From 39f2111b1d5f00206446257377dcce58cc72369f Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@dtucker.net>
Date: Wed, 29 Sep 2021 10:53:55 +1000
Subject: [PATCH] Add new compiler hardening flags.

Add -fzero-call-used-regs and -ftrivial-auto-var-init to the list of
compiler hardening flags that configure checks for.  These are supported
by clang and gcc, and make ROP gadgets less useful and mitigate
stack-based infoleaks respectively.  ok djm@
---
 configure.ac | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/configure.ac b/configure.ac
index 413913a7c..821a75ba1 100644
--- a/configure.ac
+++ b/configure.ac
@@ -190,6 +190,8 @@ if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
 	# actually links. The test program compiled/linked includes a number
 	# of integer operations that should exercise this.
 	OSSH_CHECK_CFLAG_LINK([-ftrapv])
+	OSSH_CHECK_CFLAG_COMPILE([-fzero-call-used-regs=all])
+	OSSH_CHECK_CFLAG_COMPILE([-ftrivial-auto-var-init=zero])
     fi
 	AC_MSG_CHECKING([gcc version])
 	GCC_VER=`$CC -v 2>&1 | $AWK '/gcc version /{print $3}'`
-- 
2.47.3