diff --git a/crypto/rsa/padding.c b/crypto/rsa/padding.c index 045faa21..df0c85a0 100644 --- a/crypto/rsa/padding.c +++ b/crypto/rsa/padding.c @@ -610,19 +610,6 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, hLen = EVP_MD_size(Hash); - /* Negative sLen has special meanings: - * -1 sLen == hLen - * -2 salt length is maximized - * -N reserved */ - if (sLen == -1) { - sLen = hLen; - } else if (sLen == -2) { - sLen = -2; - } else if (sLen < -2) { - OPENSSL_PUT_ERROR(RSA, RSA_R_SLEN_CHECK_FAILED); - goto err; - } - if (BN_is_zero(rsa->n)) { OPENSSL_PUT_ERROR(RSA, RSA_R_EMPTY_PUBLIC_KEY); goto err; @@ -635,12 +622,22 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM, *EM++ = 0; emLen--; } - if (sLen == -2) { + + /* Negative sLen has special meanings: + * -1 sLen == hLen + * -2 salt length is maximized + * -N reserved */ + if (sLen == -1) { + sLen = hLen; + } else if (sLen == -2) { if (emLen < hLen + 2) { OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); goto err; } sLen = emLen - hLen - 2; + } else if (sLen < -2) { + OPENSSL_PUT_ERROR(RSA, RSA_R_SLEN_CHECK_FAILED); + goto err; } else if (emLen < hLen + sLen + 2) { OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); goto err;