why does blake2*_final need outlen?

Question

why does blake2*_final need outlen?

capr opened this issue 9 years ago · 3 comments

blake2*_final() asks for outlen only to check if it's the same as the internal one:

int blake2b_final( blake2b_state *S, uint8_t *out, size_t outlen )
{
  if(S->outlen != outlen) return -1;

why is that?

Answer 1 · 2016-02-17T06:53:23.000Z

Mostly to prevent accidents. For example, you decide to use the full 512-bit BLAKE2b instead of the shorter 256-bit one, but forget to update buffer sizes somewhere.

On second thought, it would make more sense to treat this outlen parameter as a buffer size, and verify that S->outlen <= outlen.

Answer 2 · 2016-02-17T10:31:50.000Z

I would personally prefer to have this parameter optional i.e. if (!outlen) outlen = S->outlen because I don't have safety issues like that in Lua and forcing this on the API makes little sense in that context.

Otherwise I have to wrap S just to keep the outlen passed to init() so I can pass it to back to final(), or treat S as non-opaque and get it from there.

Answer 3 · 2016-02-17T10:41:06.000Z

Actually it doesn't matter, the state is not opaque anyway I can get outlen from there.

Sorry for the noise :)