shake be fix (hopefully final)

src/hashes/sha3.c

@@ -231,6 +231,8 @@ int sha3_process(hash_state *md, const unsigned char *in, unsigned long inlen)
 
 int sha3_done(hash_state *md, unsigned char *hash)
 {
+   unsigned i;
+
    LTC_ARGCHK(md   != NULL);
    LTC_ARGCHK(hash != NULL);
 
@@ -238,17 +240,8 @@ int sha3_done(hash_state *md, unsigned char *hash)
    md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000);
    keccakf(md->sha3.s);
 
-#ifndef ENDIAN_LITTLE
-   {
-      unsigned i;
-      for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) {
-         const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF));
-         const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32);
-         STORE32L(t1, md->sha3.sb + i * 8);
-         STORE32L(t2, md->sha3.sb + i * 8 + 4);
-      }
-   }
-#endif
+   /* store sha3.s[] as little-endian bytes into sha3.sb */
+   for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) STORE64L(md->sha3.s[i], md->sha3.sb + i * 8);
 
    XMEMCPY(hash, md->sha3.sb, md->sha3.capacity_words * 4);
    return CRYPT_OK;
@@ -258,9 +251,7 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen)
 {
    /* IMPORTANT NOTE: sha3_shake_done can be called many times */
    unsigned long idx;
-#ifndef ENDIAN_LITTLE
    unsigned i;
-#endif
 
    if (outlen == 0) return CRYPT_OK; /* nothing to do */
    LTC_ARGCHK(md  != NULL);
@@ -271,14 +262,8 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen)
       md->sha3.s[md->sha3.word_index] ^= (md->sha3.saved ^ (CONST64(0x1F) << (md->sha3.byte_index * 8)));
       md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000);
       keccakf(md->sha3.s);
-#ifndef ENDIAN_LITTLE
-      for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) {
-         const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF));
-         const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32);
-         STORE32L(t1, md->sha3.sb + i * 8);
-         STORE32L(t2, md->sha3.sb + i * 8 + 4);
-      }
-#endif
+      /* store sha3.s[] as little-endian bytes into sha3.sb */
+      for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) STORE64L(md->sha3.s[i], md->sha3.sb + i * 8);
       md->sha3.byte_index = 0;
       md->sha3.xof_flag = 1;
    }
@@ -286,14 +271,8 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen)
    for (idx = 0; idx < outlen; idx++) {
       if(md->sha3.byte_index >= (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words) * 8) {
          keccakf(md->sha3.s);
-#ifndef ENDIAN_LITTLE
-         for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) {
-            const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF));
-            const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32);
-            STORE32L(t1, md->sha3.sb + i * 8);
-            STORE32L(t2, md->sha3.sb + i * 8 + 4);
-         }
-#endif
+         /* store sha3.s[] as little-endian bytes into sha3.sb */
+         for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) STORE64L(md->sha3.s[i], md->sha3.sb + i * 8);
          md->sha3.byte_index = 0;
       }
       out[idx] = md->sha3.sb[md->sha3.byte_index++];

src/headers/tomcrypt_hash.h

@@ -2,7 +2,8 @@
 #ifdef LTC_SHA3
 struct sha3_state {
     ulong64 saved;                  /* the portion of the input message that we didn't consume yet */
-    union { ulong64 s[25]; unsigned char sb[25 * 8]; };
+    ulong64 s[25];
+    unsigned char sb[25 * 8];       /* used for storing `ulong64 s[25]` as little-endian bytes */
     unsigned short byte_index;      /* 0..7--the next byte after the set one (starts from 0; 0--none are buffered) */
     unsigned short word_index;      /* 0..24--the next word to integrate input (starts from 0) */
     unsigned short capacity_words;  /* the double size of the hash output in words (e.g. 16 for Keccak 512) */