Wrong padding when l > BLOCKSIZE - 1 - PADBLOCKLEN

Functions [sha512_compute](https://github.com/HectorBst/libhash/blob/master/sha512_internal.c#L125) and [sha256_compute](https://github.com/HectorBst/libhash/blob/master/sha256_internal.c#L116) generate wrong padding when message length is greater than pad block length. The bug is last param of `memset` (length) which should be multiple of `sizeof(word_t)`, i.e.: `sizeof(word_t) * BLOCKSIZE - sizeof(word_t) * PADBLOCKSIZE`, since the `result` var is of type `word_t ` and not 8-bit byte type.  The [sha512_compute](https://github.com/HectorBst/libhash/blob/master/sha512_internal.c#L114) function also has wrong condition for the case when an additional block should be generated. Should be `datalength < BLOCK_SIZE - 16` due to SHA-512 padding block is 128 bit -> 16 bytes.

Test vector for SHA384:
```
msg   = f419494c3c6d0727b3395a483a2167182a7252f4fd099c2d4b71b053f94bb8b3adf3b51e8460cfec084ce9415c95798fbae4975c208c544645b54c44d2b97f2ecfce5c805be61f5ba1d35dcc07afdd51a87baa990506668cf710e18be9b0ebf943f366fa29c69f7a6616de72a3353b66
md384 = aead8688c58c6ba4e9cadb4756b465dce0fb06f1cfaa478197f2ea89414e47e9572034adfed160703c79b82b3fd7ab78
```

Here's an example fix for `sha512_compute`:
```C++
result[i++] = 0x80;
if (datalength > BLOCK_SIZE - 16) {
    while (i < BLOCK_SIZE) {
        result[i++] = 0;
    }
    sha512_compress(result, state);
    memset(result, 0,  sizeof(result));
}
else {
    while (i < BLOCK_SIZE - 16) {
        result[i++] = 0;
    }
}
``` 



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Wrong padding when l > BLOCKSIZE - 1 - PADBLOCKLEN #1

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Wrong padding when l > BLOCKSIZE - 1 - PADBLOCKLEN #1

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions