Fix check for PSS availability in peer

2017-06-12 09:05:32 +10:00 · 2017-06-12 09:05:32 +10:00 · fdcf25b6d1
commit fdcf25b6d1
parent c70fa33094
2 changed files with 7 additions and 2 deletions
--- a/src/internal.c
+++ b/src/internal.c
@ -16058,6 +16058,11 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,

            PickHashSigAlgo(ssl, input + *inOutIdx, len);
            *inOutIdx += len;
+    #ifdef WC_RSA_PSS
+            ssl->pssAlgo = 0;
+            if (ssl->suites->sigAlgo == rsa_pss_sa_algo)
+                ssl->pssAlgo |= 1 << ssl->suites->hashAlgo;
+    #endif
        }

        /* authorities */
@ -18746,7 +18751,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
            if (ssl->hsType == DYNAMIC_TYPE_RSA) {
        #ifdef WC_RSA_PSS
                if (IsAtLeastTLSv1_2(ssl) &&
-                                (ssl->pssAlgo | (1 << ssl->suites->hashAlgo))) {
+                                (ssl->pssAlgo & (1 << ssl->suites->hashAlgo))) {
                    args->sigAlgo = rsa_pss_sa_algo;
                }
                else
--- a/src/tls13.c
+++ b/src/tls13.c
@ -3817,7 +3817,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl)
            /* Add signature algorithm. */
            if (ssl->hsType == DYNAMIC_TYPE_RSA) {
        #ifdef WC_RSA_PSS
-                if (ssl->pssAlgo | (1 << ssl->suites->hashAlgo))
+                if (ssl->pssAlgo & (1 << ssl->suites->hashAlgo))
                    args->sigAlgo = rsa_pss_sa_algo;
                else
        #endif