Fix prefix space for hash_message wrt padding_len

Padding_len was introduced in 7793c40c07483dd3efed0a27a85922ed5c7f0cee,
but not fixed in the calls hash_message.

Resolves #12

hash.c

@@ -91,9 +91,10 @@ int prf_keygen(const xmss_params *params,
 
 /*
  * Computes the message hash using R, the public root, the index of the leaf
- * node, and the message. Notably, it requires m_with_prefix to have 4*n bytes
- * of space before the message, to use for the prefix. This is necessary to
- * prevent having to move the message around (and thus allocate memory for it).
+ * node, and the message. Notably, it requires m_with_prefix to have 3*n plus
+ * the length of the padding as free space available before the message,
+ * to use for the prefix. This is necessary to prevent having to move the
+ * message around (and thus allocate memory for it).
  */
 int hash_message(const xmss_params *params, unsigned char *out,
                  const unsigned char *R, const unsigned char *root,

xmss_commons.c

@@ -167,7 +167,8 @@ int xmssmt_core_sign_open(const xmss_params *params,
 
     /* Compute the message hash. */
     hash_message(params, mhash, sm + params->index_bytes, pk, idx,
-                 m + params->sig_bytes - 4*params->n, *mlen);
+                 m + params->sig_bytes - params->padding_len - 3*params->n,
+                 *mlen);
     sm += params->index_bytes + params->n;
 
     /* For each subtree.. */

xmss_core.c

@@ -221,7 +221,8 @@ int xmssmt_core_sign(const xmss_params *params,
 
     /* Compute the message hash. */
     hash_message(params, mhash, sm + params->index_bytes, pub_root, idx,
-                 sm + params->sig_bytes - 4*params->n, mlen);
+                 sm + params->sig_bytes - params->padding_len - 3*params->n,
+                 mlen);
     sm += params->index_bytes + params->n;
 
     set_type(ots_addr, XMSS_ADDR_TYPE_OTS);

xmss_core_fast.c

@@ -639,7 +639,8 @@ int xmss_core_sign(const xmss_params *params,
 
     /* Compute the message hash. */
     hash_message(params, msg_h, R, pub_root, idx,
-                 sm + params->sig_bytes - 4*params->n, mlen);
+                 sm + params->sig_bytes - params->padding_len - 3*params->n,
+                 mlen);
 
     // Start collecting signature
     *smlen = 0;
@@ -825,7 +826,8 @@ int xmssmt_core_sign(const xmss_params *params,
 
     /* Compute the message hash. */
     hash_message(params, msg_h, R, pub_root, idx,
-                 sm + params->sig_bytes - 4*params->n, mlen);
+                 sm + params->sig_bytes - params->padding_len - 3*params->n,
+                 mlen);
 
     // Start collecting signature
     *smlen = 0;