Account for SHA-512 asking for a 128-bit message length

The upper 64 bits are filled with zeroes because 128-bit integers are not
available everywhere and it will be a while before lengths overflowing 64
bits are realistically possible.

diff --git a/source/sha2.cpp b/source/sha2.cpp
index 24514423580ce6e76ed6a76950248a5294235854..c7f51a5bb00cffeecc9147e6d1dff116401e1534 100644 (file)
--- a/source/sha2.cpp
+++ b/source/sha2.cpp
@@ -122,8 +122,9 @@ unsigned SHA2<C>::get_digest(char *digest, unsigned len) const
        SHA2<Constants> padded = *this;
 
        char padding[Constants::BLOCK_SIZE] = { static_cast<char>(0x80) };
-       padded.update(padding, Constants::BLOCK_SIZE-(this->unprocessed_bytes+8)%Constants::BLOCK_SIZE);
+       padded.update(padding, Constants::BLOCK_SIZE-(this->unprocessed_bytes+Constants::MIN_PADDING)%Constants::BLOCK_SIZE);
 
+       padded.update(padding+1, Constants::MIN_PADDING-8);
        UInt64 message_length = (processed_bytes+this->unprocessed_bytes)*8;
        write_word(message_length, padding);
        padded.update(padding, 8);

diff --git a/source/sha2.h b/source/sha2.h
index ed5c4fe36d0a210dd8c24e740565eaa888c17941..060b8d79af5cc2d72010821957dd28d88645faf9 100644 (file)
--- a/source/sha2.h
+++ b/source/sha2.h
@@ -43,6 +43,7 @@ struct SHA2_256Constants
                WORD_SIZE = sizeof(WordType),
                BLOCK_SIZE = 64,   // 512 bits
                DIGEST_SIZE = 32,  // 256 bits
+               MIN_PADDING = 8,
                N_ROUNDS = 64
        };
 
@@ -60,6 +61,7 @@ struct SHA2_512Constants
                WORD_SIZE = sizeof(WordType),
                BLOCK_SIZE = 128,  // 1024 bits
                DIGEST_SIZE = 64,  // 512 bits
+               MIN_PADDING = 16,
                N_ROUNDS = 80
        };