fetcher: only write 32 bytes to hash output

Current binaries overflow into `wchar_t total_bytes_str[22]`, which is
not used anywhere after the overflow, so no harm done thankfully.

Signed-off-by: Jason A. Donenfeld <[email protected]>

Author: zx2c4

installer/fetcher/crypto.c

@@ -2239,14 +2239,14 @@ void blake2b256_update(struct blake2b256_state *state, const uint8_t *in,
 	state->buflen += inlen;
 }
 
-void blake2b256_final(struct blake2b256_state *state, uint8_t *out)
+void blake2b256_final(struct blake2b256_state *state, uint8_t out[32])
 {
 	state->t[0] += state->buflen;
 	state->t[1] += (state->t[0] < state->buflen);
 	state->f[0] = (uint64_t)-1;
 	memset(state->buf + state->buflen, 0, 128 - state->buflen);
 	blake2b256_compress(state, state->buf);
 
-	for (int i = 0; i < 8; ++i)
+	for (int i = 0; i < 4; ++i)
 		store_le64(out + i * sizeof(state->h[i]), state->h[i]);
 }

installer/fetcher/crypto.h

@@ -21,7 +21,7 @@ struct blake2b256_state {
 void blake2b256_init(struct blake2b256_state *state);
 void blake2b256_update(struct blake2b256_state *state, const uint8_t *in,
 		       unsigned int inlen);
-void blake2b256_final(struct blake2b256_state *state, uint8_t *out);
+void blake2b256_final(struct blake2b256_state *state, uint8_t out[32]);
 
 bool ed25519_verify(const uint8_t signature[64], const uint8_t public_key[32],
 		    const void *message, size_t message_size);