Hi. Which version of gcc are we talking about? GCC 11 should support this, but I don't know over which archs. It is there as a security enhancement. I would say something like less gadgets for ROP style attacks? And while it does slow down execution, for something like OpenSSL, it usually is worth it imho. I don't see a suitable toolchain option or hardening flag in ptxdist that currently fits this cleanly. Not sure if something like this fits for a its own global pass either. Maybe someone else has another opinion.
So my immediate suggestion would be to keep this local at your end for now. Regards, Christian On 9/17/25 8:32 AM, ruggero rossi via ptxdist wrote:
Hello everybody, On my system, the gcc toolchain does not support the -fzero-call-used-regs option. With PTXDIST 2025.09.0 this causes the build of OpenSSL 3.5.2 to fail. An ad-hoc patch is trivial: I removed the -fzero-call-used-regs=used-gpr flag from openssl-3.5.2/Configurations/20-debian.conf (see attached patch). My question is: would it be possible to integrate a more general solution into PTXDIST, so that the build works regardless of whether the toolchain supports this GCC option? Best regards, Ruggero Rossi
