Collin Funk <[email protected]> writes: > Thanks for both reports and for the debugging. > > I commented on the OpenSSL bug what I think is happening here. The low > level deprecated OpenSSL functions will not call OPENSSL_cpuid_setup > like the EVP ones will. OpenSSL 3.5 would call OPENSSL_cpuid_setup when > the library was loaded, but OpenSSL 3.6 will not. > > We use the low-level deprecated APIs, e.g., SHA256_Init, SHA256_Update, > and SHA256_Final, because the EVP APIs are overkill for our purposes. If > my understanding is correct, that means OpenSSL 3.6 never checks what > instructions your CPU supports. > > [...] > > I'll hold off pushing and watch the OpenSSL bug report, since I think > this change was unintentional.
This bug was fixed in OpenSSL and backported to supported branches [1]. Thanks again for reporting it to both their team and ours, Jack. I'll close this as notabug since the coreutils issue was a symptom of that bug, which likely affected many other packages as well. Collin [1] https://github.com/openssl/openssl/issues/29340#issuecomment-4178005696
