libtom · MarekKnapek · May 18, 2026 · May 18, 2026 · May 18, 2026
diff --git a/makefile.mingw b/makefile.mingw
@@ -244,12 +244,12 @@ src/stream/sosemanuk/sosemanuk_memory.o src/stream/sosemanuk/sosemanuk_test.o
 TOBJECTS=tests/argon2_test.o tests/base16_test.o tests/base32_test.o tests/base64_test.o \
 tests/bcrypt_test.o tests/cipher_hash_test.o tests/common.o tests/deprecated_test.o tests/der_test.o \
 tests/dh_test.o tests/dsa_test.o tests/ecc_test.o tests/ed25519_test.o tests/ed448_test.o \
-tests/file_test.o tests/mac_test.o tests/misc_test.o tests/modes_test.o tests/mpi_test.o \
-tests/multi_test.o tests/no_null_termination_check_test.o tests/no_prng.o tests/padding_test.o \
-tests/pem_test.o tests/pk_oid_test.o tests/pkcs_1_eme_test.o tests/pkcs_1_emsa_test.o \
-tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o tests/prng_test.o \
-tests/rotate_test.o tests/rsa_test.o tests/scrypt_test.o tests/siv_wycheproof_test.o tests/ssh_test.o \
-tests/store_test.o tests/test.o tests/x25519_test.o tests/x448_test.o
+tests/file_test.o tests/hash_state_test.o tests/mac_test.o tests/misc_test.o tests/modes_test.o \
+tests/mpi_test.o tests/multi_test.o tests/no_null_termination_check_test.o tests/no_prng.o \
+tests/padding_test.o tests/pem_test.o tests/pk_oid_test.o tests/pkcs_1_eme_test.o \
+tests/pkcs_1_emsa_test.o tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o \
+tests/prng_test.o tests/rotate_test.o tests/rsa_test.o tests/scrypt_test.o tests/siv_wycheproof_test.o \
+tests/ssh_test.o tests/store_test.o tests/test.o tests/x25519_test.o tests/x448_test.o
 
 #The following headers will be installed by "make install"
 HEADERS_PUB=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \

diff --git a/makefile.msvc b/makefile.msvc
@@ -237,12 +237,12 @@ src/stream/sosemanuk/sosemanuk_memory.obj src/stream/sosemanuk/sosemanuk_test.ob
 TOBJECTS=tests/argon2_test.obj tests/base16_test.obj tests/base32_test.obj tests/base64_test.obj \
 tests/bcrypt_test.obj tests/cipher_hash_test.obj tests/common.obj tests/deprecated_test.obj tests/der_test.obj \
 tests/dh_test.obj tests/dsa_test.obj tests/ecc_test.obj tests/ed25519_test.obj tests/ed448_test.obj \
-tests/file_test.obj tests/mac_test.obj tests/misc_test.obj tests/modes_test.obj tests/mpi_test.obj \
-tests/multi_test.obj tests/no_null_termination_check_test.obj tests/no_prng.obj tests/padding_test.obj \
-tests/pem_test.obj tests/pk_oid_test.obj tests/pkcs_1_eme_test.obj tests/pkcs_1_emsa_test.obj \
-tests/pkcs_1_oaep_test.obj tests/pkcs_1_pss_test.obj tests/pkcs_1_test.obj tests/prng_test.obj \
-tests/rotate_test.obj tests/rsa_test.obj tests/scrypt_test.obj tests/siv_wycheproof_test.obj tests/ssh_test.obj \
-tests/store_test.obj tests/test.obj tests/x25519_test.obj tests/x448_test.obj
+tests/file_test.obj tests/hash_state_test.obj tests/mac_test.obj tests/misc_test.obj tests/modes_test.obj \
+tests/mpi_test.obj tests/multi_test.obj tests/no_null_termination_check_test.obj tests/no_prng.obj \
+tests/padding_test.obj tests/pem_test.obj tests/pk_oid_test.obj tests/pkcs_1_eme_test.obj \
+tests/pkcs_1_emsa_test.obj tests/pkcs_1_oaep_test.obj tests/pkcs_1_pss_test.obj tests/pkcs_1_test.obj \
+tests/prng_test.obj tests/rotate_test.obj tests/rsa_test.obj tests/scrypt_test.obj tests/siv_wycheproof_test.obj \
+tests/ssh_test.obj tests/store_test.obj tests/test.obj tests/x25519_test.obj tests/x448_test.obj
 
 #The following headers will be installed by "make install"
 HEADERS_PUB=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \

diff --git a/makefile.unix b/makefile.unix
@@ -258,12 +258,12 @@ src/stream/sosemanuk/sosemanuk_memory.o src/stream/sosemanuk/sosemanuk_test.o
 TOBJECTS=tests/argon2_test.o tests/base16_test.o tests/base32_test.o tests/base64_test.o \
 tests/bcrypt_test.o tests/cipher_hash_test.o tests/common.o tests/deprecated_test.o tests/der_test.o \
 tests/dh_test.o tests/dsa_test.o tests/ecc_test.o tests/ed25519_test.o tests/ed448_test.o \
-tests/file_test.o tests/mac_test.o tests/misc_test.o tests/modes_test.o tests/mpi_test.o \
-tests/multi_test.o tests/no_null_termination_check_test.o tests/no_prng.o tests/padding_test.o \
-tests/pem_test.o tests/pk_oid_test.o tests/pkcs_1_eme_test.o tests/pkcs_1_emsa_test.o \
-tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o tests/prng_test.o \
-tests/rotate_test.o tests/rsa_test.o tests/scrypt_test.o tests/siv_wycheproof_test.o tests/ssh_test.o \
-tests/store_test.o tests/test.o tests/x25519_test.o tests/x448_test.o
+tests/file_test.o tests/hash_state_test.o tests/mac_test.o tests/misc_test.o tests/modes_test.o \
+tests/mpi_test.o tests/multi_test.o tests/no_null_termination_check_test.o tests/no_prng.o \
+tests/padding_test.o tests/pem_test.o tests/pk_oid_test.o tests/pkcs_1_eme_test.o \
+tests/pkcs_1_emsa_test.o tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o \
+tests/prng_test.o tests/rotate_test.o tests/rsa_test.o tests/scrypt_test.o tests/siv_wycheproof_test.o \
+tests/ssh_test.o tests/store_test.o tests/test.o tests/x25519_test.o tests/x448_test.o
 
 #The following headers will be installed by "make install"
 HEADERS_PUB=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \

diff --git a/makefile_include.mk b/makefile_include.mk
@@ -434,12 +434,12 @@ endif
 TOBJECTS=tests/argon2_test.o tests/base16_test.o tests/base32_test.o tests/base64_test.o \
 tests/bcrypt_test.o tests/cipher_hash_test.o tests/common.o tests/deprecated_test.o tests/der_test.o \
 tests/dh_test.o tests/dsa_test.o tests/ecc_test.o tests/ed25519_test.o tests/ed448_test.o \
-tests/file_test.o tests/mac_test.o tests/misc_test.o tests/modes_test.o tests/mpi_test.o \
-tests/multi_test.o tests/no_null_termination_check_test.o tests/no_prng.o tests/padding_test.o \
-tests/pem_test.o tests/pk_oid_test.o tests/pkcs_1_eme_test.o tests/pkcs_1_emsa_test.o \
-tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o tests/prng_test.o \
-tests/rotate_test.o tests/rsa_test.o tests/scrypt_test.o tests/siv_wycheproof_test.o tests/ssh_test.o \
-tests/store_test.o tests/test.o tests/x25519_test.o tests/x448_test.o
+tests/file_test.o tests/hash_state_test.o tests/mac_test.o tests/misc_test.o tests/modes_test.o \
+tests/mpi_test.o tests/multi_test.o tests/no_null_termination_check_test.o tests/no_prng.o \
+tests/padding_test.o tests/pem_test.o tests/pk_oid_test.o tests/pkcs_1_eme_test.o \
+tests/pkcs_1_emsa_test.o tests/pkcs_1_oaep_test.o tests/pkcs_1_pss_test.o tests/pkcs_1_test.o \
+tests/prng_test.o tests/rotate_test.o tests/rsa_test.o tests/scrypt_test.o tests/siv_wycheproof_test.o \
+tests/ssh_test.o tests/store_test.o tests/test.o tests/x25519_test.o tests/x448_test.o
 
 # The following headers will be installed by "make install"
 HEADERS_PUB=src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt_cfg.h \

diff --git a/src/hashes/sha1.c b/src/hashes/sha1.c
@@ -47,6 +47,8 @@ static int ss_sha1_c_compress(hash_state *md, const unsigned char *buf)
 static int  s_sha1_c_compress(hash_state *md, const unsigned char *buf)
 #endif
 {
+   ulong32* state;
+   int align;
     ulong32 a,b,c,d,e,i;
 #ifdef LTC_SMALL_STACK_SHA1
     ulong32 W[16];
@@ -57,17 +59,24 @@ static int  s_sha1_c_compress(hash_state *md, const unsigned char *buf)
     ulong32 t;
 #endif
 
+    state = LTC_ALIGN_BUF(md->sha1.state_buf, 16);
+    align = (int)((char*)state - (char*)md->sha1.state_buf);
+    if (align != md->sha1.align) {
+      XMEMMOVE(state, &md->sha1.state_buf[align], 5 * sizeof(ulong32));
+      md->sha1.align = align;
+    }
+
     /* copy the state into 512-bits into W[0..15] */
     for (i = 0; i < 16; i++) {
         LOAD32H(W[i], buf + (4*i));
     }
 
     /* copy state */
-    a = md->sha1.state[0];
-    b = md->sha1.state[1];
-    c = md->sha1.state[2];
-    d = md->sha1.state[3];
-    e = md->sha1.state[4];
+    a = state[0];
+    b = state[1];
+    c = state[2];
+    d = state[3];
+    e = state[4];
 
 #ifdef LTC_SMALL_STACK_SHA1
     #define Wi(i) do { W[(i) % 16] = ROL(W[((i) - 3) % 16] ^ W[((i) - 8) % 16] ^ W[((i) - 14) % 16] ^ W[((i) - 16) % 16], 1); } while(0)
@@ -160,11 +169,11 @@ static int  s_sha1_c_compress(hash_state *md, const unsigned char *buf)
     #undef Windex
 
     /* store */
-    md->sha1.state[0] = md->sha1.state[0] + a;
-    md->sha1.state[1] = md->sha1.state[1] + b;
-    md->sha1.state[2] = md->sha1.state[2] + c;
-    md->sha1.state[3] = md->sha1.state[3] + d;
-    md->sha1.state[4] = md->sha1.state[4] + e;
+    state[0] = state[0] + a;
+    state[1] = state[1] + b;
+    state[2] = state[2] + c;
+    state[3] = state[3] + d;
+    state[4] = state[4] + e;
 
     return CRYPT_OK;
 }
@@ -186,15 +195,18 @@ static int s_sha1_c_compress(hash_state *md, const unsigned char *buf)
 */
 int sha1_c_init(hash_state * md)
 {
+   ulong32* state;
+
    LTC_ARGCHK(md != NULL);
 
-   md->sha1.state = LTC_ALIGN_BUF(md->sha1.state_buf, 16);
+   state = LTC_ALIGN_BUF(md->sha1.state_buf, 16);
+   md->sha1.align = (int)((char*)state - (char*)md->sha1.state_buf);
 
-   md->sha1.state[0] = 0x67452301UL;
-   md->sha1.state[1] = 0xefcdab89UL;
-   md->sha1.state[2] = 0x98badcfeUL;
-   md->sha1.state[3] = 0x10325476UL;
-   md->sha1.state[4] = 0xc3d2e1f0UL;
+   state[0] = 0x67452301UL;
+   state[1] = 0xefcdab89UL;
+   state[2] = 0x98badcfeUL;
+   state[3] = 0x10325476UL;
+   state[4] = 0xc3d2e1f0UL;
    md->sha1.curlen = 0;
    md->sha1.length = 0;
    return CRYPT_OK;
@@ -217,6 +229,8 @@ HASH_PROCESS(sha1_c_process, s_sha1_c_compress, sha1, 64)
 */
 int sha1_c_done(hash_state * md, unsigned char *out)
 {
+    ulong32* state;
+    int align;
     int i;
 
     LTC_ARGCHK(md  != NULL);
@@ -226,6 +240,13 @@ int sha1_c_done(hash_state * md, unsigned char *out)
        return CRYPT_INVALID_ARG;
     }
 
+    state = LTC_ALIGN_BUF(md->sha1.state_buf, 16);
+    align = (int)((char*)state - (char*)md->sha1.state_buf);
+    if (align != md->sha1.align) {
+      XMEMMOVE(state, &md->sha1.state_buf[align], 5 * sizeof(ulong32));
+      md->sha1.align = align;
+    }
+
     /* increase the length of the message */
     md->sha1.length += md->sha1.curlen * 8;
 
@@ -255,7 +276,7 @@ int sha1_c_done(hash_state * md, unsigned char *out)
 
     /* copy output */
     for (i = 0; i < 5; i++) {
-        STORE32H(md->sha1.state[i], out+(4*i));
+        STORE32H(state[i], out+(4*i));
     }
 #ifdef LTC_CLEAN_STACK
     zeromem(md, sizeof(hash_state));

diff --git a/src/hashes/sha1_x86.c b/src/hashes/sha1_x86.c
@@ -53,6 +53,8 @@ static int LTC_SHA_TARGET s_sha1_x86_compress(hash_state *md, const unsigned cha
 {
 #define k_reverse_32 ((0x0 << (3 * 2)) | (0x1 << (2 * 2)) | (0x2 << (1 * 2)) | (0x3 << (0 * 2)))
 
+    ulong32* state;
+    int align;
     __m128i reverse_8;
     __m128i abcdx;
     __m128i e;
@@ -64,10 +66,17 @@ static int LTC_SHA_TARGET s_sha1_x86_compress(hash_state *md, const unsigned cha
     __m128i msg_2;
     __m128i msg_3;
 
+    state = LTC_ALIGN_BUF(md->sha1.state_buf, 16);
+    align = (int)((char*)state - (char*)md->sha1.state_buf);
+    if (align != md->sha1.align) {
+      XMEMMOVE(state, &md->sha1.state_buf[align], 5 * sizeof(ulong32));
+      md->sha1.align = align;
+    }
+
     reverse_8 = _mm_set_epi64x(0x0001020304050607ull, 0x08090a0b0c0d0e0full);
-    abcdx = _mm_load_si128(((__m128i const*)(&md->sha1.state[0])));
+    abcdx = _mm_load_si128(((__m128i const*)(&state[0])));
     abcdx = _mm_shuffle_epi32(abcdx, k_reverse_32);
-    e = _mm_set_epi32(*((int const*)(&md->sha1.state[4])), 0, 0, 0);
+    e = _mm_set_epi32(*((int const*)(&state[4])), 0, 0, 0);
 
     old_abcd = abcdx;
     old_e = e;
@@ -173,8 +182,8 @@ static int LTC_SHA_TARGET s_sha1_x86_compress(hash_state *md, const unsigned cha
     e = _mm_add_epi32(e, old_e);
 
     abcdx = _mm_shuffle_epi32(abcdx, k_reverse_32);
-    _mm_store_si128(((__m128i*)(&md->sha1.state[0])), abcdx);
-    *((int*)(&md->sha1.state[4])) = _mm_extract_epi32(e, 3);
+    _mm_store_si128(((__m128i*)(&state[0])), abcdx);
+    *((int*)(&state[4])) = _mm_extract_epi32(e, 3);
 
     return CRYPT_OK;
 
@@ -198,15 +207,18 @@ static int s_sha1_x86_compress(hash_state *md, const unsigned char *buf)
 */
 int sha1_x86_init(hash_state * md)
 {
+   ulong32* state;
+
    LTC_ARGCHK(md != NULL);
 
-   md->sha1.state = LTC_ALIGN_BUF(md->sha1.state_buf, 16);
+   state = LTC_ALIGN_BUF(md->sha1.state_buf, 16);
+   md->sha1.align = (int)((char*)state - (char*)md->sha1.state_buf);
 
-   md->sha1.state[0] = 0x67452301UL;
-   md->sha1.state[1] = 0xefcdab89UL;
-   md->sha1.state[2] = 0x98badcfeUL;
-   md->sha1.state[3] = 0x10325476UL;
-   md->sha1.state[4] = 0xc3d2e1f0UL;
+   state[0] = 0x67452301UL;
+   state[1] = 0xefcdab89UL;
+   state[2] = 0x98badcfeUL;
+   state[3] = 0x10325476UL;
+   state[4] = 0xc3d2e1f0UL;
    md->sha1.curlen = 0;
    md->sha1.length = 0;
    return CRYPT_OK;
@@ -229,6 +241,8 @@ HASH_PROCESS(sha1_x86_process, s_sha1_x86_compress, sha1, 64)
 */
 int sha1_x86_done(hash_state * md, unsigned char *out)
 {
+    ulong32* state;
+    int align;
     int i;
 
     LTC_ARGCHK(md  != NULL);
@@ -238,6 +252,13 @@ int sha1_x86_done(hash_state * md, unsigned char *out)
        return CRYPT_INVALID_ARG;
     }
 
+    state = LTC_ALIGN_BUF(md->sha1.state_buf, 16);
+    align = (int)((char*)state - (char*)md->sha1.state_buf);
+    if (align != md->sha1.align) {
+      XMEMMOVE(state, &md->sha1.state_buf[align], 5 * sizeof(ulong32));
+      md->sha1.align = align;
+    }
+
     /* increase the length of the message */
     md->sha1.length += md->sha1.curlen * 8;
 
@@ -267,7 +288,7 @@ int sha1_x86_done(hash_state * md, unsigned char *out)
 
     /* copy output */
     for (i = 0; i < 5; i++) {
-        STORE32H(md->sha1.state[i], out+(4*i));
+        STORE32H(state[i], out+(4*i));
     }
 #ifdef LTC_CLEAN_STACK
     zeromem(md, sizeof(hash_state));

diff --git a/src/hashes/sha2/sha224.c b/src/hashes/sha2/sha224.c
@@ -35,20 +35,23 @@ const struct ltc_hash_descriptor sha224_portable_desc =
 */
 int sha224_c_init(hash_state * md)
 {
+    ulong32* state;
+
     LTC_ARGCHK(md != NULL);
 
-    md->sha256.state = LTC_ALIGN_BUF(md->sha256.state_buf, 16);
+    state = LTC_ALIGN_BUF(md->sha256.state_buf, 16);
+    md->sha256.align = (int)((char*)state - (char*)md->sha256.state_buf);
 
     md->sha256.curlen = 0;
     md->sha256.length = 0;
-    md->sha256.state[0] = 0xc1059ed8UL;
-    md->sha256.state[1] = 0x367cd507UL;
-    md->sha256.state[2] = 0x3070dd17UL;
-    md->sha256.state[3] = 0xf70e5939UL;
-    md->sha256.state[4] = 0xffc00b31UL;
-    md->sha256.state[5] = 0x68581511UL;
-    md->sha256.state[6] = 0x64f98fa7UL;
-    md->sha256.state[7] = 0xbefa4fa4UL;
+    state[0] = 0xc1059ed8UL;
+    state[1] = 0x367cd507UL;
+    state[2] = 0x3070dd17UL;
+    state[3] = 0xf70e5939UL;
+    state[4] = 0xffc00b31UL;
+    state[5] = 0x68581511UL;
+    state[6] = 0x64f98fa7UL;
+    state[7] = 0xbefa4fa4UL;
     return CRYPT_OK;
 }
 

diff --git a/src/hashes/sha2/sha224_x86.c b/src/hashes/sha2/sha224_x86.c
@@ -35,20 +35,23 @@ const struct ltc_hash_descriptor sha224_x86_desc =
 */
 int sha224_x86_init(hash_state * md)
 {
+    ulong32* state;
+
     LTC_ARGCHK(md != NULL);
 
-    md->sha256.state = LTC_ALIGN_BUF(md->sha256.state_buf, 16);
+    state = LTC_ALIGN_BUF(md->sha256.state_buf, 16);
+    md->sha256.align = (int)((char*)state - (char*)md->sha256.state_buf);
 
     md->sha256.curlen = 0;
     md->sha256.length = 0;
-    md->sha256.state[0] = 0xc1059ed8UL;
-    md->sha256.state[1] = 0x367cd507UL;
-    md->sha256.state[2] = 0x3070dd17UL;
-    md->sha256.state[3] = 0xf70e5939UL;
-    md->sha256.state[4] = 0xffc00b31UL;
-    md->sha256.state[5] = 0x68581511UL;
-    md->sha256.state[6] = 0x64f98fa7UL;
-    md->sha256.state[7] = 0xbefa4fa4UL;
+    state[0] = 0xc1059ed8UL;
+    state[1] = 0x367cd507UL;
+    state[2] = 0x3070dd17UL;
+    state[3] = 0xf70e5939UL;
+    state[4] = 0xffc00b31UL;
+    state[5] = 0x68581511UL;
+    state[6] = 0x64f98fa7UL;
+    state[7] = 0xbefa4fa4UL;
     return CRYPT_OK;
 }