From b6006381fb9f397b765e8fcd88b1d5764fac0612 Mon Sep 17 00:00:00 2001
From: Evgeny Grin <k2k@narod.ru>
Date: Fri, 15 Mar 2024 13:11:53 +0100
Subject: [PATCH] curl_sha512_256: work around a NetBSD bug

Based on Michael Kaufmann analysis and suggestion

Closes #13133
---
 lib/curl_sha512_256.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/curl_sha512_256.c b/lib/curl_sha512_256.c
index 1dd07dbc6a..8af3839c5f 100644
--- a/lib/curl_sha512_256.c
+++ b/lib/curl_sha512_256.c
@@ -153,7 +153,17 @@ Curl_sha512_256_finish(unsigned char *digest,
   CURLcode ret;
   Curl_sha512_256_ctx *const ctx = (Curl_sha512_256_ctx *)context;
 
+#ifdef __NetBSD__
+  /* Use a larger buffer to work around a bug in NetBSD:
+     https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=58039 */
+  unsigned char tmp_digest[SHA512_256_DIGEST_SIZE * 2];
+  ret = EVP_DigestFinal_ex(*ctx,
+                           tmp_digest, NULL) ? CURLE_OK : CURLE_SSL_CIPHER;
+  if(ret == CURLE_OK)
+    memcpy(digest, tmp_digest, SHA512_256_DIGEST_SIZE);
+#else  /* ! __NetBSD__ */
   ret = EVP_DigestFinal_ex(*ctx, digest, NULL) ? CURLE_OK : CURLE_SSL_CIPHER;
+#endif /* ! __NetBSD__ */
 
   EVP_MD_CTX_destroy(*ctx);
   *ctx = NULL;