Fix SHA256/SHA512 to work on strict alignment platforms. This was

exposed by the C version of audit-packages and report in PR pkg/36662.

2 files changed, 51 insertions, 15 deletions

diff --git a/pkgtools/libnbcompat/Makefile b/pkgtools/libnbcompat/Makefile
index 8b8005b3e3d..9e2d64db2d8 100644
--- a/pkgtools/libnbcompat/Makefile
+++ b/pkgtools/libnbcompat/Makefile
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.51 2007/06/26 22:10:46 dmcmahill Exp $
+# $NetBSD: Makefile,v 1.52 2007/07/18 14:09:55 joerg Exp $
 #
 # NOTE: If you update this package, it is *mandatory* that you update
 # 	pkgsrc/pkgtools/libnbcompat/files/README to reflect the actual
 #	list of tested and supported platforms.
 #
 
-DISTNAME=		libnbcompat-20070626
+DISTNAME=		libnbcompat-20070718
 CATEGORIES=		pkgtools devel
 MASTER_SITES=		# empty
 DISTFILES=		# empty
diff --git a/pkgtools/libnbcompat/files/sha2.c b/pkgtools/libnbcompat/files/sha2.c
index 9beb4f76fcb..62b77547980 100644
--- a/pkgtools/libnbcompat/files/sha2.c
+++ b/pkgtools/libnbcompat/files/sha2.c
@@ -1,4 +1,4 @@
-/* $NetBSD: sha2.c,v 1.6 2007/05/07 16:38:47 joerg Exp $ */
+/* $NetBSD: sha2.c,v 1.7 2007/07/18 14:09:55 joerg Exp $ */
 /*	$KAME: sha2.c,v 1.9 2003/07/20 00:28:38 itojun Exp $	*/
 
 /*
@@ -495,12 +495,30 @@ void SHA256_Update(SHA256_CTX* context, const sha2_byte *data, size_t len) {
 			return;
 		}
 	}
-	while (len >= SHA256_BLOCK_LENGTH) {
-		/* Process as many complete blocks as we can */
-		SHA256_Transform(context, (const sha2_word32*)(const void *)data);
-		context->bitcount += SHA256_BLOCK_LENGTH << 3;
-		len -= SHA256_BLOCK_LENGTH;
-		data += SHA256_BLOCK_LENGTH;
+	/*
+	 * Process as many complete blocks as possible.
+	 *
+	 * Check alignment of the data pointer. If it is 32bit aligned,
+	 * SHA256_Transform can be called directly on the data stream,
+	 * otherwise enforce the alignment by copy into the buffer.
+	 */
+	if ((uintptr_t)data % 4 == 0) {
+		while (len >= SHA256_BLOCK_LENGTH) {
+			SHA256_Transform(context,
+			    (const sha2_word32 *)(const void *)data);
+			context->bitcount += SHA256_BLOCK_LENGTH << 3;
+			len -= SHA256_BLOCK_LENGTH;
+			data += SHA256_BLOCK_LENGTH;
+		}
+	} else {
+		while (len >= SHA256_BLOCK_LENGTH) {
+			memcpy(context->buffer, data, SHA256_BLOCK_LENGTH);
+			SHA256_Transform(context,
+			    (const sha2_word32 *)(const void *)context->buffer);
+			context->bitcount += SHA256_BLOCK_LENGTH << 3;
+			len -= SHA256_BLOCK_LENGTH;
+			data += SHA256_BLOCK_LENGTH;
+		}
 	}
 	if (len > 0) {
 		/* There's left-overs, so save 'em */
@@ -785,12 +803,30 @@ void SHA512_Update(SHA512_CTX* context, const sha2_byte *data, size_t len) {
 			return;
 		}
 	}
-	while (len >= SHA512_BLOCK_LENGTH) {
-		/* Process as many complete blocks as we can */
-		SHA512_Transform(context, (const sha2_word64*)(const void *)data);
-		ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
-		len -= SHA512_BLOCK_LENGTH;
-		data += SHA512_BLOCK_LENGTH;
+	/*
+	 * Process as many complete blocks as possible.
+	 *
+	 * Check alignment of the data pointer. If it is 64bit aligned,
+	 * SHA512_Transform can be called directly on the data stream,
+	 * otherwise enforce the alignment by copy into the buffer.
+	 */
+	if ((uintptr_t)data % 8 == 0) {
+		while (len >= SHA512_BLOCK_LENGTH) {
+			SHA512_Transform(context,
+			    (const sha2_word64 *)(const void *)data);
+			ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
+			len -= SHA512_BLOCK_LENGTH;
+			data += SHA512_BLOCK_LENGTH;
+		}
+	} else {
+		while (len >= SHA512_BLOCK_LENGTH) {
+			memcpy(context->buffer, data, SHA512_BLOCK_LENGTH);
+			SHA512_Transform(context,
+			    (const sha2_word64 *)(void *)context->buffer);
+			ADDINC128(context->bitcount, SHA512_BLOCK_LENGTH << 3);
+			len -= SHA512_BLOCK_LENGTH;
+			data += SHA512_BLOCK_LENGTH;
+		}
 	}
 	if (len > 0) {
 		/* There's left-overs, so save 'em */