diff options
author | tb <> | 2022-07-02 16:31:04 +0000 |
---|---|---|
committer | tb <> | 2022-07-02 16:31:04 +0000 |
commit | 5d994915db5d0a0615b6618184d705dbf25a7473 (patch) | |
tree | bc3bde853323758696c370e558e602d43422a86d /src/lib/libssl/ssl_sigalgs.c | |
parent | b6005b83ccc59320a316c38108b7b45ca4682fbd (diff) | |
download | openbsd-5d994915db5d0a0615b6618184d705dbf25a7473.tar.gz openbsd-5d994915db5d0a0615b6618184d705dbf25a7473.tar.bz2 openbsd-5d994915db5d0a0615b6618184d705dbf25a7473.zip |
Stop using ssl{_ctx,}_security() outside of ssl_seclevel.c
The API is ugly and we can easily abstract it away. The SSL_SECOP_* stuff
is now confined into ssl_seclevel.c and the rest of the library can make
use of the more straightforward wrappers, which makes it a lot easier on
the eyes.
ok beck jsing
Diffstat (limited to 'src/lib/libssl/ssl_sigalgs.c')
-rw-r--r-- | src/lib/libssl/ssl_sigalgs.c | 7 |
1 files changed, 2 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c index 754d76e72a..c3e07e5c65 100644 --- a/src/lib/libssl/ssl_sigalgs.c +++ b/src/lib/libssl/ssl_sigalgs.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssl_sigalgs.c,v 1.46 2022/07/02 16:00:12 tb Exp $ */ | 1 | /* $OpenBSD: ssl_sigalgs.c,v 1.47 2022/07/02 16:31:04 tb Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org> |
4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2021 Joel Sing <jsing@openbsd.org> |
@@ -307,11 +307,8 @@ ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey) | |||
307 | return 0; | 307 | return 0; |
308 | } | 308 | } |
309 | 309 | ||
310 | #if defined(LIBRESSL_HAS_SECURITY_LEVEL) | 310 | if (!ssl_security_sigalg_check(s, pkey)) |
311 | if (!ssl_security(s, SSL_SECOP_SIGALG_CHECK, | ||
312 | EVP_PKEY_security_bits(pkey), 0, NULL)) | ||
313 | return 0; | 311 | return 0; |
314 | #endif | ||
315 | 312 | ||
316 | if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) | 313 | if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION) |
317 | return 1; | 314 | return 1; |