Wrong padding for SHA1 -- incorrect hash when last block is more. than 448 bits

[centprod]

Pretty much the same as the already reported issue for sha256 and sha512; when the message length won't fit into the final block, an extra block is added which should be zeroed out, but the memset doesn't account for the buffer being four-byte words.

•           memset(result, 0, BLOCK_SIZE - 8);
  

•           memset(result, 0, (BLOCK_SIZE - 8) * sizeof(word_t));
  

The incorrect clearing means the extra block still contains data from the final block. The resulting hash is consistent: it's always the same for the same incoming message; but it doesn't match the sha1 standard.