Check the security of DH key shares

ok beck, looks good to jsing
author: tb <> 2022-06-29 08:27:52 +0000
committer: tb <> 2022-06-29 08:27:52 +0000
commit: 1aa9f0fe78279eb8ca28f1560639591dc29a28b3 (patch)
tree: 737bede5c25ec5b6855578423751b08517e50653 /src/lib/libssl/ssl_seclevel.c
parent: 6918deeb05138f45795a919147f1f6733f178b0c (diff)
download: openbsd-1aa9f0fe78279eb8ca28f1560639591dc29a28b3.tar.gz
openbsd-1aa9f0fe78279eb8ca28f1560639591dc29a28b3.tar.bz2
openbsd-1aa9f0fe78279eb8ca28f1560639591dc29a28b3.zip
1 files changed, 12 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c
index 6c788c205d..34cea637e0 100644
--- a/src/lib/libssl/ssl_seclevel.c
+++ b/src/lib/libssl/ssl_seclevel.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssl_seclevel.c,v 1.5 2022/06/28 20:54:16 tb Exp $ */
+/*      $OpenBSD: ssl_seclevel.c,v 1.6 2022/06/29 08:27:51 tb Exp $ */
 /*
 * Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
 *
@@ -17,6 +17,7 @@
 #include <stddef.h>
+#include <openssl/dh.h>
 #include <openssl/ossl_typ.h>
 #include <openssl/ssl.h>
 #include <openssl/tls1.h>
@@ -225,3 +226,13 @@ ssl_security(const SSL *ssl, int op, int bits, int nid, void *other)
        return ssl->cert->security_cb(ssl, NULL, op, bits, nid, other,
            ssl->cert->security_ex_data);
 }
+int
+ssl_security_dh(const SSL *ssl, DH *dh)
+{
+#if defined(LIBRESSL_HAS_SECURITY_LEVEL)
+        return ssl_security(ssl, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh);
+#else
+        return 1;
+#endif
+}
author	tb <>	2022-06-29 08:27:52 +0000
committer	tb <>	2022-06-29 08:27:52 +0000
commit	1aa9f0fe78279eb8ca28f1560639591dc29a28b3 (patch)
tree	737bede5c25ec5b6855578423751b08517e50653 /src/lib/libssl/ssl_seclevel.c
parent	6918deeb05138f45795a919147f1f6733f178b0c (diff)
download	openbsd-1aa9f0fe78279eb8ca28f1560639591dc29a28b3.tar.gz openbsd-1aa9f0fe78279eb8ca28f1560639591dc29a28b3.tar.bz2 openbsd-1aa9f0fe78279eb8ca28f1560639591dc29a28b3.zip