[svn-upgrade] Integrating new upstream version, strongswan (4.2.9)

1 files changed, 4 insertions, 6 deletions

diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index 61b5b9b64..794fa8123 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -12,7 +12,7 @@
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
  *
- * $Id: openssl_rsa_public_key.c 4317 2008-09-02 11:00:13Z martin $
+ * $Id: openssl_rsa_public_key.c 4567 2008-11-04 14:05:42Z martin $
  */
 
 #include "openssl_rsa_public_key.h"
@@ -90,13 +90,11 @@ static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this,
 		goto error;
 	}
 	
-	/* remove any preceding 0-bytes from signature */
-	while (signature.len && *(signature.ptr) == 0x00)
+	/* VerifyFinal expects a signature of exactly RSA size (no leading 0x00) */
+	if (signature.len > RSA_size(this->rsa))
 	{
-		signature.len -= 1;
-		signature.ptr++;
+		signature = chunk_skip(signature, signature.len - RSA_size(this->rsa));
 	}
-	
 	valid = (EVP_VerifyFinal(ctx, signature.ptr, signature.len, key) == 1);
 	
 error: