Workaround for a bearssl bug in do_sign

Credit to Erico Nogueira for reporting and helping find the bug. Signed-off-by: Laurent Bercot <ska@appnovation.com>
author: Laurent Bercot <ska-skaware@skarnet.org> 2021-10-19 22:50:29 +0000
committer: Laurent Bercot <ska@appnovation.com> 2021-10-19 22:50:29 +0000
commit: d08be2d1abb00110c5e10660df7f662b07c96938 (patch)
tree: 72042515967a11fc89dc67370b75ca2251d7d324
parent: 2732e2cfdbe1015bba929fdf4bc80521f3e32b16 (diff)
download: s6-networking-d08be2d1abb00110c5e10660df7f662b07c96938.tar.xz
1 files changed, 1 insertions, 0 deletions
diff --git a/src/sbearssl/sbearssl_sni_policy_vtable.c b/src/sbearssl/sbearssl_sni_policy_vtable.c
index ea97f53..973dab7 100644
--- a/src/sbearssl/sbearssl_sni_policy_vtable.c
+++ b/src/sbearssl/sbearssl_sni_policy_vtable.c
@@ -167,6 +167,7 @@ static inline size_t sign_ec (sbearssl_sni_policy_context *pol, unsigned int alg
 static size_t do_sign (br_ssl_server_policy_class const **pctx, unsigned int algo_id, unsigned char *data, size_t hv_len, size_t len)
 {
   sbearssl_sni_policy_context *pol = INSTANCE(pctx) ;
+  algo_id &= 0xff ;  /* workaround for bearssl bug */
   switch (pol->skey.type)
   {
     case BR_KEYTYPE_RSA : return sign_rsa(pol, algo_id, data, hv_len, len) ;
author	Laurent Bercot <ska-skaware@skarnet.org>	2021-10-19 22:50:29 +0000
committer	Laurent Bercot <ska@appnovation.com>	2021-10-19 22:50:29 +0000
commit	d08be2d1abb00110c5e10660df7f662b07c96938 (patch)
tree	72042515967a11fc89dc67370b75ca2251d7d324
parent	2732e2cfdbe1015bba929fdf4bc80521f3e32b16 (diff)
download	s6-networking-d08be2d1abb00110c5e10660df7f662b07c96938.tar.xz