fix: include TargetConditionals.h in target.h for iOS cross-compilation#3115
Closed
fix: include TargetConditionals.h in target.h for iOS cross-compilation#3115
Conversation
target.h checks TARGET_OS_IPHONE to define OPENSSL_IOS, but relies on base.h having already included <TargetConditionals.h>. On toolchains where TARGET_OS_IPHONE is not a compiler builtin (e.g. Xcode 16.2 / Apple Clang 16 on macOS 14), the macro is never set, OPENSSL_IOS is never defined, and the entropy source selection in internal.h falls through to OPENSSL_RAND_URANDOM. This compiles urandom.c's full body for iOS, which references the Linux-only RNDGETENTCNT ioctl and calls ioctl() without <sys/ioctl.h>, producing hard errors: urandom.c:370: error: call to undeclared function 'ioctl' urandom.c:370: error: use of undeclared identifier 'RNDGETENTCNT' Two changes: 1. target.h now includes <TargetConditionals.h> directly (guarded by !__ASSEMBLER__ since the header is also used in .S files). This ensures OPENSSL_IOS is always defined for iOS targets. 2. urandom.c's ensure_dev_urandom_is_initialized() guards the RNDGETENTCNT/ioctl block behind #if defined(OPENSSL_LINUX) as a defensive measure, since those symbols only come from headers that are themselves guarded by OPENSSL_LINUX. Made-with: Cursor
lukejmann
requested a deployment
to
manual-approval
GitHub Actions
Waiting
lukejmann
requested a deployment
to
manual-approval
GitHub Actions
Waiting
lukejmann
requested a deployment
to
manual-approval
GitHub Actions
Waiting
lukejmann
requested a deployment
to
manual-approval
GitHub Actions
Waiting
lukejmann
requested a deployment
to
manual-approval
GitHub Actions
Waiting
lukejmann
requested a deployment
to
manual-approval
GitHub Actions
Waiting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issues:
None filed yet — discovered in the wild cross-compiling for iOS via
aws-lc-sys0.38.0.Description of changes:
aws-lc-sys 0.38.0 fails to compile
urandom.cforaarch64-apple-ioson Xcode 16.2 (iPhoneOS 18.2 SDK) when built through the Rustcc-rsbuild system. Two compiler errors:urandom.c:370:9: error: call to undeclared function 'ioctl' [-Werror,-Wimplicit-function-declaration]urandom.c:370:27: error: use of undeclared identifier 'RNDGETENTCNT'Root cause:
target.hchecksTARGET_OS_IPHONEto defineOPENSSL_IOS, but never includes<TargetConditionals.h>itself — it relies onbase.hhaving done so. On this toolchain,TARGET_OS_IPHONEis not available as a compiler builtin whentarget.his processed, soOPENSSL_IOSis never defined. The entropy source selection ininternal.hfalls through toOPENSSL_RAND_URANDOM(the Linux/dev/urandompath) instead ofOPENSSL_RAND_CCRANDOMGENERATEBYTES.urandom.cthen tries to callioctl(RNDGETENTCNT), but the headers for those (<linux/random.h>,<sys/ioctl.h>) are only included behind#if defined(OPENSSL_LINUX).Two changes:
include/openssl/target.h: Include<TargetConditionals.h>directly, guarded by!__ASSEMBLER__sincetarget.his also used from.Sfiles.crypto/rand_extra/urandom.c: Guard theRNDGETENTCNT/ioctl()entropy-check loop inensure_dev_urandom_is_initialized()behind#if defined(OPENSSL_LINUX), matching the guards already on the corresponding#includedirectives. Both fixes are required — CI testing showed that fix 1 alone is not sufficient on Xcode 16.2.Call-outs:
target.h!__ASSEMBLER__guard keeps<TargetConditionals.h>out of assembly contexts. In assembly, theTARGET_OS_*checks evaluate to false, matching current behavior.urandom.cchange doesn't alter any behavior on Linux, whereOPENSSL_LINUXis always defined alongsideOPENSSL_RAND_URANDOM. On non-Linux platforms that reach this path, it skips the entropy-count check and goes straight toSTATE_READY.Testing:
We verified this end-to-end in CI on a macOS 14 / Xcode 16.2 runner. Our project (worldcoin/walletkit) cross-compiles
aws-lc-sys0.38.0 foraarch64-apple-ios,aarch64-apple-ios-sim, andx86_64-apple-ios.Before (no fix): CI run — urandom.c fails
After (both fixes applied as a build-time source patch): CI run — Swift build passes
Fix 1 alone (target.h only, no urandom.c guard): CI run — still fails — confirmed that
TARGET_OS_IPHONEremains unavailable on Xcode 16.2 even with the explicit include, so the urandom.c guard is also needed.The test wiring is visible in worldcoin/walletkit#314, which applies both patches at build time against the crates.io source.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.