From 36418aca76a3f3369b5e640809c8b82cc88ceda7 Mon Sep 17 00:00:00 2001
From: Josh Holtrop <josh@wolfssl.com>
Date: Wed, 26 Nov 2025 10:30:38 -0500
Subject: [PATCH] Set useRsaPss flag in both SSL and CTX structures

---
 src/internal.c     | 3 +++
 src/ssl_load.c     | 8 +++++---
 src/tls13.c        | 2 +-
 wolfssl/internal.h | 5 ++++-
 4 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index 1bbd98d8c..4f39fac1a 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6983,6 +6983,9 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
 #endif
 #ifndef NO_RSA
     ssl->options.minRsaKeySz = ctx->minRsaKeySz;
+  #ifdef WC_RSA_PSS
+    ssl->useRsaPss = ctx->useRsaPss;
+  #endif
 #endif
 #ifdef HAVE_ECC
     ssl->options.minEccKeySz = ctx->minEccKeySz;
diff --git a/src/ssl_load.c b/src/ssl_load.c
index a3625052e..dc652748c 100644
--- a/src/ssl_load.c
+++ b/src/ssl_load.c
@@ -1625,10 +1625,12 @@ static int ProcessBufferCertPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
                     ctx->minRsaKeySz, RSA_MAX_SIZE / 8, keySz, RSA_KEY_SIZE_E);
             }
     #ifdef WC_RSA_PSS
-            if (ssl)
-                ssl->ctx->useRsaPss = cert->keyOID == RSAPSSk;
-            else
+            if (ssl) {
+                ssl->useRsaPss = cert->keyOID == RSAPSSk;
+            }
+            if (ctx) {
                 ctx->useRsaPss = cert->keyOID == RSAPSSk;
+            }
     #endif
             break;
 #endif /* !NO_RSA */
diff --git a/src/tls13.c b/src/tls13.c
index b4379000f..b071d5490 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -7907,7 +7907,7 @@ static WC_INLINE void EncodeSigAlg(const WOLFSSL * ssl, byte hashAlgo, byte hsTy
             /* If the private key uses the RSA-PSS OID, and the peer supports
              * the rsa_pss_pss_* signature algorithm in use, then report
              * rsa_pss_pss_* rather than rsa_pss_rsae_*. */
-            if (ssl->ctx->useRsaPss &&
+            if (ssl->useRsaPss &&
                 ((ssl->pssAlgo & (1U << hashAlgo)) != 0U) &&
                 (sha256_mac <= hashAlgo) && (hashAlgo <= sha512_mac))
             {
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 75be406a2..4f8cd2a29 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -3908,7 +3908,7 @@ struct WOLFSSL_CTX {
 #ifndef NO_RSA
     short       minRsaKeySz;      /* minimum RSA key size */
 #ifdef WC_RSA_PSS
-    word8       useRsaPss;
+    word8       useRsaPss;        /* cert supports RSA-PSS */
 #endif
 #endif
 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
@@ -5941,6 +5941,9 @@ struct WOLFSSL {
     byte*           peerSceTsipEncRsaKeyIndex;
 #endif
     byte            peerRsaKeyPresent;
+#ifdef WC_RSA_PSS
+    word8           useRsaPss;           /* cert supports RSA-PSS */
+#endif
 #endif
 #if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
     word16          namedGroup;