diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h index ed9f54b06f..164ec57b2e 100644 --- a/ssl/ssl_local.h +++ b/ssl/ssl_local.h @@ -2927,10 +2927,6 @@ const EVP_MD *ssl_evp_md_fetch(OSSL_LIB_CTX *libctx, int ssl_evp_md_up_ref(const EVP_MD *md); void ssl_evp_md_free(const EVP_MD *md); -int tls_provider_set_tls_params(SSL_CONNECTION *s, EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *ciph, - const EVP_MD *md); - void tls_engine_finish(ENGINE *e); const EVP_CIPHER *tls_get_cipher_from_engine(int nid); const EVP_MD *tls_get_digest_from_engine(int nid); diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 15197ffd46..813a840c3a 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -101,44 +101,6 @@ static int tls1_generate_key_block(SSL_CONNECTION *s, unsigned char *km, return ret; } -int tls_provider_set_tls_params(SSL_CONNECTION *s, EVP_CIPHER_CTX *ctx, - const EVP_CIPHER *ciph, - const EVP_MD *md) -{ - /* - * Provided cipher, the TLS padding/MAC removal is performed provider - * side so we need to tell the ctx about our TLS version and mac size - */ - OSSL_PARAM params[3], *pprm = params; - size_t macsize = 0; - int imacsize = -1; - - if ((EVP_CIPHER_get_flags(ciph) & EVP_CIPH_FLAG_AEAD_CIPHER) == 0 - /* - * We look at s->ext.use_etm instead of SSL_READ_ETM() or - * SSL_WRITE_ETM() because this test applies to both reading - * and writing. - */ - && !s->ext.use_etm) - imacsize = EVP_MD_get_size(md); - if (imacsize >= 0) - macsize = (size_t)imacsize; - - *pprm++ = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_TLS_VERSION, - &s->version); - *pprm++ = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_TLS_MAC_SIZE, - &macsize); - *pprm = OSSL_PARAM_construct_end(); - - if (!EVP_CIPHER_CTX_set_params(ctx, params)) { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); - return 0; - } - - return 1; -} - - static int tls_iv_length_within_key_block(const EVP_CIPHER *c) { /* If GCM/CCM mode only part of IV comes from PRF */