Initial cut-in of CRYPTOPP_USE_FIPS_202_SHA3 macro

config.h

@@ -43,6 +43,10 @@
 // # define CRYPTOPP_NO_UNALIGNED_DATA_ACCESS
 #endif
 
+// Define this to choose the FIPS 202 version of SHA3, and not the original version of SHA3. NIST selected Keccak as SHA3
+// in January 2013. SHA3 was finalized in FIPS 202 in August 2015, and it was a modified version of the original selection.
+// #define CRYPTOPP_USE_FIPS_202_SHA3
+
 // ***************** Less Important Settings ***************
 
 // Library version

config.recommend

@@ -43,6 +43,10 @@
 # define CRYPTOPP_NO_UNALIGNED_DATA_ACCESS
 #endif
 
+// Define this to choose the FIPS 202 version of SHA3, and not the original version of SHA3. NIST selected Keccak as SHA3
+// in January 2013. SHA3 was finalized in FIPS 202 in August 2015, and it was a modified version of the original selection.
+#define CRYPTOPP_USE_FIPS_202_SHA3
+
 // ***************** Less Important Settings ***************
 
 // Library version

sha3.cpp

@@ -280,7 +280,13 @@ void SHA3::Restart()
 void SHA3::TruncatedFinal(byte *hash, size_t size)
 {
 	ThrowIfInvalidTruncatedSize(size);
+
+#if defined(CRYPTOPP_USE_FIPS_202_SHA3)
 	m_state.BytePtr()[m_counter] ^= 0x06;
+#else
+	m_state.BytePtr()[m_counter] ^= 1;
+#endif
+
 	m_state.BytePtr()[r()-1] ^= 0x80;
 	KeccakF1600(m_state);
 	memcpy(hash, m_state, size);