There are no more MD5 ciphers.
The last one was an RC4 cipher and those are gone. Change-Id: I3473937ff6f0634296fc75a346627513c5970ddb Reviewed-on: https://boringssl-review.googlesource.com/13108 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
dcecdfd620
commit
5fc99c6603
@ -1152,7 +1152,7 @@ OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher);
|
|||||||
* mode). */
|
* mode). */
|
||||||
OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher);
|
OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher);
|
||||||
|
|
||||||
/* SSL_CIPHER_has_MD5_HMAC returns one if |cipher| uses HMAC-MD5. */
|
/* SSL_CIPHER_has_MD5_HMAC returns zero. */
|
||||||
OPENSSL_EXPORT int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher);
|
OPENSSL_EXPORT int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher);
|
||||||
|
|
||||||
/* SSL_CIPHER_has_SHA1_HMAC returns one if |cipher| uses HMAC-SHA1. */
|
/* SSL_CIPHER_has_SHA1_HMAC returns one if |cipher| uses HMAC-SHA1. */
|
||||||
@ -1276,7 +1276,7 @@ OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher,
|
|||||||
* whose bulk cipher use the corresponding encryption scheme. Note that
|
* whose bulk cipher use the corresponding encryption scheme. Note that
|
||||||
* |AES|, |AES128|, and |AES256| match both CBC and GCM ciphers.
|
* |AES|, |AES128|, and |AES256| match both CBC and GCM ciphers.
|
||||||
*
|
*
|
||||||
* |MD5|, |SHA1|, |SHA256|, and |SHA384| match legacy cipher suites using the
|
* |SHA1|, |SHA256|, and |SHA384| match legacy cipher suites using the
|
||||||
* corresponding hash function in their MAC. AEADs are matched by none of
|
* corresponding hash function in their MAC. AEADs are matched by none of
|
||||||
* these.
|
* these.
|
||||||
*
|
*
|
||||||
|
@ -195,12 +195,11 @@ extern "C" {
|
|||||||
#define SSL_AES (SSL_AES128 | SSL_AES256 | SSL_AES128GCM | SSL_AES256GCM)
|
#define SSL_AES (SSL_AES128 | SSL_AES256 | SSL_AES128GCM | SSL_AES256GCM)
|
||||||
|
|
||||||
/* Bits for |algorithm_mac| (symmetric authentication). */
|
/* Bits for |algorithm_mac| (symmetric authentication). */
|
||||||
#define SSL_MD5 0x00000001L
|
#define SSL_SHA1 0x00000001L
|
||||||
#define SSL_SHA1 0x00000002L
|
#define SSL_SHA256 0x00000002L
|
||||||
#define SSL_SHA256 0x00000004L
|
#define SSL_SHA384 0x00000004L
|
||||||
#define SSL_SHA384 0x00000008L
|
|
||||||
/* SSL_AEAD is set for all AEADs. */
|
/* SSL_AEAD is set for all AEADs. */
|
||||||
#define SSL_AEAD 0x00000010L
|
#define SSL_AEAD 0x00000008L
|
||||||
|
|
||||||
/* Bits for |algorithm_prf| (handshake digest). */
|
/* Bits for |algorithm_prf| (handshake digest). */
|
||||||
#define SSL_HANDSHAKE_MAC_DEFAULT 0x1
|
#define SSL_HANDSHAKE_MAC_DEFAULT 0x1
|
||||||
|
@ -678,7 +678,6 @@ static const CIPHER_ALIAS kCipherAliases[] = {
|
|||||||
0},
|
0},
|
||||||
|
|
||||||
/* MAC aliases */
|
/* MAC aliases */
|
||||||
{"MD5", ~0u, ~0u, ~0u, SSL_MD5, 0},
|
|
||||||
{"SHA1", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
|
{"SHA1", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
|
||||||
{"SHA", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
|
{"SHA", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
|
||||||
{"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, 0},
|
{"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, 0},
|
||||||
@ -1473,7 +1472,7 @@ int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher) {
|
int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher) {
|
||||||
return (cipher->algorithm_mac & SSL_MD5) != 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int SSL_CIPHER_has_SHA1_HMAC(const SSL_CIPHER *cipher) {
|
int SSL_CIPHER_has_SHA1_HMAC(const SSL_CIPHER *cipher) {
|
||||||
@ -1627,15 +1626,10 @@ static const char *ssl_cipher_get_enc_name(const SSL_CIPHER *cipher) {
|
|||||||
static const char *ssl_cipher_get_prf_name(const SSL_CIPHER *cipher) {
|
static const char *ssl_cipher_get_prf_name(const SSL_CIPHER *cipher) {
|
||||||
switch (cipher->algorithm_prf) {
|
switch (cipher->algorithm_prf) {
|
||||||
case SSL_HANDSHAKE_MAC_DEFAULT:
|
case SSL_HANDSHAKE_MAC_DEFAULT:
|
||||||
/* Before TLS 1.2, the PRF component is the hash used in the HMAC, which is
|
/* Before TLS 1.2, the PRF component is the hash used in the HMAC, which
|
||||||
* only ever MD5 or SHA-1. */
|
* is SHA-1 for all supported ciphers. */
|
||||||
switch (cipher->algorithm_mac) {
|
assert(cipher->algorithm_mac == SSL_SHA1);
|
||||||
case SSL_MD5:
|
|
||||||
return "MD5";
|
|
||||||
case SSL_SHA1:
|
|
||||||
return "SHA";
|
return "SHA";
|
||||||
}
|
|
||||||
break;
|
|
||||||
case SSL_HANDSHAKE_MAC_SHA256:
|
case SSL_HANDSHAKE_MAC_SHA256:
|
||||||
return "SHA256";
|
return "SHA256";
|
||||||
case SSL_HANDSHAKE_MAC_SHA384:
|
case SSL_HANDSHAKE_MAC_SHA384:
|
||||||
@ -1824,10 +1818,6 @@ const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf,
|
|||||||
}
|
}
|
||||||
|
|
||||||
switch (alg_mac) {
|
switch (alg_mac) {
|
||||||
case SSL_MD5:
|
|
||||||
mac = "MD5";
|
|
||||||
break;
|
|
||||||
|
|
||||||
case SSL_SHA1:
|
case SSL_SHA1:
|
||||||
mac = "SHA1";
|
mac = "SHA1";
|
||||||
break;
|
break;
|
||||||
@ -1917,19 +1907,9 @@ size_t ssl_cipher_get_record_split_len(const SSL_CIPHER *cipher) {
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
size_t mac_len;
|
/* All supported TLS 1.0 ciphers use SHA-1. */
|
||||||
switch (cipher->algorithm_mac) {
|
assert(cipher->algorithm_mac == SSL_SHA1);
|
||||||
case SSL_MD5:
|
size_t ret = 1 + SHA_DIGEST_LENGTH;
|
||||||
mac_len = MD5_DIGEST_LENGTH;
|
|
||||||
break;
|
|
||||||
case SSL_SHA1:
|
|
||||||
mac_len = SHA_DIGEST_LENGTH;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
size_t ret = 1 + mac_len;
|
|
||||||
ret += block_size - (ret % block_size);
|
ret += block_size - (ret % block_size);
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user