Skip to content

Fix Snefru size validation#2519

Open
marko1olo wants to merge 1 commit into
gchq:masterfrom
marko1olo:fix-snefru-size-validation
Open

Fix Snefru size validation#2519
marko1olo wants to merge 1 commit into
gchq:masterfrom
marko1olo:fix-snefru-size-validation

Conversation

@marko1olo

Copy link
Copy Markdown

Fixes #2509.

Summary

  • validate Snefru size before passing it to crypto-api
  • reject negative sizes with a controlled OperationError instead of an uncaught RangeError or empty output
  • lower the operation metadata max from 480 to 448, because the current implementation also throws at 480
  • add regression coverage for the reported negative boundary and the previous exposed max

Checks

  • node --no-warnings --no-deprecation --openssl-legacy-provider tests/operations/index.mjs -> 1962 passing
  • npx eslint src/core/operations/Snefru.mjs tests/operations/tests/Hash.mjs
  • npx grunt configTests
  • git diff --check

@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

As we are unable to accept contributions unless the CLA has been signed, this PR will be automatically closed if the CLA is not signed within 21 days.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

bug(Snefru): Negative size number lesser or equal to -32 causes an unhandled RangeError, for heigher than -32 no output

3 participants