From 17a03374bf75ec1c55def814c582fba9b2097eb0 Mon Sep 17 00:00:00 2001
From: joe <joe@61a7d7f5-40b7-0310-9c16-bb0ea8cb1845>
Date: Mon, 24 Sep 2018 12:52:05 +0000
Subject: * src/ne_pkcs11.c (pk11_rsa_encrypt): Fix for padding used with  
 TLSv1.3 under RSASSA-PSS.

git-svn-id: http://svn.webdav.org/repos/projects/neon/trunk@2021 61a7d7f5-40b7-0310-9c16-bb0ea8cb1845
---
 src/ne_pkcs11.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ne_pkcs11.c b/src/ne_pkcs11.c
index a388e7e..4eaa7e7 100644
--- a/src/ne_pkcs11.c
+++ b/src/ne_pkcs11.c
@@ -113,13 +113,13 @@ static int pk11_rsa_encrypt(int mlen, const unsigned char *m,
         return 0;
     }
 
-    if (padding != RSA_PKCS1_PADDING) {
+    if (padding != RSA_PKCS1_PADDING && padding != RSA_NO_PADDING) {
         NE_DEBUG(NE_DBG_SSL, "pk11: Cannot sign, unknown padding mode '%d'.\n", padding);
         RSAerr(PK11_RSA_ERR,ERR_R_RSA_LIB);
         return 0;
     }        
 
-    mech.mechanism = CKM_RSA_PKCS;
+    mech.mechanism = padding == RSA_PKCS1_PADDING ? CKM_RSA_PKCS : CKM_RSA_X_509;
     mech.parameter = NULL;
     mech.parameter_len = 0;
 
-- 
cgit v1.2.1