CVE 2016-9243
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.
See the
CVE page on Mitre.org
for more details.
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.