Put |sLen| logic in one place in RSA_padding_add_PKCS1_PSS_mgf1.

This makes it easier to understand the |sLen|-related logic.

Change-Id: I98da4f4f7c82d5481544940407e6cc6a963f7e5b
Reviewed-on: https://boringssl-review.googlesource.com/9171
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>

crypto/rsa/padding.c

@@ -610,19 +610,6 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
 
   hLen = EVP_MD_size(Hash);
 
-  /* Negative sLen has special meanings:
-   *	-1	sLen == hLen
-   *	-2	salt length is maximized
-   *	-N	reserved */
-  if (sLen == -1) {
-    sLen = hLen;
-  } else if (sLen == -2) {
-    sLen = -2;
-  } else if (sLen < -2) {
-    OPENSSL_PUT_ERROR(RSA, RSA_R_SLEN_CHECK_FAILED);
-    goto err;
-  }
-
   if (BN_is_zero(rsa->n)) {
     OPENSSL_PUT_ERROR(RSA, RSA_R_EMPTY_PUBLIC_KEY);
     goto err;
@@ -635,12 +622,22 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
     *EM++ = 0;
     emLen--;
   }
-  if (sLen == -2) {
+
+  /* Negative sLen has special meanings:
+   *   -1  sLen == hLen
+   *   -2  salt length is maximized
+   *   -N  reserved */
+  if (sLen == -1) {
+    sLen = hLen;
+  } else if (sLen == -2) {
     if (emLen < hLen + 2) {
       OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
       goto err;
     }
     sLen = emLen - hLen - 2;
+  } else if (sLen < -2) {
+    OPENSSL_PUT_ERROR(RSA, RSA_R_SLEN_CHECK_FAILED);
+    goto err;
   } else if (emLen < hLen + sLen + 2) {
     OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
     goto err;