From fbc4ba4b4ed13cc86cb8fdea0bac6c3be0164ed5 Mon Sep 17 00:00:00 2001 From: Michael Brown Date: Wed, 4 Mar 2015 18:48:19 +0000 Subject: [build] Fix the REQUIRE_SYMBOL mechanism At some point in the past few years, binutils became more aggressive at removing unused symbols. To function as a symbol requirement, a relocation record must now be in a section marked with @progbits and must not be in a section which gets discarded during the link (either via --gc-sections or via /DISCARD/). Update REQUIRE_SYMBOL() to generate relocation records meeting these criteria. To minimise the impact upon the final binary size, we use existing symbols (specified via the REQUIRING_SYMBOL() macro) as the relocation targets where possible. We use R_386_NONE or R_X86_64_NONE relocation types to prevent any actual unwanted relocation taking place. Where no suitable symbol exists for REQUIRING_SYMBOL() (such as in config.c), the macro PROVIDE_REQUIRING_SYMBOL() can be used to generate a one-byte-long symbol to act as the relocation target. If there are versions of binutils for which this approach fails, then the fallback will probably involve killing off REQUEST_SYMBOL(), redefining REQUIRE_SYMBOL() to use the current definition of REQUEST_SYMBOL(), and postprocessing the linked ELF file with something along the lines of "nm -u | wc -l" to check that there are no undefined symbols remaining. Signed-off-by: Michael Brown --- src/crypto/x509.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/crypto') diff --git a/src/crypto/x509.c b/src/crypto/x509.c index 0f114b84..49a1bce7 100644 --- a/src/crypto/x509.c +++ b/src/crypto/x509.c @@ -1765,5 +1765,8 @@ int x509_validate_chain ( struct x509_chain *chain, time_t time, return -EACCES_USELESS; } +/* Drag in objects via x509_validate() */ +REQUIRING_SYMBOL ( x509_validate ); + /* Drag in certificate store */ REQUIRE_OBJECT ( certstore ); -- cgit v1.2.3-55-g7522