Simplified sha256_Final/sha512_Last

- Fix the bug where we zero too many bytes in sha512_Last (SHORT_BLOCK_LENGTH != BLOCK_LENGTH -2). - Get rid of an if branch. - Don't reverse the last two words in 512_Last that are written later. - make 256_Final and 512_Last look the same.
2025-01-03 20:11:00 +00:00 · 2016-08-29 21:41:23 +02:00 · 2016-08-29 21:41:23 +02:00 · 19a1f501c4
commit 19a1f501c4
parent b3e6eecfce
1 changed files with 17 additions and 23 deletions
--- a/sha2.c
+++ b/sha2.c
@ -488,13 +488,9 @@ void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
 		/* Begin padding with a 1 bit: */
 		((uint8_t*)context->buffer)[usedspace++] = 0x80;
-		if (usedspace <= SHA256_SHORT_BLOCK_LENGTH) {
+		if (usedspace > SHA256_SHORT_BLOCK_LENGTH) {
-			/* Set-up for the last transform: */
+			MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA256_BLOCK_LENGTH - usedspace);
-			MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA256_SHORT_BLOCK_LENGTH - usedspace);
+
 		} else {
 			if (usedspace < SHA256_BLOCK_LENGTH) {
 				MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA256_BLOCK_LENGTH - usedspace);
 			}
 #if BYTE_ORDER == LITTLE_ENDIAN
 			/* Convert TO host byte order */
 			for (int j = 0; j < 16; j++) {
@ -504,9 +500,11 @@ void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
 			/* Do second-to-last transform: */
 			sha256_Transform(context->state, context->buffer, context->state);
-			/* And set-up for the last transform: */
+			/* And prepare the last transform: */
-			MEMSET_BZERO(context->buffer, SHA256_SHORT_BLOCK_LENGTH);
+			usedspace = 0;
 		}
 		/* Set-up for the last transform: */
 		MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA256_SHORT_BLOCK_LENGTH - usedspace);
 #if BYTE_ORDER == LITTLE_ENDIAN
 		/* Convert TO host byte order */
@ -793,13 +791,9 @@ static void sha512_Last(SHA512_CTX* context) {
 	/* Begin padding with a 1 bit: */
 	((uint8_t*)context->buffer)[usedspace++] = 0x80;
-	if (usedspace <= SHA512_SHORT_BLOCK_LENGTH) {
+	if (usedspace > SHA512_SHORT_BLOCK_LENGTH) {
-		/* Set-up for the last transform: */
+		MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA512_BLOCK_LENGTH - usedspace);
-		MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA512_SHORT_BLOCK_LENGTH - usedspace);
+
 	} else {
 		if (usedspace < SHA512_BLOCK_LENGTH) {
 			MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA512_BLOCK_LENGTH - usedspace);
 		}
 #if BYTE_ORDER == LITTLE_ENDIAN
 		/* Convert TO host byte order */
 		for (int j = 0; j < 16; j++) {
@ -809,21 +803,21 @@ static void sha512_Last(SHA512_CTX* context) {
 		/* Do second-to-last transform: */
 		sha512_Transform(context->state, context->buffer, context->state);
-		/* And set-up for the last transform: */
+		/* And prepare the last transform: */
-		MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH - 2);
+		usedspace = 0;
 	}
 	/* Set-up for the last transform: */
 	MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA512_SHORT_BLOCK_LENGTH - usedspace);
 #if BYTE_ORDER == LITTLE_ENDIAN
 	/* Convert TO host byte order */
-	for (int j = 0; j < 16; j++) {
+	for (int j = 0; j < 14; j++) {
 		REVERSE64(context->buffer[j],context->buffer[j]);
 	}
 #endif
 	/* Store the length of input data (in bits): */
-	sha2_word64 *t;
+	context->buffer[14] = context->bitcount[1];
-	t = &context->buffer[SHA512_SHORT_BLOCK_LENGTH/sizeof(sha2_word64)];
+	context->buffer[15] = context->bitcount[0];
 	t[0] = context->bitcount[1];
 	t[1] = context->bitcount[0];
 	/* Final transform: */
 	sha512_Transform(context->state, context->buffer, context->state);