diff options
author | David Benjamin <davidben@google.com> | 2017-11-21 08:16:42 -0500 |
---|---|---|
committer | CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> | 2017-11-21 17:40:40 +0000 |
commit | c367ee543983852e39c06b8009f9ef9678556a4b (patch) | |
tree | f3b27ff5fd2b084a9fd3e5a4a7e868a861484e71 | |
parent | 8c565fa86cfb89d20001d4fa1285e20e7bc0b970 (diff) | |
download | boringssl-c367ee543983852e39c06b8009f9ef9678556a4b.zip boringssl-c367ee543983852e39c06b8009f9ef9678556a4b.tar.gz boringssl-c367ee543983852e39c06b8009f9ef9678556a4b.tar.bz2 |
Add a CFI build flag.
This uses Clang's CFI feature.
Bug: 201
Change-Id: I7a42ec73dc8bfb3893ec69f2d2f4d7e3a2fd2cc4
Reviewed-on: https://boringssl-review.googlesource.com/23225
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: Steven Valdez <svaldez@google.com>
-rw-r--r-- | CMakeLists.txt | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 338f212..eb8717a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -238,6 +238,24 @@ if (ASAN) set(OPENSSL_NO_ASM "1") endif() +if(CFI) + if(NOT CLANG) + message(FATAL_ERROR "Cannot enable CFI unless using Clang") + endif() + + # TODO(crbug.com/785442): Remove -fsanitize-cfi-icall-generalize-pointers. + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -fsanitize-cfi-icall-generalize-pointers -flto") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -fsanitize-cfi-icall-generalize-pointers -flto") + # We use Chromium's copy of clang, which requires -fuse-ld=lld if building + # with -flto. That, in turn, can't handle -ggdb. + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fuse-ld=lld") + string(REPLACE "-ggdb" "-g" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}") + string(REPLACE "-ggdb" "-g" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}") + # -flto causes object files to contain LLVM bitcode. Mixing those with + # assembly output in the same static library breaks the linker. + set(OPENSSL_NO_ASM "1") +endif() + if (GCOV) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-arcs -ftest-coverage") set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fprofile-arcs -ftest-coverage") |