I am not quite sure why the division by 8 in the snippet below was added. The cumulative size of the output array is always self._algorithm.digest_size * len(output) and thus we can stop after self._algorithm.digest_size * len(output) >= self._length. At first I thought this might be a clever trick taken from the paper, but I didn't find it there. I guess there was a mixup between bits and bytes at some point.
This is a security fix, see
pyca/cryptography#3211 for more details.
We don't have any code directly in olympia that uses cryptography but a
few external libraries that depend on it.
For too small key sizes,
HKDF.derive()outputs an empty array instead of a small key:Program:
Output:
Suggested fix:
I am not quite sure why the division by 8 in the snippet below was added. The cumulative size of the output array is always
self._algorithm.digest_size * len(output)and thus we can stop afterself._algorithm.digest_size * len(output) >= self._length. At first I thought this might be a clever trick taken from the paper, but I didn't find it there. I guess there was a mixup between bits and bytes at some point.The text was updated successfully, but these errors were encountered: