From 96e6c6635ec45e47cec29cab8e6dadf62eb1da00 Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Wed, 31 Aug 2016 16:13:10 +0200 Subject: [PATCH] Configurations/10-main.conf: remove solaris-x86-cc target. Since vendor assembler can't assemble our modules with -KPIC flag, it, assembly support, was not available as an option. But this means lack of side-channel resistant code, which is incompatible with security by todays standards. Reviewed-by: Rich Salz (cherry picked from commit 216a0cc4d6a35a21e613f1e7e9eee957768bf9dd) --- Configurations/10-main.conf | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index e75d164197..e4f5f1c70f 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -200,7 +200,7 @@ sub vms_info { threads("-pthread")), bn_ops => "BN_LLONG", shared_cflag => "-fPIC", - shared_ldflag => "-shared", + shared_ldflag => "-shared -static-libgcc", }, "solaris64-x86_64-gcc" => { # -shared -static-libgcc might appear controversial, but modules @@ -225,19 +225,18 @@ sub vms_info { }, #### Solaris x86 with Sun C setups - "solaris-x86-cc" => { - inherit_from => [ "solaris-common" ], - cc => "cc", - cflags => add_before(picker(default => "-xarch=generic -xstrconst -Xa -DL_ENDIAN", - debug => "-g", - release => "-xO5 -xregs=frameptr -xdepend -xbuiltin"), - threads("-D_REENTRANT")), - lflags => add(threads("-mt")), - ex_libs => add(threads("-lpthread")), - bn_ops => "BN_LLONG RC4_CHAR", - shared_cflag => "-KPIC", - shared_ldflag => "-G -dy -z text", - }, + # There used to be solaris-x86-cc target, but it was removed, + # primarily because vendor assembler can't assemble our modules + # with -KPIC flag. As result it, assembly support, was not even + # available as option. But its lack means lack of side-channel + # resistant code, which is incompatible with security by todays + # standards. Fortunately gcc is readily available prepackaged + # option, which we can firmly point at... + # + # On related note, solaris64-x86_64-cc target won't compile code + # paths utilizing AVX and post-Haswell instruction extensions. + # Consider switching to solaris64-x86_64-gcc even here... + # "solaris64-x86_64-cc" => { inherit_from => [ "solaris-common", asm("x86_64_asm") ], cc => "cc", -- 2.25.1