The SipHash algorithm starts with initializing the 32 bytes of internal
state with some magic numbers XORed with the hash key. However, our
implementation has a bug - rather than XORing the hash key, it *sets* the
initial state to copies of the key.
I don't know if that affects any of the cryptographic properties of SipHash
but it's not what we should be doing. Fix it.
Signed-off-by: David Gibson <david(a)gibson.dropbear.id.au>
---
siphash.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/siphash.c b/siphash.c
index ec39793..6932da2 100644
--- a/siphash.c
+++ b/siphash.c
@@ -65,7 +65,7 @@
\
do { \
for (__i = sizeof(v) / sizeof(v[0]) - 1; __i >= 0; __i--) \
- v[__i] = k[__i % 2]; \
+ v[__i] ^= k[__i % 2]; \
} while (0)
/**
--
2.41.0