From: gakamath <Ganesh.Kamath@amd.com>
Date: Fri, 14 Apr 2023 16:16:24 +0000 (+0530)
Subject: Adding Control Flow guard to Windows Builds
X-Git-Tag: openssl-3.2.0-alpha1~996
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1adc45b1ded7072d1566addeab227efa81b6c947;p=thirdparty%2Fopenssl.git

Adding Control Flow guard to Windows Builds

Control flow guard is a code security implementation: https://learn.microsoft.com/en-us/windows/win32/secbp/control-flow-guard
We identified it with BlackDuck security scan utility
CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20739)
---

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index c42902cf39f..accd4502f5d 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -1475,10 +1475,10 @@ my %targets = (
                                 "UNICODE", "_UNICODE",
                                 "_CRT_SECURE_NO_DEPRECATE",
                                 "_WINSOCK_DEPRECATED_NO_WARNINGS"),
-        lib_cflags       => add("/Zi /Fdossl_static.pdb"),
+        lib_cflags       => add("/guard:cf /Zi /Fdossl_static.pdb"),
         lib_defines      => add("L_ENDIAN"),
-        dso_cflags       => "/Zi /Fddso.pdb",
-        bin_cflags       => "/Zi /Fdapp.pdb",
+        dso_cflags       => "/guard:cf /Zi /Fddso.pdb",
+        bin_cflags       => "/guard:cf /Zi /Fdapp.pdb",
         # def_flag made to empty string so a .def file gets generated
         shared_defflag   => '',
         shared_ldflag    => "/dll",