-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

diff --git a/lib/libswan/pubkey_rsa.c b/lib/libswan/pubkey_rsa.c
index d2f36cb3da..0c5a1c91e3 100644
- --- a/lib/libswan/pubkey_rsa.c
+++ b/lib/libswan/pubkey_rsa.c
@@ -491,7 +491,7 @@ static struct hash_signature RSA_sign_hash_pkcs1_1_5_rsa(const struct secret_stu
 static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *expected_hash,
 						     shunk_t signature,
 						     struct pubkey *pubkey,
- -						     const struct hash_desc *unused_hash_algo UNUSED,
+						     const struct hash_desc *hash_alg,
 						     diag_t *fatal_diag,
 						     struct logger *logger)
 {
@@ -509,58 +509,24 @@ static bool RSA_authenticate_signature_pkcs1_1_5_rsa(const struct crypt_mac *exp
 			      *expected_hash);
 	}
 
- -	/*
- -	 * Use the same space used by the out going hash.
- -	 */
- -
- -	SECItem decrypted_signature = {
- -		.type = siBuffer,
- -	};
- -
- -	if (SECITEM_AllocItem(NULL, &decrypted_signature, signature.len) == NULL) {
- -		llog_nss_error(RC_LOG, logger, "allocating space for decrypted RSA signature");
- -		return false;
- -	}
+	SECItem hash_item =
+		same_shunk_as_secitem(HUNK_AS_SHUNK(*expected_hash), siBuffer);
 
 	/* NSS doesn't do const */
- -	const SECItem encrypted_signature = {
- -		.type = siBuffer,
- -		.data = DISCARD_CONST(unsigned char *, signature.ptr),
- -		.len  = signature.len,
- -	};
- -
- -	if (PK11_VerifyRecover(seckey_public, &encrypted_signature, &decrypted_signature,
- -			       lsw_nss_get_password_context(logger)) != SECSuccess) {
- -		SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
- -		dbg("NSS RSA verify: decrypting signature is failed");
- -		*fatal_diag = NULL;
- -		return false;
- -	}
- -
- -	if (DBGP(DBG_CRYPT)) {
- -		LLOG_JAMBUF(DEBUG_STREAM, logger, buf) {
- -			jam_string(buf, "NSS RSA verify: decrypted sig: ");
- -			jam_nss_secitem(buf, &decrypted_signature);
- -		}
- -	}
+	SECItem signature_item =
+		same_shunk_as_secitem(signature, siBuffer);
 
- -	/*
- -	 * Expect the matching hash to appear at the end.  See above
- -	 * for length check.  It may, or may not, be prefixed by a
- -	 * PKCS#1 1.5 RSA ASN.1 blob.
- -	 */
- -	passert(decrypted_signature.len >= expected_hash->len);
- -	uint8_t *start = (decrypted_signature.data
- -			  + decrypted_signature.len
- -			  - expected_hash->len);
- -	if (!memeq(start, expected_hash->ptr, expected_hash->len)) {
- -		dbg("RSA Signature NOT verified");
- -		SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
+	if (VFY_VerifyDigestDirect(&hash_item,
+				   seckey_public,
+				   &signature_item,
+				   /*pubkey algorithm*/SEC_OID_PKCS1_RSA_ENCRYPTION,
+				   /*hash algorithm*/hash_alg->nss.oid_tag,
+				   lsw_nss_get_password_context(logger)) != SECSuccess) {
+		ldbg_nss_error(logger, "NSS VFY_VerifyDigest() failed");
 		*fatal_diag = NULL;
 		return false;
 	}
 
- -	SECITEM_FreeItem(&decrypted_signature, PR_FALSE/*not-pointer*/);
 	*fatal_diag = NULL;
 	return true;
 }
-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEEkH55DyXB6OVhzXO1hf9LQ7MPxvkFAmo8EoETHHRlYW1AbGli
cmVzd2FuLm9yZwAKCRCF/0tDsw/G+ZQhD/oCjvkbbMp4i7MCWYmUwWd3s2l6w9Is
iLwnmJ3Iy2rHl1MERD8Bcqvzs3vAyqVPYuhFwQDTzJuSbx1Sefdui0VT5tpaP3Ym
zIkMn4wAvMK2ds6Nx1ZX0qHWIe4GduZNqSwMtQV228m6dG3J+ZW/76HQxPaOVPbs
FkDWETatsH8G+wv9v2QkTyBElVRLCfL6q01uM5AjL/R0VSpvWSik8oZqk5KsDWoK
svhTE6k4Kdmkcdmj9LdlSuxY+cf0qogCn/ZWfyBHw8RvHrKlGkoA+BUQXhPhGfy5
VNRwos0Idivja9k7/muebSuNIuf1CpCnfpYLzkAAzpOCda5fEjgZQX7VbxJgqGJt
JtHp1LIeZwa3mPanuylAgYvA86+a27P64SGtmMQiSCvH0gO2zpfaWNhc2igpEBIu
CkKxsuIWQmk083NZr6rKLVCuX3pBBM3KyCEJie6W0dXuP1ARQqXhv+NxKH7ZKUwT
9P/zjomEB7wxRBbqgEVX/Kov/7ctRTE5HxjFsVl+5RkmwwPAPwP4Tu1564LyelIr
x3z5NxVHjgbWmwNl3pBdKKZYyS1cRBJ1jdkwlUId2ncDpQlACtT9RjGZZOkLISUg
zxd8lOOpDkyEr6CAjSj3aYouOOeQYFj5PjZZvBCP+rbeILpUr6fwwWZA/wBYAdvU
Trj+AXudm2Eo3A==
=4c1Z
-----END PGP SIGNATURE-----