Simplify SSLTranscript.

With SSL 3.0 gone, there's no need to split up MD5 and SHA-1.

Change-Id: Ia4236c738dfa6743f1028c2d53761c95cba96288
Reviewed-on: https://boringssl-review.googlesource.com/29744
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/internal.h

@@ -616,12 +616,8 @@ class SSLTranscript {
  private:
   // buffer_, if non-null, contains the handshake transcript.
   UniquePtr<BUF_MEM> buffer_;
-  // hash, if initialized with an |EVP_MD|, maintains the handshake hash. For
-  // TLS 1.1 and below, it is the SHA-1 half.
+  // hash, if initialized with an |EVP_MD|, maintains the handshake hash.
   ScopedEVP_MD_CTX hash_;
-  // md5, if initialized with an |EVP_MD|, maintains the MD5 half of the
-  // handshake hash for TLS 1.1 and below.
-  ScopedEVP_MD_CTX md5_;
 };
 
 // tls1_prf computes the PRF function for |ssl|. It fills |out|, using |secret|

ssl/ssl_transcript.cc

@@ -135,18 +135,9 @@
 
 #include <openssl/ssl.h>
 
-#include <assert.h>
-#include <string.h>
-
 #include <openssl/buf.h>
 #include <openssl/digest.h>
-#include <openssl/err.h>
-#include <openssl/mem.h>
-#include <openssl/md5.h>
-#include <openssl/nid.h>
-#include <openssl/sha.h>
 
-#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -163,7 +154,6 @@ bool SSLTranscript::Init() {
   }
 
   hash_.Reset();
-  md5_.Reset();
   return true;
 }
 
@@ -180,17 +170,6 @@ static bool InitDigestWithData(EVP_MD_CTX *ctx, const EVP_MD *md,
 
 bool SSLTranscript::InitHash(uint16_t version, const SSL_CIPHER *cipher) {
   const EVP_MD *md = ssl_get_handshake_digest(version, cipher);
-
-  // To support SSL 3.0's Finished and CertificateVerify constructions,
-  // EVP_md5_sha1() is split into MD5 and SHA-1 halves. When SSL 3.0 is removed,
-  // we can simplify this.
-  if (md == EVP_md5_sha1()) {
-    if (!InitDigestWithData(md5_.get(), EVP_md5(), buffer_.get())) {
-      return false;
-    }
-    md = EVP_sha1();
-  }
-
   return InitDigestWithData(hash_.get(), md, buffer_.get());
 }
 
@@ -203,9 +182,6 @@ size_t SSLTranscript::DigestLen() const {
 }
 
 const EVP_MD *SSLTranscript::Digest() const {
-  if (EVP_MD_CTX_md(md5_.get()) != nullptr) {
-    return EVP_md5_sha1();
-  }
   return EVP_MD_CTX_md(hash_.get());
 }
 
@@ -244,30 +220,18 @@ bool SSLTranscript::Update(Span<const uint8_t> in) {
   if (EVP_MD_CTX_md(hash_.get()) != NULL) {
     EVP_DigestUpdate(hash_.get(), in.data(), in.size());
   }
-  if (EVP_MD_CTX_md(md5_.get()) != NULL) {
-    EVP_DigestUpdate(md5_.get(), in.data(), in.size());
-  }
 
   return true;
 }
 
 bool SSLTranscript::GetHash(uint8_t *out, size_t *out_len) {
   ScopedEVP_MD_CTX ctx;
-  unsigned md5_len = 0;
-  if (EVP_MD_CTX_md(md5_.get()) != NULL) {
-    if (!EVP_MD_CTX_copy_ex(ctx.get(), md5_.get()) ||
-        !EVP_DigestFinal_ex(ctx.get(), out, &md5_len)) {
-      return false;
-    }
-  }
-
   unsigned len;
   if (!EVP_MD_CTX_copy_ex(ctx.get(), hash_.get()) ||
-      !EVP_DigestFinal_ex(ctx.get(), out + md5_len, &len)) {
+      !EVP_DigestFinal_ex(ctx.get(), out, &len)) {
     return false;
   }
-
-  *out_len = md5_len + len;
+  *out_len = len;
   return true;
 }
 
@@ -280,16 +244,16 @@ bool SSLTranscript::GetFinishedMAC(uint8_t *out, size_t *out_len,
                    ? MakeConstSpan(kServerLabel, sizeof(kServerLabel) - 1)
                    : MakeConstSpan(kClientLabel, sizeof(kClientLabel) - 1);
 
-  uint8_t digests[EVP_MAX_MD_SIZE];
-  size_t digests_len;
-  if (!GetHash(digests, &digests_len)) {
+  uint8_t digest[EVP_MAX_MD_SIZE];
+  size_t digest_len;
+  if (!GetHash(digest, &digest_len)) {
     return false;
   }
 
   static const size_t kFinishedLen = 12;
   if (!tls1_prf(Digest(), MakeSpan(out, kFinishedLen),
                 MakeConstSpan(session->master_key, session->master_key_length),
-                label, MakeConstSpan(digests, digests_len), {})) {
+                label, MakeConstSpan(digest, digest_len), {})) {
     return false;
   }