From 0656705cdcdac379140020e096f659fb99e26d01 Mon Sep 17 00:00:00 2001
From: Miod Vallat <miod@cvs.openbsd.org>
Date: Wed, 23 Apr 2014 22:26:27 +0000
Subject: Unifdef -UPKCS1_CHECK and remove SSL_OP_PKCS1_CHECK_[12], this is
 leftover ``debug'' code from a 15+ years old bugfix and the
 SSL_OP_PKCS1_CHECK_* constants have had a value of zero since ages. No
 production code should use them.

ok beck@
---
 lib/libssl/s3_clnt.c | 6 ------
 1 file changed, 6 deletions(-)

(limited to 'lib/libssl/s3_clnt.c')

diff --git a/lib/libssl/s3_clnt.c b/lib/libssl/s3_clnt.c
index ac1812d857b..f740f7e139d 100644
--- a/lib/libssl/s3_clnt.c
+++ b/lib/libssl/s3_clnt.c
@@ -2046,12 +2046,6 @@ ssl3_send_client_key_exchange(SSL *s)
 				p += 2;
 			n = RSA_public_encrypt(sizeof tmp_buf,
 			tmp_buf, p, rsa, RSA_PKCS1_PADDING);
-#ifdef PKCS1_CHECK
-			if (s->options & SSL_OP_PKCS1_CHECK_1)
-				p[1]++;
-			if (s->options & SSL_OP_PKCS1_CHECK_2)
-				tmp_buf[0] = 0x70;
-#endif
 			if (n <= 0) {
 				SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT);
 				goto err;
-- 
cgit v1.2.3