diff options
| author |   miod <miod@openbsd.org> | 2014-04-23 22:26:25 +0000 |
|---|---|---|
| committer | miod <miod@openbsd.org> | 2014-04-23 22:26:25 +0000 |
| commit | d9cb48f882a31ae39da17bf8b2fe278c00f07c93 (patch) | |
| tree | ac8cb3d43f14fc6b97118b1ac89453a157938d8c /lib/libssl/src/ssl | |
| parent | ain't nobody got time for hpux (diff) | |
| download | wireguard-openbsd-d9cb48f882a31ae39da17bf8b2fe278c00f07c93.tar.xz wireguard-openbsd-d9cb48f882a31ae39da17bf8b2fe278c00f07c93.zip | |
Unifdef -UPKCS1_CHECK and remove SSL_OP_PKCS1_CHECK_[12], this is leftover
``debug'' code from a 15+ years old bugfix and the SSL_OP_PKCS1_CHECK_*
constants have had a value of zero since ages. No production code should use
them.
ok beck@
Diffstat (limited to 'lib/libssl/src/ssl')
| -rw-r--r-- | lib/libssl/src/ssl/d1_clnt.c | 6 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/s3_clnt.c | 6 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl.h | 8 | ||||
| -rw-r--r-- | lib/libssl/src/ssl/ssl_locl.h | 2 |
4 files changed, 0 insertions, 22 deletions
diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c index cf9bc2d33ed..38118b13852 100644 --- a/lib/libssl/src/ssl/d1_clnt.c +++ b/lib/libssl/src/ssl/d1_clnt.c @@ -975,12 +975,6 @@ dtls1_send_client_key_exchange(SSL *s) p += 2; n = RSA_public_encrypt(sizeof tmp_buf, tmp_buf, p, rsa, RSA_PKCS1_PADDING); -#ifdef PKCS1_CHECK - if (s->options & SSL_OP_PKCS1_CHECK_1) - p[1]++; - if (s->options & SSL_OP_PKCS1_CHECK_2) - tmp_buf[0] = 0x70; -#endif if (n <= 0) { SSLerr(SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT); goto err; diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c index ac1812d857b..f740f7e139d 100644 --- a/lib/libssl/src/ssl/s3_clnt.c +++ b/lib/libssl/src/ssl/s3_clnt.c @@ -2046,12 +2046,6 @@ ssl3_send_client_key_exchange(SSL *s) p += 2; n = RSA_public_encrypt(sizeof tmp_buf, tmp_buf, p, rsa, RSA_PKCS1_PADDING); -#ifdef PKCS1_CHECK - if (s->options & SSL_OP_PKCS1_CHECK_1) - p[1]++; - if (s->options & SSL_OP_PKCS1_CHECK_2) - tmp_buf[0] = 0x70; -#endif if (n <= 0) { SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT); goto err; diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h index 3624bdcccd8..d3c7908a26c 100644 --- a/lib/libssl/src/ssl/ssl.h +++ b/lib/libssl/src/ssl/ssl.h @@ -599,14 +599,6 @@ struct ssl_session_st { #define SSL_OP_NO_TLSv1_2 0x08000000L #define SSL_OP_NO_TLSv1_1 0x10000000L -/* These next two were never actually used for anything since SSLeay - * zap so we have some more flags. - */ -/* The next flag deliberately changes the ciphertest, this is a check - * for the PKCS#1 attack */ -#define SSL_OP_PKCS1_CHECK_1 0x0 -#define SSL_OP_PKCS1_CHECK_2 0x0 - #define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L /* Make server add server-hello extension from early version of diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h index ebc942b146f..71dac84dac2 100644 --- a/lib/libssl/src/ssl/ssl_locl.h +++ b/lib/libssl/src/ssl/ssl_locl.h @@ -169,8 +169,6 @@ # define OPENSSL_EXTERN OPENSSL_EXPORT #endif -#undef PKCS1_CHECK - #define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ l|=(((unsigned long)(*((c)++)))<< 8), \ l|=(((unsigned long)(*((c)++)))<<16), \ |