From 730f199c9c461fe2c94318138e6d316ee59f5a9f Mon Sep 17 00:00:00 2001 From: Simone Basso Date: Sat, 10 Dec 2016 20:58:04 +0100 Subject: [PATCH] Sync getentropy() checks with use-builtin-arc4random checks Without this, we actually fail to build a library that includes the bultin getentropy when compiling for 10.11 on 10.12. --- m4/check-libc.m4 | 43 ++++++++++++++---------------------------- m4/check-os-options.m4 | 35 +++++++++++++++++++++++++++++++++- 2 files changed, 48 insertions(+), 30 deletions(-) diff --git a/m4/check-libc.m4 b/m4/check-libc.m4 index 856495e..466a70e 100644 --- a/m4/check-libc.m4 +++ b/m4/check-libc.m4 @@ -54,52 +54,37 @@ AC_CACHE_CHECK([for getentropy], ac_cv_func_getentropy, [ #include #include +/* + * Explanation: + * + * - iOS <= 10.1 fails because of missing sys/random.h + * + * - in macOS 10.12 getentropy is not tagged as introduced in + * 10.12 so we cannot use it for target < 10.12 + */ #ifdef __APPLE__ # include # include # if (TARGET_OS_IPHONE || TARGET_OS_SIMULATOR) - -/* - * As of iOS 10.1, getentropy() as a system call is defined but is not - * declared in sys/random.h and submitting an App that links to getentropy() - * leads to the App store rejecting the App because: - * - * > The app references non-public symbols in $appname: _getentropy - * - * Disabling the check for getentropy() and thus enabling libressl own - * emulation of that fixes the issue. - */ -# error "As far as we know, getentropy() is not usable on iOS" - +# include /* Not available as of iOS <= 10.1 */ # else -/* - * Before macOS 10.12 getentropy() was not available. In 10.12 however it - * seems to be not marked for retro-compatibility and thus we cannot cross - * compile targeting, e.g., 10.12 unless we disable getentropy(). - * - * To test, - * - * export CFLAGS="-mmacosx-version-min=10.11" - * ./configure - * # ensure that getentropy() is not found - * - * Based on: https://gitweb.torproject.org/tor.git/commit/?id=https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21c963a9a65bf55024680c8323c8b7175d - */ +# include /* Pre 10.12 systems should die here */ + +/* Based on: https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21 */ # ifndef MAC_OS_X_VERSION_10_12 -# define MAC_OS_X_VERSION_10_12 101200 +# define MAC_OS_X_VERSION_10_12 101200 /* Robustness */ # endif # if defined(MAC_OS_X_VERSION_MIN_REQUIRED) # if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12 -# error "Running on Mac OSX 10.11 or earlier" +# error "Targeting on Mac OSX 10.11 or earlier" # endif # endif # endif #endif /* __APPLE__ */ ]], [[ - extern int getentropy(void *, size_t); char buffer; (void)getentropy(&buffer, sizeof (buffer)); ]])], diff --git a/m4/check-os-options.m4 b/m4/check-os-options.m4 index f2ff57f..1a7b940 100644 --- a/m4/check-os-options.m4 +++ b/m4/check-os-options.m4 @@ -17,10 +17,43 @@ case $host_os in *darwin*) HOST_OS=darwin HOST_ABI=macosx + # + # Don't use arc4random on systems before 10.12 because of # weak seed on failure to open /dev/random, based on latest # public source: # http://www.opensource.apple.com/source/Libc/Libc-997.90.3/gen/FreeBSD/arc4random.c - USE_BUILTIN_ARC4RANDOM=yes + # + # We use the presence of getentropy() to detect 10.12. The + # following check take into account that: + # + # - iOS <= 10.1 fails because of missing getentropy and + # hence they miss sys/random.h + # + # - in macOS 10.12 getentropy is not tagged as introduced in + # 10.12 so we cannot use it for target < 10.12 + # + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ +#include +#include +#include /* Systems without getentropy() should die here */ + +/* Based on: https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21 */ +#ifndef MAC_OS_X_VERSION_10_12 +# define MAC_OS_X_VERSION_10_12 101200 +#endif +#if defined(MAC_OS_X_VERSION_MIN_REQUIRED) +# if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12 +# error "Running on Mac OSX 10.11 or earlier" +# endif +#endif + ]], [[ +char buf[1]; getentropy(buf, 1); + ]])], + [ USE_BUILTIN_ARC4RANDOM=no ], + [ USE_BUILTIN_ARC4RANDOM=yes ] + ) + AC_MSG_CHECKING([whether to use builtin arc4random]) + AC_MSG_RESULT([$USE_BUILTIN_ARC4RANDOM]) # Not available on iOS AC_CHECK_HEADER([arpa/telnet.h], [], [BUILD_NC=no]) ;;