rsa_verify_hash: fix possible bleichenbacher signature attack

src/pk/rsa/rsa_verify_hash.c

@@ -103,7 +103,7 @@ int rsa_verify_hash_ex(const unsigned char *sig,      unsigned long siglen,
  } else {
    /* PKCS #1 v1.5 decode it */
    unsigned char *out;
    unsigned long outlen, loid[16];
    unsigned long outlen, loid[16], reallen;
    int           decoded;
    ltc_asn1_list digestinfo[2], siginfo[2];

@@ -145,8 +145,14 @@ int rsa_verify_hash_ex(const unsigned char *sig,      unsigned long siglen,
       goto bail_2;
    }

    if ((err = der_length_sequence(siginfo, 2, &reallen)) != CRYPT_OK) {
       XFREE(out);
       goto bail_2;
    }

    /* test OID */
    if ((digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
    if ((reallen == outlen) &&
        (digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
        (XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) &&
        (siginfo[1].size == hashlen) &&
        (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) {