem be sensitive to input would actually allow any form of timing attack in the current codebase, but it seemed like a prudent thing to do in any case.
* Many source files included bit_ops.h when what was really desired waslloyd2009-05-131-1/+0
| | | | | rotate.h, or when it was not needed at all. Remove or change the includes as needed.
* Include <algorithm> in secmem.h for std::swaplloyd2009-04-081-0/+1
|
* Add a new version of SCAN_Name::arg that returns a default value if thelloyd2009-03-312-2/+17
| | | | param isn't set.
* Thomas Moschny passed along a request from the Fedora packagers which camelloyd2009-03-3032-500/+564
| | | | | | | | | | | | | | | up during the Fedora submission review, that each source file include some text about the license. One handy Perl script later and each file now has the line Distributed under the terms of the Botan license after the copyright notices. While I was in there modifying every file anyway, I also stripped out the remainder of the block comments (lots of astericks before and after the text); this is stylistic thing I picked up when I was first learning C++ but in retrospect it is not a good style as the structure makes it harder to modify comments (with the result that comments become fewer, shorter and are less likely to be updated, which are not good things).
* Use u32bit instead of int for loop counter in ctzlloyd2009-03-271-1/+1
|
* propagate from branch 'net.randombit.botan' (head ↵lloyd2009-01-313-63/+0
|\ | | | | | | | | | | 4518ef63a5e28e22a61d21a6066d0d4a5cf0616e) to branch 'net.randombit.botan.entropy-poll-redesign' (head c8e07f10a193b25bab726af99ea2ea77a0f30eaf)
| * Check in a branch with a major redesign on how entropy polling is performed.lloyd2009-01-273-63/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Combine the fast and slow polls, into a single poll() operation. Instead of being given a buffer to write output into, the EntropySource is passed an Entropy_Accumulator. This handles the RLE encoding that xor_into_buf used to do. It also contains a cached I/O buffer so entropy sources do not individually need to allocate memory for that with each poll. When data is added to the accumulator, the source specifies an estimate of the number of bits of entropy per byte, as a double. This is tracked in the accumulator. Once the estimated entropy hits a target (set by the constructor), the accumulator's member function predicate polling_goal_achieved flips to true. This signals to the PRNG that it can stop performing polling on sources, also polls that take a long time periodically check this flag and return immediately. The Win32 and BeOS entropy sources have been updated, but blindly; testing is needed. The test_es example program has been modified: now it polls twice and outputs the XOR of the two collected results. That helps show if the output is consistent across polls (not a good thing). I have noticed on the Unix entropy source, occasionally there are many 0x00 bytes in the output, which is not optimal. This also needs to be investigated. The RLE is not actually RLE anymore. It works well for non-random inputs (ASCII text, etc), but I noticed that when /dev/random output was fed into it, the output buffer would end up being RR01RR01RR01 where RR is a random byte and 00 is the byte count. The buffer sizing also needs to be examined carefully. It might be useful to choose a prime number for the size to XOR stuff into, to help ensure an even distribution of entropy across the entire buffer space. Or: feed it all into a hash function? This change should (perhaps with further modifications) help WRT the concerns Zack W raised about the RNG on the monotone-dev list.
* | A new warning in glibc triggers if memset is called with a constant sizelloyd2009-01-311-8/+8
|/ | | | | | | | | | of 0 (on the theory this is a mistake and the second and third arguments were swapped). However the GCC inliner apparently is good enough that it is triggering on code that just happens to create a zero length SecureVector or equivalent - the constants get propagated so __builtin_constant_p returns true. Add an if(n) in clear_mem so we skip calling memset if the size is zero.
* Use a simple run length encoding in xor_into_buf, so long blocks of spaces,lloyd2008-11-232-3/+22
| | | | | zero bytes, etc (relatively common, especially with the statistical pollers that use xor_into_buf) are removed. Counters wrap at 256.
* Pass by const reference so larger structs can be used with xor_into_buf templatelloyd2008-11-231-1/+1
|
* Move xor_into_buf to xor_buf.cpp. Also add a new template wrapper forlloyd2008-11-233-10/+39
| | | | xoring integer values in.
* Add xor_into_buf. Add Doxygen comments for xor_buflloyd2008-11-231-10/+32
|
* Remove support for provider identifiers from SCAN_Name - it turns out thislloyd2008-11-122-37/+5
| | | | | | | | | | | | was not the right place to keep track of this information. Also modify all Algorithm_Factory constructor functions to take instead of a SCAN_Name a pair of std::strings - the SCAN name and an optional provider name. If a provider is specified, either that provider will be used or the request will fail. Otherwise, the library will attempt best effort, based on user-set algorithm implementation settings (combine with benchmark.h for choosing the fastest implementation at runtime) or if not set, a static ordering (preset in static_provider_weight in prov_weight.cpp, though it would be nice to make this easier to toggle).
* Drop use of entropy estimation in Randpool for the same reason as HMAC_RNG.lloyd2008-11-113-130/+0
| | | | | | As with HMAC_RNG, instead assume one bit of conditional entropy per byte of polled material. Since they are no longer used, drop the entropy estimation routines entirely.
* Move utils/{timer,mutex} to toplevellloyd2008-11-1127-782/+0
|
* Rename timers.h to timer.hlloyd2008-11-117-7/+7
|
* Throw an exception if SCAN name is malformed or emptylloyd2008-11-111-0/+3
|
* Remove support for multiple providers in SCAN_Name, mostly because Illoyd2008-11-112-32/+19
| | | | couldn't really figure out how the semantics should work.
* Make SCAN_Name::arg return a new SCAN_Name that has the same providers list,lloyd2008-11-112-2/+16
| | | | this allows provider preferences to be passed down to sub-algorithms.
* Shorten SCAN_Name's argument arg in function nameslloyd2008-11-102-4/+4
|
* Make SCAN_Name::arg_count_between constlloyd2008-11-101-1/+1
|
* Fix parsing of nested + aliased names like TLS.Digest.0 in SCAN_Namelloyd2008-11-101-3/+31
|
* In SCAN_Name, keep track of the original inputs and make them accessiblelloyd2008-11-102-0/+6
|
* Add a facility in SCAN_Name for provider nameslloyd2008-11-102-3/+35
|
* Doxygen commentlloyd2008-11-101-3/+3
|
* Add SCAN_Name::arg_count_betweenlloyd2008-11-091-0/+6
|
* Constifylloyd2008-11-092-4/+4
|
* Add a SCAN_Name class that encapsulates operations currently done repeatedlylloyd2008-11-093-0/+92
| | | | all over the engine code.
* Macro cleanuplloyd2008-11-092-11/+6
|
* Move botan.h from utils to libstate, since libstate has lookup.h whichlloyd2008-11-082-16/+0
| | | | | | botan.h includes unconditionally. Remove obsolete seed_rng code from init.h
* Split the last parts of the 'core' modulelloyd2008-11-083-1/+26
| | | | Add some missing info.txts
* Move most of what was left in core to utils (since that is what they are,lloyd2008-11-087-1/+1174
| | | | | basically). buf_comp and data_src might need their own directory, but it doesn't really feel like it.
* Move mutex.h from core to utilslloyd2008-11-082-0/+55
| | | | Move core/sym_algo.{h,cpp} to sym_algo
* Move declaration of StreamCipher to stream_cipher.hlloyd2008-11-081-0/+2
|
* Move Entropy_Estimator to utils/entropy.h (from anon namespace in HMAC_RNGlloyd2008-11-065-33/+130
| | | | | implementation), remove freestanding estimate_entropy function, change Randpool to use entropy estimator.
* Substantially change Randpool's reseed logic. Now when a reseedlloyd2008-10-274-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | is requested, Randpool will first do a fast poll on each entropy source that has been registered. It will count these poll results towards the collected entropy count, with a maximum of 96 contributed bits of entropy per poll (only /dev/random reaches this, others measure at 50-60 bits typically), and a maximum of 256 for sum contribution of the fast polls. Then it will attempt slow polls of all devices until it thinks enough entropy has been collected (using the rather naive entropy_estimate function). It will count any slow poll for no more than 256 bits (100 or so is typical for every poll but /dev/random), and will attempt to collect at least 512 bits of (estimated/guessed) entropy. This tends to cause Randpool to use significantly more sources. Previously it was common, especially on systems with a /dev/random, for only one or a few sources to be used. This change helps assure that even if /dev/random and company are broken or compromised the RNG output remains secure (assuming at least some amount of entropy unguessable by the attacker can be collected via other sources). Also change AutoSeeded_RNG do an automatic poll/seed when it is created.
* Move EntropySource base class to new entropy_src.h (which allows the ↵lloyd2008-10-262-1/+7
| | | | | | implementations to decouple from knowing about RandomNumberGenerator).
* Move rng.{cpp,h} from core to rng/ topdirlloyd2008-10-267-4/+4
| | | | | | | | | | | | | | Add a new class AutoSeeded_RNG that is a RandomNumberGenerator that wraps up the logic formerly in RandomNumberGenerator::make_rng. make_rng in fact now just returns a new AutoSeeded_RNG object. AutoSeeded_RNG is a bit more convenient because - No need to use auto_ptr - No need to dereference (same syntax everywhere - it's an underestimated advantage imo) Also move the code from timer/timer_base to timer/
* Fixup Doxygen errorlloyd2008-10-141-3/+3
|
* Doxygen comments for utils/version.h (from InSiTo)lloyd2008-10-131-0/+26
|
* Remove leading "Botan " from result of version_stringlloyd2008-10-121-3/+9
| | | | | Add a comment explaining why these functions are compiled rather than inlined.
* Add an implementation of bswap for Visual C++ in x86 inline asm,lloyd2008-10-121-0/+9
| | | | written by Yves Jerschow (sent to me in a personal email 2007-10-23).
* Mark classes with BOTAN_DLL macro for DLL visibilitylloyd2008-10-087-7/+7
|
* Document dependencies between moduleslloyd2008-10-012-1/+6
|
* Make PBE base, IF_algo only load if needed by dependencieslloyd2008-10-012-2/+2
|
* propagate from branch 'net.randombit.botan' (head ↵lloyd2008-09-302-0/+2
| | | | | | fd327b29aa542e0ad5ff6d37d8392321670f0369) to branch 'net.randombit.botan.modularized' (head 3f8d05493d4b192243fdc8a7f518ed1013c3be54)
* Move datastore from core to utilslloyd2008-09-303-7/+237
|