From f8a9c71e793975e2d224cb01603bf814320545ab Mon Sep 17 00:00:00 2001 From: Simone Basso Date: Fri, 9 Dec 2016 12:39:37 +0100 Subject: configure: fix getentropy() for sierra and ios This diff changes the logic by which configure detects getentropy() to ensure that we don't use the system wide getentropy - with macOS sierra if the deployment target is lower than sierra as found by tor developers here https://gitweb.torproject.org/tor.git/commit/?id=https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21c963a9a65bf55024680c8323c8b7175d - with iOS unconditionally because an app linking libressl compiled with system wide getentropy has been rejected by the App store as I have documented here https://github.com/measurement-kit/measurement-kit/pull/994 I think something similar could also affect clock_gettime judging from tor's patch, but this diff for now doesn't address that. I do not have macOS < sierra, so I could only verify that configure was not picking up system wide getentropy by compiling libressl using export CFLAGS="-mmacosx-version-min=10.11" As regards iOS, removing the check for getentropy and recompiling (thus using libressl builtin getentropy()) was enough to have another iteration of the app accepted. Otherwise testing should be possible with: export LDFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos` export CPPFLAGS=-arch armv7 -isysroot `xcrun --show-sdk-path --sdk iphoneos` export CFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos` Related ticket: https://github.com/libressl-portable/portable/issues/230 --- m4/check-libc.m4 | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) (limited to 'm4') diff --git a/m4/check-libc.m4 b/m4/check-libc.m4 index f2eb3eb..272ebfe 100644 --- a/m4/check-libc.m4 +++ b/m4/check-libc.m4 @@ -47,7 +47,61 @@ AM_CONDITIONAL([HAVE_B64_NTOP], [test "x$ac_cv_func_b64_ntop_arg" = xyes]) AC_DEFUN([CHECK_CRYPTO_COMPAT], [ # Check crypto-related libc functions and syscalls AC_CHECK_FUNCS([arc4random arc4random_buf arc4random_uniform]) -AC_CHECK_FUNCS([explicit_bzero getauxval getentropy]) +AC_CHECK_FUNCS([explicit_bzero getauxval]) + +AC_CACHE_CHECK([for getentropy], ac_cv_func_getentropy, [ + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#include +#include + +#ifdef __APPLE__ +# include + +/* + * Before macOS 10.12 getentropy() was not available. In 10.12 however it + * seems to be not marked for retro-compatibility and thus we cannot cross + * compile targeting, e.g., 10.12 unless we disable getentropy(). + * + * To test, + * + * export CFLAGS="-mmacosx-version-min=10.11" + * ./configure + * # ensure that getentropy() is not found + * + * Based on: https://gitweb.torproject.org/tor.git/commit/?id=https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21c963a9a65bf55024680c8323c8b7175d + */ +# ifndef MAC_OS_X_VERSION_10_12 +# define MAC_OS_X_VERSION_10_12 101200 +# endif +# if defined(MAC_OS_X_VERSION_MIN_REQUIRED) +# if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12 +# error "Running on Mac OSX 10.11 or earlier" +# endif +# endif +#endif + +/* + * As of iOS 10.1, getentropy() as a system call is defined but is not + * declared in sys/random.h and submitting an App that links to getentropy() + * leads to the App store rejecting the App because: + * + * > The app references non-public symbols in $appname: _getentropy + * + * Disabling the check for getentropy() and thus enabling libressl own + * emulation of that fixes the issue. + */ +#if (defined TARGET_IPHONE_OS || defined TARGET_IPHONE_SIMULATOR) +# error "As far as we know, getentropy() is not usable on iOS" +#endif + ]], [[ + char buffer[1024]; + (void)getentropy(buffer, sizeof (buffer)); +]])], + [ ac_cv_func_getentropy="yes" ], + [ ac_cv_func_getentropy="no" + ]) +]) + AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp]) AM_CONDITIONAL([HAVE_ARC4RANDOM], [test "x$ac_cv_func_arc4random" = xyes]) AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes]) -- cgit v1.2.3-55-g6feb