TLS: remove legacy code path supporting special CBC mode

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11961)

ssl/record/ssl3_record.c

@@ -1335,6 +1335,9 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
     if (!sending &&
         EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
         ssl3_cbc_record_digest_supported(hash)) {
+#ifdef OPENSSL_NO_DEPRECATED_3_0
+        return 0;
+#else
         /*
          * This is a CBC-encrypted record. We must avoid leaking any
          * timing-side channel information about how many blocks of data we
@@ -1368,6 +1371,7 @@ int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
                                    rec->length, rec->orig_len,
                                    mac_sec, md_size, 1) <= 0)
             return 0;
+#endif
     } else {
         unsigned int md_size_u;
         /* Chop the digest off the end :-) */

ssl/s3_cbc.c

@@ -31,6 +31,7 @@
 #include <openssl/sha.h>
 
 char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
+#ifndef OPENSSL_NO_DEPRECATED_3_0
 int ssl3_cbc_digest_record(const EVP_MD *md,
                            unsigned char *md_out,
                            size_t *md_out_size,
@@ -128,6 +129,7 @@ static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
         l2n8(sha512->h[i], md_out);
     }
 }
+#endif
 
 #undef  LARGEST_DIGEST_CTX
 #define LARGEST_DIGEST_CTX SHA512_CTX
@@ -151,6 +153,7 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
     }
 }
 
+#ifndef OPENSSL_NO_DEPRECATED_3_0
 /*-
  * ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
  * record.
@@ -523,3 +526,4 @@ int ssl3_cbc_digest_record(const EVP_MD *md,
     EVP_MD_CTX_free(md_ctx);
     return ret;
 }
+#endif