- according to man.openbsd.org getentropy() is in unistd.h
- according to macOS sierra's man it's in sys/random.h
- since sys/random.h is does not exist for iOS and for linux, do
not attempt to include it, rather redeclare the prototype
- make sure that `./configure`:
- uses getentropy() on macOS sierra
- does not use getentropy() if compiling for 10.11
- does not use getentropy() if compiling for ios armv7
This diff changes the logic by which configure detects getentropy() to
ensure that we don't use the system wide getentropy
- with macOS sierra if the deployment target is lower than sierra as
found by tor developers here
https://gitweb.torproject.org/tor.git/commit/?id=https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21c963a9a65bf55024680c8323c8b7175d
- with iOS unconditionally because an app linking libressl compiled with
system wide getentropy has been rejected by the App store as I have
documented here
https://github.com/measurement-kit/measurement-kit/pull/994
I think something similar could also affect clock_gettime judging from
tor's patch, but this diff for now doesn't address that.
I do not have macOS < sierra, so I could only verify that configure was
not picking up system wide getentropy by compiling libressl using
export CFLAGS="-mmacosx-version-min=10.11"
As regards iOS, removing the check for getentropy and recompiling (thus
using libressl builtin getentropy()) was enough to have another iteration
of the app accepted. Otherwise testing should be possible with:
export LDFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos`
export CPPFLAGS=-arch armv7 -isysroot `xcrun --show-sdk-path --sdk iphoneos`
export CFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos`
Related ticket: https://github.com/libressl-portable/portable/issues/230
- add patch for aeadtest.c to undef IN
- add patch for ocsp_test.c to call BIO_sock_init() before getaddrinfo()
- define STDERR_FILENO in unistd.h to build pkcs7test.c
- add option ENABLE_VSTEST(default OFF) to enable test on Visual Studio
- modify to pass test data file as an argument (aeadtest, evptest)
- add Windows scripts (ocsptest, pq_test, ssltest, testdsa, testenc, testrsa)
- do not build pidwraptest on MSVC
- fix some indentations
- Add 3 DEF files to export functions from Windows DLLs
- Add gettimeofday to crypto/crypto.def (*1)
- Remove gai_strerrorA from tls/tls.def (*1)
- Fix CMakeLists.txt to use DEF files as PRIVATE
- Change DLL import library file name since it duplicates with static library
- Ignore compiler warning C4267, and Edit CMAKE_C_FLAGS not to overwrite it (*1)
- Add USE_SHARED option to build openssl.exe with shared libraries (*1)
(*1) recommended by @mcnameej
