You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
if curveBits != keysiz*8 {
return nil, errors.New("key size does not match curve bit size")
}
But this check is not ok. See for example https://tools.ietf.org/html/rfc7515 ECDSA P-521 SHA-512. The README says this algorithm is supported but it returns an error.
In sign/ecdsa.go there is a the following check:
But this check is not ok. See for example https://tools.ietf.org/html/rfc7515 ECDSA P-521 SHA-512. The README says this algorithm is supported but it returns an error.
The code needs to account for such curves. Example solution: https://github.com/kelseyhightower/app/blob/master/vendor/github.com/dgrijalva/jwt-go/ecdsa.go
gopkg.in/square/go-jose.v2/cryptosigner/cryptosigner.go
The text was updated successfully, but these errors were encountered: