mirror of
https://github.com/jedisct1/libsodium.git
synced 2024-12-19 10:05:05 -07:00
Add a conditional to enable retpoline support
Using retpoline in userland code that doesn't run arbitrary code is questionable to start with. Linux is also getting SPECTRE v2 userspace-to-userspace protection. In addition, some platforms have a gcc version that advertises support for retpolines, but the resulting binaries simply don't work or cannot be linked. So, do not enable this by default. Let builders choose if they really want to enable this in their builds.
This commit is contained in:
parent
3ab71f873f
commit
a01c5f8fd8
@ -10,7 +10,6 @@ module; fall back to Javascript on these.
|
||||
counterpart.
|
||||
- Added a workaround for Visual Studio 2010 bug causing CPU features
|
||||
not to be detected.
|
||||
- The library now enables compilation with retpoline by default.
|
||||
- Portability improvements.
|
||||
- Test vectors from Project Wycheproof have been added.
|
||||
- New low-level APIs for arithmetic mod the order of the prime order group:
|
||||
|
18
configure.ac
18
configure.ac
@ -149,6 +149,17 @@ AC_ARG_WITH(ctgrind,
|
||||
])
|
||||
])
|
||||
|
||||
AC_ARG_ENABLE(retpoline,
|
||||
[AS_HELP_STRING(--enable-retpoline,Use return trampolines for indirect calls)],
|
||||
[AS_IF([test "x$enableval" = "xyes"], [
|
||||
AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk-inline],
|
||||
[CFLAGS="$CFLAGS -mindirect-branch=thunk-inline"],
|
||||
[AX_CHECK_COMPILE_FLAG([-mretpoline], [CFLAGS="$CFLAGS -mretpoline"])]
|
||||
)
|
||||
AX_CHECK_COMPILE_FLAG([-mindirect-branch-register])
|
||||
])
|
||||
])
|
||||
|
||||
ENABLE_CWFLAGS=no
|
||||
AC_ARG_ENABLE(debug,
|
||||
[AS_HELP_STRING(--enable-debug,For maintainers only - please do not use)],
|
||||
@ -197,13 +208,6 @@ AC_CHECK_DEFINE([_FORTIFY_SOURCE], [], [
|
||||
[CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"])
|
||||
])
|
||||
|
||||
AS_IF([test "x$EMSCRIPTEN" = "x" -a "$host_os" != "pnacl"], [
|
||||
AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk],
|
||||
[CFLAGS="$CFLAGS -mindirect-branch=thunk"],
|
||||
[AX_CHECK_COMPILE_FLAG([-mretpoline], [CFLAGS="$CFLAGS -mretpoline"])]
|
||||
)
|
||||
])
|
||||
|
||||
AX_CHECK_COMPILE_FLAG([-fvisibility=hidden],
|
||||
[CFLAGS="$CFLAGS -fvisibility=hidden"])
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user