1 files changed, 0 insertions, 33 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index b6f6037ae0..0be4ec7fb0 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -77,14 +77,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
        const unsigned char *s = NULL;
        X509_ALGOR algor;
        ASN1_OCTET_STRING digest;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
-                return 0;
-                }
-#endif
        if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
                {
                return rsa->meth->rsa_sign(type, m, m_len,
@@ -161,15 +153,6 @@ int int_rsa_verify(int dtype, const unsigned char *m,
        unsigned char *s;
        X509_SIG *sig=NULL;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
-                        && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-                {
-                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD);
-                return 0;
-                }
-#endif
        if (siglen != (unsigned int)RSA_size(rsa))
                {
                RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
@@ -199,22 +182,6 @@ int int_rsa_verify(int dtype, const unsigned char *m,
        i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
        if (i <= 0) goto err;
-        /* Oddball MDC2 case: signature can be OCTET STRING.
-         * check for correct tag and length octets.
-         */
-        if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10)
-                {
-                if (rm)
-                        {
-                        memcpy(rm, s + 2, 16);
-                        *prm_len = 16;
-                        ret = 1;
-                        }
-                else if(memcmp(m, s + 2, 16))
-                        RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-                else
-                        ret = 1;
-                }
        /* Special case: SSL signature */
        if(dtype == NID_md5_sha1) {

diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c index b6f6037ae0..0be4ec7fb0 100644 --- a/src/lib/libcrypto/rsa/rsa_sign.c +++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -77,14 +77,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
77	const unsigned char *s = NULL;	77	const unsigned char *s = NULL;
78	X509_ALGOR algor;	78	X509_ALGOR algor;
79	ASN1_OCTET_STRING digest;	79	ASN1_OCTET_STRING digest;
80	#ifdef OPENSSL_FIPS
81	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
82	&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
83	{
84	RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
85	return 0;
86	}
87	#endif
88	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)	80	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
89	{	81	{
90	return rsa->meth->rsa_sign(type, m, m_len,	82	return rsa->meth->rsa_sign(type, m, m_len,
@@ -161,15 +153,6 @@ int int_rsa_verify(int dtype, const unsigned char *m,
161	unsigned char *s;	153	unsigned char *s;
162	X509_SIG *sig=NULL;	154	X509_SIG *sig=NULL;
163		155
164	#ifdef OPENSSL_FIPS
165	if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
166	&& !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
167	{
168	RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD);
169	return 0;
170	}
171	#endif
172
173	if (siglen != (unsigned int)RSA_size(rsa))	156	if (siglen != (unsigned int)RSA_size(rsa))
174	{	157	{
175	RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);	158	RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
@@ -199,22 +182,6 @@ int int_rsa_verify(int dtype, const unsigned char *m,
199	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);	182	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
200		183
201	if (i <= 0) goto err;	184	if (i <= 0) goto err;
202	/* Oddball MDC2 case: signature can be OCTET STRING.
203	* check for correct tag and length octets.
204	*/
205	if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10)
206	{
207	if (rm)
208	{
209	memcpy(rm, s + 2, 16);
210	*prm_len = 16;
211	ret = 1;
212	}
213	else if(memcmp(m, s + 2, 16))
214	RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
215	else
216	ret = 1;
217	}
218		185
219	/* Special case: SSL signature */	186	/* Special case: SSL signature */
220	if(dtype == NID_md5_sha1) {	187	if(dtype == NID_md5_sha1) {