New format does not allocate any memory until HMAC check passes, which
guards against untrusted input. All encryption components have been
updated to use the new header, while preserving backward compatibility
to decrypt messages encrypted with the old format. The decoding process
for the old header has been hardened to impose reasonable limits on header
fields: nonce sizes up to 255 bytes, key names up to 500 bytes.
New format does not allocate any memory until HMAC check passes, which guards against untrusted input. All encryption components have been updated to use the new header, while preserving backward compatibility to decrypt messages encrypted with the old format. The decoding process for the old header has been hardened to impose reasonable limits on header fields: nonce sizes up to 255 bytes, key names up to 500 bytes.
Fixes #52.