> I don't see a bug in sha512.c, though;
> could you please elaborate? Thanks.
sha512.c:489:
/* First increment the byte count. FIPS PUB 180-2 specifies the possible
length of the file up to 2^128 bits. Here we only compute the
number of bytes. Do a double word increment. */
ctx->total[0] = u64plus (ctx->total[0], u64lo (len));
if (u64lt (ctx->total[0], u64lo (len)))
ctx->total[1] = u64plus (ctx->total[1], u64lo (1));
^^^^^^^^^
this part does exactly the same: increment ctx->total [1] by one, where
larger increment may be needed.
Thanks for the quick fix!
