File tree Expand file tree Collapse file tree 1 file changed +30
-0
lines changed
Expand file tree Collapse file tree 1 file changed +30
-0
lines changed Original file line number Diff line number Diff line change 1+ ``` toml
2+ [advisory ]
3+ id = " RUSTSEC-0000-0000"
4+ package = " hpke-rs"
5+ date = " 2026-02-11"
6+ aliases = [" GHSA-g433-pq76-6cmf"
7+ url = " https://github.com/cryspen/hpke-rs/pull/128"
8+
9+ [affected .functions ]
10+ "hpke_rs::Context::export" = [ " <= 0.5.0"
11+
12+ [versions ]
13+ patched = [" >= 0.6.0"
14+ ```
15+
16+ # Incorrect Length Encoding on KDF Export
17+
18+ Passing values ` length > 65535 ` to ` Context::export ` produces output
19+ that disagrees with the RFC 9180 label encoding. In particular the
20+ length value is cast to ` u16 ` truncating any value exceeding
21+ 65535 .
22+
23+ ## Impact
24+ Applications that use hpke-rs to export very large secrets would
25+ experience interoperability issues with other applications that use a
26+ correct implementation to export very large secrets.
27+
28+ ## Mitigation
29+ Starting with version ` 0.6.0 ` , an error will be returned when
30+ attempting to call ` Context::export ` with an output length > 65535.
You can’t perform that action at this time.
0 commit comments