From: Thomas Pornin <thomas.pornin@nccgroup.com>
Date: Wed, 8 Jun 2022 12:09:34 +0000 (-0400)
Subject: Fixed RSA PSS verificatiobn bug (when hash_len != salt_len).
X-Git-Url: https://bearssl.org/gitweb//home/git/?p=BearSSL;a=commitdiff_plain;h=6a691e6995489248a82fede6dc845164e8886a72

Fixed RSA PSS verificatiobn bug (when hash_len != salt_len).
---

diff --git a/src/rsa/rsa_pss_sig_unpad.c b/src/rsa/rsa_pss_sig_unpad.c
index a9f8ca3..0c6ae99 100644
--- a/src/rsa/rsa_pss_sig_unpad.c
+++ b/src/rsa/rsa_pss_sig_unpad.c
@@ -114,7 +114,7 @@ br_rsa_pss_sig_unpad(const br_hash_class *hf_data,
 	 * in the string.
 	 */
 	for (u = 0; u < hash_len; u ++) {
-		r |= tmp[u] ^ x[(xlen - salt_len - 1) + u];
+		r |= tmp[u] ^ x[(xlen - hash_len - 1) + u];
 	}
 
 	return EQ0(r);