| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
with the version in earlier releases. Rickard Bondesson pointed out that
this was a problem on the mailing list.
|
| |
|
|
|
|
|
| |
botan-config --libs - with shared objects it makes no difference, but
with static libs this doesn't bring in the needed symbols correctly since
only symbols needed by earlier objects on the command line are brought
in. Reported by Thomas Moschny.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
no subclass needs access to any of these variables.
|
| |
|
|
| |
going to be compressed - otherwise it's a noop.
|
| |
|
|
|
| |
the changeover from single block hashing to having each hash support multiple
sequential blocks of input.
|
| |
|
|
| |
statement (at least as far as the calling code is concerned)
|
| |
|
|
|
| |
that is the only code that needs to see them. Record the name in the Param
object.
|
| |
|
|
|
| |
precompute the deltas when they are just a few additions; removing the
additions from the encrypt/decrypt rounds seems enough to me.
|
| | |
|
| |
|
|
|
|
|
|
| |
implementation.
In addition to the GOST 34.11 test parameters (used in Crypto++ among other
things), the GOST 34.11 CryptoPro parameters (used in implementations of the
GOST hash function) are now supported.
|
| |
|
|
| |
param isn't set.
|
| |
|
|
|
|
|
| |
can be done directly, so there is no need to copy the key several times
for the key schedule (since the GOST 'key schedule' is very simple and the
access pattern can now be directly inserted into the code). Looks to be
about 10% faster on my Core2, as well.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
up during the Fedora submission review, that each source file include some
text about the license. One handy Perl script later and each file now has
the line
Distributed under the terms of the Botan license
after the copyright notices.
While I was in there modifying every file anyway, I also stripped out the
remainder of the block comments (lots of astericks before and after the
text); this is stylistic thing I picked up when I was first learning C++
but in retrospect it is not a good style as the structure makes it harder
to modify comments (with the result that comments become fewer, shorter and
are less likely to be updated, which are not good things).
|
| |
|
|
| |
somewhat cleaner .so dependencies on ELF systems. Patch from Zack Weinberg.
|
| |
|
|
| |
HashFunction; include hash.h instead
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GostR3411_94_TestParamSet, this is compatible with the implementations in
Crypto++ and OpenSSL. This is not backwards compatible, though once the
implementation supports multiple param sets (which is required, unfortunately,
for compatability with various standards by CryptoCom, who have defined not
one but at least 4 (!!!) different sboxes to use with GOST), I may offer
Botan's previous sbox set as an option.
Since adding the GOST hash function (34.11) and signing algorithm (34.10)
are on the long term agenda (request by Rickard Bondesson, as the Russian
authorities want to use their local standards for their DNSSEC use), I
renamed the block cipher class (which had been just 'GOST') to GOST_28147_89
to minimize future name clashes.
|
| |
|
|
| |
the mailing list.
|
| | |
|
| | |
|
| |\
| |
| |
| | |
and 'fc89152d6d99043fb9ed1e9f2569fde3fee419e5'
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make the fast poll significantly more pessimistic/realistic about how
many bits of randomness we're getting from getrusage and stat.
Don't cut out from execing programs if the desired poll bits is under
128. Simply poll until either the accumulator says we're done or we run
out of sources. Assumption is that the poll won't be run at all unless
it is ncessary (es_unix comes late in the list of sources to use since
it is pretty slow).
|
| | | |
|
| | |\
| | |
| | |
| | |
| | |
| | | |
4518ef63a5e28e22a61d21a6066d0d4a5cf0616e)
to branch 'net.randombit.botan.entropy-poll-redesign' (head c8e07f10a193b25bab726af99ea2ea77a0f30eaf)
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead simply consider the PRNG seeded if a poll kicked off from reseed
met its goal, or if the user adds data.
Doing anything else prevents creating (for instance) a PRNG seeded with
64 bits of entropy, which is unsafe for some purposes (key generation)
but quite possibly safe enough for others (generating salts and such).
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Also, change the wait time to bits/16 milliseconds. For instance if 64
bits of entropy are requested, the reader will wait at most 4 ms in the
select loop.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
inputs might end up not contributing anything to the count even when they should.
This was paricularly noticable with the proc walker - it uses an estimate of .01
bits / byte, so if the file was < 100 bytes it would not count for anything at all.
|
| | | |
| | |
| | |
| | |
| | | |
techniques, with the one using BufferedComputation being the new
subclass with the charming name Entropy_Accumulator_BufferedComputation.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
a new member function rekey, calling it from both reseed and add_entropy.
Previously add_entropy worked without this because the PRNG would reseed
itself automatically if it was not at the point when randomize() was called,
but once this was removed it was necessary to ensure a rekey kicked off,
if appropriate, when calling add_entropy.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
of 0 (on the theory this is a mistake and the second and third arguments
were swapped). However the GCC inliner apparently is good enough that it
is triggering on code that just happens to create a zero length SecureVector
or equivalent - the constants get propagated so __builtin_constant_p returns
true.
Add an if(n) in clear_mem so we skip calling memset if the size is zero.
|
| | |/
|/| |
|
| | |
| |
| |
| |
| | |
entropy, the proc walker will read about 256K bytes. This seems plenty
sufficient to me.
|
| | |
| |
| |
| | |
achieved.
|
| | |
| |
| |
| | |
the buffer.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since both Randpool and HMAC_RNG fed the input into a MAC anyway, this
works nicely. (It would be nicer to use tr1::function but, argh, don't
want to fully depend on TR1 quite yet. C++0x cannot come soon enough).
This avoids requiring to do run length encoding, it just dumps everything
as-is into the MAC. This ensures the buffer is not a potential narrow pipe
for the entropy (for instance, one might imagine an entropy source which
outputs one random byte every 16 bytes, and the rest some repeating pattern -
using a 16 byte buffer, you would only get 8 bits of entropy total, no matter
how many times you sampled).
|
| | |
| |
| |
| | |
randomize, or PRNG_Unseeded will be thrown.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Combine the fast and slow polls, into a single poll() operation.
Instead of being given a buffer to write output into, the EntropySource is
passed an Entropy_Accumulator. This handles the RLE encoding that xor_into_buf
used to do. It also contains a cached I/O buffer so entropy sources do not
individually need to allocate memory for that with each poll. When data
is added to the accumulator, the source specifies an estimate of the number
of bits of entropy per byte, as a double. This is tracked in the accumulator.
Once the estimated entropy hits a target (set by the constructor), the
accumulator's member function predicate polling_goal_achieved flips to true.
This signals to the PRNG that it can stop performing polling on sources,
also polls that take a long time periodically check this flag and return
immediately.
The Win32 and BeOS entropy sources have been updated, but blindly; testing
is needed.
The test_es example program has been modified: now it polls twice and outputs
the XOR of the two collected results. That helps show if the output is consistent
across polls (not a good thing). I have noticed on the Unix entropy source,
occasionally there are many 0x00 bytes in the output, which is not optimal.
This also needs to be investigated.
The RLE is not actually RLE anymore. It works well for non-random inputs
(ASCII text, etc), but I noticed that when /dev/random output was fed into
it, the output buffer would end up being RR01RR01RR01 where RR is a random
byte and 00 is the byte count.
The buffer sizing also needs to be examined carefully. It might be useful
to choose a prime number for the size to XOR stuff into, to help ensure an
even distribution of entropy across the entire buffer space. Or: feed it
all into a hash function?
This change should (perhaps with further modifications) help WRT the
concerns Zack W raised about the RNG on the monotone-dev list.
|
| |\
| |
| |
| | |
and '76da4a953201fc0f0b510ea82d5a3986ec8ab44a'
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
echo -n does not work on (at least) Solaris 10 and MacOS X, while printf
will do the right thing and is available at least as far back as 4.2 BSD
(and as a policy, I'm not interested in supporting Unix distros that shipped
before I was born).
Patch from Markus Wanner.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
we call stat. Apparently on 32-bit Linux (or at least on Ubuntu
8.04/x86), struct stat has some padding bytes, which are not
written to by the syscall, but valgrind doesn't realize that this
is OK, and warns about uninitialized memory access when we read
the contents of the struct. Since this data is then fed into the
PRNG, the PRNG state and output becomes tainted, which makes
valgrind's output rather useless.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
occur because PKCS #5 v2.0 doesn't support empty passphrases (though
maybe it should?). In this case pbe->set_key would throw an exception,
causing the stack to be unwound without the (dynamically created) PBE
object being deleted. Use auto_ptr to hold the PBE*, then .release()
it when passing it to the Pipe (since Pipe takes ownership of its Filters).
Noticed when looking at valgrind analysis of monotone's sync command.
|
| | |
| |
| |
| | |
since it is relevant to the implementation.
|
| | |
| |
| |
| | |
in the header.
|
