diff options
| author | David Benjamin <davidben@google.com> | 2017-01-10 08:19:12 -0500 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2017-01-12 18:36:54 +0000 |
| commit | 5fc99c6603e57f03cd617949f5fa85c03a7fdf2e (patch) | |
| tree | acee465595398eccc5344d0759fe05e3d9ffef62 | |
| parent | dcecdfd620511e0c662181b93fc96b070887ceee (diff) | |
| download | boringssl-5fc99c6603e57f03cd617949f5fa85c03a7fdf2e.zip boringssl-5fc99c6603e57f03cd617949f5fa85c03a7fdf2e.tar.gz boringssl-5fc99c6603e57f03cd617949f5fa85c03a7fdf2e.tar.bz2 | |
There are no more MD5 ciphers.
The last one was an RC4 cipher and those are gone.
Change-Id: I3473937ff6f0634296fc75a346627513c5970ddb
Reviewed-on: https://boringssl-review.googlesource.com/13108
Reviewed-by: Adam Langley <agl@google.com>
| -rw-r--r-- | include/openssl/ssl.h | 4 | ||||
| -rw-r--r-- | ssl/internal.h | 9 | ||||
| -rw-r--r-- | ssl/ssl_cipher.c | 36 |
3 files changed, 14 insertions, 35 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 4cc3d87..162e67b 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1152,7 +1152,7 @@ OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher); * mode). */ OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher); -/* SSL_CIPHER_has_MD5_HMAC returns one if |cipher| uses HMAC-MD5. */ +/* SSL_CIPHER_has_MD5_HMAC returns zero. */ OPENSSL_EXPORT int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher); /* SSL_CIPHER_has_SHA1_HMAC returns one if |cipher| uses HMAC-SHA1. */ @@ -1276,7 +1276,7 @@ OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher, * whose bulk cipher use the corresponding encryption scheme. Note that * |AES|, |AES128|, and |AES256| match both CBC and GCM ciphers. * - * |MD5|, |SHA1|, |SHA256|, and |SHA384| match legacy cipher suites using the + * |SHA1|, |SHA256|, and |SHA384| match legacy cipher suites using the * corresponding hash function in their MAC. AEADs are matched by none of * these. * diff --git a/ssl/internal.h b/ssl/internal.h index 919f5aa..eb47785 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -195,12 +195,11 @@ extern "C" { #define SSL_AES (SSL_AES128 | SSL_AES256 | SSL_AES128GCM | SSL_AES256GCM) /* Bits for |algorithm_mac| (symmetric authentication). */ -#define SSL_MD5 0x00000001L -#define SSL_SHA1 0x00000002L -#define SSL_SHA256 0x00000004L -#define SSL_SHA384 0x00000008L +#define SSL_SHA1 0x00000001L +#define SSL_SHA256 0x00000002L +#define SSL_SHA384 0x00000004L /* SSL_AEAD is set for all AEADs. */ -#define SSL_AEAD 0x00000010L +#define SSL_AEAD 0x00000008L /* Bits for |algorithm_prf| (handshake digest). */ #define SSL_HANDSHAKE_MAC_DEFAULT 0x1 diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c index 20b075e..965c3c6 100644 --- a/ssl/ssl_cipher.c +++ b/ssl/ssl_cipher.c @@ -678,7 +678,6 @@ static const CIPHER_ALIAS kCipherAliases[] = { 0}, /* MAC aliases */ - {"MD5", ~0u, ~0u, ~0u, SSL_MD5, 0}, {"SHA1", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0}, {"SHA", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0}, {"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, 0}, @@ -1473,7 +1472,7 @@ int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher) { } int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher) { - return (cipher->algorithm_mac & SSL_MD5) != 0; + return 0; } int SSL_CIPHER_has_SHA1_HMAC(const SSL_CIPHER *cipher) { @@ -1627,15 +1626,10 @@ static const char *ssl_cipher_get_enc_name(const SSL_CIPHER *cipher) { static const char *ssl_cipher_get_prf_name(const SSL_CIPHER *cipher) { switch (cipher->algorithm_prf) { case SSL_HANDSHAKE_MAC_DEFAULT: - /* Before TLS 1.2, the PRF component is the hash used in the HMAC, which is - * only ever MD5 or SHA-1. */ - switch (cipher->algorithm_mac) { - case SSL_MD5: - return "MD5"; - case SSL_SHA1: - return "SHA"; - } - break; + /* Before TLS 1.2, the PRF component is the hash used in the HMAC, which + * is SHA-1 for all supported ciphers. */ + assert(cipher->algorithm_mac == SSL_SHA1); + return "SHA"; case SSL_HANDSHAKE_MAC_SHA256: return "SHA256"; case SSL_HANDSHAKE_MAC_SHA384: @@ -1824,10 +1818,6 @@ const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, } switch (alg_mac) { - case SSL_MD5: - mac = "MD5"; - break; - case SSL_SHA1: mac = "SHA1"; break; @@ -1917,19 +1907,9 @@ size_t ssl_cipher_get_record_split_len(const SSL_CIPHER *cipher) { return 0; } - size_t mac_len; - switch (cipher->algorithm_mac) { - case SSL_MD5: - mac_len = MD5_DIGEST_LENGTH; - break; - case SSL_SHA1: - mac_len = SHA_DIGEST_LENGTH; - break; - default: - return 0; - } - - size_t ret = 1 + mac_len; + /* All supported TLS 1.0 ciphers use SHA-1. */ + assert(cipher->algorithm_mac == SSL_SHA1); + size_t ret = 1 + SHA_DIGEST_LENGTH; ret += block_size - (ret % block_size); return ret; } |