aboutsummaryrefslogtreecommitdiff
path: root/m4 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Land #297, Add recallocarrayBrent Cook2017-03-161-2/+8
|\
| * Add support for getpagesizekinichiro2017-03-151-1/+2
| |
| * Add recallocarraykinichiro2017-03-091-1/+6
| |
* | Fix condition of arc4random* and getentropy for Cygwin buildkinichiro2017-02-201-8/+4
|/ | | | | - Fix the condition of exporting getentropy - Modify the CMake condition of including arc4random_uniform as same as autoconf
* Add inet_ntop and memmem for ocspcheckkinichiro2017-01-261-2/+3
|
* Move strsep.c to crypto/compat/ and add ocspcheck build to CMakekinichiro2017-01-251-0/+3
|
* add open(2) shim to handle O_BINARY and O_CLOEXECBrent Cook2017-01-161-0/+1
|
* include pipe2/socketpair compat for macOSBrent Cook2017-01-151-1/+3
|
* Fix to use -export-symbols for libcryptokinichiro2017-01-151-0/+70
| | | | - generating platform specific crypto/crypto_portable.sym from crypto.sym
* Sync getentropy() checks with use-builtin-arc4random checksSimone Basso2016-12-102-30/+40
| | | | | Without this, we actually fail to build a library that includes the bultin getentropy when compiling for 10.11 on 10.12.
* m4/check-libc.m4: improve getentropy checkSimone Basso2016-12-091-17/+23
| | | | | | | | | | | | | | | | | - according to man.openbsd.org getentropy() is in unistd.h - according to macOS sierra's man it's in sys/random.h - since sys/random.h is does not exist for iOS and for linux, do not attempt to include it, rather redeclare the prototype - make sure that `./configure`: - uses getentropy() on macOS sierra - does not use getentropy() if compiling for 10.11 - does not use getentropy() if compiling for ios armv7
* configure: fix getentropy() for sierra and iosSimone Basso2016-12-091-1/+55
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This diff changes the logic by which configure detects getentropy() to ensure that we don't use the system wide getentropy - with macOS sierra if the deployment target is lower than sierra as found by tor developers here https://gitweb.torproject.org/tor.git/commit/?id=https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21c963a9a65bf55024680c8323c8b7175d - with iOS unconditionally because an app linking libressl compiled with system wide getentropy has been rejected by the App store as I have documented here https://github.com/measurement-kit/measurement-kit/pull/994 I think something similar could also affect clock_gettime judging from tor's patch, but this diff for now doesn't address that. I do not have macOS < sierra, so I could only verify that configure was not picking up system wide getentropy by compiling libressl using export CFLAGS="-mmacosx-version-min=10.11" As regards iOS, removing the check for getentropy and recompiling (thus using libressl builtin getentropy()) was enough to have another iteration of the app accepted. Otherwise testing should be possible with: export LDFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos` export CPPFLAGS=-arch armv7 -isysroot `xcrun --show-sdk-path --sdk iphoneos` export CFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos` Related ticket: https://github.com/libressl-portable/portable/issues/230
* prefer builtin arc4random on OS X 10.12+ (using getentropy as the signal)Brent Cook2016-11-061-1/+9
|
* Disable netcat if arpa/telnet.h is not available (iOS)jacob berkman2016-08-091-0/+2
|
* Fix typo in USE_BUILTIN_ARC4RANDOM checkcelan692016-07-191-1/+1
| | | Solaris 11 recently introduced a builtin arc4random in libc which fails the tests in "make check". Found USE_BUILTIN_ARC4RANDOM, but could not get it to work. Apparently, there is a typo in the configure logic rendering USE_BUILTIN_ARC4RANDOM ineffective.
* check linker flags before checking for functionsBrent Cook2016-04-241-2/+4
|
* add things to minimize diffs with OpenNTPD-portableBrent Cook2016-02-152-19/+17
|
* whitelist NetBSD 7.0 native arc4random(3) implementation.Brent Cook2016-01-032-3/+17
| | | | | NetBSD 7 improves arc4random(3) over earlier versions by adding fork detection, stronger assertions on seed failure.
* enable nc on AIXBrent Cook2016-01-031-0/+1
|
* update check for b64_ntopBrent Cook2015-12-271-1/+1
| | | | typo spotted by Jonas 'Sortie' Termansen
* installing nc(1) should imply building, even if not whitelistedBrent Cook2015-12-071-1/+5
|
* build nc on solaris and cygwinBrent Cook2015-11-231-0/+2
|
* whitelist nc on other BSDsBrent Cook2015-10-231-0/+2
|
* disable some tests with 32-bit time_t systemsBrent Cook2015-10-171-1/+0
| | | | Also disable use of _mkgmtime, it does not produce correct results.
* include timegm fallbackBrent Cook2015-10-151-0/+3
|
* check for pledge(2)Brent Cook2015-10-121-2/+2
|
* add tame(2) checkBrent Cook2015-10-071-7/+10
|
* add b64_ntop checking and fallback for nc(1)Brent Cook2015-10-012-3/+21
|
* remove incorrect commentBrent Cook2015-09-301-1/+0
| | | | | We actually want to only start extending CFLAGS after calling AC_PROG_CC so we get the default autoconf value (usually just -O2).
* allow nc to build on linux and os xBrent Cook2015-09-132-1/+11
|
* restrict nc to openbsd builds for nowBrent Cook2015-09-121-0/+2
|
* disable strict aliasing on HP-UX C/aC++ compilerv2.2.2kinichiro2015-08-041-1/+1
| | | | | to disable strict aliasing on HP-UX C/aC++, `+Otype_safety=off` is right. `+Otype_safety=strong` forces ANSI aliasing.
* add initial CMake and Visual Studio build supportBrent Cook2015-07-211-1/+1
| | | | | | | | This moves the compatibility include files from include to include/compat so we can use the awful MS C compiler <../include/> trick to emulate the GNU #include_next extension. This also removes a few old compat files we do not need anymore.
* disable strict aliasing on AIX xlc and HP-UX aC++ compilersBrent Cook2015-07-162-13/+3
|
* disable strict aliasing by default, noticed by miod@Brent Cook2015-07-151-0/+10
|
* add check for inet_pton, nudge minimum win32 compat to 0x0501Brent Cook2015-07-022-2/+3
|
* fix libtool 2.4.2 stack-protector flag handlingBrent Cook2015-06-131-1/+3
| | | | | | | | Teach libtool 2.4.2 how to pass -fstack-protector* to the linker so libssp is properly linked in on some toolchains. See upstream patch: https://github.com/instantinfrastructure/poky-daisy/blob/master/meta/recipes-devtools/libtool/libtool/respect-fstack-protector.patch Thanks to kinichiro inoguchi
* always check if ssp needs to be linkedBrent Cook2015-06-111-3/+1
|
* fix definition of DISABLE_AS_EXECUTABLE_STACKBrent Cook2015-05-231-1/+1
|
* refactor configure into separate m4 macrosBrent Cook2015-05-234-0/+280
| | | | this allows for some reusability with libtls
* simplify hardening check logic, disable for mingwBrent Cook2015-01-052-147/+0
| | | | | | | | | | | Rather than doing separate linker/compiler checks, just build a non-empty program with each so that the compiler will actually try to use the hardening features. Reduce redundancy in the macro calls by just setting the flag that was just tested. Also, disable hardening for mingw, since its trying to use a libssp-0.dll file that I can't find right now. The detected hardening flags break mingw builds currently.
* configure.ac: use executable hardening where availableJim Barlow2014-12-232-0/+147
Where available, enable stack smashing protection, fortify source, no-strict-overflow, and read only relocations. Many Linux distributions automatically enable most of these options. They are no brainers. The difference introduced here is in asking for a few more aggressive options. An option to disable the more aggressive options is provided (--disable-hardening). When set, configure will fall back to the default CFLAGS on the system - in many cases that will still be hardened. There is no point in going further than that. Options enabled are: -fstack-protector-strong is a relatively new GCC-4.9 feature that is supposed to give a better balance between performance and protection. -all is considered too aggressive, but was used in Chromium and other security critical systems until -strong became available. Follow their lead and use -strong when possible. clang 6.0 supports -all but not -strong. _FORTIFY_SOURCE replaces certain unsafe C str* and mem* functions with more robust equivalents when the compiler can determine the length of the buffers involved. -fno-strict-overflow instructs GCC to not make optimizations based on the assumption that signed arithmetic will wrap around on overflow (e.g. (short)0x7FFF + 1 == 0). This prevents the optimizer from doing some unexpected things. Further improvements should trap signed overflows and reduce the use of signed to refer to naturally unsigned quantities. I did not set -fPIE (position independent executables). The critical function of Open/LibreSSL is as a library, not an executable. Tested on Ubuntu Linux 14.04.1 LTS, OS X 10.10.1 with "make check". Signed-off-by: Jim Barlow <jim@purplerock.ca>
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-16 01:30:34 +0000