Remove unused libcrypto HMAC code from s2n_prf #4094
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
The custom PRF implementation in s2n-tls is designed to swap the underlying HMAC implementation based on the FIPS mode. Normally, the custom HMAC implementation in s2n-tls is used, but if s2n-tls is operating in FIPS mode, the implementation is swapped to the libcrypto HMAC implementation.
However, after #4020, the PRF implementation itself is swapped to the libcrypto PRF implementation when s2n-tls is operating in FIPS mode. As such, the libcrypto HMAC implementation in s2n_prf is no longer needed, so it's removed in this PR.
Call-outs:
hmac->cleanup
ands2n_prf_wipe()
currently calls2n_hmac_reset()
. Resetting doesn't actually clean/wipe the state, though. Instead, it prepares the state for a future HMAC calculation with the same key and algorithm. It seemed more correct to actually wipe the state in these places instead, so I changed it.Testing:
Existing s2n_prf unit tests.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.