In host_functions.rs:

pub trait HostFunctionsProvider {
    /// The SHA-512 hash algorithm with its output truncated to 256 bits.
    fn sha2_512_truncated(message: &[u8]) -> [u8; 32];
}

Then, in ops.rs, this function is used to do the SHA512/256 hash:

pub(crate) fn do_hash<H: HostFunctionsProvider>(hash: HashOp, data: &[u8]) -> Hash {
    match hash {
        HashOp::Sha512256 => Hash::from(H::sha2_512_truncated(data)),
        // ...
    }
}

This is incorrect: "SHA2-512 truncated" and SHA512/256 are two distinct things:

• "SHA2-512 truncated" means to do the SHA2-512 hash, which produces a 64-byte hash, and manually truncate off the second half;
• SHA512/256 is a different hash algorithm (also part of the SHA2 family) that natively produces a 32-byte hash.

According to the proto definition, the intention is to use SHA512/256, meaning the function sha2_512_truncated is misnamed. It should be renamed to sha2_512_256. However, the implementation is correct.

Issue caught by @Rhaki