packages/uadk_engine
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
uadk_engine/0003-uadk_engine-add-secure-compilation-option.patch
Zhangfei Gao 8245bf8b36 uadk_engine: update to 1.3.0 
use openssl 1.1

Signed-off-by: Zhangfei Gao <zhangfei.gao@linaro.org>
2024-02-01 04:30:59 +00:00

71 lines
2.1 KiB
Diff
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From 638ee431907af6e9f4916e95a4f367e14499e819 Mon Sep 17 00:00:00 2001
From: Qi Tao <taoqi10@huawei.com>
Date: Thu, 18 Jan 2024 21:12:11 +0800
Subject: [PATCH 3/3] uadk_engine: add secure compilation option
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Add PIE, PIC, BIND_NOW, SP, NO Rpath/RunPath, FS,
Ftrapv and Strip compilation options.
PIC-fPIC):
Generate position-Independent-Code and andomly load
dynamic libraries.
PIE(-fPIE -pie):
Generate location-independent executables,which
reduces the probability of fixed address attacks
and buffer overflow attacks.
BIND_NOW(-Wl,-z,relro,-z,now):
GOT table redirects all read-only,which defends
against ret2plt attacks.
SP(-fstack-protector-strong/all):
Determine whether an overflow attack occurs.
Strip(-Wl,-s):
Deleting symbol tables defends against hacker
attacks and reduces the file size.
FS(-D_FORTIFY_SOURCE=2 -O2):
Provides access checks for fixed-size buffers
at compile time and at run time.
Ftrapv(-ftrapv):
Detects integer overflow.
NO Rpath/RunPath(hardcode_into_libs=no):
Eliminates dynamic library search paths,
which defense against attacks by replacing
dynamic libraries with the same name.
Signed-off-by: Qi Tao <taoqi10@huawei.com>
---
configure.ac | 1 +
src/Makefile.am | 2 ++
2 files changed, 3 insertions(+)
diff --git a/configure.ac b/configure.ac
index 6c5369e..99b85e9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -7,6 +7,7 @@ AC_CONFIG_HEADERS([config.h])
AC_PROG_CC
LT_INIT
+AC_SUBST([hardcode_into_libs], [no])
AC_ARG_ENABLE(kae,
AS_HELP_STRING([--enable-kae],[Enable kae support]))
diff --git a/src/Makefile.am b/src/Makefile.am
index c4b8aa9..e014052 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -18,6 +18,8 @@ uadk_engine_la_LIBADD=-ldl $(WD_LIBS) -lpthread
uadk_engine_la_LDFLAGS=-module -version-number $(VERSION)
uadk_engine_la_CFLAGS=$(WD_CFLAGS) $(libcrypto_CFLAGS)
uadk_engine_la_CFLAGS+=-DCRYPTO
+uadk_engine_la_CFLAGS+=-fPIC -fPIE -pie -fstack-protector-strong -D_FORTIFY_SOURCE=2 \
+ -O2 -ftrapv -Wl,-z,relro,-z,now -Wl,-s
AUTOMAKE_OPTIONS = subdir-objects
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink