Simplify SSLTranscript. With SSL 3.0 gone, there's no need to split up MD5 and SHA-1. Change-Id: Ia4236c738dfa6743f1028c2d53761c95cba96288 Reviewed-on: https://boringssl-review.googlesource.com/29744 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/internal.h b/ssl/internal.h index 6b79870..20efc9d 100644 --- a/ssl/internal.h +++ b/ssl/internal.h
@@ -616,12 +616,8 @@ private: // buffer_, if non-null, contains the handshake transcript. UniquePtr<BUF_MEM> buffer_; - // hash, if initialized with an |EVP_MD|, maintains the handshake hash. For - // TLS 1.1 and below, it is the SHA-1 half. + // hash, if initialized with an |EVP_MD|, maintains the handshake hash. ScopedEVP_MD_CTX hash_; - // md5, if initialized with an |EVP_MD|, maintains the MD5 half of the - // handshake hash for TLS 1.1 and below. - ScopedEVP_MD_CTX md5_; }; // tls1_prf computes the PRF function for |ssl|. It fills |out|, using |secret|
diff --git a/ssl/ssl_transcript.cc b/ssl/ssl_transcript.cc index a5c3309..24b86bf 100644 --- a/ssl/ssl_transcript.cc +++ b/ssl/ssl_transcript.cc
@@ -135,18 +135,9 @@ #include <openssl/ssl.h> -#include <assert.h> -#include <string.h> - #include <openssl/buf.h> #include <openssl/digest.h> -#include <openssl/err.h> -#include <openssl/mem.h> -#include <openssl/md5.h> -#include <openssl/nid.h> -#include <openssl/sha.h> -#include "../crypto/internal.h" #include "internal.h" @@ -163,7 +154,6 @@ } hash_.Reset(); - md5_.Reset(); return true; } @@ -180,17 +170,6 @@ bool SSLTranscript::InitHash(uint16_t version, const SSL_CIPHER *cipher) { const EVP_MD *md = ssl_get_handshake_digest(version, cipher); - - // To support SSL 3.0's Finished and CertificateVerify constructions, - // EVP_md5_sha1() is split into MD5 and SHA-1 halves. When SSL 3.0 is removed, - // we can simplify this. - if (md == EVP_md5_sha1()) { - if (!InitDigestWithData(md5_.get(), EVP_md5(), buffer_.get())) { - return false; - } - md = EVP_sha1(); - } - return InitDigestWithData(hash_.get(), md, buffer_.get()); } @@ -203,9 +182,6 @@ } const EVP_MD *SSLTranscript::Digest() const { - if (EVP_MD_CTX_md(md5_.get()) != nullptr) { - return EVP_md5_sha1(); - } return EVP_MD_CTX_md(hash_.get()); } @@ -244,30 +220,18 @@ if (EVP_MD_CTX_md(hash_.get()) != NULL) { EVP_DigestUpdate(hash_.get(), in.data(), in.size()); } - if (EVP_MD_CTX_md(md5_.get()) != NULL) { - EVP_DigestUpdate(md5_.get(), in.data(), in.size()); - } return true; } bool SSLTranscript::GetHash(uint8_t *out, size_t *out_len) { ScopedEVP_MD_CTX ctx; - unsigned md5_len = 0; - if (EVP_MD_CTX_md(md5_.get()) != NULL) { - if (!EVP_MD_CTX_copy_ex(ctx.get(), md5_.get()) || - !EVP_DigestFinal_ex(ctx.get(), out, &md5_len)) { - return false; - } - } - unsigned len; if (!EVP_MD_CTX_copy_ex(ctx.get(), hash_.get()) || - !EVP_DigestFinal_ex(ctx.get(), out + md5_len, &len)) { + !EVP_DigestFinal_ex(ctx.get(), out, &len)) { return false; } - - *out_len = md5_len + len; + *out_len = len; return true; } @@ -280,16 +244,16 @@ ? MakeConstSpan(kServerLabel, sizeof(kServerLabel) - 1) : MakeConstSpan(kClientLabel, sizeof(kClientLabel) - 1); - uint8_t digests[EVP_MAX_MD_SIZE]; - size_t digests_len; - if (!GetHash(digests, &digests_len)) { + uint8_t digest[EVP_MAX_MD_SIZE]; + size_t digest_len; + if (!GetHash(digest, &digest_len)) { return false; } static const size_t kFinishedLen = 12; if (!tls1_prf(Digest(), MakeSpan(out, kFinishedLen), MakeConstSpan(session->master_key, session->master_key_length), - label, MakeConstSpan(digests, digests_len), {})) { + label, MakeConstSpan(digest, digest_len), {})) { return false; }