Remove code added to avoid SHA1 weakness.
We no longer use a weak hash for certificate comparisons. There
is no need to do extra work when certificates are the same.
Change-Id: I3b4b295122b289ae389bce2245b8348562700855
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52346
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index e9e1d8c..80590e2 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -165,18 +165,7 @@
x509v3_cache_extensions((X509 *)a);
x509v3_cache_extensions((X509 *)b);
- int rv = OPENSSL_memcmp(a->cert_hash, b->cert_hash, SHA256_DIGEST_LENGTH);
- if (rv)
- return rv;
- /* Check for match against stored encoding too */
- if (!a->cert_info->enc.modified && !b->cert_info->enc.modified) {
- rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len);
- if (rv)
- return rv;
- return OPENSSL_memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc,
- a->cert_info->enc.len);
- }
- return rv;
+ return OPENSSL_memcmp(a->cert_hash, b->cert_hash, SHA256_DIGEST_LENGTH);
}
int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)