diff options
| author | tb <> | 2022-07-07 13:04:39 +0000 |
|---|---|---|
| committer | tb <> | 2022-07-07 13:04:39 +0000 |
| commit | 5e009dfe713c55ed16e6f4732b2c8b5931265537 (patch) | |
| tree | 422ab320b32995a12bf5eaa4242be365549ec73e /src/lib/libssl/ssl_seclevel.c | |
| parent | 014c4b9a93d4ce98e8161197494a805e095e70fc (diff) | |
| download | openbsd-5e009dfe713c55ed16e6f4732b2c8b5931265537.tar.gz openbsd-5e009dfe713c55ed16e6f4732b2c8b5931265537.tar.bz2 openbsd-5e009dfe713c55ed16e6f4732b2c8b5931265537.zip | |
Unifdef LIBRESSL_HAS_SECURITY_LEVEL and remove some workarounds
that are no longer needed now that libcrypto exposes the necessary
security-bits API.
ok jsing
Diffstat (limited to 'src/lib/libssl/ssl_seclevel.c')
| -rw-r--r-- | src/lib/libssl/ssl_seclevel.c | 27 |
1 files changed, 2 insertions, 25 deletions
diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c index 59760154f8..b9c724e262 100644 --- a/src/lib/libssl/ssl_seclevel.c +++ b/src/lib/libssl/ssl_seclevel.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_seclevel.c,v 1.20 2022/07/05 16:14:18 tb Exp $ */ | 1 | /* $OpenBSD: ssl_seclevel.c,v 1.21 2022/07/07 13:04:39 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2020 Theo Buehler <tb@openbsd.org> | 3 | * Copyright (c) 2020 Theo Buehler <tb@openbsd.org> |
| 4 | * | 4 | * |
| @@ -212,14 +212,7 @@ ssl_security_default_cb(const SSL *ssl, const SSL_CTX *ctx, int secop, int bits, | |||
| 212 | } | 212 | } |
| 213 | } | 213 | } |
| 214 | 214 | ||
| 215 | int | 215 | static int |
| 216 | ssl_security_dummy_cb(const SSL *ssl, const SSL_CTX *ctx, int secop, int bits, | ||
| 217 | int version, void *cipher, void *ex_data) | ||
| 218 | { | ||
| 219 | return 1; | ||
| 220 | } | ||
| 221 | |||
| 222 | int | ||
| 223 | ssl_ctx_security(const SSL_CTX *ctx, int secop, int bits, int nid, void *other) | 216 | ssl_ctx_security(const SSL_CTX *ctx, int secop, int bits, int nid, void *other) |
| 224 | { | 217 | { |
| 225 | return ctx->internal->cert->security_cb(NULL, ctx, secop, bits, nid, | 218 | return ctx->internal->cert->security_cb(NULL, ctx, secop, bits, nid, |
| @@ -236,12 +229,8 @@ ssl_security(const SSL *ssl, int secop, int bits, int nid, void *other) | |||
| 236 | int | 229 | int |
| 237 | ssl_security_sigalg_check(const SSL *ssl, const EVP_PKEY *pkey) | 230 | ssl_security_sigalg_check(const SSL *ssl, const EVP_PKEY *pkey) |
| 238 | { | 231 | { |
| 239 | #if defined(LIBRESSL_HAS_SECURITY_LEVEL) | ||
| 240 | return ssl_security(ssl, SSL_SECOP_SIGALG_CHECK, | 232 | return ssl_security(ssl, SSL_SECOP_SIGALG_CHECK, |
| 241 | EVP_PKEY_security_bits(pkey), 0, NULL); | 233 | EVP_PKEY_security_bits(pkey), 0, NULL); |
| 242 | #else | ||
| 243 | return 1; | ||
| 244 | #endif | ||
| 245 | } | 234 | } |
| 246 | 235 | ||
| 247 | int | 236 | int |
| @@ -283,25 +272,16 @@ ssl_security_supported_cipher(const SSL *ssl, SSL_CIPHER *cipher) | |||
| 283 | int | 272 | int |
| 284 | ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh) | 273 | ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh) |
| 285 | { | 274 | { |
| 286 | #if defined(LIBRESSL_HAS_SECURITY_LEVEL) | ||
| 287 | return ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, | 275 | return ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, |
| 288 | dh); | 276 | dh); |
| 289 | #else | ||
| 290 | return 1; | ||
| 291 | #endif | ||
| 292 | } | 277 | } |
| 293 | 278 | ||
| 294 | int | 279 | int |
| 295 | ssl_security_dh(const SSL *ssl, DH *dh) | 280 | ssl_security_dh(const SSL *ssl, DH *dh) |
| 296 | { | 281 | { |
| 297 | #if defined(LIBRESSL_HAS_SECURITY_LEVEL) | ||
| 298 | return ssl_security(ssl, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh); | 282 | return ssl_security(ssl, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh); |
| 299 | #else | ||
| 300 | return 1; | ||
| 301 | #endif | ||
| 302 | } | 283 | } |
| 303 | 284 | ||
| 304 | #if defined(LIBRESSL_HAS_SECURITY_LEVEL) | ||
| 305 | static int | 285 | static int |
| 306 | ssl_cert_pubkey_security_bits(const X509 *x509) | 286 | ssl_cert_pubkey_security_bits(const X509 *x509) |
| 307 | { | 287 | { |
| @@ -377,13 +357,11 @@ ssl_security_cert_sig(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, int secop) | |||
| 377 | 357 | ||
| 378 | return ssl_ctx_security(ctx, secop, security_bits, md_nid, x509); | 358 | return ssl_ctx_security(ctx, secop, security_bits, md_nid, x509); |
| 379 | } | 359 | } |
| 380 | #endif | ||
| 381 | 360 | ||
| 382 | int | 361 | int |
| 383 | ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, | 362 | ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, |
| 384 | int is_ee, int *out_error) | 363 | int is_ee, int *out_error) |
| 385 | { | 364 | { |
| 386 | #if defined(LIBRESSL_HAS_SECURITY_LEVEL) | ||
| 387 | int key_error, operation; | 365 | int key_error, operation; |
| 388 | 366 | ||
| 389 | *out_error = 0; | 367 | *out_error = 0; |
| @@ -406,7 +384,6 @@ ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, | |||
| 406 | return 0; | 384 | return 0; |
| 407 | } | 385 | } |
| 408 | 386 | ||
| 409 | #endif | ||
| 410 | return 1; | 387 | return 1; |
| 411 | } | 388 | } |
| 412 | 389 | ||