f8a9c71e79
This diff changes the logic by which configure detects getentropy() to
ensure that we don't use the system wide getentropy
- with macOS sierra if the deployment target is lower than sierra as
found by tor developers here
https://gitweb.torproject.org/tor.git/commit/?id=https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21c963a9a65bf55024680c8323c8b7175d
- with iOS unconditionally because an app linking libressl compiled with
system wide getentropy has been rejected by the App store as I have
documented here
https://github.com/measurement-kit/measurement-kit/pull/994
I think something similar could also affect clock_gettime judging from
tor's patch, but this diff for now doesn't address that.
I do not have macOS < sierra, so I could only verify that configure was
not picking up system wide getentropy by compiling libressl using
export CFLAGS="-mmacosx-version-min=10.11"
As regards iOS, removing the check for getentropy and recompiling (thus
using libressl builtin getentropy()) was enough to have another iteration
of the app accepted. Otherwise testing should be possible with:
export LDFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos`
export CPPFLAGS=-arch armv7 -isysroot `xcrun --show-sdk-path --sdk iphoneos`
export CFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos`
Related ticket: https://github.com/libressl-portable/portable/issues/230
153 lines
5.4 KiB
Plaintext
153 lines
5.4 KiB
Plaintext
AC_DEFUN([CHECK_LIBC_COMPAT], [
|
|
# Check for libc headers
|
|
AC_CHECK_HEADERS([err.h readpassphrase.h])
|
|
# Check for general libc functions
|
|
AC_CHECK_FUNCS([asprintf inet_pton memmem readpassphrase reallocarray])
|
|
AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
|
|
AC_CHECK_FUNCS([timegm _mkgmtime])
|
|
AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
|
|
AM_CONDITIONAL([HAVE_INET_PTON], [test "x$ac_cv_func_inet_pton" = xyes])
|
|
AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
|
|
AM_CONDITIONAL([HAVE_READPASSPHRASE], [test "x$ac_cv_func_readpassphrase" = xyes])
|
|
AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
|
|
AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
|
|
AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
|
|
AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
|
|
AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
|
|
AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes])
|
|
AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
|
|
AM_CONDITIONAL([HAVE_TIMEGM], [test "x$ac_cv_func_timegm" = xyes])
|
|
])
|
|
|
|
AC_DEFUN([CHECK_SYSCALL_COMPAT], [
|
|
AC_CHECK_FUNCS([accept4 pledge poll])
|
|
AM_CONDITIONAL([HAVE_ACCEPT4], [test "x$ac_cv_func_accept4" = xyes])
|
|
AM_CONDITIONAL([HAVE_PLEDGE], [test "x$ac_cv_func_pledge" = xyes])
|
|
AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
|
|
])
|
|
|
|
AC_DEFUN([CHECK_B64_NTOP], [
|
|
AC_SEARCH_LIBS([b64_ntop],[resolv])
|
|
AC_SEARCH_LIBS([__b64_ntop],[resolv])
|
|
AC_CACHE_CHECK([for b64_ntop], ac_cv_have_b64_ntop_arg, [
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
|
|
#include <sys/types.h>
|
|
#include <sys/socket.h>
|
|
#include <netinet/in.h>
|
|
#include <arpa/inet.h>
|
|
#include <resolv.h>
|
|
]], [[ b64_ntop(NULL, 0, NULL, 0); ]])],
|
|
[ ac_cv_have_b64_ntop_arg="yes" ],
|
|
[ ac_cv_have_b64_ntop_arg="no"
|
|
])
|
|
])
|
|
AM_CONDITIONAL([HAVE_B64_NTOP], [test "x$ac_cv_func_b64_ntop_arg" = xyes])
|
|
])
|
|
|
|
AC_DEFUN([CHECK_CRYPTO_COMPAT], [
|
|
# Check crypto-related libc functions and syscalls
|
|
AC_CHECK_FUNCS([arc4random arc4random_buf arc4random_uniform])
|
|
AC_CHECK_FUNCS([explicit_bzero getauxval])
|
|
|
|
AC_CACHE_CHECK([for getentropy], ac_cv_func_getentropy, [
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
|
|
#include <sys/types.h>
|
|
#include <sys/random.h>
|
|
|
|
#ifdef __APPLE__
|
|
# include <AvailabilityMacros.h>
|
|
|
|
/*
|
|
* Before macOS 10.12 getentropy() was not available. In 10.12 however it
|
|
* seems to be not marked for retro-compatibility and thus we cannot cross
|
|
* compile targeting, e.g., 10.12 unless we disable getentropy().
|
|
*
|
|
* To test,
|
|
*
|
|
* export CFLAGS="-mmacosx-version-min=10.11"
|
|
* ./configure
|
|
* # ensure that getentropy() is not found
|
|
*
|
|
* Based on: https://gitweb.torproject.org/tor.git/commit/?id=https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21c963a9a65bf55024680c8323c8b7175d
|
|
*/
|
|
# ifndef MAC_OS_X_VERSION_10_12
|
|
# define MAC_OS_X_VERSION_10_12 101200
|
|
# endif
|
|
# if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
|
|
# if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
|
|
# error "Running on Mac OSX 10.11 or earlier"
|
|
# endif
|
|
# endif
|
|
#endif
|
|
|
|
/*
|
|
* As of iOS 10.1, getentropy() as a system call is defined but is not
|
|
* declared in sys/random.h and submitting an App that links to getentropy()
|
|
* leads to the App store rejecting the App because:
|
|
*
|
|
* > The app references non-public symbols in $appname: _getentropy
|
|
*
|
|
* Disabling the check for getentropy() and thus enabling libressl own
|
|
* emulation of that fixes the issue.
|
|
*/
|
|
#if (defined TARGET_IPHONE_OS || defined TARGET_IPHONE_SIMULATOR)
|
|
# error "As far as we know, getentropy() is not usable on iOS"
|
|
#endif
|
|
]], [[
|
|
char buffer[1024];
|
|
(void)getentropy(buffer, sizeof (buffer));
|
|
]])],
|
|
[ ac_cv_func_getentropy="yes" ],
|
|
[ ac_cv_func_getentropy="no"
|
|
])
|
|
])
|
|
|
|
AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
|
|
AM_CONDITIONAL([HAVE_ARC4RANDOM], [test "x$ac_cv_func_arc4random" = xyes])
|
|
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
|
|
AM_CONDITIONAL([HAVE_ARC4RANDOM_UNIFORM], [test "x$ac_cv_func_arc4random_uniform" = xyes])
|
|
AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
|
|
AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
|
|
AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
|
|
AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp" = xyes])
|
|
|
|
# Override arc4random_buf implementations with known issues
|
|
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
|
|
[test "x$USE_BUILTIN_ARC4RANDOM" != xyes \
|
|
-a "x$ac_cv_func_arc4random_buf" = xyes])
|
|
|
|
# Check for getentropy fallback dependencies
|
|
AC_CHECK_FUNC([getauxval])
|
|
AC_SEARCH_LIBS([clock_gettime],[rt posix4])
|
|
AC_CHECK_FUNC([clock_gettime])
|
|
AC_SEARCH_LIBS([dl_iterate_phdr],[dl])
|
|
AC_CHECK_FUNC([dl_iterate_phdr])
|
|
])
|
|
|
|
AC_DEFUN([CHECK_VA_COPY], [
|
|
AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
|
|
#include <stdarg.h>
|
|
va_list x,y;
|
|
]], [[ va_copy(x,y); ]])],
|
|
[ ac_cv_have_va_copy="yes" ],
|
|
[ ac_cv_have_va_copy="no"
|
|
])
|
|
])
|
|
if test "x$ac_cv_have_va_copy" = "xyes" ; then
|
|
AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
|
|
fi
|
|
|
|
AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
|
|
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
|
|
#include <stdarg.h>
|
|
va_list x,y;
|
|
]], [[ __va_copy(x,y); ]])],
|
|
[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
|
|
])
|
|
])
|
|
if test "x$ac_cv_have___va_copy" = "xyes" ; then
|
|
AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
|
|
fi
|
|
])
|