From d08be2d1abb00110c5e10660df7f662b07c96938 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Tue, 19 Oct 2021 22:50:29 +0000 Subject: Workaround for a bearssl bug in do_sign Credit to Erico Nogueira for reporting and helping find the bug. Signed-off-by: Laurent Bercot --- src/sbearssl/sbearssl_sni_policy_vtable.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/sbearssl') diff --git a/src/sbearssl/sbearssl_sni_policy_vtable.c b/src/sbearssl/sbearssl_sni_policy_vtable.c index ea97f53..973dab7 100644 --- a/src/sbearssl/sbearssl_sni_policy_vtable.c +++ b/src/sbearssl/sbearssl_sni_policy_vtable.c @@ -167,6 +167,7 @@ static inline size_t sign_ec (sbearssl_sni_policy_context *pol, unsigned int alg static size_t do_sign (br_ssl_server_policy_class const **pctx, unsigned int algo_id, unsigned char *data, size_t hv_len, size_t len) { sbearssl_sni_policy_context *pol = INSTANCE(pctx) ; + algo_id &= 0xff ; /* workaround for bearssl bug */ switch (pol->skey.type) { case BR_KEYTYPE_RSA : return sign_rsa(pol, algo_id, data, hv_len, len) ; -- cgit v1.2.3