diff options
| author | tb <> | 2022-07-02 16:31:04 +0000 |
|---|---|---|
| committer | tb <> | 2022-07-02 16:31:04 +0000 |
| commit | 274f622e186b69a67b9ccd2ebb48918c3a67ad64 (patch) | |
| tree | bc3bde853323758696c370e558e602d43422a86d /src/lib/libssl/ssl_sigalgs.c | |
| parent | ef99055644809bf9803db0f1022b2a923a0e3236 (diff) | |
| download | openbsd-274f622e186b69a67b9ccd2ebb48918c3a67ad64.tar.gz openbsd-274f622e186b69a67b9ccd2ebb48918c3a67ad64.tar.bz2 openbsd-274f622e186b69a67b9ccd2ebb48918c3a67ad64.zip | |
Stop using ssl{_ctx,}_security() outside of ssl_seclevel.c
The API is ugly and we can easily abstract it away. The SSL_SECOP_* stuff
is now confined into ssl_seclevel.c and the rest of the library can make
use of the more straightforward wrappers, which makes it a lot easier on
the eyes.
ok beck jsing
Diffstat (limited to 'src/lib/libssl/ssl_sigalgs.c')
| -rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 754d76e72a..c3e07e5c65 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.46 2022/07/02 16:00:12 tb Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.47 2022/07/02 16:31:04 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> |
| 4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> |
| @@ -307,11 +307,8 @@ ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) | |||
| 307 | return 0; | 307 | return 0; |
| 308 | } | 308 | } |
| 309 | 309 | ||
| 310 | #if defined(LIBRESSL_HAS_SECURITY_LEVEL) | 310 | if (!ssl_security_sigalg_check(s, pkey)) |
| 311 | if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK, | ||
| 312 | EVP_PKEY_security_bits(pkey), 0, NULL)) | ||
| 313 | return 0; | 311 | return 0; |
| 314 | #endif | ||
| 315 | 312 | ||
| 316 | if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) | 313 | if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) |
| 317 | return 1; | 314 | return 1; |