summaryrefslogtreecommitdiff
path: root/lib/libcrypto
diff options
context:
space:
mode:
authorMiod Vallat <miod@cvs.openbsd.org>2014-07-09 09:04:15 +0000
committerMiod Vallat <miod@cvs.openbsd.org>2014-07-09 09:04:15 +0000
commit14f278acf602b0a7c2d4f0a39c6cbe660d30c0cd (patch)
tree9031d2a48c5f8e7ef0f01a85e28c0f4707e26285 /lib/libcrypto
parent89739f9b8b580dd10f2ac9254177690dd6ca0b97 (diff)
In the old days (not in this century), SSLeay 0.4.5 would create X.509 RSA
signatures using the wrong oid for the signature type. The signature verification code has thus been modified to allow these signatures to be accepted, with a printf to stderr to notify the user something was fishy. Remove this chunk; these signatures will no longer get accepted. ok deraadt@ guenther@ jsing@ tedu@
Diffstat (limited to 'lib/libcrypto')
-rw-r--r--lib/libcrypto/rsa/rsa_sign.c17
1 files changed, 3 insertions, 14 deletions
diff --git a/lib/libcrypto/rsa/rsa_sign.c b/lib/libcrypto/rsa/rsa_sign.c
index 239435fe919..9718589be72 100644
--- a/lib/libcrypto/rsa/rsa_sign.c
+++ b/lib/libcrypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_sign.c,v 1.18 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_sign.c,v 1.19 2014/07/09 09:04:14 miod Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -223,19 +223,8 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
sigtype = OBJ_obj2nid(sig->algor->algorithm);
if (sigtype != dtype) {
- if ((dtype == NID_md5 &&
- sigtype == NID_md5WithRSAEncryption) ||
- (dtype == NID_md2 &&
- sigtype == NID_md2WithRSAEncryption)) {
- /* ok, we will let it through */
- fprintf(stderr,
- "signature has problems, "
- "re-make with post SSLeay045\n");
- } else {
- RSAerr(RSA_F_INT_RSA_VERIFY,
- RSA_R_ALGORITHM_MISMATCH);
- goto err;
- }
+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
+ goto err;
}
if (rm) {
const EVP_MD *md;