| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
| |
this is used for in-memory cert loading
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The current NetBSD release, 6.1.5, fails to reseed arc4random fork. Work
around it by providing arc4random/getentropy shims. Revisit when NetBSD
7 is available.
|
| |
|
|
|
| |
Noticed while building with GCC 4.2 with HP-UX. Switching the ERROR to a
WARN for a first release while we continue to survey the field.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
tested on: HP-UX 11.31 ia64,
gcc 4.7.1(HP AllianceOne version)
gcc 4.2.3(http://hpux.connect.org.uk)
HP C/aC++
HP-UX defaults to use LP32 and it treats long as 32 bit (= 4 bytes).
This build forces LP64 for treating long as 64 bit.
|
| | |
|
| |
|
|
|
|
| |
Allow hardening CFLAGS for mingw that do not cause link-time failures.
Add proper quoting on flags for commas
Check LDFLAGS for linker-only flags.
|
| |
|
|
|
|
|
|
|
|
|
| |
Rather than doing separate linker/compiler checks, just build a
non-empty program with each so that the compiler will actually try to
use the hardening features. Reduce redundancy in the macro calls by just
setting the flag that was just tested.
Also, disable hardening for mingw, since its trying to use a
libssp-0.dll file that I can't find right now. The detected hardening
flags break mingw builds currently.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| |
| | |
Conflicts:
configure.ac
|
| | |
| |
| |
| |
| | |
This reverts commit c83d468cfd5d3ca60a499b69c0b7c9d0b159d405.
It wasn't as superfluous as I thought on all platforms.
|
| | |
| |
| |
| | |
libssl already has LIBFLAGS for libcrypto, so adding -lcrypto is superfluous.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When generating ELF objects from assembly, gcc and clang mark the
GNU_STACK program headers as RWX by default. This is a security issue,
so we make sure it is marked only RW.
This modifies Anthony G. Basile's original patch for Linux to set
.note.GNU-stack whenever the assembler supports it. It is surprising
that any modern toolchain would enable an executable stack without an
explicit request. The number of programs that need an executable stack
is surely much smaller than the number of programs that include assembly.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Where available, enable stack smashing protection, fortify source,
no-strict-overflow, and read only relocations.
Many Linux distributions automatically enable most of these options.
They are no brainers. The difference introduced here is in asking for a
few more aggressive options. An option to disable the more aggressive
options is provided (--disable-hardening). When set, configure will fall
back to the default CFLAGS on the system - in many cases that will still
be hardened. There is no point in going further than that.
Options enabled are:
-fstack-protector-strong is a relatively new GCC-4.9 feature that is
supposed to give a better balance between performance and protection.
-all is considered too aggressive, but was used in Chromium and other
security critical systems until -strong became available. Follow their
lead and use -strong when possible. clang 6.0 supports -all but not
-strong.
_FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with
more robust equivalents when the compiler can determine the length of
the buffers involved.
-fno-strict-overflow instructs GCC to not make optimizations based on
the assumption that signed arithmetic will wrap around on overflow (e.g.
(short)0x7FFF + 1 == 0). This prevents the optimizer from doing some
unexpected things. Further improvements should trap signed overflows and
reduce the use of signed to refer to naturally unsigned quantities.
I did not set -fPIE (position independent executables). The critical
function of Open/LibreSSL is as a library, not an executable.
Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check".
The code added to m4/ is GPLv3 but con
Signed-off-by: Jim Barlow <jim@purplerock.ca>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Where available, enable stack smashing protection, fortify source,
no-strict-overflow, and read only relocations.
Many Linux distributions automatically enable most of these options.
They are no brainers. The difference introduced here is in asking for a
few more aggressive options. An option to disable the more aggressive
options is provided (--disable-hardening). When set, configure will fall
back to the default CFLAGS on the system - in many cases that will still
be hardened. There is no point in going further than that.
Options enabled are:
-fstack-protector-strong is a relatively new GCC-4.9 feature that is
supposed to give a better balance between performance and protection.
-all is considered too aggressive, but was used in Chromium and other
security critical systems until -strong became available. Follow their
lead and use -strong when possible. clang 6.0 supports -all but not
-strong.
_FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with
more robust equivalents when the compiler can determine the length of
the buffers involved.
-fno-strict-overflow instructs GCC to not make optimizations based on
the assumption that signed arithmetic will wrap around on overflow (e.g.
(short)0x7FFF + 1 == 0). This prevents the optimizer from doing some
unexpected things. Further improvements should trap signed overflows and
reduce the use of signed to refer to naturally unsigned quantities.
I did not set -fPIE (position independent executables). The critical
function of Open/LibreSSL is as a library, not an executable.
Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check".
Signed-off-by: Jim Barlow <jim@purplerock.ca>
|
| |/
|
|
|
| |
...and leave a note that -Qunused-arguments is being applied to CFLAGS
not LDFLAGS, probably in error.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
The libtool transitive dependency magic does not seem to work for
cross-compilation, so explicitly specify them here.
|
| |
|
|
| |
append portable version number to the version string
|
| |
|
|
| |
based on a patch from Jan Engelhardt
|
| |
|
|
| |
From Jan Engelhardt
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, they were all using the portable package version, rather
than the individual library versions. openssl(1)'s pc file represents
the LibreSSL-portable release however.
$ pkg-config --modversion libtls
1:0:0
$ pkg-config --modversion openssl
2.1.2
$ pkg-config --modversion libssl
30:0:0
$ pkg-config --modversion libcrypto
30:3:0
ok beck@ deraadt@
|
| | |
|
| |
|
|
| |
thanks to gschutijser from github for pointing it out
|
| | |
|
| |
|
|
|
| |
Avoid spurious rebuilds running update.sh by generating a temp file and
comparing the result to the existing one.
|
| | |
|
| |
|
|
|
|
| |
Add pidwraptest.txt to DISTCLEANFILES to let it be removed on distclean.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
| |
Add additional code to remove linked manpages on uninstall. Since we do
linking manually, automake will not remove them for us.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Add a do_mv()/$MV wrappers to be called instead of just mv. This
function will preserve the target file if it does not differ from the
source file. This helps to remove unnecessary compilator calls after
calling update.sh w/o source changes.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
|
| |
In several additional places call $CP instead of just cp to ease and
speed up rebuilds after update.sh execution.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
|
|
| |
Add gost test suite and camellia cipher dir to .gitignore.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
| |
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
|
| |
|
|
| |
There are issues building with inline assembly on Windows 64-bit.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds initial support for assembly crypto acceleration on x86_64 for
ELF (Linux, *BSD, Solaris) and Mach-O (OS-X) systems.
The build method is a little different than OpenSSL and OpenBSD. All
the .s files are generated ahead of time when the tarball is generated,
so there are no complicated makefile rules at configure/build time. This
also means the builds are faster and perl is not required on the build
system.
Thanks to Wouter Clarie for providing the initial cleanup and patch
that this is based on.
|
| |
|
|
| |
I really need write something to automate this.
|
| |
|
|
|
|
| |
This makes building and testing easier because the library Makefile.am
files are use directly rather than as templates. Thanks to Wouter Clarie
for the idea.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Remove a lot of complex shell code. Upstream churn has slowed down, so
it is now easier to maintain this directly as automake files. This is
also needed to start integrating CPU-specific acceleration support.
Since we are deriving the copy list from the Makefile.am files, we can
now get rid of copy_src/copy_crypto.
|
| | |
|
