From 2f2cdb52385907510d4c640b06c23b75ed0deaf6 Mon Sep 17 00:00:00 2001
From: miod <>
Date: Wed, 9 Jul 2014 09:04:14 +0000
Subject: In the old days (not in this century), SSLeay 0.4.5 would create
 X.509 RSA signatures using the wrong oid for the signature type. The
 signature verification code has thus been modified to allow these signatures
 to be accepted, with a printf to stderr to notify the user something was
 fishy.

Remove this chunk; these signatures will no longer get accepted.
ok deraadt@ guenther@ jsing@ tedu@
---
 src/lib/libcrypto/rsa/rsa_sign.c         | 17 +++--------------
 src/lib/libssl/src/crypto/rsa/rsa_sign.c | 17 +++--------------
 2 files changed, 6 insertions(+), 28 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 239435fe91..9718589be7 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_sign.c,v 1.18 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_sign.c,v 1.19 2014/07/09 09:04:14 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -223,19 +223,8 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 		sigtype = OBJ_obj2nid(sig->algor->algorithm);
 
 		if (sigtype != dtype) {
-			if ((dtype == NID_md5 &&
-			     sigtype == NID_md5WithRSAEncryption) ||
-			    (dtype == NID_md2 &&
-			     sigtype == NID_md2WithRSAEncryption)) {
-				/* ok, we will let it through */
-				fprintf(stderr,
-				    "signature has problems, "
-				    "re-make with post SSLeay045\n");
-			} else {
-				RSAerr(RSA_F_INT_RSA_VERIFY,
-				    RSA_R_ALGORITHM_MISMATCH);
-				goto err;
-			}
+			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
+			goto err;
 		}
 		if (rm) {
 			const EVP_MD *md;
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_sign.c b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
index 239435fe91..9718589be7 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_sign.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_sign.c,v 1.18 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_sign.c,v 1.19 2014/07/09 09:04:14 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -223,19 +223,8 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
 		sigtype = OBJ_obj2nid(sig->algor->algorithm);
 
 		if (sigtype != dtype) {
-			if ((dtype == NID_md5 &&
-			     sigtype == NID_md5WithRSAEncryption) ||
-			    (dtype == NID_md2 &&
-			     sigtype == NID_md2WithRSAEncryption)) {
-				/* ok, we will let it through */
-				fprintf(stderr,
-				    "signature has problems, "
-				    "re-make with post SSLeay045\n");
-			} else {
-				RSAerr(RSA_F_INT_RSA_VERIFY,
-				    RSA_R_ALGORITHM_MISMATCH);
-				goto err;
-			}
+			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
+			goto err;
 		}
 		if (rm) {
 			const EVP_MD *md;
-- 
cgit v1.2.3-55-g6feb