Round buffer size up to word boundary when verifying RSA signatures.

hsmbully tests strange RSA key sizes (eg, 3416 bits) which don't fall
on word boundaries, at which point we have buffer padding and
alignment issues when performing RSA signature verification.

1 files changed, 2 insertions, 2 deletions

diff --git a/rpc_pkey.c b/rpc_pkey.c
index da8bf58..dc8c808 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -715,7 +715,7 @@ static hal_error_t pkey_local_verify_rsa(uint8_t *keybuf, const size_t keybuf_le
                                          const uint8_t * input, size_t input_len,
                                          const uint8_t * const signature, const size_t signature_len)
 {
-  uint8_t expected[signature_len], received[signature_len];
+  uint8_t expected[signature_len], received[(signature_len + 3) & ~3];
   hal_rsa_key_t *key = NULL;
   hal_error_t err;
 
@@ -748,7 +748,7 @@ static hal_error_t pkey_local_verify_rsa(uint8_t *keybuf, const size_t keybuf_le
 
   unsigned diff = 0;
   for (int i = 0; i < signature_len; i++)
-    diff |= expected[i] ^ received[i];
+    diff |= expected[i] ^ received[i + sizeof(received) - sizeof(expected)];
 
   if (diff != 0)
     return HAL_ERROR_INVALID_SIGNATURE;