X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=src%2Fssl%2Fssl_scert_single_rsa.c;h=b2c77679fe38b98dc3466c660c24052fdb2738af;hp=b5f0e69d943540b8b11c0b6cddbd7cf0ccdf48b1;hb=dda1f8a0c46e15b4a235163470ff700b2f13dcc5;hpb=ef318ef83a3a58b0a9e036676b84d11261ed7bb4

diff --git a/src/ssl/ssl_scert_single_rsa.c b/src/ssl/ssl_scert_single_rsa.c
index b5f0e69..b2c7767 100644
--- a/src/ssl/ssl_scert_single_rsa.c
+++ b/src/ssl/ssl_scert_single_rsa.c
@@ -33,12 +33,17 @@ sr_choose(const br_ssl_server_policy_class **pctx,
 	const br_suite_translated *st;
 	size_t u, st_num;
 	unsigned hash_id;
+	int fh;
 
 	pc = (br_ssl_server_policy_rsa_context *)pctx;
 	st = br_ssl_server_get_client_suites(cc, &st_num);
-	hash_id = br_ssl_choose_hash(br_ssl_server_get_client_hashes(cc));
 	if (cc->eng.session.version < BR_TLS12) {
 		hash_id = 0;
+		fh = 1;
+	} else {
+		hash_id = br_ssl_choose_hash(
+			br_ssl_server_get_client_hashes(cc));
+		fh = (hash_id != 0);
 	}
 	choices->chain = pc->chain;
 	choices->chain_len = pc->chain_len;
@@ -54,9 +59,7 @@ sr_choose(const br_ssl_server_policy_class **pctx,
 			}
 			break;
 		case BR_SSLKEYX_ECDHE_RSA:
-			if ((pc->allowed_usages & BR_KEYTYPE_SIGN) != 0
-				&& hash_id != 0)
-			{
+			if ((pc->allowed_usages & BR_KEYTYPE_SIGN) != 0 && fh) {
 				choices->cipher_suite = st[u][0];
 				choices->algo_id = hash_id + 0xFF00;
 				return 1;
@@ -69,12 +72,12 @@ sr_choose(const br_ssl_server_policy_class **pctx,
 
 static uint32_t
 sr_do_keyx(const br_ssl_server_policy_class **pctx,
-	unsigned char *data, size_t len)
+	unsigned char *data, size_t *len)
 {
 	br_ssl_server_policy_rsa_context *pc;
 
 	pc = (br_ssl_server_policy_rsa_context *)pctx;
-	return br_rsa_ssl_decrypt(pc->irsacore, pc->sk, data, len);
+	return br_rsa_ssl_decrypt(pc->irsacore, pc->sk, data, *len);
 }
 
 /*