From ea3d1047b01a6c5f9a70f35db063e5001ed5c14b Mon Sep 17 00:00:00 2001
From: Mattias Andrée <maandree@operamail.com>
Date: Thu, 21 Aug 2014 19:11:27 +0200
Subject: fix error in partial bit support for c implementations
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Mattias Andrée <maandree@operamail.com>
---
 Makefile          |  4 ++--
 c/sha3.c          | 32 ++++++++++++++++++--------------
 c/sha3.h          | 16 ++++++++--------
 java-c-jni/SHA3.c | 12 ++++++++----
 4 files changed, 36 insertions(+), 28 deletions(-)

diff --git a/Makefile b/Makefile
index ab950c5..127d439 100644
--- a/Makefile
+++ b/Makefile
@@ -7,8 +7,8 @@
 # 
 # [GNU All Permissive License]
 
-# NB!  Do not forget to test against -O0, -O4 to -O6 is not safe
-C_OPTIMISE=-O6
+# NB!  Do not forget to test against -O0, -O4 to -O6 and -Ofast is not safe
+C_OPTIMISE=-Ofast
 JAVA_OPTIMISE=-O
 
 LIB_EXT=so
diff --git a/c/sha3.c b/c/sha3.c
index ca7c964..2de3b0b 100644
--- a/c/sha3.c
+++ b/c/sha3.c
@@ -525,7 +525,7 @@ static_inline byte* sha3_pad10star1(byte* restrict_ msg, long len, long r, long
  * @param  capacity  The capacity
  * @param  output    The output size
  */
-extern void sha3_initialise(long bitrate, long capacity, long output)
+void sha3_initialise(long bitrate, long capacity, long output)
 {
   long i;
   
@@ -555,7 +555,7 @@ extern void sha3_initialise(long bitrate, long capacity, long output)
 /**
  * Dispose of the Keccak sponge
  */
-extern void sha3_dispose()
+void sha3_dispose()
 {
   #ifdef WITH_WIPE
   long i;
@@ -586,7 +586,7 @@ extern void sha3_dispose()
  * @param  msg     The partial message
  * @param  msglen  The length of the partial message
  */
-extern void sha3_update(byte* restrict_ msg, long msglen)
+void sha3_update(byte* restrict_ msg, long msglen)
 {
   long rr = r >> 3;
   long ww = w >> 3;
@@ -666,7 +666,7 @@ extern void sha3_update(byte* restrict_ msg, long msglen)
  * @param   withReturn  Whether to return the hash instead of just do a quick squeeze phrase and return {@code null}
  * @return              The hash sum, or {@code null} if <tt>withReturn</tt> is {@code false}
  */
-extern byte* sha3_digest(byte* restrict_ msg, long msglen, long bits, char* restrict_ suffix, boolean withReturn)
+byte* sha3_digest(byte* restrict_ msg, long msglen, long bits, char* restrict_ suffix, boolean withReturn)
 {
   byte* message;
   byte* _msg;
@@ -683,32 +683,36 @@ extern byte* sha3_digest(byte* restrict_ msg, long msglen, long bits, char* rest
   
   msglen += bits >> 3;
   if ((bits &= 7))
+    msg[msglen] &= (1 << bits) - 1;
+  if (suffix_len)
     {
-      msg[msglen] &= (1 << bits) - 1;
       #ifndef WITH_WIPE
       msg = (byte*)realloc(msg, msglen + ((suffix_len + bits + 7) >> 3));
       #else
       {
 	char* old_msg = msg;
 	msg = (byte*)malloc(msglen + ((suffix_len + bits + 7) >> 3));
-	memcpy(msg, old_msg, msglen + 1);
-	for (i = 0; i <= msglen; i++)
+	memcpy(msg, old_msg, msglen + !!bits);
+	for (i = 0; i < msglen + !!bits; i++)
 	  *(old_msg + i) = 0;
 	free(old_msg);
       }
       #endif
+      if (!bits)
+	msg[msglen] = 0;
       for (i = 0; i < suffix_len; i++)
 	{
-	  msg[msglen] |= (suffix[i] == '1') << bits;
+	  msg[msglen] |= (suffix[i] - '0') << bits++;
 	  if (bits == 8)
 	    {
 	      bits = 0;
 	      msglen++;
+	      msg[msglen] = 0;
 	    }
         }
-      if (bits)
-	msglen++;
     }
+  if (bits)
+    msglen++;
   
   if (mptr + msglen > mlen)
     #ifndef WITH_WIPE
@@ -813,7 +817,7 @@ extern byte* sha3_digest(byte* restrict_ msg, long msglen, long bits, char* rest
  * 
  * @param  times  The number of rounds
  */
-extern void sha3_simpleSqueeze(long times)
+void sha3_simpleSqueeze(long times)
 {
   long i;
   for (i = 0; i < times; i++)
@@ -826,7 +830,7 @@ extern void sha3_simpleSqueeze(long times)
  * 
  * @param  times  The number of digests
  */
-extern void sha3_fastSqueeze(long times)
+void sha3_fastSqueeze(long times)
 {
   long i, olen;
   for (i = 0; i < times; i++)
@@ -844,7 +848,7 @@ extern void sha3_fastSqueeze(long times)
  * 
  * @return  The hash sum
  */
-extern byte* sha3_squeeze(void)
+byte* sha3_squeeze(void)
 {
   long nn, ww, olen, i, j, ptr, ni;
   byte* rc;
@@ -888,7 +892,7 @@ extern byte* sha3_squeeze(void)
  * 
  * @return  A 25-element array with the state, changes will be applied to the sponge
  */
-extern llong* sha3_state(void)
+llong* sha3_state(void)
 {
   return S;
 }
diff --git a/c/sha3.h b/c/sha3.h
index b8c4b06..a66d937 100644
--- a/c/sha3.h
+++ b/c/sha3.h
@@ -70,13 +70,13 @@
  * @param  capacity  The capacity
  * @param  output    The output size
  */
-extern void sha3_initialise(long bitrate, long capacity, long output);
+void sha3_initialise(long bitrate, long capacity, long output);
 
 
 /**
  * Dispose of the Keccak sponge
  */
-extern void sha3_dispose(void);
+void sha3_dispose(void);
 
 
 /**
@@ -85,7 +85,7 @@ extern void sha3_dispose(void);
  * @param  msg     The partial message
  * @param  msglen  The length of the partial message
  */
-extern void sha3_update(byte* restrict_ msg, long msglen);
+void sha3_update(byte* restrict_ msg, long msglen);
 
 
 /**
@@ -98,7 +98,7 @@ extern void sha3_update(byte* restrict_ msg, long msglen);
  * @param   withReturn  Whether to return the hash instead of just do a quick squeeze phrase and return {@code null}
  * @return              The hash sum, or {@code null} if <tt>withReturn</tt> is {@code false}
  */
-extern byte* sha3_digest(byte* restrict_ msg, long msglen, long bits, char* restrict_ suffix, boolean withReturn);
+byte* sha3_digest(byte* restrict_ msg, long msglen, long bits, char* restrict_ suffix, boolean withReturn);
 
 
 /**
@@ -106,7 +106,7 @@ extern byte* sha3_digest(byte* restrict_ msg, long msglen, long bits, char* rest
  * 
  * @param  times  The number of rounds
  */
-extern void sha3_simpleSqueeze(long times);
+void sha3_simpleSqueeze(long times);
 
 
 /**
@@ -114,7 +114,7 @@ extern void sha3_simpleSqueeze(long times);
  * 
  * @param  times  The number of digests
  */
-extern void sha3_fastSqueeze(long times);
+void sha3_fastSqueeze(long times);
 
 
 /**
@@ -122,7 +122,7 @@ extern void sha3_fastSqueeze(long times);
  * 
  * @return  The hash sum
  */
-extern byte* sha3_squeeze(void);
+byte* sha3_squeeze(void);
 
 
 /**
@@ -130,7 +130,7 @@ extern byte* sha3_squeeze(void);
  * 
  * @return  A 25-element array with the state, changes will be applied to the sponge
  */
-extern llong* sha3_state(void);
+llong* sha3_state(void);
 
 
 #endif
diff --git a/java-c-jni/SHA3.c b/java-c-jni/SHA3.c
index 1735099..9422b3c 100644
--- a/java-c-jni/SHA3.c
+++ b/java-c-jni/SHA3.c
@@ -645,21 +645,25 @@ byte* digest(byte* msg, long msglen, long bits, int* suffix, long suffix_len, bo
   
   msglen += bits >> 3;
   if ((bits &= 7))
-    {
       msg[msglen] &= (1 << bits) - 1;
+  if (suffix_len)
+    {
       msg = (byte*)realloc(msg, msglen + ((suffix_len + bits + 7) >> 3));
+      if (!bits)
+	msg[msglen] = 0;
       for (i = 0; i < suffix_len; i++)
 	{
-	  msg[msglen] |= suffix[i] << bits;
+	  msg[msglen] |= suffix[i] << bits++;
 	  if (bits == 8)
 	    {
 	      bits = 0;
 	      msglen++;
+	      msg[msglen] = 0;
 	    }
         }
-      if (bits)
-	msglen++;
     }
+  if (bits)
+    msglen++;
   
   if (mptr + msglen > mlen)
     {
-- 
cgit v1.2.3-70-g09d2