| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
- define _GNU_SOURCE in case of cygwin
As compilation warning report by @Dravion
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
we currently do it at configure time, which makes this a generated
source, but generated sources should be cleaned up, which breaks
'make clean; make'
|
| |/ |
|
| |
|
|
|
|
|
|
| |
These variables were being ignored because libtool doesn't pass -static-libgcc to GCC.
If you want to link libgcc statically, currently the only way to achieve this is to
manually add -static-libgcc to CC variable. See:
http://www.mingw.org/wiki/HOWTO_Sneak_GCC_Switches_Past_Libtool
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | | |
|
| | | |
|
| |/
|
|
|
| |
- Fix the condition of exporting getentropy
- Modify the CMake condition of including arc4random_uniform as same as autoconf
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
- generating platform specific crypto/crypto_portable.sym from crypto.sym
|
| |
|
|
|
| |
Without this, we actually fail to build a library that includes the
bultin getentropy when compiling for 10.11 on 10.12.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- according to man.openbsd.org getentropy() is in unistd.h
- according to macOS sierra's man it's in sys/random.h
- since sys/random.h is does not exist for iOS and for linux, do
not attempt to include it, rather redeclare the prototype
- make sure that `./configure`:
- uses getentropy() on macOS sierra
- does not use getentropy() if compiling for 10.11
- does not use getentropy() if compiling for ios armv7
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This diff changes the logic by which configure detects getentropy() to
ensure that we don't use the system wide getentropy
- with macOS sierra if the deployment target is lower than sierra as
found by tor developers here
https://gitweb.torproject.org/tor.git/commit/?id=https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21c963a9a65bf55024680c8323c8b7175d
- with iOS unconditionally because an app linking libressl compiled with
system wide getentropy has been rejected by the App store as I have
documented here
https://github.com/measurement-kit/measurement-kit/pull/994
I think something similar could also affect clock_gettime judging from
tor's patch, but this diff for now doesn't address that.
I do not have macOS < sierra, so I could only verify that configure was
not picking up system wide getentropy by compiling libressl using
export CFLAGS="-mmacosx-version-min=10.11"
As regards iOS, removing the check for getentropy and recompiling (thus
using libressl builtin getentropy()) was enough to have another iteration
of the app accepted. Otherwise testing should be possible with:
export LDFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos`
export CPPFLAGS=-arch armv7 -isysroot `xcrun --show-sdk-path --sdk iphoneos`
export CFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos`
Related ticket: https://github.com/libressl-portable/portable/issues/230
|
| | |
|
| | |
|
| |
|
| |
Solaris 11 recently introduced a builtin arc4random in libc which fails the tests in "make check". Found USE_BUILTIN_ARC4RANDOM, but could not get it to work. Apparently, there is a typo in the configure logic rendering USE_BUILTIN_ARC4RANDOM ineffective.
|
| | |
|
| | |
|
| |
|
|
|
| |
NetBSD 7 improves arc4random(3) over earlier versions by adding fork
detection, stronger assertions on seed failure.
|
| | |
|
| |
|
|
| |
typo spotted by Jonas 'Sortie' Termansen
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Also disable use of _mkgmtime, it does not produce correct results.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
We actually want to only start extending CFLAGS after calling AC_PROG_CC
so we get the default autoconf value (usually just -O2).
|
| | |
|
| | |
|
| |
|
|
|
| |
to disable strict aliasing on HP-UX C/aC++, `+Otype_safety=off` is right.
`+Otype_safety=strong` forces ANSI aliasing.
|
| |
|
|
|
|
|
|
| |
This moves the compatibility include files from include to
include/compat so we can use the awful MS C compiler
<../include/> trick to emulate the GNU #include_next extension.
This also removes a few old compat files we do not need anymore.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Teach libtool 2.4.2 how to pass -fstack-protector* to the linker so
libssp is properly linked in on some toolchains. See upstream patch:
https://github.com/instantinfrastructure/poky-daisy/blob/master/meta/recipes-devtools/libtool/libtool/respect-fstack-protector.patch
Thanks to kinichiro inoguchi
|
| | |
|
| | |
|
| |
|
|
| |
this allows for some reusability with libtls
|
| |
|
|
|
|
|
|
|
|
|
| |
Rather than doing separate linker/compiler checks, just build a
non-empty program with each so that the compiler will actually try to
use the hardening features. Reduce redundancy in the macro calls by just
setting the flag that was just tested.
Also, disable hardening for mingw, since its trying to use a
libssp-0.dll file that I can't find right now. The detected hardening
flags break mingw builds currently.
|
