sha3: avoid trailing permutation

If you read a multiple of the rate, and then stop, there is no point in running the final permutation. Change-Id: Ic95e70f78b6e139aca1d3e3c11e09d2bbcf54f6c Reviewed-on: https://go-review.googlesource.com/c/crypto/+/620555 Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Roland Shoemaker <roland@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Michael Pratt <mpratt@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org>
author: Filippo Valsorda <filippo@golang.org> 2024-10-02 12:44:13 +0200
committer: Gopher Robot <gobot@golang.org> 2024-10-22 19:50:23 +0000
commit: 36b172546bd03a74c79e109ec84c599b672ea9e4 (patch)
tree: 0fb0c789677e4402ec15b539681d5b1443a84826
parent: 80ea76eb17c0c52f5d5d04e833d6aeb6b062d81d (diff)
download: go-x-crypto-36b172546bd03a74c79e109ec84c599b672ea9e4.tar.xz
1 files changed, 4 insertions, 4 deletions
diff --git a/sha3/sha3.go b/sha3/sha3.go
index bda574e..4f5cadd 100644
--- a/sha3/sha3.go
+++ b/sha3/sha3.go
@@ -143,14 +143,14 @@ func (d *state) Read(out []byte) (n int, err error) {
 
 	// Now, do the squeezing.
 	for len(out) > 0 {
-		x := copy(out, d.a[d.n:d.rate])
-		d.n += x
-		out = out[x:]
-
 		// Apply the permutation if we've squeezed the sponge dry.
 		if d.n == d.rate {
 			d.permute()
 		}
+
+		x := copy(out, d.a[d.n:d.rate])
+		d.n += x
+		out = out[x:]
 	}
 
 	return
author	Filippo Valsorda <filippo@golang.org>	2024-10-02 12:44:13 +0200
committer	Gopher Robot <gobot@golang.org>	2024-10-22 19:50:23 +0000
commit	36b172546bd03a74c79e109ec84c599b672ea9e4 (patch)
tree	0fb0c789677e4402ec15b539681d5b1443a84826
parent	80ea76eb17c0c52f5d5d04e833d6aeb6b062d81d (diff)
download	go-x-crypto-36b172546bd03a74c79e109ec84c599b672ea9e4.tar.xz