diff options
Diffstat (limited to 'configure.ac')
| -rw-r--r-- | configure.ac | 66 |
1 files changed, 63 insertions, 3 deletions
diff --git a/configure.ac b/configure.ac index bd50577418..edb6e9f566 100644 --- a/configure.ac +++ b/configure.ac @@ -432,6 +432,7 @@ AC_CHECK_FUNCS( strtoull \ sysconf \ sysctl \ + truncate \ uname \ usleep \ vasprintf \ @@ -755,6 +756,11 @@ dnl use it with a build of a library. all_ldflags_for_check="$TOR_LDFLAGS_zlib $TOR_LDFLAGS_openssl $TOR_LDFLAGS_libevent" all_libs_for_check="$TOR_ZLIB_LIBS $TOR_LIB_MATH $TOR_LIBEVENT_LIBS $TOR_OPENSSL_LIBS $TOR_SYSTEMD_LIBS $TOR_LIB_WS32 $TOR_LIB_GDI $TOR_CAP_LIBS" +CFLAGS_FTRAPV= +CFLAGS_FWRAPV= +CFLAGS_ASAN= +CFLAGS_UBSAN= + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [ #if !defined(__clang__) #error @@ -777,20 +783,73 @@ m4_ifdef([AS_VAR_IF],[ AS_VAR_POPDEF([can_link]) AS_VAR_POPDEF([can_compile]) TOR_CHECK_CFLAGS(-Wstack-protector) - TOR_CHECK_CFLAGS(-fwrapv) TOR_CHECK_CFLAGS(--param ssp-buffer-size=1) if test "$bwin32" = "false"; then TOR_CHECK_CFLAGS(-fPIE) TOR_CHECK_LDFLAGS(-pie, "$all_ldflags_for_check", "$all_libs_for_check") fi + TOR_TRY_COMPILE_WITH_CFLAGS(-ftrapv, , CFLAGS_FTRAPV="-ftrapv", true) + TOR_TRY_COMPILE_WITH_CFLAGS(-fwrapv, , CFLAGS_FWRAPV="-fwrapv", true) fi if test "x$enable_expensive_hardening" = "xyes"; then - TOR_CHECK_CFLAGS([-fsanitize=address]) - TOR_CHECK_CFLAGS([-fsanitize=undefined]) + TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=address], , CFLAGS_ASAN="-fsanitize=address", true) + TOR_TRY_COMPILE_WITH_CFLAGS([-fsanitize=undefined], , CFLAGS_UBSAN="-fsanitize=undefined", true) TOR_CHECK_CFLAGS([-fno-omit-frame-pointer]) fi +CFLAGS_BUGTRAP="$CFLAGS_FTRAPV $CFLAGS_ASAN $CFLAGS_UBSAN" +CFLAGS_CONSTTIME="$CFLAGS_FWRAPV" + +mulodi_fixes_ftrapv=no +if test "$have_clang" = "yes"; then + saved_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS $CFLAGS_FTRAPV" + AC_MSG_CHECKING([whether clang -ftrapv can link a 64-bit int multiply]) + AC_LINK_IFELSE([ + AC_LANG_SOURCE([[ + #include <stdint.h> + #include <stdlib.h> + int main(int argc, char **argv) + { + int64_t x = ((int64_t)atoi(argv[1])) * (int64_t)atoi(argv[2]) + * (int64_t)atoi(argv[3]); + return x == 9; + } ]])], + [ftrapv_can_link=yes; AC_MSG_RESULT([yes])], + [ftrapv_can_link=no; AC_MSG_RESULT([no])]) + if test "$ftrapv_can_link" = "no"; then + AC_MSG_CHECKING([whether defining __mulodi4 fixes that]) + AC_LINK_IFELSE([ + AC_LANG_SOURCE([[ + #include <stdint.h> + #include <stdlib.h> + int64_t __mulodi4(int64_t a, int64_t b, int *overflow) { + *overflow=0; + return a; + } + int main(int argc, char **argv) + { + int64_t x = ((int64_t)atoi(argv[1])) * (int64_t)atoi(argv[2]) + * (int64_t)atoi(argv[3]); + return x == 9; + } ]])], + [mulodi_fixes_ftrapv=yes; AC_MSG_RESULT([yes])], + [mulodi_fixes_ftrapv=no; AC_MSG_RESULT([no])]) + fi + CFLAGS="$saved_CFLAGS" +fi + +AM_CONDITIONAL(ADD_MULODI4, test "$mulodi_fixes_ftrapv" = "yes") + +dnl These cflags add bunches of branches, and we haven't been able to +dnl persuade ourselves that they're suitable for code that needs to be +dnl constant time. +AC_SUBST(CFLAGS_BUGTRAP) +dnl These cflags are variant ones sutable for code that needs to be +dnl constant-time. +AC_SUBST(CFLAGS_CONSTTIME) + if test "x$enable_linker_hardening" != "xno"; then TOR_CHECK_LDFLAGS(-z relro -z now, "$all_ldflags_for_check", "$all_libs_for_check") fi @@ -833,6 +892,7 @@ dnl Check for libscrypt if test "x$enable_libscrypt" != "xno"; then AC_CHECK_HEADERS([libscrypt.h]) AC_SEARCH_LIBS(libscrypt_scrypt, [scrypt]) + AC_CHECK_FUNCS([libscrypt_scrypt]) fi dnl ============================================================ |