[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Fri Sep 2 11:20:44 UTC 2016

The branch OpenSSL_1_1_0-stable has been updated
       via  96e6c6635ec45e47cec29cab8e6dadf62eb1da00 (commit)
      from  3bcd1b249690f90bd1d2c2b401e65628fd9cacd8 (commit)


- Log -----------------------------------------------------------------
commit 96e6c6635ec45e47cec29cab8e6dadf62eb1da00
Author: Andy Polyakov <appro at openssl.org>
Date:   Wed Aug 31 16:13:10 2016 +0200

    Configurations/10-main.conf: remove solaris-x86-cc target.
    
    Since vendor assembler can't assemble our modules with -KPIC flag,
    it, assembly support, was not available as an option. But this
    means lack of side-channel resistant code, which is incompatible
    with security by todays standards.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (cherry picked from commit 216a0cc4d6a35a21e613f1e7e9eee957768bf9dd)

-----------------------------------------------------------------------

Summary of changes:
 Configurations/10-main.conf | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index e75d164..e4f5f1c 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -200,7 +200,7 @@ sub vms_info {
                                        threads("-pthread")),
         bn_ops           => "BN_LLONG",
         shared_cflag     => "-fPIC",
-        shared_ldflag    => "-shared",
+        shared_ldflag    => "-shared -static-libgcc",
     },
     "solaris64-x86_64-gcc" => {
         # -shared -static-libgcc might appear controversial, but modules
@@ -225,19 +225,18 @@ sub vms_info {
     },
 
 #### Solaris x86 with Sun C setups
-    "solaris-x86-cc" => {
-        inherit_from     => [ "solaris-common" ],
-        cc               => "cc",
-        cflags           => add_before(picker(default => "-xarch=generic -xstrconst -Xa -DL_ENDIAN",
-                                              debug   => "-g",
-                                              release => "-xO5 -xregs=frameptr -xdepend -xbuiltin"),
-                                       threads("-D_REENTRANT")),
-        lflags           => add(threads("-mt")),
-        ex_libs          => add(threads("-lpthread")),
-        bn_ops           => "BN_LLONG RC4_CHAR",
-        shared_cflag     => "-KPIC",
-        shared_ldflag    => "-G -dy -z text",
-    },
+    # There used to be solaris-x86-cc target, but it was removed,
+    # primarily because vendor assembler can't assemble our modules
+    # with -KPIC flag. As result it, assembly support, was not even
+    # available as option. But its lack means lack of side-channel
+    # resistant code, which is incompatible with security by todays
+    # standards. Fortunately gcc is readily available prepackaged
+    # option, which we can firmly point at...
+    #
+    # On related note, solaris64-x86_64-cc target won't compile code
+    # paths utilizing AVX and post-Haswell instruction extensions.
+    # Consider switching to solaris64-x86_64-gcc even here...
+    #
     "solaris64-x86_64-cc" => {
         inherit_from     => [ "solaris-common", asm("x86_64_asm") ],
         cc               => "cc",
