Simplify SSLTranscript.
With SSL 3.0 gone, there's no need to split up MD5 and SHA-1.
Change-Id: Ia4236c738dfa6743f1028c2d53761c95cba96288
Reviewed-on: https://boringssl-review.googlesource.com/29744
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/internal.h b/ssl/internal.h
index 6b79870..20efc9d 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -616,12 +616,8 @@
private:
// buffer_, if non-null, contains the handshake transcript.
UniquePtr<BUF_MEM> buffer_;
- // hash, if initialized with an |EVP_MD|, maintains the handshake hash. For
- // TLS 1.1 and below, it is the SHA-1 half.
+ // hash, if initialized with an |EVP_MD|, maintains the handshake hash.
ScopedEVP_MD_CTX hash_;
- // md5, if initialized with an |EVP_MD|, maintains the MD5 half of the
- // handshake hash for TLS 1.1 and below.
- ScopedEVP_MD_CTX md5_;
};
// tls1_prf computes the PRF function for |ssl|. It fills |out|, using |secret|
diff --git a/ssl/ssl_transcript.cc b/ssl/ssl_transcript.cc
index a5c3309..24b86bf 100644
--- a/ssl/ssl_transcript.cc
+++ b/ssl/ssl_transcript.cc
@@ -135,18 +135,9 @@
#include <openssl/ssl.h>
-#include <assert.h>
-#include <string.h>
-
#include <openssl/buf.h>
#include <openssl/digest.h>
-#include <openssl/err.h>
-#include <openssl/mem.h>
-#include <openssl/md5.h>
-#include <openssl/nid.h>
-#include <openssl/sha.h>
-#include "../crypto/internal.h"
#include "internal.h"
@@ -163,7 +154,6 @@
}
hash_.Reset();
- md5_.Reset();
return true;
}
@@ -180,17 +170,6 @@
bool SSLTranscript::InitHash(uint16_t version, const SSL_CIPHER *cipher) {
const EVP_MD *md = ssl_get_handshake_digest(version, cipher);
-
- // To support SSL 3.0's Finished and CertificateVerify constructions,
- // EVP_md5_sha1() is split into MD5 and SHA-1 halves. When SSL 3.0 is removed,
- // we can simplify this.
- if (md == EVP_md5_sha1()) {
- if (!InitDigestWithData(md5_.get(), EVP_md5(), buffer_.get())) {
- return false;
- }
- md = EVP_sha1();
- }
-
return InitDigestWithData(hash_.get(), md, buffer_.get());
}
@@ -203,9 +182,6 @@
}
const EVP_MD *SSLTranscript::Digest() const {
- if (EVP_MD_CTX_md(md5_.get()) != nullptr) {
- return EVP_md5_sha1();
- }
return EVP_MD_CTX_md(hash_.get());
}
@@ -244,30 +220,18 @@
if (EVP_MD_CTX_md(hash_.get()) != NULL) {
EVP_DigestUpdate(hash_.get(), in.data(), in.size());
}
- if (EVP_MD_CTX_md(md5_.get()) != NULL) {
- EVP_DigestUpdate(md5_.get(), in.data(), in.size());
- }
return true;
}
bool SSLTranscript::GetHash(uint8_t *out, size_t *out_len) {
ScopedEVP_MD_CTX ctx;
- unsigned md5_len = 0;
- if (EVP_MD_CTX_md(md5_.get()) != NULL) {
- if (!EVP_MD_CTX_copy_ex(ctx.get(), md5_.get()) ||
- !EVP_DigestFinal_ex(ctx.get(), out, &md5_len)) {
- return false;
- }
- }
-
unsigned len;
if (!EVP_MD_CTX_copy_ex(ctx.get(), hash_.get()) ||
- !EVP_DigestFinal_ex(ctx.get(), out + md5_len, &len)) {
+ !EVP_DigestFinal_ex(ctx.get(), out, &len)) {
return false;
}
-
- *out_len = md5_len + len;
+ *out_len = len;
return true;
}
@@ -280,16 +244,16 @@
? MakeConstSpan(kServerLabel, sizeof(kServerLabel) - 1)
: MakeConstSpan(kClientLabel, sizeof(kClientLabel) - 1);
- uint8_t digests[EVP_MAX_MD_SIZE];
- size_t digests_len;
- if (!GetHash(digests, &digests_len)) {
+ uint8_t digest[EVP_MAX_MD_SIZE];
+ size_t digest_len;
+ if (!GetHash(digest, &digest_len)) {
return false;
}
static const size_t kFinishedLen = 12;
if (!tls1_prf(Digest(), MakeSpan(out, kFinishedLen),
MakeConstSpan(session->master_key, session->master_key_length),
- label, MakeConstSpan(digests, digests_len), {})) {
+ label, MakeConstSpan(digest, digest_len), {})) {
return false;
}