Remove redundant check in RSA_sign.
This is just some idle cleanup. The padding functions already must
handle size checks. Swap out the error code in the low-level portions to
keep that unchanged.
Also remove an old TODO(fork) about constant-time-ness. Signature
verification padding checks don't need to be constant time, and
decryption ones should be resolved now.
Change-Id: I20e7affdb7f2dce167a304afe707bfd537dd412a
Reviewed-on: https://boringssl-review.googlesource.com/14946
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/rsa/rsa.c b/crypto/rsa/rsa.c
index f8c5a5f..f84c42a 100644
--- a/crypto/rsa/rsa.c
+++ b/crypto/rsa/rsa.c
@@ -459,23 +459,16 @@
}
if (!RSA_add_pkcs1_prefix(&signed_msg, &signed_msg_len,
- &signed_msg_is_alloced, hash_nid, in, in_len)) {
- return 0;
+ &signed_msg_is_alloced, hash_nid, in, in_len) ||
+ !RSA_sign_raw(rsa, &size_t_out_len, out, rsa_size, signed_msg,
+ signed_msg_len, RSA_PKCS1_PADDING)) {
+ goto err;
}
- if (rsa_size < RSA_PKCS1_PADDING_SIZE ||
- signed_msg_len > rsa_size - RSA_PKCS1_PADDING_SIZE) {
- OPENSSL_PUT_ERROR(RSA, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
- goto finish;
- }
+ *out_len = size_t_out_len;
+ ret = 1;
- if (RSA_sign_raw(rsa, &size_t_out_len, out, rsa_size, signed_msg,
- signed_msg_len, RSA_PKCS1_PADDING)) {
- *out_len = size_t_out_len;
- ret = 1;
- }
-
-finish:
+err:
if (signed_msg_is_alloced) {
OPENSSL_free(signed_msg);
}