-
Notifications
You must be signed in to change notification settings - Fork 145
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hpke: slice bounds out of range in shortKEM.UnmarshalBinaryPrivateKey #488
Comments
This is a bug, the code shouldn't panic, but instead it should return an error. |
Not sure whether it's a bug to panic when the caller breaks the function contract. Not opposed to returning an error instead though. |
I don't see where this function contract is defined? Nothing in https://pkg.go.dev/github.com/cloudflare/[email protected]/kem#Scheme IMHO, panic'ing would be OK if it was documented and if it used an explicit check with a proper error message (instead of an out of bounds error). However, please note that other functions with documented panics don't return an |
When passing a byte slice of size > 66 bytes to
shortKEM.UnmarshalBinaryPrivateKey
when using theDHKEM(P-521, HKDF-SHA512)
KEM, the following panic is triggered:The text was updated successfully, but these errors were encountered: