Unifdef -UPKCS1_CHECK and remove SSL_OP_PKCS1_CHECK_[12], this is leftover

``debug'' code from a 15+ years old bugfix and the SSL_OP_PKCS1_CHECK_* constants have had a value of zero since ages. No production code should use them. ok beck@
author: miod <miod@openbsd.org> 2014-04-23 22:26:25 +0000
committer: miod <miod@openbsd.org> 2014-04-23 22:26:25 +0000
commit: d9cb48f882a31ae39da17bf8b2fe278c00f07c93 (patch)
tree: ac8cb3d43f14fc6b97118b1ac89453a157938d8c /lib/libssl/src/ssl/d1_clnt.c
parent: ain't nobody got time for hpux (diff)
download: wireguard-openbsd-d9cb48f882a31ae39da17bf8b2fe278c00f07c93.tar.xz
wireguard-openbsd-d9cb48f882a31ae39da17bf8b2fe278c00f07c93.zip
1 files changed, 0 insertions, 6 deletions
diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c
index cf9bc2d33ed..38118b13852 100644
--- a/lib/libssl/src/ssl/d1_clnt.c
+++ b/lib/libssl/src/ssl/d1_clnt.c
@@ -975,12 +975,6 @@ dtls1_send_client_key_exchange(SSL *s)
 				p += 2;
 			n = RSA_public_encrypt(sizeof tmp_buf,
 			tmp_buf, p, rsa, RSA_PKCS1_PADDING);
-#ifdef PKCS1_CHECK
-			if (s->options & SSL_OP_PKCS1_CHECK_1)
-				p[1]++;
-			if (s->options & SSL_OP_PKCS1_CHECK_2)
-				tmp_buf[0] = 0x70;
-#endif
 			if (n <= 0) {
 				SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT);
 				goto err;
author	miod <miod@openbsd.org>	2014-04-23 22:26:25 +0000
committer	miod <miod@openbsd.org>	2014-04-23 22:26:25 +0000
commit	d9cb48f882a31ae39da17bf8b2fe278c00f07c93 (patch)
tree	ac8cb3d43f14fc6b97118b1ac89453a157938d8c /lib/libssl/src/ssl/d1_clnt.c
parent	ain't nobody got time for hpux (diff)
download	wireguard-openbsd-d9cb48f882a31ae39da17bf8b2fe278c00f07c93.tar.xz wireguard-openbsd-d9cb48f882a31ae39da17bf8b2fe278c00f07c93.zip