From 97187c5a3199d1d330464d49f2fae08e9f63f6bb Mon Sep 17 00:00:00 2001
From: Lucas Clemente <lucas@clemente.io>
Date: Tue, 12 Apr 2016 12:16:46 +0200
Subject: [PATCH] fix proof signature algorithm

---
 crypto/proof_rsa.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/crypto/proof_rsa.go b/crypto/proof_rsa.go
index b33e3eac..f9e4eda1 100644
--- a/crypto/proof_rsa.go
+++ b/crypto/proof_rsa.go
@@ -1,12 +1,16 @@
 package crypto
 
 import (
+	"bytes"
+	"compress/zlib"
 	"crypto"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/x509"
 	"io/ioutil"
+
+	"github.com/lucas-clemente/quic-go/utils"
 )
 
 // KeyData stores a key and a certificate for the server proof
@@ -40,9 +44,10 @@ func LoadKeyData(certFileName string, keyFileName string) (*KeyData, error) {
 // SignServerProof signs CHLO and server config for use in the server proof
 func (kd *KeyData) SignServerProof(chlo []byte, serverConfigData []byte) ([]byte, error) {
 	hash := sha256.New()
-	hash.Write([]byte("QUIC server config signature\x00"))
+	hash.Write([]byte("QUIC CHLO and server config signature\x00"))
 	chloHash := sha256.Sum256(chlo)
+	hash.Write([]byte{32, 0, 0, 0})
 	hash.Write(chloHash[:])
 	hash.Write(serverConfigData)
-	return rsa.SignPSS(rand.Reader, kd.key, crypto.SHA256, hash.Sum(nil), nil)
+	return rsa.SignPSS(rand.Reader, kd.key, crypto.SHA256, hash.Sum(nil), &rsa.PSSOptions{SaltLength: 32})
 }