blake2: add implementation support for variable digest length

Signed-off-by: Antoine Salon <asalon@vmware.com>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7726)

3 files changed, 19 insertions, 9 deletions

diff --git a/crypto/blake2/blake2_locl.h b/crypto/blake2/blake2_locl.h
index 892a1af..33bd64b 100644
--- a/crypto/blake2/blake2_locl.h
+++ b/crypto/blake2/blake2_locl.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -49,6 +49,7 @@ struct blake2s_ctx_st {
     uint32_t f[2];
     uint8_t  buf[BLAKE2S_BLOCKBYTES];
     size_t   buflen;
+    size_t   outlen;
 };
 
 struct blake2b_param_st {
@@ -73,6 +74,7 @@ struct blake2b_ctx_st {
     uint64_t f[2];
     uint8_t  buf[BLAKE2B_BLOCKBYTES];
     size_t   buflen;
+    size_t   outlen;
 };
 
 #define BLAKE2B_DIGEST_LENGTH 64
diff --git a/crypto/blake2/blake2b.c b/crypto/blake2/blake2b.c
index d4e5326..fb128e4 100644
--- a/crypto/blake2/blake2b.c
+++ b/crypto/blake2/blake2b.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -62,12 +62,14 @@ static ossl_inline void blake2b_init0(BLAKE2B_CTX *S)
     }
 }
 
-/* init xors IV with input parameter block */
+/* init xors IV with input parameter block and sets the output length */
 static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P)
 {
     size_t i;
     const uint8_t *p = (const uint8_t *)(P);
+
     blake2b_init0(S);
+    S->outlen = P->digest_length;
 
     /* The param struct is carefully hand packed, and should be 64 bytes on
      * every platform. */
@@ -252,6 +254,7 @@ int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen)
  */
 int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c)
 {
+    uint8_t outbuffer[BLAKE2B_OUTBYTES] = {0};
     int i;
 
     blake2b_set_lastblock(c);
@@ -259,11 +262,12 @@ int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c)
     memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
     blake2b_compress(c, c->buf, c->buflen);
 
-    /* Output full hash to message digest */
+    /* Output full hash to temp buffer */
     for (i = 0; i < 8; ++i) {
-        store64(md + sizeof(c->h[i]) * i, c->h[i]);
+        store64(outbuffer + sizeof(c->h[i]) * i, c->h[i]);
     }
 
+    memcpy(md, outbuffer, c->outlen);
     OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX));
     return 1;
 }
diff --git a/crypto/blake2/blake2s.c b/crypto/blake2/blake2s.c
index c0f0f26..4a02778 100644
--- a/crypto/blake2/blake2s.c
+++ b/crypto/blake2/blake2s.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -58,16 +58,18 @@ static ossl_inline void blake2s_init0(BLAKE2S_CTX *S)
     }
 }
 
-/* init2 xors IV with input parameter block */
+/* init xors IV with input parameter block and sets the output length */
 static void blake2s_init_param(BLAKE2S_CTX *S, const BLAKE2S_PARAM *P)
 {
     const uint8_t *p = (const uint8_t *)(P);
     size_t i;
+    
+    blake2s_init0(S);
+    S->outlen = P->digest_length;
 
     /* The param struct is carefully hand packed, and should be 32 bytes on
      * every platform. */
     assert(sizeof(BLAKE2S_PARAM) == 32);
-    blake2s_init0(S);
     /* IV XOR ParamBlock */
     for (i = 0; i < 8; ++i) {
         S->h[i] ^= load32(&p[i*4]);
@@ -246,6 +248,7 @@ int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen)
  */
 int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c)
 {
+    uint8_t outbuffer[BLAKE2S_OUTBYTES] = {0};
     int i;
 
     blake2s_set_lastblock(c);
@@ -255,9 +258,10 @@ int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c)
 
     /* Output full hash to temp buffer */
     for (i = 0; i < 8; ++i) {
-        store32(md + sizeof(c->h[i]) * i, c->h[i]);
+        store32(outbuffer + sizeof(c->h[i]) * i, c->h[i]);
     }
 
+    memcpy(md, outbuffer, c->outlen);
     OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX));
     return 1;
 }