Merge crypto_* from upstream

Revert "Fix typo"
This reverts commit 4dfd8b884775737f85783976958f4e976b65a5fb.
Revert "MinGW: Fix compiler warning with -Wstrict-aliasing"
This reverts commit 897f0e87f4bd69bf6703a12feb326aeba53b0dcd.

src/crypto_endian.h

@@ -45,12 +45,11 @@ namespace crypto {
 // Lets spend some quality time mucking around with byte swap and endian-ness.
 // First bswap32:
 #if (defined(__i386__) || defined(__x86_64__)) && defined(__GNUG__)
-#define __crypto_bswap32(p)                                                    \
-  ({                                                                           \
-    uint32_t t = p;                                                            \
-    __asm__ __volatile__("bswap %0" : "=r"(t) : "0"(t));                       \
-    t;                                                                         \
-  })
+forceinline uint32_t __crypto_bswap32(uint32_t p)
+{
+    __asm__ __volatile__("bswap %0" : "=r"(p) : "0"(p));
+    return p;
+}
 #elif defined(__GNUG__)
 #define __crypto_bswap32 __builtin_bswap32
 #else // defined(__GNUG__)
@@ -63,13 +62,11 @@ forceinline uint32_t __crypto_bswap32(uint32_t n)
 
 // Next up: bswap64
 #if defined(__x86_64__) && defined(__GNUG__)
-#define __crypto_bswap64(p)                                                    \
-  ({                                                                           \
-    uint64_t t = p;                                                            \
-    __asm__ __volatile__("bswapq %q0" : "=r"(t) : "0"(t));                     \
-    t;                                                                         \
-  })
-
+forceinline uint64_t __crypto_bswap64(uint64_t p)
+{
+  __asm__ __volatile__("bswapq %q0" : "=r"(p) : "0"(p));
+  return p;
+}
 #elif defined(__GNUG__)
 #define __crypto_bswap64 __builtin_bswap64
 #else // defined(__GNUG__)
@@ -109,7 +106,7 @@ inline uint64_t __crypto_bswap(uint64_t n)
 #else // LITTLE_ENDIAN != WORD_ORDER
 #define __crypto_be(n) (n)
 #define __crypto_le(n) __crypto_bswap(n)
-#endif
+#endif // LITTLE_ENDIAN != WORD_ORDER
 
 } // namespace crypto
 

src/crypto_hash.cc

@@ -169,11 +169,17 @@ public:
     // Append length, multiplied by 8 (because bits!)
     const uint_fast64_t bits = __crypto_be(count_ << 3);
     if (sizeof(word_t) == 4) {
-      memcpy(buffer_.words + bsize - 2, &bits, sizeof(bits));
+#if LITTLE_ENDIAN == BYTE_ORDER
+      buffer_.words[bsize - 2] = bits;
+      buffer_.words[bsize - 1] = bits >> 32;
+#else // LITTLE_ENDIAN != BYTE_ORDER
+      buffer_.words[bsize - 2] = bits >> 32;
+      buffer_.words[bsize - 1] = bits;
+#endif // LITTLE_ENDIAN != BYTE_ORDER
     }
     else {
       buffer_.words[bsize - 2] = 0;
-      buffer_.words[bsize - 1] = (word_t)bits;
+      buffer_.words[bsize - 1] = bits;
     }
 
     // Last transform:
@@ -340,8 +346,15 @@ public:
 
     // Append length, multiplied by 8 (because bits!)
     const uint_fast64_t bits = __crypto_le(count_ << 3);
-    memcpy(buffer_.words + 14, &bits, sizeof(bits));
+#if LITTLE_ENDIAN == BYTE_ORDER
+    buffer_.words[14] = bits;
+    buffer_.words[15] = bits >> 32;
+#else // LITTLE_ENDIAN != BYTE_ORDER
+    buffer_.words[14] = bits >> 32;
+    buffer_.words[15] = bits;
+#endif // LITTLE_ENDIAN != BYTE_ORDER
     transform(buffer_.words);
+
 #if BIG_ENDIAN == BYTE_ORDER
     state_.words[0] = __crypto_bswap(state_.words[0]);
     state_.words[1] = __crypto_bswap(state_.words[1]);