commit ddd5ba78a949c5458aad9f7c3f19d214a2e8338e
author David Benjamin <davidben@google.com> Tue Apr 11 12:54:06 2017 -0400
committer Adam Langley <agl@google.com> Wed Apr 12 22:06:11 2017 +0000
tree d3b8a9d15cdcd7bb4b8add69e3df4e19ba54819c
parent f004aa556d90648f31859e48c0052b62d78fed6d

Remove redundant check in RSA_sign.

This is just some idle cleanup. The padding functions already must
handle size checks. Swap out the error code in the low-level portions to
keep that unchanged.

Also remove an old TODO(fork) about constant-time-ness. Signature
verification padding checks don't need to be constant time, and
decryption ones should be resolved now.

Change-Id: I20e7affdb7f2dce167a304afe707bfd537dd412a
Reviewed-on: https://boringssl-review.googlesource.com/14946
Reviewed-by: Adam Langley <agl@google.com>

crypto/rsa/internal.h

diff --git a/crypto/rsa/internal.h b/crypto/rsa/internal.h
index a19c64a..faa1373 100644
--- a/crypto/rsa/internal.h
+++ b/crypto/rsa/internal.h
@@ -82,9 +82,6 @@
 int rsa_default_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
 
 
-#define RSA_PKCS1_PADDING_SIZE 11
-
-
 BN_BLINDING *BN_BLINDING_new(void);
 void BN_BLINDING_free(BN_BLINDING *b);
 int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, const BIGNUM *e,

crypto/rsa/padding.c

diff --git a/crypto/rsa/padding.c b/crypto/rsa/padding.c
index dee44dd..787f248 100644
--- a/crypto/rsa/padding.c
+++ b/crypto/rsa/padding.c
@@ -69,7 +69,8 @@
 #include "internal.h"
 #include "../internal.h"
 
-/* TODO(fork): don't the check functions have to be constant time? */
+
+#define RSA_PKCS1_PADDING_SIZE 11
 
 int RSA_padding_add_PKCS1_type_1(uint8_t *to, size_t to_len,
                                  const uint8_t *from, size_t from_len) {
@@ -80,7 +81,7 @@
   }
 
   if (from_len > to_len - RSA_PKCS1_PADDING_SIZE) {
-    OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+    OPENSSL_PUT_ERROR(RSA, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
     return 0;
   }
 

crypto/rsa/rsa.c

diff --git a/crypto/rsa/rsa.c b/crypto/rsa/rsa.c
index f8c5a5f..f84c42a 100644
--- a/crypto/rsa/rsa.c
+++ b/crypto/rsa/rsa.c
@@ -459,23 +459,16 @@
   }
 
   if (!RSA_add_pkcs1_prefix(&signed_msg, &signed_msg_len,
-                            &signed_msg_is_alloced, hash_nid, in, in_len)) {
-    return 0;
+                            &signed_msg_is_alloced, hash_nid, in, in_len) ||
+      !RSA_sign_raw(rsa, &size_t_out_len, out, rsa_size, signed_msg,
+                    signed_msg_len, RSA_PKCS1_PADDING)) {
+    goto err;
   }
 
-  if (rsa_size < RSA_PKCS1_PADDING_SIZE ||
-      signed_msg_len > rsa_size - RSA_PKCS1_PADDING_SIZE) {
-    OPENSSL_PUT_ERROR(RSA, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
-    goto finish;
-  }
+  *out_len = size_t_out_len;
+  ret = 1;
 
-  if (RSA_sign_raw(rsa, &size_t_out_len, out, rsa_size, signed_msg,
-                   signed_msg_len, RSA_PKCS1_PADDING)) {
-    *out_len = size_t_out_len;
-    ret = 1;
-  }
-
-finish:
+err:
   if (signed_msg_is_alloced) {
     OPENSSL_free(signed_msg);
   }