Fix check for PSS availability in peer

This commit is contained in:
Sean Parkinson 2017-06-12 09:05:32 +10:00
parent c70fa33094
commit fdcf25b6d1
2 changed files with 7 additions and 2 deletions

View File

@ -16058,6 +16058,11 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
PickHashSigAlgo(ssl, input + *inOutIdx, len);
*inOutIdx += len;
#ifdef WC_RSA_PSS
ssl->pssAlgo = 0;
if (ssl->suites->sigAlgo == rsa_pss_sa_algo)
ssl->pssAlgo |= 1 << ssl->suites->hashAlgo;
#endif
}
/* authorities */
@ -18746,7 +18751,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
#ifdef WC_RSA_PSS
if (IsAtLeastTLSv1_2(ssl) &&
(ssl->pssAlgo | (1 << ssl->suites->hashAlgo))) {
(ssl->pssAlgo & (1 << ssl->suites->hashAlgo))) {
args->sigAlgo = rsa_pss_sa_algo;
}
else

View File

@ -3817,7 +3817,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl)
/* Add signature algorithm. */
if (ssl->hsType == DYNAMIC_TYPE_RSA) {
#ifdef WC_RSA_PSS
if (ssl->pssAlgo | (1 << ssl->suites->hashAlgo))
if (ssl->pssAlgo & (1 << ssl->suites->hashAlgo))
args->sigAlgo = rsa_pss_sa_algo;
else
#endif