From 87d20a89611e4a4367fc9ca87a817bb431c2a304 Mon Sep 17 00:00:00 2001
From: Rob Austein <sra@hactrn.net>
Date: Mon, 16 May 2016 20:49:17 -0400
Subject: Round buffer size up to word boundary when verifying RSA signatures.

hsmbully tests strange RSA key sizes (eg, 3416 bits) which don't fall
on word boundaries, at which point we have buffer padding and
alignment issues when performing RSA signature verification.
---
 rpc_pkey.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rpc_pkey.c b/rpc_pkey.c
index da8bf58..dc8c808 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -715,7 +715,7 @@ static hal_error_t pkey_local_verify_rsa(uint8_t *keybuf, const size_t keybuf_le
                                          const uint8_t * input, size_t input_len,
                                          const uint8_t * const signature, const size_t signature_len)
 {
-  uint8_t expected[signature_len], received[signature_len];
+  uint8_t expected[signature_len], received[(signature_len + 3) & ~3];
   hal_rsa_key_t *key = NULL;
   hal_error_t err;
 
@@ -748,7 +748,7 @@ static hal_error_t pkey_local_verify_rsa(uint8_t *keybuf, const size_t keybuf_le
 
   unsigned diff = 0;
   for (int i = 0; i < signature_len; i++)
-    diff |= expected[i] ^ received[i];
+    diff |= expected[i] ^ received[i + sizeof(received) - sizeof(expected)];
 
   if (diff != 0)
     return HAL_ERROR_INVALID_SIGNATURE;
-- 
cgit v1.2.3