From 8a473264d2d74e0e3d46b7fbf49e6ec1d3c39521 Mon Sep 17 00:00:00 2001 From: Miod Vallat Date: Wed, 9 Jul 2014 09:04:15 +0000 Subject: In the old days (not in this century), SSLeay 0.4.5 would create X.509 RSA signatures using the wrong oid for the signature type. The signature verification code has thus been modified to allow these signatures to be accepted, with a printf to stderr to notify the user something was fishy. Remove this chunk; these signatures will no longer get accepted. ok deraadt@ guenther@ jsing@ tedu@ --- lib/libssl/src/crypto/rsa/rsa_sign.c | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/lib/libssl/src/crypto/rsa/rsa_sign.c b/lib/libssl/src/crypto/rsa/rsa_sign.c index 239435fe919..9718589be72 100644 --- a/lib/libssl/src/crypto/rsa/rsa_sign.c +++ b/lib/libssl/src/crypto/rsa/rsa_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_sign.c,v 1.18 2014/07/09 08:20:08 miod Exp $ */ +/* $OpenBSD: rsa_sign.c,v 1.19 2014/07/09 09:04:14 miod Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -223,19 +223,8 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len, sigtype = OBJ_obj2nid(sig->algor->algorithm); if (sigtype != dtype) { - if ((dtype == NID_md5 && - sigtype == NID_md5WithRSAEncryption) || - (dtype == NID_md2 && - sigtype == NID_md2WithRSAEncryption)) { - /* ok, we will let it through */ - fprintf(stderr, - "signature has problems, " - "re-make with post SSLeay045\n"); - } else { - RSAerr(RSA_F_INT_RSA_VERIFY, - RSA_R_ALGORITHM_MISMATCH); - goto err; - } + RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH); + goto err; } if (rm) { const EVP_MD *md; -- cgit v1.2.3