diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf index e75d164197c42ffbb1143305c13bfa273ddc7db6..e4f5f1c70f04c01d991b6200e7a21c7959ed673c 100644 --- a/Configurations/10-main.conf +++ b/Configurations/10-main.conf @@ -200,7 +200,7 @@ sub vms_info { threads("-pthread")), bn_ops => "BN_LLONG", shared_cflag => "-fPIC", - shared_ldflag => "-shared", + shared_ldflag => "-shared -static-libgcc", }, "solaris64-x86_64-gcc" => { # -shared -static-libgcc might appear controversial, but modules @@ -225,19 +225,18 @@ sub vms_info { }, #### Solaris x86 with Sun C setups - "solaris-x86-cc" => { - inherit_from => [ "solaris-common" ], - cc => "cc", - cflags => add_before(picker(default => "-xarch=generic -xstrconst -Xa -DL_ENDIAN", - debug => "-g", - release => "-xO5 -xregs=frameptr -xdepend -xbuiltin"), - threads("-D_REENTRANT")), - lflags => add(threads("-mt")), - ex_libs => add(threads("-lpthread")), - bn_ops => "BN_LLONG RC4_CHAR", - shared_cflag => "-KPIC", - shared_ldflag => "-G -dy -z text", - }, + # There used to be solaris-x86-cc target, but it was removed, + # primarily because vendor assembler can't assemble our modules + # with -KPIC flag. As result it, assembly support, was not even + # available as option. But its lack means lack of side-channel + # resistant code, which is incompatible with security by todays + # standards. Fortunately gcc is readily available prepackaged + # option, which we can firmly point at... + # + # On related note, solaris64-x86_64-cc target won't compile code + # paths utilizing AVX and post-Haswell instruction extensions. + # Consider switching to solaris64-x86_64-gcc even here... + # "solaris64-x86_64-cc" => { inherit_from => [ "solaris-common", asm("x86_64_asm") ], cc => "cc",