Output buffer guards in Blake digests

Author: peterdettman

core/src/main/java/org/bouncycastle/crypto/digests/Blake2bDigest.java

@@ -26,6 +26,7 @@
 import org.bouncycastle.crypto.CryptoServicePurpose;
 import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.ExtendedDigest;
+import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Longs;
 import org.bouncycastle.util.Pack;
@@ -428,6 +429,11 @@ public void update(byte[] message, int offset, int len)
      */
     public int doFinal(byte[] out, int outOffset)
     {
+        if (outOffset > (out.length - digestLength))
+        {
+            throw new OutputLengthException("output buffer too short");
+        }
+
         f0 = 0xFFFFFFFFFFFFFFFFL;
         t0 += bufferPos;
         if (bufferPos > 0 && t0 == 0)

core/src/main/java/org/bouncycastle/crypto/digests/Blake2sDigest.java

@@ -26,6 +26,7 @@
 import org.bouncycastle.crypto.CryptoServicePurpose;
 import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.ExtendedDigest;
+import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Integers;
 import org.bouncycastle.util.Pack;
@@ -455,6 +456,11 @@ public void update(byte[] message, int offset, int len)
      */
     public int doFinal(byte[] out, int outOffset)
     {
+        if (outOffset > (out.length - digestLength))
+        {
+            throw new OutputLengthException("output buffer too short");
+        }
+
         f0 = 0xFFFFFFFF;
         t0 += bufferPos;
         // bufferPos may be < 64, so (t0 == 0) does not work

core/src/main/java/org/bouncycastle/crypto/digests/Blake2xsDigest.java

@@ -9,6 +9,7 @@
  */
 
 import org.bouncycastle.crypto.CryptoServicePurpose;
+import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.crypto.Xof;
 import org.bouncycastle.util.Arrays;
 
@@ -268,6 +269,11 @@ public int doFinal(byte[] out, int outOff, int outLen)
      */
     public int doOutput(byte[] out, int outOff, int outLen)
     {
+        if (outOff > (out.length - outLen))
+        {
+            throw new OutputLengthException("output buffer too short");
+        }
+
         if (h0 == null)
         {
             h0 = new byte[hash.getDigestSize()];

core/src/main/java/org/bouncycastle/crypto/digests/Blake3Digest.java

@@ -6,6 +6,7 @@
 import org.bouncycastle.crypto.CryptoServicePurpose;
 import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.ExtendedDigest;
+import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.crypto.Xof;
 import org.bouncycastle.crypto.params.Blake3Parameters;
 import org.bouncycastle.util.Arrays;
@@ -459,12 +460,6 @@ public int doFinal(final byte[] pOut,
                        final int pOutOffset,
                        final int pOutLen)
     {
-        /* Reject if we are already outputting */
-        if (outputting)
-        {
-            throw new IllegalStateException(ERR_OUTPUTTING);
-        }
-
         /* Build the required output */
         final int length = doOutput(pOut, pOutOffset, pOutLen);
 
@@ -477,6 +472,11 @@ public int doOutput(final byte[] pOut,
                         final int pOutOffset,
                         final int pOutLen)
     {
+        if (pOutOffset > (pOut.length - pOutLen))
+        {
+            throw new OutputLengthException("output buffer too short");
+        }
+
         /* If we have not started outputting yet */
         if (!outputting)
         {