| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
| |
I will update my toolchain and try --high-entropy-va and
stack-protector-strong later. We will probably need to ship libssp-0.dll
as well. Thanks to jsg for hints.
|
| | |
|
| | |
|
| |
|
|
|
| |
Noticed while testing similar code for AIX.
ok beck@
|
| |
|
|
|
| |
Fail closed if we cannot obtain the process flags. Noticed while looking
at a similar function for AIX.
|
| | |
|
| |
|
|
|
| |
For now, look for openat and symlink. We may switch to just needing
symlink later.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
this adds the new bytestring apis and new regression tests
|
| | |
|
| | |
|
| |
|
|
| |
use sudo to install mingw toolchains
|
| | |
|
| | |
|
| |
|
|
| |
this is used for in-memory cert loading
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The current NetBSD release, 6.1.5, fails to reseed arc4random fork. Work
around it by providing arc4random/getentropy shims. Revisit when NetBSD
7 is available.
|
| |
|
|
|
| |
Noticed while building with GCC 4.2 with HP-UX. Switching the ERROR to a
WARN for a first release while we continue to survey the field.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
tested on: HP-UX 11.31 ia64,
gcc 4.7.1(HP AllianceOne version)
gcc 4.2.3(http://hpux.connect.org.uk)
HP C/aC++
HP-UX defaults to use LP32 and it treats long as 32 bit (= 4 bytes).
This build forces LP64 for treating long as 64 bit.
|
| | |
|
| |
|
|
|
|
| |
Allow hardening CFLAGS for mingw that do not cause link-time failures.
Add proper quoting on flags for commas
Check LDFLAGS for linker-only flags.
|
| |
|
|
|
|
|
|
|
|
|
| |
Rather than doing separate linker/compiler checks, just build a
non-empty program with each so that the compiler will actually try to
use the hardening features. Reduce redundancy in the macro calls by just
setting the flag that was just tested.
Also, disable hardening for mingw, since its trying to use a
libssp-0.dll file that I can't find right now. The detected hardening
flags break mingw builds currently.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| |
| | |
Conflicts:
configure.ac
|
| | |
| |
| |
| |
| | |
This reverts commit c83d468cfd5d3ca60a499b69c0b7c9d0b159d405.
It wasn't as superfluous as I thought on all platforms.
|
| | |
| |
| |
| | |
libssl already has LIBFLAGS for libcrypto, so adding -lcrypto is superfluous.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When generating ELF objects from assembly, gcc and clang mark the
GNU_STACK program headers as RWX by default. This is a security issue,
so we make sure it is marked only RW.
This modifies Anthony G. Basile's original patch for Linux to set
.note.GNU-stack whenever the assembler supports it. It is surprising
that any modern toolchain would enable an executable stack without an
explicit request. The number of programs that need an executable stack
is surely much smaller than the number of programs that include assembly.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Where available, enable stack smashing protection, fortify source,
no-strict-overflow, and read only relocations.
Many Linux distributions automatically enable most of these options.
They are no brainers. The difference introduced here is in asking for a
few more aggressive options. An option to disable the more aggressive
options is provided (--disable-hardening). When set, configure will fall
back to the default CFLAGS on the system - in many cases that will still
be hardened. There is no point in going further than that.
Options enabled are:
-fstack-protector-strong is a relatively new GCC-4.9 feature that is
supposed to give a better balance between performance and protection.
-all is considered too aggressive, but was used in Chromium and other
security critical systems until -strong became available. Follow their
lead and use -strong when possible. clang 6.0 supports -all but not
-strong.
_FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with
more robust equivalents when the compiler can determine the length of
the buffers involved.
-fno-strict-overflow instructs GCC to not make optimizations based on
the assumption that signed arithmetic will wrap around on overflow (e.g.
(short)0x7FFF + 1 == 0). This prevents the optimizer from doing some
unexpected things. Further improvements should trap signed overflows and
reduce the use of signed to refer to naturally unsigned quantities.
I did not set -fPIE (position independent executables). The critical
function of Open/LibreSSL is as a library, not an executable.
Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check".
The code added to m4/ is GPLv3 but con
Signed-off-by: Jim Barlow <jim@purplerock.ca>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Where available, enable stack smashing protection, fortify source,
no-strict-overflow, and read only relocations.
Many Linux distributions automatically enable most of these options.
They are no brainers. The difference introduced here is in asking for a
few more aggressive options. An option to disable the more aggressive
options is provided (--disable-hardening). When set, configure will fall
back to the default CFLAGS on the system - in many cases that will still
be hardened. There is no point in going further than that.
Options enabled are:
-fstack-protector-strong is a relatively new GCC-4.9 feature that is
supposed to give a better balance between performance and protection.
-all is considered too aggressive, but was used in Chromium and other
security critical systems until -strong became available. Follow their
lead and use -strong when possible. clang 6.0 supports -all but not
-strong.
_FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with
more robust equivalents when the compiler can determine the length of
the buffers involved.
-fno-strict-overflow instructs GCC to not make optimizations based on
the assumption that signed arithmetic will wrap around on overflow (e.g.
(short)0x7FFF + 1 == 0). This prevents the optimizer from doing some
unexpected things. Further improvements should trap signed overflows and
reduce the use of signed to refer to naturally unsigned quantities.
I did not set -fPIE (position independent executables). The critical
function of Open/LibreSSL is as a library, not an executable.
Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check".
Signed-off-by: Jim Barlow <jim@purplerock.ca>
|
| |/
|
|
|
| |
...and leave a note that -Qunused-arguments is being applied to CFLAGS
not LDFLAGS, probably in error.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
The libtool transitive dependency magic does not seem to work for
cross-compilation, so explicitly specify them here.
|
| |
|
|
| |
append portable version number to the version string
|
| |
|
|
| |
based on a patch from Jan Engelhardt
|
| |
|
|
| |
From Jan Engelhardt
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, they were all using the portable package version, rather
than the individual library versions. openssl(1)'s pc file represents
the LibreSSL-portable release however.
$ pkg-config --modversion libtls
1:0:0
$ pkg-config --modversion openssl
2.1.2
$ pkg-config --modversion libssl
30:0:0
$ pkg-config --modversion libcrypto
30:3:0
ok beck@ deraadt@
|
