diff --git a/ChangeLog b/ChangeLog
index 51c002cad..487a59a06 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,8 @@ Security
      data is all zeros.
 
 Bugfix
+   * Fix some invalid RSA-PSS signatures with keys of size 8N+1 that were
+     accepted. Generating these signatures required the private key.
    * Fix ssl_parse_record_header() to silently discard invalid DTLS records
      as recommended in RFC 6347 Section 4.1.2.7.
 
diff --git a/library/rsa.c b/library/rsa.c
index d923bc924..d2bddf662 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -1405,8 +1405,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
     while( p < hash_start - 1 && *p == 0 )
         p++;
 
-    if( p == hash_start ||
-        *p++ != 0x01 )
+    if( *p++ != 0x01 )
     {
         mbedtls_md_free( &md_ctx );
         return( MBEDTLS_ERR_RSA_INVALID_PADDING );