There are no more MD5 ciphers.
The last one was an RC4 cipher and those are gone. Change-Id: I3473937ff6f0634296fc75a346627513c5970ddb Reviewed-on: https://boringssl-review.googlesource.com/13108 Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
parent
dcecdfd620
commit
5fc99c6603
@ -1152,7 +1152,7 @@ OPENSSL_EXPORT uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *cipher);
|
||||
* mode). */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_has_MD5_HMAC returns one if |cipher| uses HMAC-MD5. */
|
||||
/* SSL_CIPHER_has_MD5_HMAC returns zero. */
|
||||
OPENSSL_EXPORT int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher);
|
||||
|
||||
/* SSL_CIPHER_has_SHA1_HMAC returns one if |cipher| uses HMAC-SHA1. */
|
||||
@ -1276,7 +1276,7 @@ OPENSSL_EXPORT int SSL_CIPHER_get_bits(const SSL_CIPHER *cipher,
|
||||
* whose bulk cipher use the corresponding encryption scheme. Note that
|
||||
* |AES|, |AES128|, and |AES256| match both CBC and GCM ciphers.
|
||||
*
|
||||
* |MD5|, |SHA1|, |SHA256|, and |SHA384| match legacy cipher suites using the
|
||||
* |SHA1|, |SHA256|, and |SHA384| match legacy cipher suites using the
|
||||
* corresponding hash function in their MAC. AEADs are matched by none of
|
||||
* these.
|
||||
*
|
||||
|
@ -195,12 +195,11 @@ extern "C" {
|
||||
#define SSL_AES (SSL_AES128 | SSL_AES256 | SSL_AES128GCM | SSL_AES256GCM)
|
||||
|
||||
/* Bits for |algorithm_mac| (symmetric authentication). */
|
||||
#define SSL_MD5 0x00000001L
|
||||
#define SSL_SHA1 0x00000002L
|
||||
#define SSL_SHA256 0x00000004L
|
||||
#define SSL_SHA384 0x00000008L
|
||||
#define SSL_SHA1 0x00000001L
|
||||
#define SSL_SHA256 0x00000002L
|
||||
#define SSL_SHA384 0x00000004L
|
||||
/* SSL_AEAD is set for all AEADs. */
|
||||
#define SSL_AEAD 0x00000010L
|
||||
#define SSL_AEAD 0x00000008L
|
||||
|
||||
/* Bits for |algorithm_prf| (handshake digest). */
|
||||
#define SSL_HANDSHAKE_MAC_DEFAULT 0x1
|
||||
|
@ -678,7 +678,6 @@ static const CIPHER_ALIAS kCipherAliases[] = {
|
||||
0},
|
||||
|
||||
/* MAC aliases */
|
||||
{"MD5", ~0u, ~0u, ~0u, SSL_MD5, 0},
|
||||
{"SHA1", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
|
||||
{"SHA", ~0u, ~0u, ~SSL_eNULL, SSL_SHA1, 0},
|
||||
{"SHA256", ~0u, ~0u, ~0u, SSL_SHA256, 0},
|
||||
@ -1473,7 +1472,7 @@ int SSL_CIPHER_is_AES(const SSL_CIPHER *cipher) {
|
||||
}
|
||||
|
||||
int SSL_CIPHER_has_MD5_HMAC(const SSL_CIPHER *cipher) {
|
||||
return (cipher->algorithm_mac & SSL_MD5) != 0;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int SSL_CIPHER_has_SHA1_HMAC(const SSL_CIPHER *cipher) {
|
||||
@ -1627,15 +1626,10 @@ static const char *ssl_cipher_get_enc_name(const SSL_CIPHER *cipher) {
|
||||
static const char *ssl_cipher_get_prf_name(const SSL_CIPHER *cipher) {
|
||||
switch (cipher->algorithm_prf) {
|
||||
case SSL_HANDSHAKE_MAC_DEFAULT:
|
||||
/* Before TLS 1.2, the PRF component is the hash used in the HMAC, which is
|
||||
* only ever MD5 or SHA-1. */
|
||||
switch (cipher->algorithm_mac) {
|
||||
case SSL_MD5:
|
||||
return "MD5";
|
||||
case SSL_SHA1:
|
||||
/* Before TLS 1.2, the PRF component is the hash used in the HMAC, which
|
||||
* is SHA-1 for all supported ciphers. */
|
||||
assert(cipher->algorithm_mac == SSL_SHA1);
|
||||
return "SHA";
|
||||
}
|
||||
break;
|
||||
case SSL_HANDSHAKE_MAC_SHA256:
|
||||
return "SHA256";
|
||||
case SSL_HANDSHAKE_MAC_SHA384:
|
||||
@ -1824,10 +1818,6 @@ const char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf,
|
||||
}
|
||||
|
||||
switch (alg_mac) {
|
||||
case SSL_MD5:
|
||||
mac = "MD5";
|
||||
break;
|
||||
|
||||
case SSL_SHA1:
|
||||
mac = "SHA1";
|
||||
break;
|
||||
@ -1917,19 +1907,9 @@ size_t ssl_cipher_get_record_split_len(const SSL_CIPHER *cipher) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
size_t mac_len;
|
||||
switch (cipher->algorithm_mac) {
|
||||
case SSL_MD5:
|
||||
mac_len = MD5_DIGEST_LENGTH;
|
||||
break;
|
||||
case SSL_SHA1:
|
||||
mac_len = SHA_DIGEST_LENGTH;
|
||||
break;
|
||||
default:
|
||||
return 0;
|
||||
}
|
||||
|
||||
size_t ret = 1 + mac_len;
|
||||
/* All supported TLS 1.0 ciphers use SHA-1. */
|
||||
assert(cipher->algorithm_mac == SSL_SHA1);
|
||||
size_t ret = 1 + SHA_DIGEST_LENGTH;
|
||||
ret += block_size - (ret % block_size);
|
||||
return ret;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user