diff --git a/src/tls13.c b/src/tls13.c index 101b31541a..0bc741ad16 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -7791,7 +7791,6 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, int sendSz; word32 i; word32 reqSz; - word16 hashSigAlgoSz = 0; SignatureAlgorithms* sa; WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND); @@ -7802,14 +7801,11 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, if (ssl->options.side != WOLFSSL_SERVER_END) return SIDE_ERROR; - /* Get the length of the hashSigAlgo buffer */ - InitSuitesHashSigAlgo(NULL, SIG_ALL, 1, 1, ssl->buffers.keySz, - &hashSigAlgoSz); - sa = TLSX_SignatureAlgorithms_New(ssl, hashSigAlgoSz, ssl->heap); + /* Use ssl->suites->hashSigAlgo so wolfSSL_set1_sigalgs_list() is honored. + * hashSigAlgoSz=0 makes GetSize/Write fall back to WOLFSSL_SUITES(ssl). */ + sa = TLSX_SignatureAlgorithms_New(ssl, 0, ssl->heap); if (sa == NULL) return MEMORY_ERROR; - InitSuitesHashSigAlgo(sa->hashSigAlgo, SIG_ALL, 1, 1, ssl->buffers.keySz, - &hashSigAlgoSz); ret = TLSX_Push(&ssl->extensions, TLSX_SIGNATURE_ALGORITHMS, sa, ssl->heap); if (ret != 0) { TLSX_SignatureAlgorithms_FreeAll(sa, ssl->heap);