From 13c86631ee1e4734b06cbf2ee5f20ace208bf1d7 Mon Sep 17 00:00:00 2001
From: TakayukiMatsuo <tak@wolfssl.com>
Date: Wed, 1 Nov 2023 17:09:40 +0900
Subject: [PATCH] Fix index of signature part in case of RSA

---
 src/internal.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 4d4acee9..f8732546 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -4303,7 +4303,7 @@ static int DoKexDhReply(WOLFSSH* ssh, byte* buf, word32 len, word32* idx)
         /* Verify h with the server's public key. */
         if (ret == WS_SUCCESS) {
 #ifndef WOLFSSH_NO_RSA
-        int tmpIdx = begin;
+        int tmpIdx = begin - sigSz;
 #endif
             /* Skip past the sig name. Check it, though. Other SSH
              * implementations do the verify based on the name, despite what