Hello,

It looks like on Linux (x86_64), starting with Clang 14, the code for Elliptic Curves (when assembler is not enabled) is broken when compiled with optimizations (O2/O3). It is totally fine when using assembler, but when using regular C code, some curves will fail in OpenSSL internals. It doesn't seem to be new (I tested a few older versions) and it seems to be also affecting the 3.0.x branch although I have personally experienced it on the 1.1.1 branch.

From running the tests, it seems to be only affecting a few curves (like secp384r1, prime192v1, prime256v1) and it seems to be that some validation does not pass, potentially due to bad codegen. I don't know if OpenSSL has some undefined behaviors in that section of the code as I haven't investigated yet. But, it was working well up to Clang 13, and GCC 11 is good too.

I've tested and generated logs for the following configs:

• 1.1.1n | Clang 14 | No ASM (broken)
• 1.1.1n | Clang 14 | ASM (working)
• 1.1.1n | GCC 11 | No ASM (working)

All these tests were done in a Docker container based on Ubuntu 22.04. I've also tested 1.1.1k | Clang 14 | No ASM and 3.0.2 | Clang 14 | No ASM which reproduce the exact same issue, so didn't generated logs for them.

config_1_1_1n_noasm_clang14.txt
tests_1_1_1n_noasm_clang14.txt
tests_verbose_1_1_1n_noasm_clang14.txt

config_1_1_1n_asm_clang14.txt
tests_1_1_1n_asm_clang14.txt

config_1_1_1n_noasm_gcc.txt
tests_1_1_1n_noasm_gcc.txt