in this case, openssl initially rejects the notion that the openssl code could have a strict aliasing violation, and instead blames clang.
meanwhile, libressl and boringssl correctly fix the bug, e.g. https://github.com/google/boringssl/commit/227ff6e6425283b83594a91a1aa81cc78f1a88df
the openssl fix, however, is entirely wrong from an ISO C point of view, and only fixes the immediate problem:
if Clang starts applying this specific (and valid) optimization at the block level, then the code breaks again as it still invokes UB.
the reason the FOSS world is stuck with OpenSSL has nothing to do with there not being capable forks to replace it, but with the fact that OpenSSL is FIPS certified, and therefore can be "white label FIPS certified".
an example of this being: https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/3220
@dcbaok no, i mean, literally just take LibreSSL and FIPS certify it alongside an openssl.cnf that simulates FIPS mode.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!