You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The buffer is either from ArrayPool or from Stackalloc - ArrayPool does not garantuee to null the array. So you get random Kids when the last bytes differ because they dont get initialized.
I think the Renting is also wrong - you use Stackalloc if canonicalSize is bigger than 256 - i think the condition should be reversed - using stack alloc for smaller arrays right?
I didnt check for RSA and the others, potentially they share some of those bugs.
I can do PRs if you like. Right now our project is running on your "2.0.0-beta.4" i would like to have a stable version :-)
If you dont do maintenance on this project i would be ready to fork this - your library is awesome and much better than the crap Microsoft implemented for their authorization. Want to see it fly :-)
The text was updated successfully, but these errors were encountered:
Hello,
in EC JWK the size is calculated by:
but it should be
because Crv.Name.EncodedUtf8Bytes is copied in Canonicalize:
This is a problem because ComputeThumbprint uses this Value for the call to ComputeHash:
Sha256.Shared.ComputeHash(buffer.Slice(0, canonicalizeSize), span);
The buffer is either from ArrayPool or from Stackalloc - ArrayPool does not garantuee to null the array. So you get random Kids when the last bytes differ because they dont get initialized.
I think the Renting is also wrong - you use Stackalloc if canonicalSize is bigger than 256 - i think the condition should be reversed - using stack alloc for smaller arrays right?
I didnt check for RSA and the others, potentially they share some of those bugs.
I can do PRs if you like. Right now our project is running on your "2.0.0-beta.4" i would like to have a stable version :-)
If you dont do maintenance on this project i would be ready to fork this - your library is awesome and much better than the crap Microsoft implemented for their authorization. Want to see it fly :-)
The text was updated successfully, but these errors were encountered: