From fdcf25b6d181fb3911a3bc02340cf913c530eb8b Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Mon, 12 Jun 2017 09:05:32 +1000
Subject: [PATCH] Fix check for PSS availability in peer

---
 src/internal.c | 7 ++++++-
 src/tls13.c    | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 8a3e89b70..3db69c74d 100755
--- a/src/internal.c
+++ b/src/internal.c
@@ -16058,6 +16058,11 @@ void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
 
             PickHashSigAlgo(ssl, input + *inOutIdx, len);
             *inOutIdx += len;
+    #ifdef WC_RSA_PSS
+            ssl->pssAlgo = 0;
+            if (ssl->suites->sigAlgo == rsa_pss_sa_algo)
+                ssl->pssAlgo |= 1 << ssl->suites->hashAlgo;
+    #endif
         }
 
         /* authorities */
@@ -18746,7 +18751,7 @@ int SendCertificateVerify(WOLFSSL* ssl)
             if (ssl->hsType == DYNAMIC_TYPE_RSA) {
         #ifdef WC_RSA_PSS
                 if (IsAtLeastTLSv1_2(ssl) &&
-                                (ssl->pssAlgo | (1 << ssl->suites->hashAlgo))) {
+                                (ssl->pssAlgo & (1 << ssl->suites->hashAlgo))) {
                     args->sigAlgo = rsa_pss_sa_algo;
                 }
                 else
diff --git a/src/tls13.c b/src/tls13.c
index 852b30f80..5b313842c 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -3817,7 +3817,7 @@ int SendTls13CertificateVerify(WOLFSSL* ssl)
             /* Add signature algorithm. */
             if (ssl->hsType == DYNAMIC_TYPE_RSA) {
         #ifdef WC_RSA_PSS
-                if (ssl->pssAlgo | (1 << ssl->suites->hashAlgo))
+                if (ssl->pssAlgo & (1 << ssl->suites->hashAlgo))
                     args->sigAlgo = rsa_pss_sa_algo;
                 else
         #endif