3 files changed, 34 insertions, 19 deletions

diff --git a/crypto/src/crypto/signers/PssSigner.cs b/crypto/src/crypto/signers/PssSigner.cs

index 66efa51b8..2a941df47 100644
--- a/crypto/src/crypto/signers/PssSigner.cs
+++ b/crypto/src/crypto/signers/PssSigner.cs
@@ -15,7 +15,7 @@ namespace Org.BouncyCastle.Crypto.Signers
 	public class PssSigner
 		: ISigner
 	{
-		public const byte TrailerImplicit = (byte)0xBC;
+		public const byte TrailerImplicit = 0xBC;
 
 		private readonly IDigest contentDigest1, contentDigest2;
 		private readonly IDigest mgfDigest;
@@ -33,23 +33,23 @@ namespace Org.BouncyCastle.Crypto.Signers
 		private byte[] block;
 		private byte trailer;
 
-		public static PssSigner CreateRawSigner(
-			IAsymmetricBlockCipher	cipher,
-			IDigest					digest)
+		public static PssSigner CreateRawSigner(IAsymmetricBlockCipher cipher, IDigest digest)
 		{
 			return new PssSigner(cipher, new NullDigest(), digest, digest, digest.GetDigestSize(), null, TrailerImplicit);
 		}
 
-		public static PssSigner CreateRawSigner(
-			IAsymmetricBlockCipher	cipher,
-			IDigest					contentDigest,
-			IDigest					mgfDigest,
-			int						saltLen,
-			byte					trailer)
+		public static PssSigner CreateRawSigner(IAsymmetricBlockCipher cipher, IDigest contentDigest, IDigest mgfDigest,
+			int saltLen, byte trailer)
 		{
 			return new PssSigner(cipher, new NullDigest(), contentDigest, mgfDigest, saltLen, null, trailer);
 		}
 
+		public static PssSigner CreateRawSigner(IAsymmetricBlockCipher cipher, IDigest contentDigest, IDigest mgfDigest,
+			byte[] salt, byte trailer)
+		{
+			return new PssSigner(cipher, new NullDigest(), contentDigest, mgfDigest, salt.Length, salt, trailer);
+		}
+
 		public PssSigner(
 			IAsymmetricBlockCipher	cipher,
 			IDigest					digest)
@@ -225,6 +225,9 @@ namespace Org.BouncyCastle.Crypto.Signers
 		/// </summary>
 		public virtual byte[] GenerateSignature()
 		{
+			if (contentDigest1.GetDigestSize() != hLen)
+				throw new InvalidOperationException();
+
 			contentDigest1.DoFinal(mDash, mDash.Length - hLen - sLen);
 
 			if (sLen != 0)
@@ -271,7 +274,10 @@ namespace Org.BouncyCastle.Crypto.Signers
 		public virtual bool VerifySignature(
 			byte[] signature)
 		{
-            contentDigest1.DoFinal(mDash, mDash.Length - hLen - sLen);
+			if (contentDigest1.GetDigestSize() != hLen)
+				throw new InvalidOperationException();
+
+			contentDigest1.DoFinal(mDash, mDash.Length - hLen - sLen);
 
             byte[] b = cipher.ProcessBlock(signature, 0, signature.Length);
             Arrays.Fill(block, 0, block.Length - b.Length, 0);
diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssSigner.cs b/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssSigner.cs

index 3e7d1ceef..1b33573f6 100644
--- a/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssSigner.cs
+++ b/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssSigner.cs
@@ -22,7 +22,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
             this.m_signatureScheme = signatureScheme;
         }
 
-        public override TlsStreamSigner GetStreamSigner(SignatureAndHashAlgorithm algorithm)
+        public override byte[] GenerateRawSignature(SignatureAndHashAlgorithm algorithm, byte[] hash)
         {
             if (algorithm == null || SignatureScheme.From(algorithm) != m_signatureScheme)
                 throw new InvalidOperationException("Invalid algorithm: " + algorithm);
@@ -30,10 +30,18 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
             int cryptoHashAlgorithm = SignatureScheme.GetCryptoHashAlgorithm(m_signatureScheme);
             IDigest digest = m_crypto.CreateDigest(cryptoHashAlgorithm);
 
-            PssSigner signer = new PssSigner(new RsaBlindedEngine(), digest, digest.GetDigestSize());
+            PssSigner signer = PssSigner.CreateRawSigner(new RsaBlindedEngine(), digest, digest, digest.GetDigestSize(),
+                PssSigner.TrailerImplicit);
             signer.Init(true, new ParametersWithRandom(m_privateKey, m_crypto.SecureRandom));
-
-            return new BcTlsStreamSigner(signer);
+            signer.BlockUpdate(hash, 0, hash.Length);
+            try
+            {
+                return signer.GenerateSignature();
+            }
+            catch (CryptoException e)
+            {
+                throw new TlsFatalAlert(AlertDescription.internal_error, e);
+            }
         }
     }
 }
diff --git a/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssVerifier.cs b/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssVerifier.cs

index dc8cebdd9..18c2082aa 100644
--- a/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssVerifier.cs
+++ b/crypto/src/tls/crypto/impl/bc/BcTlsRsaPssVerifier.cs
@@ -22,7 +22,7 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
             this.m_signatureScheme = signatureScheme;
         }
 
-        public override TlsStreamVerifier GetStreamVerifier(DigitallySigned digitallySigned)
+        public override bool VerifyRawSignature(DigitallySigned digitallySigned, byte[] hash)
         {
             SignatureAndHashAlgorithm algorithm = digitallySigned.Algorithm;
             if (algorithm == null || SignatureScheme.From(algorithm) != m_signatureScheme)
@@ -31,10 +31,11 @@ namespace Org.BouncyCastle.Tls.Crypto.Impl.BC
             int cryptoHashAlgorithm = SignatureScheme.GetCryptoHashAlgorithm(m_signatureScheme);
             IDigest digest = m_crypto.CreateDigest(cryptoHashAlgorithm);
 
-            PssSigner verifier = new PssSigner(new RsaEngine(), digest, digest.GetDigestSize());
+            PssSigner verifier = PssSigner.CreateRawSigner(new RsaEngine(), digest, digest, digest.GetDigestSize(),
+                PssSigner.TrailerImplicit);
             verifier.Init(false, m_publicKey);
-
-            return new BcTlsStreamVerifier(verifier, digitallySigned.Signature);
+            verifier.BlockUpdate(hash, 0, hash.Length);
+            return verifier.VerifySignature(digitallySigned.Signature);
         }
     }
 }