From 532e141e5b63d4fe8d053fa69c6e90693e017146 Mon Sep 17 00:00:00 2001
From: Fabio Scotoni <34964387+fscoto@users.noreply.github.com>
Date: Tue, 10 Dec 2019 11:21:39 +0100
Subject: [PATCH] Make custom hash length requirements more explicit

Related to 0074dfab1.

Also note that vtable->final must actually write the hash,
not only finalize the context.
---
 ...pto_sign_init_first_pass_custom_hash.3monocypher | 13 ++++++++++---
 src/monocypher.h                                    |  2 +-
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/doc/man/man3/crypto_sign_init_first_pass_custom_hash.3monocypher b/doc/man/man3/crypto_sign_init_first_pass_custom_hash.3monocypher
index 438930c..431696c 100644
--- a/doc/man/man3/crypto_sign_init_first_pass_custom_hash.3monocypher
+++ b/doc/man/man3/crypto_sign_init_first_pass_custom_hash.3monocypher
@@ -62,7 +62,7 @@ typedef struct {
     void (*init  )(void *ctx);
     void (*update)(void *ctx, const uint8_t *message,
                    size_t message_size);
-    void (*final )(void *ctx, uint8_t *hash);
+    void (*final )(void *ctx, uint8_t hash[64]);
     size_t ctx_size;
 } crypto_sign_vtable;
 .Ed
@@ -99,7 +99,9 @@ The fields of
 are:
 .Bl -tag -width Ds
 .It Fa hash
-Function that generates a 64-byte hash for a given message.
+Function that computes a 64-byte hash for a given message
+and writes the computed hash to
+.Fa hash .
 The output length
 .Em must
 be exactly 64 bytes.
@@ -115,7 +117,12 @@ Function that initialises the hash context of an outer signing context.
 Function that updates the hash context of an outer signing context.
 It must be able to handle message sizes of at least 32 bytes.
 .It Fa final
-Function that finalises the hash context of an outer signing context.
+Function that finalises the hash context of an outer signing context
+and writes the computed hash to
+.Fa hash .
+The output length
+.Em must
+be exactly 64 bytes.
 This function should wipe the hash context with
 .Xr crypto_wipe 3monocypher
 if it contains pointers to objects outside the outer signing context.
diff --git a/src/monocypher.h b/src/monocypher.h
index e7a690c..54fd6f0 100644
--- a/src/monocypher.h
+++ b/src/monocypher.h
@@ -17,7 +17,7 @@ typedef struct {
     void (*hash)(uint8_t hash[64], const uint8_t *message, size_t message_size);
     void (*init  )(void *ctx);
     void (*update)(void *ctx, const uint8_t *message, size_t message_size);
-    void (*final )(void *ctx, uint8_t *hash);
+    void (*final )(void *ctx, uint8_t hash[64]);
     size_t ctx_size;
 } crypto_sign_vtable;
 
-- 
2.47.3