Skip to content

Fix panic when using ed25519 with a key that is not 64 bytes long#15

Merged
yaronf merged 1 commit intoyaronf:mainfrom
shadow3x3x3:prevent-ed25519-panic
Jul 23, 2025
Merged

Fix panic when using ed25519 with a key that is not 64 bytes long#15
yaronf merged 1 commit intoyaronf:mainfrom
shadow3x3x3:prevent-ed25519-panic

Conversation

@shadow3x3x3
Copy link
Copy Markdown
Contributor

@shadow3x3x3 shadow3x3x3 commented Jul 23, 2025

Hi @yaronf,

This PR avoids a panic caused by an incorrectly sized ed25519 key.

Hope it helps, and thanks for building this awesome library!

yaronf
yaronf approved these changes Jul 23, 2025
View reviewed changes
Copy link
Copy Markdown
Owner

@yaronf yaronf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Thank you!

@yaronf yaronf merged commit 412ad6f into yaronf:main Jul 23, 2025
3 checks passed
yaronf added a commit that referenced this pull request Mar 13, 2026
@yaronf @claude
Fix #15: safe type assertions, constant-time digest compare, nil mess…
174f152 
…age error

- crypto.go: replace unguarded type assertions in sign() and verify() with
  safe comma-ok assertions returning "malformed key" to prevent panic on
  misuse
- digest.go: replace bytes.Equal with subtle.ConstantTimeCompare for
  Content-Digest validation
- httpparse.go: parseMessage(nil) now returns an error instead of (nil, nil)
  to prevent silent failures in callers

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yaronf yaronf yaronf approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@shadow3x3x3 @yaronf