From 80bf71662551fb5e6579713dc15e541ac48ccf98 Mon Sep 17 00:00:00 2001
From: seism0saurus <15063119+seism0saurus@users.noreply.github.com>
Date: Sat, 5 Nov 2022 22:20:23 +0100
Subject: [PATCH] Only check the actual used lenght of the hash. (#8709)

---
 libraries/ESP8266WiFi/src/BearSSLHelpers.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp
index dcf04562e..0b18334cb 100644
--- a/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp
+++ b/libraries/ESP8266WiFi/src/BearSSLHelpers.cpp
@@ -945,7 +945,7 @@ extern "C" bool SigningVerifier_verify(PublicKey *_pubKey, UpdaterHashClass *has
     }
     br_rsa_pkcs1_vrfy vrfy = br_rsa_pkcs1_vrfy_get_default();
     bool ret = vrfy((const unsigned char *)signature, signatureLen, hash->oid(), hash->len(), _pubKey->getRSA(), vrf);
-    if (!ret || memcmp(vrf, hash->hash(), sizeof(vrf)) ) {
+    if (!ret || memcmp(vrf, hash->hash(), std::min(HashLengthMax, hash->len())) ) {
       return false;
     } else {
       return true;