1. 19 Dec, 2019 1 commit
  2. 08 Oct, 2019 2 commits
  3. 03 Oct, 2019 2 commits
  4. 02 Oct, 2019 1 commit
  5. 01 Oct, 2019 2 commits
  6. 27 Sep, 2019 1 commit
  7. 26 Sep, 2019 3 commits
    • tholenst's avatar
      Clarify the code to create a newKeyId. · 7c3e0caa
      tholenst authored
      I found the previous code hard to understand, since I didn't know to where the "continue" statement jumps: there's a for and a while loop. I don't think there's a bug, but I think the new code is much easier to understand anyhow.
      
      PiperOrigin-RevId: 271337855
      7c3e0caa
    • tholenst's avatar
      Make the sign key managers public, but restrict visibility of the constructor.... · a283e7ea
      tholenst authored
      Make the sign key managers public, but restrict visibility of the constructor. Then, add a static function which registers it together with the public key manager.
      
      Also, do the same for the PublicKey{Sign,Verify}wrappers.
      
      PiperOrigin-RevId: 271328404
      a283e7ea
    • ckl's avatar
      Bump version to 1.3.0-rc2 · 656bc8b4
      ckl authored
      PiperOrigin-RevId: 271259922
      656bc8b4
  8. 25 Sep, 2019 1 commit
  9. 23 Sep, 2019 6 commits
  10. 22 Sep, 2019 1 commit
    • Tink Team's avatar
      Fix out-of-bounds read in KMSEnvelopeAEAD. · d92ebd02
      Tink Team authored
      It looks for a 4-byte length-prefix without checking that there are atleast 4
      bytes.
      
      Also, while I'm here, drop the use of bytes.Buffer in favor of just directly
      slicing the incoming byte-slice. The bytes.Buffer isn't really helping here, it
      doesn't itself do any additional validation, it adds additional cases to
      validate (see the "n != ed" error-checking to handle impossible short-read
      situations), and its almost definitely slower (since it forces copies whereas
      slicing will just operate in-place). I also suspect this was forcing
      encryptedDEK to be heap-allocated, as the compiler wouldn't be able to see
      through the implementation of the tink.AEAD to figure out if the byte-slice
      escaped to the heap (I haven't verified this).
      
      PiperOrigin-RevId: 270511611
      d92ebd02
  11. 20 Sep, 2019 8 commits
  12. 19 Sep, 2019 3 commits
  13. 18 Sep, 2019 3 commits
  14. 17 Sep, 2019 6 commits