projects / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 04e0abc)
Adding Control Flow guard to Windows Builds
authorgakamath <Ganesh.Kamath@amd.com>
Fri, 14 Apr 2023 16:16:24 +0000 (21:46 +0530)
committerTomas Mraz <tomas@openssl.org>
Wed, 19 Apr 2023 13:28:02 +0000 (15:28 +0200)
Control flow guard is a code security implementation: https://learn.microsoft.com/en-us/windows/win32/secbp/control-flow-guard
We identified it with BlackDuck security scan utility
CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20739)

Configurations/10-main.conf patch | blob | history

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index c42902cf39f08af1523f4f60be81f110a5ecae38..accd4502f5d9da347d3c9e1d7aad30ac4c900da9 100644 (file)
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -1475,10 +1475,10 @@ my %targets = (
                                 "UNICODE", "_UNICODE",
                                 "_CRT_SECURE_NO_DEPRECATE",
                                 "_WINSOCK_DEPRECATED_NO_WARNINGS"),
-        lib_cflags       => add("/Zi /Fdossl_static.pdb"),
+        lib_cflags       => add("/guard:cf /Zi /Fdossl_static.pdb"),
         lib_defines      => add("L_ENDIAN"),
-        dso_cflags       => "/Zi /Fddso.pdb",
-        bin_cflags       => "/Zi /Fdapp.pdb",
+        dso_cflags       => "/guard:cf /Zi /Fddso.pdb",
+        bin_cflags       => "/guard:cf /Zi /Fdapp.pdb",
         # def_flag made to empty string so a .def file gets generated
         shared_defflag   => '',
         shared_ldflag    => "/dll",
Unnamed repository; edit this file 'description' to name the repository.