The blkxor function in pwhash_scryptsalsa208sha256_nosse.c breaks strict aliasing rules (for ARCH_BITS==64). It load/stores from a buffer via uint64_t* that is otherwise accessed via uint32_t* only. We just had trouble with this in core scrypt and clang-15 LTO mode and found upstream scrypt had already fixed it in https://github.com/Tarsnap/scrypt/commit/209fd279c9357010d1dabd446c458dfeb9820e6c
I noticed a copy / similar problematic code for ARCH_BITS==64 in libsodum version.
The
blkxor
function inpwhash_scryptsalsa208sha256_nosse.c
breaks strict aliasing rules (forARCH_BITS==64
). It load/stores from a buffer viauint64_t*
that is otherwise accessed viauint32_t*
only. We just had trouble with this in core scrypt and clang-15 LTO mode and found upstream scrypt had already fixed it in https://github.com/Tarsnap/scrypt/commit/209fd279c9357010d1dabd446c458dfeb9820e6cI noticed a copy / similar problematic code for
ARCH_BITS==64
in libsodum version.