aboutsummaryrefslogtreecommitdiff
path: root/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'ssl')
-rw-r--r--ssl/record/ssl3_record.c4
-rw-r--r--ssl/s3_cbc.c4
2 files changed, 8 insertions, 0 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index baa4f23..a45e5ee 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1335,6 +1335,9 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
if (!sending &&
EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
ssl3_cbc_record_digest_supported(hash)) {
+#ifdef OPENSSL_NO_DEPRECATED_3_0
+ return 0;
+#else
/*
* This is a CBC-encrypted record. We must avoid leaking any
* timing-side channel information about how many blocks of data we
@@ -1368,6 +1371,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
rec->length, rec->orig_len,
mac_sec, md_size, 1) <= 0)
return 0;
+#endif
} else {
unsigned int md_size_u;
/* Chop the digest off the end :-) */
diff --git a/ssl/s3_cbc.c b/ssl/s3_cbc.c
index 4895f43..59e4178 100644
--- a/ssl/s3_cbc.c
+++ b/ssl/s3_cbc.c
@@ -31,6 +31,7 @@
#include <openssl/sha.h>
char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
+#ifndef OPENSSL_NO_DEPRECATED_3_0
int ssl3_cbc_digest_record(const EVP_MD *md,
unsigned char *md_out,
size_t *md_out_size,
@@ -128,6 +129,7 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
l2n8(sha512->h[i], md_out);
}
}
+#endif
#undef LARGEST_DIGEST_CTX
#define LARGEST_DIGEST_CTX SHA512_CTX
@@ -151,6 +153,7 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
}
}
+#ifndef OPENSSL_NO_DEPRECATED_3_0
/*-
* ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
* record.
@@ -523,3 +526,4 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
EVP_MD_CTX_free(md_ctx);
return ret;
}
+#endif
generated by cgit v1.1 at 2024-07-14 08:32:48 +0000