From eb172386fd6dd4b8acb8589751dabb7f82e73716 Mon Sep 17 00:00:00 2001 From: Ulrich Date: Sat, 5 Nov 2022 12:36:39 +0100 Subject: [PATCH] Only check the actual used lenght of the hash. --- libraries/ESP8266WiFi/src/BearSSLHelpers.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp index dcf04562e0..0b18334cbd 100644 --- a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp +++ b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp @@ -945,7 +945,7 @@ extern "C" bool SigningVerifier_verify(PublicKey *_pubKey, UpdaterHashClass *has } br_rsa_pkcs1_vrfy vrfy = br_rsa_pkcs1_vrfy_get_default(); bool ret = vrfy((const unsigned char *)signature, signatureLen, hash->oid(), hash->len(), _pubKey->getRSA(), vrf); - if (!ret || memcmp(vrf, hash->hash(), sizeof(vrf)) ) { + if (!ret || memcmp(vrf, hash->hash(), std::min(HashLengthMax, hash->len())) ) { return false; } else { return true;