From 79f4ded005bdc2410ec7d75f07a6b60ee6cf8b75 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Thu, 15 Nov 2012 17:20:24 +0100
Subject: [PATCH] Portability fixes for sha3-permute: long long constants, no
 zero shift to ROTL64.

---
 ChangeLog      |  3 +++
 sha3-permute.c | 27 ++++++++++++++-------------
 2 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ca63f91b..df8063e9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2012-11-15  Niels Möller  <nisse@lysator.liu.se>
 
+	* sha3-permute.c (sha3_permute): Use ULL suffix on round
+	constants. Avoid passing shift count 0 to ROTL64.
+
 	* sha3.c (sha3_absorb): Fixed big-endian code. Need macros.h.
 
 	* macros.h (LE_READ_UINT64): New macro.
diff --git a/sha3-permute.c b/sha3-permute.c
index e3714a2e..5c291c6b 100644
--- a/sha3-permute.c
+++ b/sha3-permute.c
@@ -57,18 +57,18 @@ sha3_permute (struct sha3_state *state)
     };
 
   static const uint64_t rc[SHA3_ROUNDS] = {
-    0x0000000000000001, 0x0000000000008082,
-    0x800000000000808A, 0x8000000080008000,
-    0x000000000000808B, 0x0000000080000001,
-    0x8000000080008081, 0x8000000000008009,
-    0x000000000000008A, 0x0000000000000088,
-    0x0000000080008009, 0x000000008000000A,
-    0x000000008000808B, 0x800000000000008B,
-    0x8000000000008089, 0x8000000000008003,
-    0x8000000000008002, 0x8000000000000080,
-    0x000000000000800A, 0x800000008000000A,
-    0x8000000080008081, 0x8000000000008080,
-    0x0000000080000001, 0x8000000080008008,
+    0x0000000000000001ULL, 0X0000000000008082ULL,
+    0X800000000000808AULL, 0X8000000080008000ULL,
+    0X000000000000808BULL, 0X0000000080000001ULL,
+    0X8000000080008081ULL, 0X8000000000008009ULL,
+    0X000000000000008AULL, 0X0000000000000088ULL,
+    0X0000000080008009ULL, 0X000000008000000AULL,
+    0X000000008000808BULL, 0X800000000000008BULL,
+    0X8000000000008089ULL, 0X8000000000008003ULL,
+    0X8000000000008002ULL, 0X8000000000000080ULL,
+    0X000000000000800AULL, 0X800000008000000AULL,
+    0X8000000080008081ULL, 0X8000000000008080ULL,
+    0X0000000080000001ULL, 0X8000000080008008ULL,
   };
   unsigned i;
 
@@ -97,7 +97,8 @@ sha3_permute (struct sha3_state *state)
 	  A[y + x] ^= D[x];
 
       /* rho and pi steps */
-      for (x = 0; x < 25; x++)
+      B[0] = A[0]; /* NOTE: ROTL64 doesn't work with shift count 0 */
+      for (x = 1; x < 25; x++)
 	B[perm[x]] = ROTL64 (rot[x], A[x]);
 
       /* chi step */
-- 
GitLab