threads("-pthread")),
bn_ops => "BN_LLONG",
shared_cflag => "-fPIC",
- shared_ldflag => "-shared",
+ shared_ldflag => "-shared -static-libgcc",
},
"solaris64-x86_64-gcc" => {
# -shared -static-libgcc might appear controversial, but modules
},
#### Solaris x86 with Sun C setups
- "solaris-x86-cc" => {
- inherit_from => [ "solaris-common" ],
- cc => "cc",
- cflags => add_before(picker(default => "-xarch=generic -xstrconst -Xa -DL_ENDIAN",
- debug => "-g",
- release => "-xO5 -xregs=frameptr -xdepend -xbuiltin"),
- threads("-D_REENTRANT")),
- lflags => add(threads("-mt")),
- ex_libs => add(threads("-lpthread")),
- bn_ops => "BN_LLONG RC4_CHAR",
- shared_cflag => "-KPIC",
- shared_ldflag => "-G -dy -z text",
- },
+ # There used to be solaris-x86-cc target, but it was removed,
+ # primarily because vendor assembler can't assemble our modules
+ # with -KPIC flag. As result it, assembly support, was not even
+ # available as option. But its lack means lack of side-channel
+ # resistant code, which is incompatible with security by todays
+ # standards. Fortunately gcc is readily available prepackaged
+ # option, which we can firmly point at...
+ #
+ # On related note, solaris64-x86_64-cc target won't compile code
+ # paths utilizing AVX and post-Haswell instruction extensions.
+ # Consider switching to solaris64-x86_64-gcc even here...
+ #
"solaris64-x86_64-cc" => {
inherit_from => [ "solaris-common", asm("x86_64_asm") ],
cc => "cc",
projects / openssl.git / commitdiff