actually just rip it out completely

lrstewart · Feb 10, 2025 · 1a2792a · 1a2792a
1 parent cd1bddb
commit 1a2792a
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 109 deletions.
diff --git a/crypto/s2n_hmac.c b/crypto/s2n_hmac.c
@@ -75,24 +75,6 @@ int s2n_hmac_digest_size(s2n_hmac_algorithm hmac_alg, uint8_t *out)
     return S2N_SUCCESS;
 }
 
-/* Return 1 if hmac algorithm is available, 0 otherwise. */
-bool s2n_hmac_is_available(s2n_hmac_algorithm hmac_alg)
-{
-    switch(hmac_alg) {
-        case S2N_HMAC_MD5:
-        case S2N_HMAC_SSLv3_MD5:
-        case S2N_HMAC_SSLv3_SHA1:
-        case S2N_HMAC_NONE:
-        case S2N_HMAC_SHA1:
-        case S2N_HMAC_SHA224:
-        case S2N_HMAC_SHA256:
-        case S2N_HMAC_SHA384:
-        case S2N_HMAC_SHA512:
-            return true;
-    }
-    return false;
-}
-
 static int s2n_sslv3_mac_init(struct s2n_hmac_state *state, s2n_hmac_algorithm alg, const void *key, uint32_t klen)
 {
     for (int i = 0; i < state->xor_pad_size; i++) {
@@ -201,10 +183,6 @@ S2N_RESULT s2n_hmac_state_validate(struct s2n_hmac_state *state)
 int s2n_hmac_init(struct s2n_hmac_state *state, s2n_hmac_algorithm alg, const void *key, uint32_t klen)
 {
     POSIX_ENSURE_REF(state);
-    if (!s2n_hmac_is_available(alg)) {
-        /* Prevent hmacs from being used if they are not available. */
-        POSIX_BAIL(S2N_ERR_HMAC_INVALID_ALGORITHM);
-    }
 
     state->alg = alg;
     POSIX_GUARD(s2n_hmac_hash_block_size(alg, &state->hash_block_size));

diff --git a/crypto/s2n_hmac.h b/crypto/s2n_hmac.h
@@ -61,7 +61,6 @@ struct s2n_hmac_evp_backup {
 };
 
 int s2n_hmac_digest_size(s2n_hmac_algorithm alg, uint8_t *out);
-bool s2n_hmac_is_available(s2n_hmac_algorithm alg);
 int s2n_hmac_hash_alg(s2n_hmac_algorithm hmac_alg, s2n_hash_algorithm *out);
 int s2n_hash_hmac_alg(s2n_hash_algorithm hash_alg, s2n_hmac_algorithm *out);
 

diff --git a/tests/cbmc/proofs/s2n_hmac_is_available/Makefile b/tests/cbmc/proofs/s2n_hmac_is_available/Makefile
diff --git a/tests/cbmc/proofs/s2n_hmac_is_available/cbmc-proof.txt b/tests/cbmc/proofs/s2n_hmac_is_available/cbmc-proof.txt
diff --git a/tests/cbmc/proofs/s2n_hmac_is_available/s2n_hmac_is_available_harness.c b/tests/cbmc/proofs/s2n_hmac_is_available/s2n_hmac_is_available_harness.c
diff --git a/tests/unit/s2n_hmac_test.c b/tests/unit/s2n_hmac_test.c
@@ -47,8 +47,8 @@ int main(int argc, char **argv)
     EXPECT_SUCCESS(s2n_hmac_new(&copy));
     EXPECT_SUCCESS(s2n_hmac_new(&cmac));
 
-    if (s2n_hmac_is_available(S2N_HMAC_SSLv3_MD5)) {
-        /* Try SSLv3 MD5 */
+    /* Try SSLv3 MD5 */
+    {
         uint8_t hmac_sslv3_md5_size = 0;
         POSIX_GUARD(s2n_hmac_digest_size(S2N_HMAC_SSLv3_MD5, &hmac_sslv3_md5_size));
         EXPECT_EQUAL(hmac_sslv3_md5_size, 16);
@@ -80,8 +80,8 @@ int main(int argc, char **argv)
         EXPECT_SUCCESS(s2n_hmac_reset(&hmac));
     }
 
-    if (s2n_hmac_is_available(S2N_HMAC_SSLv3_SHA1)) {
-        /* Try SSLv3 SHA1 */
+    /* Try SSLv3 SHA1 */
+    {
         uint8_t hmac_sslv3_sha1_size = 0;
         POSIX_GUARD(s2n_hmac_digest_size(S2N_HMAC_SSLv3_SHA1, &hmac_sslv3_sha1_size));
         EXPECT_EQUAL(hmac_sslv3_sha1_size, 20);
@@ -113,8 +113,8 @@ int main(int argc, char **argv)
         EXPECT_SUCCESS(s2n_hmac_reset(&hmac));
     }
 
-    if (s2n_hmac_is_available(S2N_HMAC_MD5)) {
-        /* Try MD5 */
+    /* Try MD5 */
+    {
         uint8_t hmac_md5_size = 0;
         POSIX_GUARD(s2n_hmac_digest_size(S2N_HMAC_MD5, &hmac_md5_size));
         EXPECT_EQUAL(hmac_md5_size, 16);