refactor: remove openssl-1.0.2-fips 'allow md5' logic

[lrstewart]

Release Summary:

Resolved issues:

related to #5045. We need to cleanup the old mess before we add a new mess.

Description of changes:

I remove the s2n_hash_allow_md5_for_fips, s2n_digest_is_md5_allowed_for_fips, and s2n_digest_allow_md5_for_fips methods because after the removal of openssl-1.0.2-fips support, they're not actually doing anything. I explain more in in-line comments, but:

• s2n_hash_allow_md5_for_fips and s2n_digest_allow_md5_for_fips are a no-op for every libcrypto except openssl-1.0.2-fips
• s2n_digest_is_md5_allowed_for_fips is mostly just used to gate calls to *_allow_md5_for_fips

Call-outs:

if you search for the removed methods, you'll still find references in the CBMC proofs. To keep this PR reviewable, I'm going to clean those up as a follow-up, since they don't affect testing.

Testing:

Existing tests continue to pass. I only needed to update one unit test, and I explain why in-line.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[lrstewart]

This translates to "if openssl+fips, call an API to allow md5". With the removal of openssl-1.0.2-fips, we no longer support openssl+fips, and this is a no-op. I've removed it everywhere it appears.

[lrstewart]

This one's a bit trickier. It roughly translates to:

if not fips: false
If openssl+fips: maybe true
If awslc+fips: true

So with the removal of openssl+fips via openssl-1.0.2-fips, this method boils down to "is fips?".

We only use this method for two purposes (see search):

• Gate calls to s2n_hash_allow_md5_for_fips: unnecessary since s2n_hash_allow_md5_for_fips is a no-op
• Decide whether or not to initialize a handshake hash: unnecessary because of refactor: remove openssl-1.0.2-fips 'allow md5' logic #5048 (comment). Basically, we check "is not fips, or is fips".

[lrstewart]

If I delete this file, I have to update ALL of the s2n_hash CBMC proofs because they all declare it as a source file. It's unnecessary noise, so I'd prefer to do it in a follow-up PR: fe97ffa

[lrstewart]

This was not really true even before this change. You could use md5 with fips in awslc, just not in openssl-1.0.2. So whenever we checked s2n_hash_is_available and got "false" because of fips, we'd then check s2n_digest_is_md5_allowed_for_fips and get "true", overriding the original "false". I'm just skipping straight to the final "true".

You can confirm the limited non-test usage of this method: https://github.com/search?q=repo%3Aaws%2Fs2n-tls+s2n_hash_is_available+-path%3A*tests%2Funit%2F*.c&type=code

[lrstewart]

This is the only test I had to update. Before it was relying on s2n_hash_is_available being "false" for MD5 + fips when using fips, but the real limitation is from the EVP signing test after the hashes:

s2n-tls/crypto/s2n_evp_signing.c

Lines 78 to 99 in 431f014

	static S2N_RESULT s2n_evp_signing_validate_hash_alg(s2n_signature_algorithm sig_alg, s2n_hash_algorithm hash_alg)
	{
	switch (hash_alg) {
	case S2N_HASH_NONE:
	case S2N_HASH_MD5:
	/* MD5 alone is never supported */
	RESULT_BAIL(S2N_ERR_HASH_INVALID_ALGORITHM);
	break;
	case S2N_HASH_MD5_SHA1:
	/* Only RSA supports MD5+SHA1.
	* This should not be a problem, as we only allow MD5+SHA1 when
	* falling back to TLS1.0 or 1.1, which only support RSA.
	*/
	RESULT_ENSURE(sig_alg == S2N_SIGNATURE_RSA, S2N_ERR_HASH_INVALID_ALGORITHM);
	break;
	default:
	break;
	}
	/* Hash algorithm must be recognized and supported by EVP_MD */
	RESULT_ENSURE(s2n_hash_alg_to_evp_md(hash_alg) != NULL, S2N_ERR_HASH_INVALID_ALGORITHM);
	return S2N_RESULT_OK;
	}