User:JonathanSomers/sandbox

The psuedocode for SHA-256 contains the following three lines:

break message into 512-bit chunks for each chunk break chunk into sixteen 32-bit big-endian words w[0..15]

This sounds like it is declaring a word array of 16 words, each 32 bits in length, which is incorrect. The very next loop of code iterates with i as an index, from 16 to 63, and accesses w[i], which implies that array w must be sized as a word array of 64 words, each 32 bits in length.

I downloaded FIPS PUB 180-4 and checked the formulas listed there, which appears to confirm that the message schedule w is comprised of 64 words (see page 22) and also indicates that the first 16 words of the message schedule are copied directly from the original message block, while the remaining 48 words are computed using the formulas described in that doc (and likewise in the rest of the pseudocode).

I think those three lines would be more accurate and more descriptive if they read:

break message into 512-bit chunks for each chunk copy chunk into first 16 words of 64-word array w[0..63], where each word is 32 bits in length

I considered making the change myself, but I'd appreciate another pair of eyeballs on it to confirm the change first.