Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11961)
if (!sending &&
EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
ssl3_cbc_record_digest_supported(hash)) {
+#ifdef OPENSSL_NO_DEPRECATED_3_0
+ return 0;
+#else
/*
* This is a CBC-encrypted record. We must avoid leaking any
* timing-side channel information about how many blocks of data we
rec->length, rec->orig_len,
mac_sec, md_size, 1) <= 0)
return 0;
+#endif
} else {
unsigned int md_size_u;
/* Chop the digest off the end :-) */
#include <openssl/sha.h>
char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
+#ifndef OPENSSL_NO_DEPRECATED_3_0
int ssl3_cbc_digest_record(const EVP_MD *md,
unsigned char *md_out,
size_t *md_out_size,
l2n8(sha512->h[i], md_out);
}
}
+#endif
#undef LARGEST_DIGEST_CTX
#define LARGEST_DIGEST_CTX SHA512_CTX
}
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
/*-
* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
* record.
EVP_MD_CTX_free(md_ctx);
return ret;
}
+#endif