sha3_shake_done another be fix

src/hashes/sha3.c

@@ -256,8 +256,11 @@ int sha3_done(hash_state *md, unsigned char *hash)
 
 int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen)
 {
-   unsigned long idx = 0;
+   /* IMPORTANT NOTE: sha3_shake_done can be called many times */
-   /* sha3_shake_done can be called many times */
+   unsigned long idx;
+#ifndef ENDIAN_LITTLE
+   unsigned i;
+#endif
 
    if (outlen == 0) return CRYPT_OK; /* nothing to do */
    LTC_ARGCHK(md  != NULL);
@@ -270,7 +273,6 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen)
       keccakf(md->sha3.s);
 #ifndef ENDIAN_LITTLE
       {
-         unsigned i;
          for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) {
             const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF));
             const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32);
@@ -283,12 +285,22 @@ int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen)
       md->sha3.xof_flag = 1;
    }
 
-   while (idx < outlen) {
+   for (idx = 0; idx < outlen; idx++) {
       if(md->sha3.byte_index >= (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words) * 8) {
          keccakf(md->sha3.s);
+#ifndef ENDIAN_LITTLE
+         {
+            for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) {
+               const ulong32 t1 = (ulong32)(md->sha3.s[i] & CONST64(0xFFFFFFFF));
+               const ulong32 t2 = (ulong32)(md->sha3.s[i] >> 32);
+               STORE32L(t1, md->sha3.sb + i * 8);
+               STORE32L(t2, md->sha3.sb + i * 8 + 4);
+            }
+         }
+#endif
          md->sha3.byte_index = 0;
       }
-      out[idx++] = md->sha3.sb[md->sha3.byte_index++];
+      out[idx] = md->sha3.sb[md->sha3.byte_index++];
    }
    return CRYPT_OK;
 }