diff options
| -rwxr-xr-x | configure.py | 71 | ||||
| -rw-r--r-- | doc/manual/ffi.rst | 12 | ||||
| -rw-r--r-- | doc/manual/goals.rst | 6 | ||||
| -rw-r--r-- | src/lib/ffi/ffi.cpp | 11 | ||||
| -rw-r--r-- | src/lib/ffi/ffi.h | 6 | ||||
| -rw-r--r-- | src/lib/utils/datastor/info.txt | 0 | ||||
| -rw-r--r-- | src/lib/x509/certstor_sql/info.txt | 3 | ||||
| -rw-r--r-- | src/lib/x509/datastor.cpp (renamed from src/lib/utils/datastor/datastor.cpp) | 0 | ||||
| -rw-r--r-- | src/lib/x509/datastor.h (renamed from src/lib/utils/datastor/datastor.h) | 4 | ||||
| -rw-r--r-- | src/lib/x509/info.txt | 1 | ||||
| -rw-r--r-- | src/tests/test_ffi.cpp | 1 | ||||
| -rw-r--r-- | src/tests/unit_tls.cpp | 17 |
12 files changed, 101 insertions, 31 deletions
diff --git a/configure.py b/configure.py index 979493b4f..c9fb3b755 100755 --- a/configure.py +++ b/configure.py @@ -1147,32 +1147,47 @@ def canon_processor(archinfo, proc): proc, match, submodel)) return (ainfo.basename, submodel) - logging.debug('Known CPU names: ' + ' '.join( - sorted(flatten([[ainfo.basename] + \ - ainfo.aliases + \ - [x for (x,_) in ainfo.all_submodels()] - for ainfo in archinfo.values()])))) +def system_cpu_info(): - raise Exception('Unknown or unidentifiable processor "%s"' % (proc)) + cpu_info = [] -def guess_processor(archinfo): - base_proc = platform.machine() + try: + with open('/proc/cpuinfo') as f: + for line in f.readlines(): + if line.find(':') != -1: + (key,val) = [s.strip() for s in line.split(':')] + + # Different Linux arch use different names for this field in cpuinfo + if key in ["model name", "cpu model", "Processor"]: + cpu_info.append(val) + break - if base_proc == '': - raise Exception('Could not determine target CPU; set with --cpu') + except IOError: + pass - full_proc = fixup_proc_name(platform.processor()) or base_proc + if platform.machine() != '': + cpu_info.append(platform.machine()) - for ainfo in archinfo.values(): - if ainfo.basename == base_proc or base_proc in ainfo.aliases: - for (match,submodel) in ainfo.all_submodels(): - if re.search(match, full_proc) != None: - return (ainfo.basename, submodel) + if platform.processor() != '': + cpu_info.append(platform.processor()) - return canon_processor(archinfo, ainfo.basename) + return cpu_info - # No matches, so just use the base proc type - return canon_processor(archinfo, base_proc) +def guess_processor(archinfo): + cpu_info = system_cpu_info() + + for input in cpu_info: + + if input != '': + try: + match = canon_processor(archinfo, input) + if match != None: + logging.debug("Matched '%s' to processor '%s'" % (input, match)) + return match + except Exception as e: + logging.debug("Failed to deduce CPU from '%s'" % (input)) + + raise Exception('Could not determine target CPU; set with --cpu') """ Read a whole file into memory as a string @@ -2108,6 +2123,12 @@ def main(argv = None): for policy in module_policies.values(): policy.cross_check(modules) + logging.debug('Known CPU names: ' + ' '.join( + sorted(flatten([[ainfo.basename] + \ + ainfo.aliases + \ + [x for (x,_) in ainfo.all_submodels()] + for ainfo in info_arch.values()])))) + if options.list_modules: for k in sorted(modules.keys()): print(k) @@ -2180,9 +2201,15 @@ def main(argv = None): options.arch, options.cpu)) else: cpu_from_user = options.cpu - (options.arch, options.cpu) = canon_processor(info_arch, options.cpu) - logging.info('Canonicalizized CPU target %s to %s/%s' % ( - cpu_from_user, options.arch, options.cpu)) + + results = canon_processor(info_arch, options.cpu) + + if results != None: + (options.arch, options.cpu) = results + logging.info('Canonicalizized CPU target %s to %s/%s' % ( + cpu_from_user, options.arch, options.cpu)) + else: + logging.error('Unknown or unidentifiable processor "%s"' % (options.cpu)) logging.info('Target is %s-%s-%s-%s' % ( options.compiler, options.os, options.arch, options.cpu)) diff --git a/doc/manual/ffi.rst b/doc/manual/ffi.rst index 7a01dc8ae..b7a0d750f 100644 --- a/doc/manual/ffi.rst +++ b/doc/manual/ffi.rst @@ -14,7 +14,17 @@ Versioning .. cpp:function:: uint32_t botan_ffi_api_version() - Returns the FFI version + Returns the version of the currently supported FFI API. This is + expressed in the form YYYYMMDD of the release date of this version + of the API. + +.. cpp:function int botan_ffi_supports_api(uint32_t version) + + Return 0 iff the FFI version specified is supported by this + library. Otherwise returns -1. The expression + botan_ffi_supports_api(botan_ffi_api_version()) will always + evaluate to 0. A particular version of the library may also support + other (older) versions of the FFI API. .. cpp:function:: const char* botan_version_string() diff --git a/doc/manual/goals.rst b/doc/manual/goals.rst index 710324ece..cf5522904 100644 --- a/doc/manual/goals.rst +++ b/doc/manual/goals.rst @@ -33,8 +33,10 @@ the desired end result. Over time further progress is made in each. * Well tested. The code should be correct against the spec, with as close to 100% test coverage as possible. All available static and dynamic analysis - tools at our disposal should be used, including fuzzers and specialized attack - tools for common protocols. + tools at our disposal should be used, including fuzzers, symbolic execution, + and protocol specific tools. Within reason, all warnings from compilers and + static analyzers should be addressed, even if they seem like false positives, + because that maximizes the signal value of new warnings from the tool. * Safe defaults. Policies should aim to be highly restrictive by default, and if they must be made less restrictive by certain applications, it should be diff --git a/src/lib/ffi/ffi.cpp b/src/lib/ffi/ffi.cpp index 4727c0763..5c4cba4e7 100644 --- a/src/lib/ffi/ffi.cpp +++ b/src/lib/ffi/ffi.cpp @@ -208,6 +208,17 @@ uint32_t botan_ffi_api_version() return BOTAN_HAS_FFI; } +int botan_ffi_supports_api(uint32_t api_version) + { + /* + * In the future if multiple versions are supported, this + * function would accept any of them. + */ + if(api_version == BOTAN_HAS_FFI) + return 0; + return -1; + } + const char* botan_version_string() { return Botan::version_cstr(); diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h index ed1b55a56..3378e0dcd 100644 --- a/src/lib/ffi/ffi.h +++ b/src/lib/ffi/ffi.h @@ -66,6 +66,12 @@ how to provide the cleanest API for such users would be most welcome. */ BOTAN_DLL uint32_t botan_ffi_api_version(); +/* +* Return 0 (ok) if the version given is one this library supports. +* botan_ffi_supports_api(botan_ffi_api_version()) will always return 0. +*/ +BOTAN_DLL int botan_ffi_supports_api(uint32_t api_version); + BOTAN_DLL const char* botan_version_string(); BOTAN_DLL uint32_t botan_version_major(); BOTAN_DLL uint32_t botan_version_minor(); diff --git a/src/lib/utils/datastor/info.txt b/src/lib/utils/datastor/info.txt deleted file mode 100644 index e69de29bb..000000000 --- a/src/lib/utils/datastor/info.txt +++ /dev/null diff --git a/src/lib/x509/certstor_sql/info.txt b/src/lib/x509/certstor_sql/info.txt index cfdd521a2..619784e70 100644 --- a/src/lib/x509/certstor_sql/info.txt +++ b/src/lib/x509/certstor_sql/info.txt @@ -1,5 +1,2 @@ define CERTSTOR_SQL 20160818 -<requires> -datastor -</requires> diff --git a/src/lib/utils/datastor/datastor.cpp b/src/lib/x509/datastor.cpp index ae6b1e45c..ae6b1e45c 100644 --- a/src/lib/utils/datastor/datastor.cpp +++ b/src/lib/x509/datastor.cpp diff --git a/src/lib/utils/datastor/datastor.h b/src/lib/x509/datastor.h index ee9ef219a..e5e8b3f1b 100644 --- a/src/lib/utils/datastor/datastor.h +++ b/src/lib/x509/datastor.h @@ -19,6 +19,10 @@ namespace Botan { /** * Data Store +* +* This class is used internally by the library, and exposed for ABI +* reasons. There is no reason for applications to use this type directly. +* It will be removed in a future major release. */ class BOTAN_DLL Data_Store { diff --git a/src/lib/x509/info.txt b/src/lib/x509/info.txt index 7e6afc5ad..b1a0ab414 100644 --- a/src/lib/x509/info.txt +++ b/src/lib/x509/info.txt @@ -3,7 +3,6 @@ define OCSP 20161118 <requires> asn1 -datastor pubkey sha1 </requires> diff --git a/src/tests/test_ffi.cpp b/src/tests/test_ffi.cpp index dd066e248..243583e8f 100644 --- a/src/tests/test_ffi.cpp +++ b/src/tests/test_ffi.cpp @@ -42,6 +42,7 @@ class FFI_Unit_Tests : public Test result.test_is_eq("Patch version", botan_version_patch(), Botan::version_patch()); result.test_is_eq("Botan version", botan_version_string(), Botan::version_cstr()); result.test_is_eq("Botan version datestamp", botan_version_datestamp(), Botan::version_datestamp()); + result.test_is_eq("FFI supports its own version", botan_ffi_supports_api(botan_ffi_api_version()), 0); const std::vector<uint8_t> mem1 = { 0xFF, 0xAA, 0xFF }; const std::vector<uint8_t> mem2 = mem1; diff --git a/src/tests/unit_tls.cpp b/src/tests/unit_tls.cpp index 6922dd2a8..6b3eb753a 100644 --- a/src/tests/unit_tls.cpp +++ b/src/tests/unit_tls.cpp @@ -1002,8 +1002,21 @@ class TLS_Unit_Tests : public Test Botan::Credentials_Manager& creds, const std::string& kex_policy, const std::string& cipher_policy, - const std::string& mac_policy = "AEAD", - const std::map<std::string, std::string>& extra_policies = {}) + const std::string& mac_policy = "AEAD") + { + std::map<std::string, std::string> no_extra_policies; + return test_modern_versions(results, client_ses, server_ses, creds, + kex_policy, cipher_policy, mac_policy, no_extra_policies); + } + + void test_modern_versions(std::vector<Test::Result>& results, + Botan::TLS::Session_Manager& client_ses, + Botan::TLS::Session_Manager& server_ses, + Botan::Credentials_Manager& creds, + const std::string& kex_policy, + const std::string& cipher_policy, + const std::string& mac_policy, + const std::map<std::string, std::string>& extra_policies) { Test_Policy policy; policy.set("ciphers", cipher_policy); |