Remove redundant check of |sig_len| in |RSA_verify|.
The same check is already done in |RSA_verify_raw|, so |RSA_verify|
doesn't need to do it.
Also, move the |RSA_verify_raw| check earlier.
Change-Id: I15f7db0aad386c0f764bba53e77dfc46574f7635
Reviewed-on: https://boringssl-review.googlesource.com/7463
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/crypto/rsa/rsa.c b/crypto/rsa/rsa.c
index 1d932c0..daaa082 100644
--- a/crypto/rsa/rsa.c
+++ b/crypto/rsa/rsa.c
@@ -475,11 +475,6 @@
size_t signed_msg_len, len;
int signed_msg_is_alloced = 0;
- if (sig_len != rsa_size) {
- OPENSSL_PUT_ERROR(RSA, RSA_R_WRONG_SIGNATURE_LENGTH);
- return 0;
- }
-
if (hash_nid == NID_md5_sha1 && msg_len != SSL_SIG_LENGTH) {
OPENSSL_PUT_ERROR(RSA, RSA_R_INVALID_MESSAGE_LENGTH);
return 0;
diff --git a/crypto/rsa/rsa_impl.c b/crypto/rsa/rsa_impl.c
index c915895..fecb911 100644
--- a/crypto/rsa/rsa_impl.c
+++ b/crypto/rsa/rsa_impl.c
@@ -445,6 +445,11 @@
return 0;
}
+ if (in_len != rsa_size) {
+ OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN);
+ return 0;
+ }
+
if (!check_modulus_and_exponent_sizes(rsa)) {
return 0;
}
@@ -472,11 +477,6 @@
goto err;
}
- if (in_len != rsa_size) {
- OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN);
- goto err;
- }
-
if (BN_bin2bn(in, in_len, f) == NULL) {
goto err;
}
