<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/163053>163053</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [clang] Miscompiles OpenSSH 10.x's mlkem768 key-exchange protocol when avx512 is enabled.
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          iucoen
      </td>
    </tr>
</table>

<pre>
    When OpenSSH 10.x is compiled with Clang (I've tested versions 19 and 20) and using `-march=x86-64-v4 -mtune=znver5` to enable AVX512, the resulting ssh client binary is unable to establish SSH connections and reports "incorrect signature" when the "mlkem768x25519-sha256" kex algorithm is used. I've narrowed down to the `libcrux_ml_kem_mlkem768_portable_decapsulate()` function that's misbehaving and returning the wrong shared secret. It also appears that the CFLAG `-fzero-call-used-regs=used` which is added by OpenSSH's build system is what's causing the problem. I've isolated just the mlkem768 algorithm and produced a small [test case](https://github.com/iucoen/clang-mlkem768-repro) to demonstrate the problem. 
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJx8k8-u4zYPxZ9G2RAObCZy7IUXd26Q7xugRRcDtN0FssTEmitLhijnzzx9Ifum7Wy6sgyI5O8c8Shme_VEnZBfhDxu1JyGEDs760B-0wfz7P4YyMNvE_lv3_4PVbl9gGXQYZysIwN3mwZ4d8pfQWDzVeDhRpCIExm4UWQbPEPVgvIGsBS4nma2uaAui1FFPYjd8dHURb0vbnsoxjR7ErvjD3-jKEVdQgpAXvWO4O33P2WFAt8hDQSReHYpt2IeQDtLPkFvvYrPDDmvNbmak-qd5QGyCB28J50WtEwTaQoxMQhE63WIkXSC7ItKcySBCPfsQZ4oEEf3QeOhbh4oZdUWPCiUdb70QQ9Q7hqiTcO4zGcyW_j0xKsYw50MmHD3mWlpV5fO9jrOj_Pozh80nl_dzxkp458NaTXx7FQigY3ANjtymf0iANKgksADw2i5p0HdshurqDRHn__yoHsM2aVBRTLApCOlLXxNoBwHUNNEKvLSa7n9fvrl7X_L81x-UAyFVs4VWU0R6cpid8znjHEfrB6yVGUMGeifr0VZkPrZOgP85ESLH_cXq1brAuRZUwy9o_FvnyyHLNXA95lXmpcl_zI3C5xiMLMmAwp4VM6BkF_y4oFWTEIeBTZDShOL3ZvAk8DT1aZh7rc6jAJP64YLPOm8u8VrRhFpiiGvaQpgaAyeU1SJfkbdmG5n2l2rNtRVh7pE2dZVuxm6Zi8v0pSV2pe9NI3sLxUarLDeVUb2rdnYDkuUVVlh2ZZl1W5NXWpNptHN4XC5tFLsSxqVdVvnbuM2xOvGMs_UVfWulLuNUz05XtKKuKALxBzc2OWCop-vLPals5z4nxbJJrdEfK2QR_jV8meE-adsr6v0MvyDngU99KD8dVGfgg5uDYO6PWSF-VXXZJrtZo6u-w_HM83np5hi-E465XfI6ljg6VPgrcO_AgAA__-Aw4eD">