We tried an interop test (against our product) with a length of 91 and
it failed. The bug seems to be that xmlsec rounds down to the nearest
bytecount?
if(content != NULL) {
res = atoi((char*)content) / 8;
The fix looks a little tricky, since changing "digestSize" from bytes to
bits would be pretty pervasive. Perhaps adding a "outputBits" field
which, if non-zero, is used as a mask?
/r$
_______________________________________________
xmlsec mailing list
[EMAIL PROTECTED]
http://www.aleksey.com/mailman/listinfo/xmlsec
- Re: [xmlsec] HMACOutputLength bug? Rich Salz
- Re: [xmlsec] HMACOutputLength bug? Aleksey Sanin
