From 6a691e6995489248a82fede6dc845164e8886a72 Mon Sep 17 00:00:00 2001 From: Thomas Pornin Date: Wed, 8 Jun 2022 08:09:34 -0400 Subject: [PATCH 1/1] Fixed RSA PSS verificatiobn bug (when hash_len != salt_len). --- src/rsa/rsa_pss_sig_unpad.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rsa/rsa_pss_sig_unpad.c b/src/rsa/rsa_pss_sig_unpad.c index a9f8ca3..0c6ae99 100644 --- a/src/rsa/rsa_pss_sig_unpad.c +++ b/src/rsa/rsa_pss_sig_unpad.c @@ -114,7 +114,7 @@ br_rsa_pss_sig_unpad(const br_hash_class *hf_data, * in the string. */ for (u = 0; u < hash_len; u ++) { - r |= tmp[u] ^ x[(xlen - salt_len - 1) + u]; + r |= tmp[u] ^ x[(xlen - hash_len - 1) + u]; } return EQ0(r); -- 2.17.1