Remove code added to avoid SHA1 weakness.

We no longer use a weak hash for certificate comparisons. There is no need to do extra work when certificates are the same. Change-Id: I3b4b295122b289ae389bce2245b8348562700855 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52346 Reviewed-by: Adam Langley <[email protected]> Commit-Queue: Adam Langley <[email protected]>
briansmith · Apr 26, 2022 · 15302de · 15302de
1 parent 553e81e
commit 15302de
Showing 1 changed file with 1 addition and 12 deletions.
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
@@ -165,18 +165,7 @@ int X509_cmp(const X509 *a, const X509 *b)
     x509v3_cache_extensions((X509 *)a);
     x509v3_cache_extensions((X509 *)b);
 
-    int rv = OPENSSL_memcmp(a->cert_hash, b->cert_hash, SHA256_DIGEST_LENGTH);
-    if (rv)
-        return rv;
-    /* Check for match against stored encoding too */
-    if (!a->cert_info->enc.modified && !b->cert_info->enc.modified) {
-        rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len);
-        if (rv)
-            return rv;
-        return OPENSSL_memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc,
-                              a->cert_info->enc.len);
-    }
-    return rv;
+    return OPENSSL_memcmp(a->cert_hash, b->cert_hash, SHA256_DIGEST_LENGTH);
 }
 
 int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)