1212120 – libnbcompat: broken sha256 hashes with -fstrict-aliasing

Bug 1212120 - libnbcompat: broken sha256 hashes with -fstrict-aliasing

Summary: libnbcompat: broken sha256 hashes with -fstrict-aliasing

Status:	NEW

Alias:	None

Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Current
Hardware:	Other Other

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	Aleksa Sarai
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-06-08 01:03 UTC by Aleksa Sarai
Modified:	2023-06-08 01:03 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Aleksa Sarai 2023-06-08 01:03:12 UTC

This has already been fixed upstream in [1], the core issue is that the sha2.c code has a strict aliasing violation which GCC >= 11 optimises in a way that produces incorrect sha256 hashes. This is easily verifiable by using "nmtree -k sha256digest -c" on Tumbleweed.

[1]: https://github.com/archiecobbs/libnbcompat/commit/864c1cf42c2c605636008626f171caf6410421cb