Known issues

This page lists known issues in Tink, sorted by language version:

Follow the links in the tables for more information on individual known issues.

Java (excluding Android)

Tink Java uses an underlying security provider, like Conscrypt, Oracle JDK, OpenJDK, or Bouncy Castle. Any security issue in a provider may be inherited in Tink Java.

We recommend using Tink with the latest version of the provider, especially if you use ECDSA (alternative: ED25519) or AES-GCM (alternatives: AES-EAX, AES-CTR-HMAC-AEAD or XChaCha20-Poly1305).

Known Issue Affected Versions
Streaming AEAD: Integer overflow 1.0.0 - 1.3.0
Envelope AEAD: Malleability All
Fork Safety All

Android

The minimum API level that Tink supports is 19 (Android KitKat).

On Android, Tink uses the Conscrypt provided by GMS core by default, and Conscrypt otherwise. Any security issue in a provider may be inherited in Tink.

We recommend using Tink with the latest version of the provider.

Known Issue Affected Tink Versions Affected Android API levels
Streaming AEAD: Integer overflow 1.0.0 - 1.3.0 All
Envelope AEAD: Malleability All All
Fork Safety All All
AesGcm All <= 19
Unsupported (see above) All <= 18

C++

Tink C++ uses either BoringSSL or OpenSSL as an underlying library. Any security issue in the underlying library may be inherited in Tink C++.

Known Issue Affected Versions
JSON Parsing DoS 1.0.0 - 2.1.3
Subtle AEAD: AES-CTR-HMAC and EncryptThenAuthenticate 1.0.0 - 1.3.0
Envelope AEAD: Malleability All
Fork Safety All

Python

Tink Python is a wrapper around Tink C++ using pybind11. Any security issue in Tink C++ may be inherited in Tink Python.

Known Issue Affected Versions
Envelope AEAD: Malleability All
Fork Safety All

Go

Tink Go uses the underlying Go crypto libraries. Any security issues in those libraries may be inherited by Tink Go.

Known Issue Affected Versions
Streaming AEAD: Integer overflow 1.0.0 - 1.3.0
Envelope AEAD: Malleability All
Fork Safety All

Objective-C

Tink Objective-C is a wrapper around Tink C++. Any security issue in Tink C++ may be inherited in Tink Objective-C.

Known Issue Affected Versions
Envelope AEAD: Malleability All
Fork Safety All