aboutsummaryrefslogtreecommitdiff
path: root/m4/check-libc.m4
diff options
context:
space:
mode:
authorSimone Basso <bassosimone@gmail.com>2016-12-09 12:39:37 +0100
committerSimone Basso <bassosimone@gmail.com>2016-12-09 12:50:56 +0100
commitf8a9c71e793975e2d224cb01603bf814320545ab (patch)
treef08a25c2940ca6782f69ca0b337aa6d85b221a34 /m4/check-libc.m4
parentb5ebbf6b88b13cbf465fdc7d4101e4aa612f0ef9 (diff)
downloadportable-f8a9c71e793975e2d224cb01603bf814320545ab.tar.gz
portable-f8a9c71e793975e2d224cb01603bf814320545ab.tar.bz2
portable-f8a9c71e793975e2d224cb01603bf814320545ab.zip
configure: fix getentropy() for sierra and ios
This diff changes the logic by which configure detects getentropy() to ensure that we don't use the system wide getentropy - with macOS sierra if the deployment target is lower than sierra as found by tor developers here https://gitweb.torproject.org/tor.git/commit/?id=https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21c963a9a65bf55024680c8323c8b7175d - with iOS unconditionally because an app linking libressl compiled with system wide getentropy has been rejected by the App store as I have documented here https://github.com/measurement-kit/measurement-kit/pull/994 I think something similar could also affect clock_gettime judging from tor's patch, but this diff for now doesn't address that. I do not have macOS < sierra, so I could only verify that configure was not picking up system wide getentropy by compiling libressl using export CFLAGS="-mmacosx-version-min=10.11" As regards iOS, removing the check for getentropy and recompiling (thus using libressl builtin getentropy()) was enough to have another iteration of the app accepted. Otherwise testing should be possible with: export LDFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos` export CPPFLAGS=-arch armv7 -isysroot `xcrun --show-sdk-path --sdk iphoneos` export CFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos` Related ticket: https://github.com/libressl-portable/portable/issues/230
Diffstat (limited to 'm4/check-libc.m4')
-rw-r--r--m4/check-libc.m456
1 files changed, 55 insertions, 1 deletions
diff --git a/m4/check-libc.m4 b/m4/check-libc.m4
index f2eb3eb..272ebfe 100644
--- a/m4/check-libc.m4
+++ b/m4/check-libc.m4
@@ -47,7 +47,61 @@ AM_CONDITIONAL([HAVE_B64_NTOP], [test "x$ac_cv_func_b64_ntop_arg" = xyes])
47AC_DEFUN([CHECK_CRYPTO_COMPAT], [ 47AC_DEFUN([CHECK_CRYPTO_COMPAT], [
48# Check crypto-related libc functions and syscalls 48# Check crypto-related libc functions and syscalls
49AC_CHECK_FUNCS([arc4random arc4random_buf arc4random_uniform]) 49AC_CHECK_FUNCS([arc4random arc4random_buf arc4random_uniform])
50AC_CHECK_FUNCS([explicit_bzero getauxval getentropy]) 50AC_CHECK_FUNCS([explicit_bzero getauxval])
51
52AC_CACHE_CHECK([for getentropy], ac_cv_func_getentropy, [
53 AC_LINK_IFELSE([AC_LANG_PROGRAM([[
54#include <sys/types.h>
55#include <sys/random.h>
56
57#ifdef __APPLE__
58# include <AvailabilityMacros.h>
59
60/*
61 * Before macOS 10.12 getentropy() was not available. In 10.12 however it
62 * seems to be not marked for retro-compatibility and thus we cannot cross
63 * compile targeting, e.g., 10.12 unless we disable getentropy().
64 *
65 * To test,
66 *
67 * export CFLAGS="-mmacosx-version-min=10.11"
68 * ./configure
69 * # ensure that getentropy() is not found
70 *
71 * Based on: https://gitweb.torproject.org/tor.git/commit/?id=https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21c963a9a65bf55024680c8323c8b7175d
72 */
73# ifndef MAC_OS_X_VERSION_10_12
74# define MAC_OS_X_VERSION_10_12 101200
75# endif
76# if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
77# if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
78# error "Running on Mac OSX 10.11 or earlier"
79# endif
80# endif
81#endif
82
83/*
84 * As of iOS 10.1, getentropy() as a system call is defined but is not
85 * declared in sys/random.h and submitting an App that links to getentropy()
86 * leads to the App store rejecting the App because:
87 *
88 * > The app references non-public symbols in $appname: _getentropy
89 *
90 * Disabling the check for getentropy() and thus enabling libressl own
91 * emulation of that fixes the issue.
92 */
93#if (defined TARGET_IPHONE_OS || defined TARGET_IPHONE_SIMULATOR)
94# error "As far as we know, getentropy() is not usable on iOS"
95#endif
96 ]], [[
97 char buffer[1024];
98 (void)getentropy(buffer, sizeof (buffer));
99]])],
100 [ ac_cv_func_getentropy="yes" ],
101 [ ac_cv_func_getentropy="no"
102 ])
103])
104
51AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp]) 105AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
52AM_CONDITIONAL([HAVE_ARC4RANDOM], [test "x$ac_cv_func_arc4random" = xyes]) 106AM_CONDITIONAL([HAVE_ARC4RANDOM], [test "x$ac_cv_func_arc4random" = xyes])
53AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes]) 107AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])