This page lists known issues in Tink, sorted by language version:
Follow the links in the tables for more information on individual known issues.
Java (excluding Android)
Tink Java uses an underlying security provider, like Conscrypt, Oracle JDK, OpenJDK, or Bouncy Castle. Any security issue in a provider may be inherited in Tink Java.
We recommend using Tink with the latest version of the provider, especially if you use ECDSA (alternative: ED25519) or AES-GCM (alternatives: AES-EAX, AES-CTR-HMAC-AEAD or XChaCha20-Poly1305).
| Known Issue | Affected Versions |
|---|---|
| Streaming AEAD: Integer overflow | 1.0.0 - 1.3.0 |
| Envelope AEAD: Malleability | All |
| Fork Safety | All |
Android
The minimum API level that Tink supports is 19 (Android KitKat).
On Android, Tink uses the Conscrypt provided by GMS core by default, and Conscrypt otherwise. Any security issue in a provider may be inherited in Tink.
We recommend using Tink with the latest version of the provider.
| Known Issue | Affected Tink Versions | Affected Android API levels |
|---|---|---|
| Streaming AEAD: Integer overflow | 1.0.0 - 1.3.0 | All |
| Envelope AEAD: Malleability | All | All |
| Fork Safety | All | All |
| AesGcm | All | <= 19 |
| Unsupported (see above) | All | <= 18 |
C++
Tink C++ uses either BoringSSL or OpenSSL as an underlying library. Any security issue in the underlying library may be inherited in Tink C++.
| Known Issue | Affected Versions |
|---|---|
| JSON Parsing DoS | 1.0.0 - 2.1.3 |
| Subtle AEAD: AES-CTR-HMAC and EncryptThenAuthenticate | 1.0.0 - 1.3.0 |
| Envelope AEAD: Malleability | All |
| Fork Safety | All |
Python
Tink Python is a wrapper around Tink C++ using pybind11. Any security issue in Tink C++ may be inherited in Tink Python.
| Known Issue | Affected Versions |
|---|---|
| Envelope AEAD: Malleability | All |
| Fork Safety | All |
Go
Tink Go uses the underlying Go crypto libraries. Any security issues in those libraries may be inherited by Tink Go.
| Known Issue | Affected Versions |
|---|---|
| Streaming AEAD: Integer overflow | 1.0.0 - 1.3.0 |
| Envelope AEAD: Malleability | All |
| Fork Safety | All |
Objective-C
Tink Objective-C is a wrapper around Tink C++. Any security issue in Tink C++ may be inherited in Tink Objective-C.
| Known Issue | Affected Versions |
|---|---|
| Envelope AEAD: Malleability | All |
| Fork Safety | All |