[xmlsec] HMACOutputLength bug?

Rich Salz rsalz@datapower.com
Fri, 24 Jan 2003 11:47:37 -0500


We tried an interop test (against our product) with a length of 91 and 
it failed.  The bug seems to be that xmlsec rounds down to the nearest 
bytecount?
         if(content != NULL) {
             res = atoi((char*)content) / 8;
The fix looks a little tricky, since changing "digestSize" from bytes to 
  bits would be pretty pervasive.  Perhaps adding a "outputBits" field 
which, if non-zero, is used as a mask?
	/r$