[Cryptech-Commits] [sw/libhal] 01/02: Round buffer size up to word boundary when verifying RSA signatures.

[git at cryptech.is]

This is an automated email from the git hooks/post-receive script.

sra at hactrn.net pushed a commit to branch rpc
in repository sw/libhal.

commit 87d20a89611e4a4367fc9ca87a817bb431c2a304
Author: Rob Austein <sra at hactrn.net>
AuthorDate: Mon May 16 20:49:17 2016 -0400

    Round buffer size up to word boundary when verifying RSA signatures.
    
    hsmbully tests strange RSA key sizes (eg, 3416 bits) which don't fall
    on word boundaries, at which point we have buffer padding and
    alignment issues when performing RSA signature verification.
---
 rpc_pkey.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rpc_pkey.c b/rpc_pkey.c
index da8bf58..dc8c808 100644
--- a/rpc_pkey.c
+++ b/rpc_pkey.c
@@ -715,7 +715,7 @@ static hal_error_t pkey_local_verify_rsa(uint8_t *keybuf, const size_t keybuf_le
                                          const uint8_t * input, size_t input_len,
                                          const uint8_t * const signature, const size_t signature_len)
 {
-  uint8_t expected[signature_len], received[signature_len];
+  uint8_t expected[signature_len], received[(signature_len + 3) & ~3];
   hal_rsa_key_t *key = NULL;
   hal_error_t err;
 
@@ -748,7 +748,7 @@ static hal_error_t pkey_local_verify_rsa(uint8_t *keybuf, const size_t keybuf_le
 
   unsigned diff = 0;
   for (int i = 0; i < signature_len; i++)
-    diff |= expected[i] ^ received[i];
+    diff |= expected[i] ^ received[i + sizeof(received) - sizeof(expected)];
 
   if (diff != 0)
     return HAL_ERROR_INVALID_SIGNATURE;