From: Niels Möller <nisse@lysator.liu.se>
Date: Sun, 24 Mar 2024 13:18:01 +0000 (+0100)
Subject: Use one's complement of index to indicate shake is initialized.
X-Git-Tag: nettle_3.10rc1~19^2~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=29f69b54cdefdd67ce2638e775899ae75c4415d3;p=thirdparty%2Fnettle.git

Use one's complement of index to indicate shake is initialized.
---

diff --git a/ChangeLog b/ChangeLog
index e975efb8..ae2675da 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
 	* sha3-shake.c (_nettle_sha3_shake, _nettle_sha3_shake_output):
 	New file, new functions. Generalizations of sha3_256_shake and
 	sha3_256_shake_output, respectively.
+	(_nettle_sha3_shake_output): Use one's complement of index,
+	instead of just setting high bit.
+
 	* shake256.c (sha3_256_shake, sha3_256_shake_output): Implement in
 	terms of calls to the new functions.
 	* Makefile.in (nettle_SOURCES): Add sha3-shake.c.
diff --git a/sha3-shake.c b/sha3-shake.c
index d52d011d..467a6d42 100644
--- a/sha3-shake.c
+++ b/sha3-shake.c
@@ -36,7 +36,6 @@
 #endif
 
 #include <assert.h>
-#include <limits.h>
 #include <string.h>
 
 #include "sha3.h"
@@ -44,8 +43,6 @@
 
 #include "nettle-write.h"
 
-#define INDEX_HIGH_BIT (~((UINT_MAX) >> 1))
-
 void
 _nettle_sha3_shake (struct sha3_state *state,
 		    unsigned block_size, uint8_t *block,
@@ -74,7 +71,8 @@ _nettle_sha3_shake_output (struct sha3_state *state,
 {
   unsigned left;
 
-  /* We use the leftmost bit as a flag to indicate SHAKE is initialized. */
+  /* We use one's complement of the index value to indicate SHAKE is
+     initialized. */
   if (index < block_size)
     {
       /* This is the first call of _shake_output.  */
@@ -83,7 +81,7 @@ _nettle_sha3_shake_output (struct sha3_state *state,
       index = block_size;
     }
   else
-    index &= ~INDEX_HIGH_BIT;
+    index = ~index;
 
   assert (index <= block_size);
 
@@ -92,7 +90,7 @@ _nettle_sha3_shake_output (struct sha3_state *state,
   if (length <= left)
     {
       memcpy (dst, block + index, length);
-      return (index + length) | INDEX_HIGH_BIT;
+      return ~(index + length);
     }
   else
     {
@@ -114,5 +112,5 @@ _nettle_sha3_shake_output (struct sha3_state *state,
   /* Fill in the buffer for next call.  */
   _nettle_write_le64 (block_size, block, state->a);
   memcpy (dst, block, length);
-  return length | INDEX_HIGH_BIT;
+  return ~length;
 }