CVE-2019-16143

Name of the Vulnerable Software and Affected Versions blake2 crate versions prior to 0.8.1

Description An issue was discovered in the blake2 crate when used with HMAC, where the BLAKE2b and BLAKE2s algorithms produce incorrect results due to incorrect block sizes. Specifically, the block sizes used were half of the required sizes, with 32-bytes used instead of 64-bytes for BLAKE2s, and 64-bytes used instead of 128-bytes for BLAKE2b, causing them to miscompute the MacResult. This issue only impacts the usage of BLAKE2 with HMAC and does not affect Digest functionality.

Recommendations For blake2 crate versions prior to 0.8.1, update to version 0.8.1 to resolve the issue. As a temporary workaround, consider avoiding the use of BLAKE2b and BLAKE2s algorithms with HMAC until the update is applied.