From: Niels Möller <nisse@lysator.liu.se>
Date: Fri, 3 Jan 2014 20:58:15 +0000 (+0100)
Subject: Comment on origin of sha1 and sha224 initial values.
X-Git-Tag: nettle_3.0_release_20140607~179
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94d79445b1aa74e9d93d0d8f82ef392fdd81321e;p=thirdparty%2Fnettle.git

Comment on origin of sha1 and sha224 initial values.
---

diff --git a/sha1.c b/sha1.c
index e53913c9..b1365c22 100644
--- a/sha1.c
+++ b/sha1.c
@@ -57,7 +57,7 @@ sha1_init(struct sha1_ctx *ctx)
      can initialize with a single memcpy. */
   static const uint32_t iv[_SHA1_DIGEST_LENGTH] = 
     {
-      /* SHA initial values */
+      /* SHA initial values, first 4 identical to md5's. */
       0x67452301L,
       0xEFCDAB89L,
       0x98BADCFEL,
diff --git a/sha256.c b/sha256.c
index 296909f9..8175011c 100644
--- a/sha256.c
+++ b/sha256.c
@@ -129,7 +129,7 @@ sha256_digest(struct sha256_ctx *ctx,
 void
 sha224_init(struct sha256_ctx *ctx)
 {
-  /* Initial values. I's unclear how they are chosen. */
+  /* Initial values. Low 32 bits of the initial values for sha384. */
   static const uint32_t H0[_SHA256_DIGEST_LENGTH] =
   {
     0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939,