From 36168d2942b82c351daf00cd3e2744ebb10add13 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Mon, 19 Feb 2018 19:23:40 +0100
Subject: [PATCH] New macros TMP_DECL_ALIGN and TMP_ALLOC_ALIGN.

---
 ChangeLog         | 12 ++++++++++++
 nettle-internal.h | 25 +++++++++++++++++++++++--
 pss-mgf1.c        |  4 ++--
 pss.c             |  8 ++++----
 4 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index e354cdde..11d31bc7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2018-02-19  Niels Möller  <nisse@lysator.liu.se>
+
+	* nettle-internal.h: Include sha3.h, needed for the definition of
+	NETTLE_MAX_HASH_CONTEXT_SIZE.
+	(TMP_DECL_ALIGN, TMP_ALLOC_ALIGN): New macros, to support
+	allocation of context structs with alignment requirements.
+	[!HAVE_ALLOCA]: Also use assert, rather than calling abort
+	directly.
+
+	* pss.c (pss_encode_mgf1, pss_verify_mgf1): Use new macros.
+	* pss-mgf1.c (pss_mgf1): Likewise.
+
 2018-02-18  Niels Möller  <nisse@lysator.liu.se>
 
 	* testsuite/Makefile.in (TS_NETTLE_SOURCES): Moved pss-mgf1-test.c...
diff --git a/nettle-internal.h b/nettle-internal.h
index 38c8d2a8..dbd989b7 100644
--- a/nettle-internal.h
+++ b/nettle-internal.h
@@ -35,20 +35,41 @@
 #ifndef NETTLE_INTERNAL_H_INCLUDED
 #define NETTLE_INTERNAL_H_INCLUDED
 
+#include <assert.h>
+
 #include "nettle-meta.h"
 
+/* For definition of NETTLE_MAX_HASH_CONTEXT_SIZE. */
+#include "sha3.h"
+
 /* Temporary allocation, for systems that don't support alloca. Note
  * that the allocation requests should always be reasonably small, so
  * that they can fit on the stack. For non-alloca systems, we use a
- * fix maximum size, and abort if we ever need anything larger. */
+ * fix maximum size + an assert.
+ *
+ * TMP_DECL and TMP_ALLOC allocate an array of the given type, and
+ * take the array size (not byte size) as argument.
+ *
+ * TMP_DECL_ALIGN and TMP_ALLOC_ALIGN are intended for context
+ * structs, which need proper alignment. They take the size in bytes,
+ * and produce a void *. On systems without alloca, implemented as an
+ * array of uint64_t, to ensure alignment. Since it is used as void *
+ * argument, no type casts are needed.
+ */
 
 #if HAVE_ALLOCA
 # define TMP_DECL(name, type, max) type *name
 # define TMP_ALLOC(name, size) (name = alloca(sizeof (*name) * (size)))
+# define TMP_DECL_ALIGN(name, max) void *name
+# define TMP_ALLOC_ALIGN(name, size) (name = alloca(size))
 #else /* !HAVE_ALLOCA */
 # define TMP_DECL(name, type, max) type name[max]
 # define TMP_ALLOC(name, size) \
-  do { if ((size) > (sizeof(name) / sizeof(name[0]))) abort(); } while (0)
+  do { assert((size_t)(size) <= (sizeof(name) / sizeof(name[0]))); } while (0)
+# define TMP_DECL_ALIGN(name, max) \
+  uint64_t name[((max) + (sizeof(uint64_t) - 1))/ sizeof(uint64_t)]
+# define TMP_ALLOC_ALIGN(name, size) \
+  do { assert((size_t)(size) <= (sizeof(name))); } while (0)
 #endif 
 
 /* Arbitrary limits which apply to systems that don't have alloca */
diff --git a/pss-mgf1.c b/pss-mgf1.c
index 67df5570..3f5e204b 100644
--- a/pss-mgf1.c
+++ b/pss-mgf1.c
@@ -48,12 +48,12 @@ pss_mgf1(const void *seed, const struct nettle_hash *hash,
 	 size_t length, uint8_t *mask)
 {
   TMP_DECL(h, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
-  TMP_DECL(state, uint8_t, NETTLE_MAX_HASH_CONTEXT_SIZE);
+  TMP_DECL_ALIGN(state, NETTLE_MAX_HASH_CONTEXT_SIZE);
   size_t i;
   uint8_t c[4];
 
   TMP_ALLOC(h, hash->digest_size);
-  TMP_ALLOC(state, hash->context_size);
+  TMP_ALLOC_ALIGN(state, hash->context_size);
 
   for (i = 0;;
        i++, mask += hash->digest_size, length -= hash->digest_size)
diff --git a/pss.c b/pss.c
index 88125c06..d28e7b13 100644
--- a/pss.c
+++ b/pss.c
@@ -67,12 +67,12 @@ pss_encode_mgf1(mpz_t m, size_t bits,
 		const uint8_t *digest)
 {
   TMP_GMP_DECL(em, uint8_t);
-  TMP_DECL(state, uint8_t, NETTLE_MAX_HASH_CONTEXT_SIZE);
+  TMP_DECL_ALIGN(state, NETTLE_MAX_HASH_CONTEXT_SIZE);
   size_t key_size = (bits + 7) / 8;
   size_t j;
 
   TMP_GMP_ALLOC(em, key_size);
-  TMP_ALLOC(state, hash->context_size);
+  TMP_ALLOC_ALIGN(state, hash->context_size);
 
   if (key_size < hash->digest_size + salt_length + 2)
     {
@@ -127,7 +127,7 @@ pss_verify_mgf1(const mpz_t m, size_t bits,
 {
   TMP_GMP_DECL(em, uint8_t);
   TMP_DECL(h2, uint8_t, NETTLE_MAX_HASH_DIGEST_SIZE);
-  TMP_DECL(state, uint8_t, NETTLE_MAX_HASH_CONTEXT_SIZE);
+  TMP_DECL_ALIGN(state, NETTLE_MAX_HASH_CONTEXT_SIZE);
   uint8_t *h, *db, *salt;
   size_t key_size = (bits + 7) / 8;
   size_t j;
@@ -138,7 +138,7 @@ pss_verify_mgf1(const mpz_t m, size_t bits,
   TMP_GMP_ALLOC(em, key_size * 2);
 
   TMP_ALLOC(h2, hash->digest_size);
-  TMP_ALLOC(state, hash->context_size);
+  TMP_ALLOC_ALIGN(state, hash->context_size);
 
   if (key_size < hash->digest_size + salt_length + 2)
     goto cleanup;
-- 
2.26.2