diff --git a/crypto/s2n_hmac.c b/crypto/s2n_hmac.c index 96466708194..3b519c1f72a 100644 --- a/crypto/s2n_hmac.c +++ b/crypto/s2n_hmac.c @@ -81,11 +81,11 @@ bool s2n_hmac_is_available(s2n_hmac_algorithm hmac_alg) switch(hmac_alg) { case S2N_HMAC_MD5: case S2N_HMAC_SSLv3_MD5: + /* Some libcryptos, such as OpenSSL, disable MD5 by default when in FIPS mode, which is + * required in order to negotiate SSLv3. However, this is supported in AWS-LC. + */ + return !s2n_is_in_fips_mode() || s2n_libcrypto_is_awslc(); case S2N_HMAC_SSLv3_SHA1: - /* Some libcryptos, such as OpenSSL, disable MD5 by default when in FIPS mode, which is - * required in order to negotiate SSLv3. However, this is supported in AWS-LC. - */ - return !s2n_is_in_fips_mode() || s2n_libcrypto_is_awslc(); case S2N_HMAC_NONE: case S2N_HMAC_SHA1: case S2N_HMAC_SHA224: diff --git a/tests/cbmc/proofs/s2n_hmac_is_available/s2n_hmac_is_available_harness.c b/tests/cbmc/proofs/s2n_hmac_is_available/s2n_hmac_is_available_harness.c index daa3a074812..9c9fba4ec5a 100644 --- a/tests/cbmc/proofs/s2n_hmac_is_available/s2n_hmac_is_available_harness.c +++ b/tests/cbmc/proofs/s2n_hmac_is_available/s2n_hmac_is_available_harness.c @@ -33,8 +33,8 @@ void s2n_hmac_is_available_harness() switch (hmac_alg) { case S2N_HASH_MD5: case S2N_HMAC_SSLv3_MD5: - case S2N_HMAC_SSLv3_SHA1: assert(is_available == !s2n_is_in_fips_mode() || s2n_libcrypto_is_awslc()); break; + case S2N_HMAC_SSLv3_SHA1: case S2N_HASH_NONE: case S2N_HASH_SHA1: case S2N_HASH_SHA224: diff --git a/tests/unit/s2n_crypto_test.c b/tests/unit/s2n_crypto_test.c index 5fc4dc1d798..744f25c4b99 100644 --- a/tests/unit/s2n_crypto_test.c +++ b/tests/unit/s2n_crypto_test.c @@ -123,14 +123,6 @@ int main() for (size_t i = 0; i < s2n_array_len(supported_versions); i++) { const uint8_t version = supported_versions[i]; - /* See https://github.com/aws/s2n-tls/issues/4476 - * Retrieving the master secret won't vary between FIPS and non-FIPS, - * so this testing limitation is not a concern. - */ - if (s2n_is_in_fips_mode() && version == S2N_SSLv3) { - continue; - } - DEFER_CLEANUP(struct s2n_config *config = s2n_config_new(), s2n_config_ptr_free); EXPECT_NOT_NULL(config); EXPECT_SUCCESS(s2n_config_add_cert_chain_and_key_to_store(config, ecdsa_chain_and_key)); diff --git a/tests/unit/s2n_sslv3_test.c b/tests/unit/s2n_sslv3_test.c index 58b194ac83e..d0a5635f2dd 100644 --- a/tests/unit/s2n_sslv3_test.c +++ b/tests/unit/s2n_sslv3_test.c @@ -53,14 +53,6 @@ int main(int argc, char **argv) { BEGIN_TEST(); - if (!s2n_hmac_is_available(S2N_HMAC_SSLv3_MD5)) { - /* AWS-LC should support SSLv3. */ - EXPECT_FALSE(s2n_libcrypto_is_awslc()); - - /* Other libcryptos may not support SSLv3, so the tests are skipped. */ - END_TEST(); - } - DEFER_CLEANUP(struct s2n_cert_chain_and_key *rsa_chain_and_key = NULL, s2n_cert_chain_and_key_ptr_free); EXPECT_SUCCESS(s2n_test_cert_chain_and_key_new(&rsa_chain_and_key, S2N_DEFAULT_TEST_CERT_CHAIN, S2N_DEFAULT_TEST_PRIVATE_KEY)); diff --git a/tls/s2n_prf.c b/tls/s2n_prf.c index b669501a4c8..614a8818fa8 100644 --- a/tls/s2n_prf.c +++ b/tls/s2n_prf.c @@ -122,11 +122,6 @@ static int s2n_sslv3_prf(struct s2n_connection *conn, struct s2n_blob *secret, s POSIX_ENSURE_REF(conn->handshake.hashes); struct s2n_hash_state *workspace = &conn->handshake.hashes->hash_workspace; - /* FIPS specifically allows MD5 for the legacy PRF */ - if (s2n_is_in_fips_mode() && conn->actual_protocol_version < S2N_TLS12) { - POSIX_GUARD(s2n_hash_allow_md5_for_fips(workspace)); - } - uint32_t outputlen = out->size; uint8_t *output = out->data; uint8_t iteration = 1; @@ -157,6 +152,10 @@ static int s2n_sslv3_prf(struct s2n_connection *conn, struct s2n_blob *secret, s struct s2n_hash_state *md5 = workspace; POSIX_GUARD(s2n_hash_reset(md5)); + /* FIPS specifically allows MD5 for the legacy PRF */ + if (s2n_is_in_fips_mode() && conn->actual_protocol_version < S2N_TLS12) { + POSIX_GUARD(s2n_hash_allow_md5_for_fips(workspace)); + } POSIX_GUARD(s2n_hash_init(md5, S2N_HASH_MD5)); POSIX_GUARD(s2n_hash_update(md5, secret->data, secret->size)); POSIX_GUARD(s2n_hash_update(md5, sha_digest, sizeof(sha_digest)));