1 files changed, 2 insertions, 63 deletions

diff --git a/chromium/net/cert/pki/signature_algorithm.cc b/chromium/net/cert/pki/signature_algorithm.cc
index a7ff1852587..0b913bb72b4 100644
--- a/chromium/net/cert/pki/signature_algorithm.cc
+++ b/chromium/net/cert/pki/signature_algorithm.cc
@@ -1,10 +1,9 @@
-// Copyright 2015 The Chromium Authors. All rights reserved.
+// Copyright 2015 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/pki/signature_algorithm.h"
 
-#include "base/check.h"
 #include "net/cert/pki/cert_error_params.h"
 #include "net/cert/pki/cert_errors.h"
 #include "net/der/input.h"
@@ -17,21 +16,6 @@ namespace net {
 
 namespace {
 
-// md2WithRSAEncryption
-// In dotted notation: 1.2.840.113549.1.1.2
-const uint8_t kOidMd2WithRsaEncryption[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
-                                            0x0d, 0x01, 0x01, 0x02};
-
-// md4WithRSAEncryption
-// In dotted notation: 1.2.840.113549.1.1.3
-const uint8_t kOidMd4WithRsaEncryption[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
-                                            0x0d, 0x01, 0x01, 0x03};
-
-// md5WithRSAEncryption
-// In dotted notation: 1.2.840.113549.1.1.4
-const uint8_t kOidMd5WithRsaEncryption[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
-                                            0x0d, 0x01, 0x01, 0x04};
-
 // From RFC 5912:
 //
 //     sha1WithRSAEncryption OBJECT IDENTIFIER ::= {
@@ -134,24 +118,6 @@ const uint8_t kOidRsaSsaPss[] = {0x2a, 0x86, 0x48, 0x86, 0xf7,
 
 // From RFC 5912:
 //
-//     dsa-with-sha1 OBJECT IDENTIFIER ::=  {
-//      iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 3 }
-//
-// In dotted notation: 1.2.840.10040.4.3
-const uint8_t kOidDsaWithSha1[] = {0x2a, 0x86, 0x48, 0xce, 0x38, 0x04, 0x03};
-
-// From RFC 5912:
-//
-//     dsa-with-sha256 OBJECT IDENTIFIER  ::=  {
-//      joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
-//      csor(3) algorithms(4) id-dsa-with-sha2(3) 2 }
-//
-// In dotted notation: 2.16.840.1.101.3.4.3.2
-const uint8_t kOidDsaWithSha256[] = {0x60, 0x86, 0x48, 0x01, 0x65,
-                                     0x03, 0x04, 0x03, 0x02};
-
-// From RFC 5912:
-//
 //     id-mgf1  OBJECT IDENTIFIER  ::=  { pkcs-1 8 }
 //
 // In dotted notation: 1.2.840.113549.1.1.8
@@ -391,15 +357,6 @@ absl::optional<SignatureAlgorithm> ParseSignatureAlgorithm(
   if (oid == der::Input(kOidSha1WithRsaSignature) && IsNullOrEmpty(params)) {
     return SignatureAlgorithm::kRsaPkcs1Sha1;
   }
-  if (oid == der::Input(kOidMd2WithRsaEncryption) && IsNullOrEmpty(params)) {
-    return SignatureAlgorithm::kRsaPkcs1Md2;
-  }
-  if (oid == der::Input(kOidMd4WithRsaEncryption) && IsNullOrEmpty(params)) {
-    return SignatureAlgorithm::kRsaPkcs1Md4;
-  }
-  if (oid == der::Input(kOidMd5WithRsaEncryption) && IsNullOrEmpty(params)) {
-    return SignatureAlgorithm::kRsaPkcs1Md5;
-  }
 
   // RFC 5912 requires that the parameters for ECDSA algorithms be absent
   // ("PARAMS TYPE NULL ARE absent"):
@@ -420,16 +377,6 @@ absl::optional<SignatureAlgorithm> ParseSignatureAlgorithm(
     return ParseRsaPss(params);
   }
 
-  // RFC 5912 requires that the parameters for DSA algorithms be absent.
-  //
-  // TODO(svaldez): Add warning about non-strict parsing.
-  if (oid == der::Input(kOidDsaWithSha1) && IsNullOrEmpty(params)) {
-    return SignatureAlgorithm::kDsaSha1;
-  }
-  if (oid == der::Input(kOidDsaWithSha256) && IsNullOrEmpty(params)) {
-    return SignatureAlgorithm::kDsaSha256;
-  }
-
   // Unknown signature algorithm.
   if (errors) {
     errors->AddError(kUnknownSignatureAlgorithm,
@@ -446,8 +393,7 @@ absl::optional<DigestAlgorithm> GetTlsServerEndpointDigestAlgorithm(
   // implement this within the library, so callers do not need to condition over
   // all algorithms.
   switch (alg) {
-    // If the single digest algorithm is MD5 or SHA-1, use SHA-256.
-    case SignatureAlgorithm::kRsaPkcs1Md5:
+    // If the single digest algorithm is SHA-1, use SHA-256.
     case SignatureAlgorithm::kRsaPkcs1Sha1:
     case SignatureAlgorithm::kEcdsaSha1:
       return DigestAlgorithm::Sha256;
@@ -473,13 +419,6 @@ absl::optional<DigestAlgorithm> GetTlsServerEndpointDigestAlgorithm(
       return DigestAlgorithm::Sha384;
     case SignatureAlgorithm::kRsaPssSha512:
       return DigestAlgorithm::Sha512;
-
-    // Do not return anything for these legacy algorithms.
-    case SignatureAlgorithm::kDsaSha1:
-    case SignatureAlgorithm::kDsaSha256:
-    case SignatureAlgorithm::kRsaPkcs1Md2:
-    case SignatureAlgorithm::kRsaPkcs1Md4:
-      return absl::nullopt;
   }
   return absl::nullopt;
 }