TLS fixes for CBC mode and no-deprecated

Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11961)
author: Pauli <paul.dale@oracle.com> 2020-09-06 17:14:38 +1000
committer: Pauli <paul.dale@oracle.com> 2020-09-09 17:59:08 +1000
commit: 5c97eeb726dac6194e7a3aecf8231a512e0243ea (patch)
tree: 811802394b1a150ec18e5a11e2ec60e735aec5d6 /ssl/record
parent: b924d1b6e1b66def84979dbbf3c79059cff1d554 (diff)
download: openssl-5c97eeb726dac6194e7a3aecf8231a512e0243ea.zip
openssl-5c97eeb726dac6194e7a3aecf8231a512e0243ea.tar.gz
openssl-5c97eeb726dac6194e7a3aecf8231a512e0243ea.tar.bz2
1 files changed, 19 insertions, 0 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index a45e5ee..046d6f2 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1307,6 +1307,25 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending,
     return 1;
 }
 
+/*
+ * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
+ * which ssl3_cbc_digest_record supports.
+ */
+char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
+{
+    switch (EVP_MD_CTX_type(ctx)) {
+    case NID_md5:
+    case NID_sha1:
+    case NID_sha224:
+    case NID_sha256:
+    case NID_sha384:
+    case NID_sha512:
+        return 1;
+    default:
+        return 0;
+    }
+}
+
 int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
 {
     unsigned char *mac_sec, *seq;
author	Pauli <paul.dale@oracle.com>	2020-09-06 17:14:38 +1000
committer	Pauli <paul.dale@oracle.com>	2020-09-09 17:59:08 +1000
commit	5c97eeb726dac6194e7a3aecf8231a512e0243ea (patch)
tree	811802394b1a150ec18e5a11e2ec60e735aec5d6 /ssl/record
parent	b924d1b6e1b66def84979dbbf3c79059cff1d554 (diff)
download	openssl-5c97eeb726dac6194e7a3aecf8231a512e0243ea.zip openssl-5c97eeb726dac6194e7a3aecf8231a512e0243ea.tar.gz openssl-5c97eeb726dac6194e7a3aecf8231a512e0243ea.tar.bz2