From 04c94f95d1a1c6a12f5412228a2bcdc00f5de3b2 Mon Sep 17 00:00:00 2001
From: shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Fri, 20 Jan 2017 06:01:23 +0000
Subject: switch SipHash from SipHash24 to SipHash13 variant

SipHash13 is secure enough to be used in hash-tables,
and SipHash's author confirms that.
Rust already considered switch to SipHash13:
  https://github.com/rust-lang/rust/issues/29754#issue-116174313
Jean-Philippe Aumasson confirmation:
  https://github.com/rust-lang/rust/issues/29754#issuecomment-156073946
Merged pull request:
  https://github.com/rust-lang/rust/pull/33940

From: Sokolov Yura aka funny_falcon <funny.falcon@gmail.com>
Date: Thu, 8 Dec 2016 20:31:29 +0300
Signed-off-by: Urabe, Shyouhei <shyouhei@ruby-lang.org>
Fixes: [Feature #13017]


git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@57382 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
---
 siphash.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

(limited to 'siphash.c')

diff --git a/siphash.c b/siphash.c
index 0df96f8320..153d2c690a 100644
--- a/siphash.c
+++ b/siphash.c
@@ -386,16 +386,15 @@ sip_hash_dump(sip_hash *h)
 }
 #endif /* SIP_HASH_STREAMING */
 
-#define SIP_2_ROUND(m, v0, v1, v2, v3)	\
+#define SIP_ROUND(m, v0, v1, v2, v3)	\
 do {					\
     XOR64_TO((v3), (m));		\
     SIP_COMPRESS(v0, v1, v2, v3);	\
-    SIP_COMPRESS(v0, v1, v2, v3);	\
     XOR64_TO((v0), (m));		\
 } while (0)
 
 uint64_t
-sip_hash24(const uint8_t key[16], const uint8_t *data, size_t len)
+sip_hash13(const uint8_t key[16], const uint8_t *data, size_t len)
 {
     uint64_t k0, k1;
     uint64_t v0, v1, v2, v3;
@@ -415,13 +414,13 @@ sip_hash24(const uint8_t key[16], const uint8_t *data, size_t len)
         uint64_t *data64 = (uint64_t *)data;
         while (data64 != (uint64_t *) end) {
 	    m = *data64++;
-	    SIP_2_ROUND(m, v0, v1, v2, v3);
+	    SIP_ROUND(m, v0, v1, v2, v3);
         }
     }
 #else
     for (; data != end; data += sizeof(uint64_t)) {
 	m = U8TO64_LE(data);
-	SIP_2_ROUND(m, v0, v1, v2, v3);
+	SIP_ROUND(m, v0, v1, v2, v3);
     }
 #endif
 
@@ -468,14 +467,13 @@ sip_hash24(const uint8_t key[16], const uint8_t *data, size_t len)
 	    break;
     }
 
-    SIP_2_ROUND(last, v0, v1, v2, v3);
+    SIP_ROUND(last, v0, v1, v2, v3);
 
     XOR64_INT(v2, 0xff);
 
     SIP_COMPRESS(v0, v1, v2, v3);
     SIP_COMPRESS(v0, v1, v2, v3);
     SIP_COMPRESS(v0, v1, v2, v3);
-    SIP_COMPRESS(v0, v1, v2, v3);
 
     XOR64_TO(v0, v1);
     XOR64_TO(v0, v2);
-- 
cgit v1.2.3