Closed fxamacker closed 4 years ago
Why are you using an unreleased version of fxamacker/cbor? Was it fuzz tested?
I know the answer but how would anyone else know unless you tell them?
@x448 I needed to add features to fxamacker/cbor to make changes to go-cose smaller. Each commit was fuzz-tested using 1500+ corpus files.
Fuzzing duration for new release is much longer. Fuzzing for release 2.2 was 300+ hours. I'm waiting for additional features to make a 2.3 release worth the fuzzing overhead.
@g-k I'm not sure why CI checks appear to be stuck.
Please let me know if you need any changes. Thanks!
Awesome! I'll take a look tomorrow.
Replaced ugorji/go with fxamacker/cbor without changing go-cose API.
Also this PR improves performance and memory usage for encoding and decoding SignMessage.
Using ugorji/go library:
Using fxamacker/cbor/v2 library:
Benchmarks use RFC 8152 Appendix C.1.1 data.
Closes #62