From c9c2e1a8a7c3c269e093725f30029ee9039dcc52 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Wed, 21 Mar 2018 08:33:54 +1000
Subject: [PATCH] Don't base signature algorithm support on certificate

The signature algorithm support is what you can do with another key, not
what you can do with your key.
---
 src/internal.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 7470b46bf..ae1155df4 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -1753,16 +1753,12 @@ void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig, int haveRSAsig,
         #ifdef WC_RSA_PSS
             if (tls1_2) {
             #ifdef WOLFSSL_SHA512
-                if (keySz == 0 || keySz >= MIN_RSA_SHA512_PSS_BITS) {
-                    suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;
-                    suites->hashSigAlgo[idx++] = sha512_mac;
-                }
+                suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;
+                suites->hashSigAlgo[idx++] = sha512_mac;
             #endif
             #ifdef WOLFSSL_SHA384
-                if (keySz == 0 || keySz >= MIN_RSA_SHA384_PSS_BITS) {
-                  suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;
-                  suites->hashSigAlgo[idx++] = sha384_mac;
-                }
+                suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;
+                suites->hashSigAlgo[idx++] = sha384_mac;
             #endif
             #ifndef NO_SHA256
                 suites->hashSigAlgo[idx++] = rsa_pss_sa_algo;