From 53ce7d718bd9d4da2c139a88da421cff5c438435 Mon Sep 17 00:00:00 2001
From: John Safranek <john@wolfssl.com>
Date: Thu, 1 Feb 2024 15:13:16 -0800
Subject: [PATCH] RSA Verify Fix

1. Switch from wc_RsaSSL_VerifyInline() to wc_RsaSSL_Verify(). Fixes a
   bad free.
---
 src/internal.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/internal.c b/src/internal.c
index dbb601db4..8c710d193 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -9726,25 +9726,25 @@ int wolfSSH_RsaVerify(byte *sig, word32 sigSz,
         const byte* digest, word32 digestSz,
         RsaKey* key, void* heap, const char* loc)
 {
-    byte* checkSig;
+    byte* check;
     int ret = WS_SUCCESS;
 
-    checkSig = (byte*)WMALLOC(sigSz, heap, DYNTYPE_TEMP);
-    if (checkSig == NULL) {
+    check = (byte*)WMALLOC(digestSz, heap, DYNTYPE_TEMP);
+    if (check == NULL) {
         ret = WS_MEMORY_E;
     }
     else {
         int checkSz;
 
-        checkSz = wc_RsaSSL_VerifyInline(sig, sigSz, &checkSig, key);
+        checkSz = wc_RsaSSL_Verify(sig, sigSz, check, digestSz, key);
         if (checkSz < 0
                 || (word32)checkSz != digestSz
-                || WMEMCMP(digest, checkSig, digestSz) != 0) {
+                || WMEMCMP(digest, check, digestSz) != 0) {
             WLOG(WS_LOG_DEBUG, "%s: %s", loc, "Bad RSA Sign Verify");
             ret = WS_RSA_E;
         }
-        ForceZero(checkSig, sigSz);
-        WFREE(checkSig, heap, DYNTYPE_TEMP);
+        ForceZero(check, digestSz);
+        WFREE(check, heap, DYNTYPE_TEMP);
     }
 
     return ret;