Skip to content

blake2: reject a digest size below 1#166

Merged
dinosaure merged 1 commit into
mirage:mainfrom
samoht:fix-blake2-digest-size
Jun 26, 2026
Merged

blake2: reject a digest size below 1#166
dinosaure merged 1 commit into
mirage:mainfrom
samoht:fix-blake2-digest-size

Conversation

@samoht

@samoht samoht commented Jun 25, 2026

Copy link
Copy Markdown
Member

Make_BLAKE2 only checks the upper bound on digest_size, so a size below 1 (e.g. -1) is accepted; in the C backend it wraps to a uint8_t (255) and finalise writes past the caller's destination buffer. Reject digest_size < 1 as well, in both the C and pure-OCaml backends.

Make_BLAKE2 only checked the upper bound on digest_size, so a size below 1 (e.g. -1) was accepted; in the C backend it wraps to a uint8_t (255) and finalise writes past the caller's destination buffer. Reject digest_size < 1 as well, in both the C and pure-OCaml backends.
@dinosaure

Copy link
Copy Markdown
Member

Thanks.

@dinosaure dinosaure merged commit badbead into mirage:main Jun 26, 2026
2 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants