diff --git a/ChangeLog b/ChangeLog
index 9b3dc5c18..3de318419 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,10 @@ Security
    * Fix buffer overflow in RSA-PSS verification when the unmasked
      data is all zeros.
 
+Bugfix
+   * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
+     accepted. Generating these signatures required the private key.
+
 = mbed TLS 1.3.21 branch released 2017-08-10
 
 Security
diff --git a/library/rsa.c b/library/rsa.c
index 923294f0b..bbb028675 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1405,8 +1405,7 @@ int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
     while( p < hash_start - 1 && *p == 0 )
         p++;
 
-    if( p == hash_start ||
-        *p++ != 0x01 )
+    if( *p++ != 0x01 )
     {
         md_free( &md_ctx );
         return( POLARSSL_ERR_RSA_INVALID_PADDING );