summaryrefslogtreecommitdiffstats
path: root/ssl/record
diff options
context:
space:
mode:
authorPauli <paul.dale@oracle.com>2020-09-06 13:44:08 +1000
committerPauli <paul.dale@oracle.com>2020-09-09 17:59:08 +1000
commitb924d1b6e1b66def84979dbbf3c79059cff1d554 (patch)
treeaf5a817fcfe0bd501eadd929be8c1ed09fca3265 /ssl/record
parent81661a14bcf9fb92eadedb15de75c3eb5b4e97a8 (diff)
TLS: remove legacy code path supporting special CBC mode
Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/11961)
Diffstat (limited to 'ssl/record')
-rw-r--r--ssl/record/ssl3_record.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index baa4f239bf..a45e5ee9cb 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1335,6 +1335,9 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
if (!sending &&
EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
ssl3_cbc_record_digest_supported(hash)) {
+#ifdef OPENSSL_NO_DEPRECATED_3_0
+ return 0;
+#else
/*
* This is a CBC-encrypted record. We must avoid leaking any
* timing-side channel information about how many blocks of data we
@@ -1368,6 +1371,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
rec->length, rec->orig_len,
mac_sec, md_size, 1) <= 0)
return 0;
+#endif
} else {
unsigned int md_size_u;
/* Chop the digest off the end :-) */
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-31 21:56:21 +0000