sha256 digests are incorrect

[cyphar]

There appears to be a serious issue with sha256 digests output by nmtree -- any file I've tested that contains data will have an incorrect sha256 checksum. It seems that only -k sha256 outputs incorrect hashes, the other algorithms I've tested so far (sha1, sha384, sha512, md5, and ripemd160) appear to produce correct results. Interestingly, it seems sha256 is the only sha2 variant with this bug.

I suspect this is a bug in libnbcompat (and presumably was a porting bug since I presume NetBSD wouldn't have a bug this serious go unnoticed).

You can easily test this yourself in this repository:

% nmtree -c -k sha256 | nmtree -C -k sha256 | grep README
./README type=file sha256=7ec23dbe499eef96de8a626aed90eb4ff8460a32d7a296aa80bd05cc9fc7f12a
% sha256sum ./README
77492af42db26c1908c65bdffe7a77cd51dadeb1a1fd330d5bd153df77c5f3a8  ./README

For README (and some other files I've tested), other checksums work without issue:

% rmd160sum() { openssl dgst -rmd160 "$@" }
% for sum in {sha1,sha384,sha512,md5,rmd160}; do nmtree -c -k $sum | nmtree -C -k $sum | grep README; ${sum}sum README; done
./README type=file sha1=f4f8235e521deab88af6a5cd3ea3648cce95ed84
f4f8235e521deab88af6a5cd3ea3648cce95ed84  README
./README type=file sha384=e26a7d6dd76181eeef5a4b43560c70c671c129ca985cecf33f482ea1e5e480dace21210e43b9c579f1a9803d81cf1af2
e26a7d6dd76181eeef5a4b43560c70c671c129ca985cecf33f482ea1e5e480dace21210e43b9c579f1a9803d81cf1af2  README
./README type=file sha512=e20fcc295429842d81db298c2d4b47e70b3b6676c1ee42cbdf1b1408bf9c1caf5ff78068e48fe1364092a97e997d3603562999a7032823d4e9b0e620301e359c
e20fcc295429842d81db298c2d4b47e70b3b6676c1ee42cbdf1b1408bf9c1caf5ff78068e48fe1364092a97e997d3603562999a7032823d4e9b0e620301e359c  README
\./README type=file md5=a7f309817e6bd528069acff2a4065f2a
a7f309817e6bd528069acff2a4065f2a  README
./README type=file rmd160=a4e402cfb6bde0c426c2b6f6a4fcea4a73ca1711
RIPEMD-160(README)= a4e402cfb6bde0c426c2b6f6a4fcea4a73ca1711

And for an empty file, they all produce the correct result:

% rmd160sum() { openssl dgst -rmd160 "$@" }
% touch empty; truncate --size=0 empty
% for sum in {sha1,sha256,sha384,sha512,md5,rmd160}; do nmtree -c -k $sum | nmtree -C -k $sum | grep empty; ${sum}sum empty; done
./empty type=file sha1=da39a3ee5e6b4b0d3255bfef95601890afd80709
da39a3ee5e6b4b0d3255bfef95601890afd80709  empty
./empty type=file sha256=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  empty
./empty type=file sha384=38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b
38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b  empty
./empty type=file sha512=cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e  empty
./empty type=file md5=d41d8cd98f00b204e9800998ecf8427e
d41d8cd98f00b204e9800998ecf8427e  empty
./empty type=file rmd160=9c1185a5c5e9fc54612808977ee8f548b2258d31
RIPEMD-160(empty)= 9c1185a5c5e9fc54612808977ee8f548b2258d31

And cksum also appears to work properly as well.

[cyphar]

Fixed by archiecobbs/libnbcompat#4.