1 files changed, 0 insertions, 473 deletions
diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c
deleted file mode 100644
index 1869c8108d..0000000000
--- a/src/lib/libssl/ssl_seclevel.c
+++ /dev/null
@@ -1,473 +0,0 @@
-/*      $OpenBSD: ssl_seclevel.c,v 1.27 2022/11/26 16:08:56 tb Exp $ */
-/*
- * Copyright (c) 2020-2022 Theo Buehler <tb@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include <stddef.h>
-#include <openssl/asn1.h>
-#include <openssl/dh.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/ossl_typ.h>
-#include <openssl/ssl.h>
-#include <openssl/tls1.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include "bytestring.h"
-#include "ssl_local.h"
-static int
-ssl_security_normalize_level(const SSL_CTX *ctx, const SSL *ssl, int *out_level)
-{
-        int security_level;
-        if (ctx != NULL)
-                security_level = SSL_CTX_get_security_level(ctx);
-        else
-                security_level = SSL_get_security_level(ssl);
-        if (security_level < 0)
-                security_level = 0;
-        if (security_level > 5)
-                security_level = 5;
-        *out_level = security_level;
-        return 1;
-}
-static int
-ssl_security_level_to_minimum_bits(int security_level, int *out_minimum_bits)
-{
-        if (security_level < 0)
-                return 0;
-        if (security_level == 0)
-                *out_minimum_bits = 0;
-        else if (security_level == 1)
-                *out_minimum_bits = 80;
-        else if (security_level == 2)
-                *out_minimum_bits = 112;
-        else if (security_level == 3)
-                *out_minimum_bits = 128;
-        else if (security_level == 4)
-                *out_minimum_bits = 192;
-        else if (security_level >= 5)
-                *out_minimum_bits = 256;
-        return 1;
-}
-static int
-ssl_security_level_and_minimum_bits(const SSL_CTX *ctx, const SSL *ssl,
-    int *out_level, int *out_minimum_bits)
-{
-        int security_level = 0, minimum_bits = 0;
-        if (!ssl_security_normalize_level(ctx, ssl, &security_level))
-                return 0;
-        if (!ssl_security_level_to_minimum_bits(security_level, &minimum_bits))
-                return 0;
-        if (out_level != NULL)
-                *out_level = security_level;
-        if (out_minimum_bits != NULL)
-                *out_minimum_bits = minimum_bits;
-        return 1;
-}
-static int
-ssl_security_secop_cipher(const SSL_CTX *ctx, const SSL *ssl, int bits,
-    void *arg)
-{
-        const SSL_CIPHER *cipher = arg;
-        int security_level, minimum_bits;
-        if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level,
-            &minimum_bits))
-                return 0;
-        if (security_level <= 0)
-                return 1;
-        if (bits < minimum_bits)
-                return 0;
-        /* No unauthenticated ciphersuites. */
-        if (cipher->algorithm_auth & SSL_aNULL)
-                return 0;
-        if (cipher->algorithm_mac & SSL_MD5)
-                return 0;
-        if (security_level <= 1)
-                return 1;
-        if (cipher->algorithm_enc & SSL_RC4)
-                return 0;
-        if (security_level <= 2)
-                return 1;
-        /* Security level >= 3 requires a cipher with forward secrecy. */
-        if ((cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) == 0 &&
-            cipher->algorithm_ssl != SSL_TLSV1_3)
-                return 0;
-        if (security_level <= 3)
-                return 1;
-        if (cipher->algorithm_mac & SSL_SHA1)
-                return 0;
-        return 1;
-}
-static int
-ssl_security_secop_version(const SSL_CTX *ctx, const SSL *ssl, int version)
-{
-        int min_version = TLS1_2_VERSION;
-        int security_level;
-        if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, NULL))
-                return 0;
-        if (security_level < 4)
-                min_version = TLS1_1_VERSION;
-        if (security_level < 3)
-                min_version = TLS1_VERSION;
-        return ssl_tls_version(version) >= min_version;
-}
-static int
-ssl_security_secop_compression(const SSL_CTX *ctx, const SSL *ssl)
-{
-        return 0;
-}
-static int
-ssl_security_secop_tickets(const SSL_CTX *ctx, const SSL *ssl)
-{
-        int security_level;
-        if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, NULL))
-                return 0;
-        return security_level < 3;
-}
-static int
-ssl_security_secop_tmp_dh(const SSL_CTX *ctx, const SSL *ssl, int bits)
-{
-        int security_level, minimum_bits;
-        if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level,
-            &minimum_bits))
-                return 0;
-        /* Disallow DHE keys weaker than 1024 bits even at security level 0. */
-        if (security_level <= 0 && bits < 80)
-                return 0;
-        return bits >= minimum_bits;
-}
-static int
-ssl_security_secop_default(const SSL_CTX *ctx, const SSL *ssl, int bits)
-{
-        int minimum_bits;
-        if (!ssl_security_level_and_minimum_bits(ctx, ssl, NULL, &minimum_bits))
-                return 0;
-        return bits >= minimum_bits;
-}
-int
-ssl_security_default_cb(const SSL *ssl, const SSL_CTX *ctx, int secop, int bits,
-    int version, void *cipher, void *ex_data)
-{
-        switch (secop) {
-        case SSL_SECOP_CIPHER_SUPPORTED:
-        case SSL_SECOP_CIPHER_SHARED:
-        case SSL_SECOP_CIPHER_CHECK:
-                return ssl_security_secop_cipher(ctx, ssl, bits, cipher);
-        case SSL_SECOP_VERSION:
-                return ssl_security_secop_version(ctx, ssl, version);
-        case SSL_SECOP_COMPRESSION:
-                return ssl_security_secop_compression(ctx, ssl);
-        case SSL_SECOP_TICKET:
-                return ssl_security_secop_tickets(ctx, ssl);
-        case SSL_SECOP_TMP_DH:
-                return ssl_security_secop_tmp_dh(ctx, ssl, bits);
-        default:
-                return ssl_security_secop_default(ctx, ssl, bits);
-        }
-}
-static int
-ssl_ctx_security(const SSL_CTX *ctx, int secop, int bits, int nid, void *other)
-{
-        return ctx->cert->security_cb(NULL, ctx, secop, bits, nid,
-            other, ctx->cert->security_ex_data);
-}
-static int
-ssl_security(const SSL *ssl, int secop, int bits, int nid, void *other)
-{
-        return ssl->cert->security_cb(ssl, NULL, secop, bits, nid, other,
-            ssl->cert->security_ex_data);
-}
-int
-ssl_security_sigalg_check(const SSL *ssl, const EVP_PKEY *pkey)
-{
-        int bits;
-        bits = EVP_PKEY_security_bits(pkey);
-        return ssl_security(ssl, SSL_SECOP_SIGALG_CHECK, bits, 0, NULL);
-}
-int
-ssl_security_tickets(const SSL *ssl)
-{
-        return ssl_security(ssl, SSL_SECOP_TICKET, 0, 0, NULL);
-}
-int
-ssl_security_version(const SSL *ssl, int version)
-{
-        return ssl_security(ssl, SSL_SECOP_VERSION, 0, version, NULL);
-}
-static int
-ssl_security_cipher(const SSL *ssl, SSL_CIPHER *cipher, int secop)
-{
-        return ssl_security(ssl, secop, cipher->strength_bits, 0, cipher);
-}
-int
-ssl_security_cipher_check(const SSL *ssl, SSL_CIPHER *cipher)
-{
-        return ssl_security_cipher(ssl, cipher, SSL_SECOP_CIPHER_CHECK);
-}
-int
-ssl_security_shared_cipher(const SSL *ssl, SSL_CIPHER *cipher)
-{
-        return ssl_security_cipher(ssl, cipher, SSL_SECOP_CIPHER_SHARED);
-}
-int
-ssl_security_supported_cipher(const SSL *ssl, SSL_CIPHER *cipher)
-{
-        return ssl_security_cipher(ssl, cipher, SSL_SECOP_CIPHER_SUPPORTED);
-}
-int
-ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh)
-{
-        int bits;
-        bits = DH_security_bits(dh);
-        return ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, bits, 0, dh);
-}
-int
-ssl_security_dh(const SSL *ssl, DH *dh)
-{
-        int bits;
-        bits = DH_security_bits(dh);
-        return ssl_security(ssl, SSL_SECOP_TMP_DH, bits, 0, dh);
-}
-static int
-ssl_cert_pubkey_security_bits(const X509 *x509)
-{
-        EVP_PKEY *pkey;
-        if ((pkey = X509_get0_pubkey(x509)) == NULL)
-                return -1;
-        /*
-         * XXX: DSA_security_bits() returns -1 on keys without parameters and
-         * makes the default security callback fail.
-         */
-        return EVP_PKEY_security_bits(pkey);
-}
-static int
-ssl_security_cert_key(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, int secop)
-{
-        int security_bits;
-        security_bits = ssl_cert_pubkey_security_bits(x509);
-        if (ssl != NULL)
-                return ssl_security(ssl, secop, security_bits, 0, x509);
-        return ssl_ctx_security(ctx, secop, security_bits, 0, x509);
-}
-static int
-ssl_cert_signature_md_nid(X509 *x509)
-{
-        int md_nid, signature_nid;
-        if ((signature_nid = X509_get_signature_nid(x509)) == NID_undef)
-                return NID_undef;
-        if (!OBJ_find_sigid_algs(signature_nid, &md_nid, NULL))
-                return NID_undef;
-        return md_nid;
-}
-static int
-ssl_cert_md_nid_security_bits(int md_nid)
-{
-        const EVP_MD *md;
-        if (md_nid == NID_undef)
-                return -1;
-        if ((md = EVP_get_digestbynid(md_nid)) == NULL)
-                return -1;
-        /* Assume 4 bits of collision resistance for each hash octet. */
-        return EVP_MD_size(md) * 4;
-}
-static int
-ssl_security_cert_sig(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, int secop)
-{
-        int md_nid, security_bits;
-        /* Don't check signature if self signed. */
-        if ((X509_get_extension_flags(x509) & EXFLAG_SS) != 0)
-                return 1;
-        md_nid = ssl_cert_signature_md_nid(x509);
-        security_bits = ssl_cert_md_nid_security_bits(md_nid);
-        if (ssl != NULL)
-                return ssl_security(ssl, secop, security_bits, md_nid, x509);
-        return ssl_ctx_security(ctx, secop, security_bits, md_nid, x509);
-}
-int
-ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509,
-    int is_ee, int *out_error)
-{
-        int key_error, operation;
-        *out_error = 0;
-        if (is_ee) {
-                operation = SSL_SECOP_EE_KEY;
-                key_error = SSL_R_EE_KEY_TOO_SMALL;
-        } else {
-                operation = SSL_SECOP_CA_KEY;
-                key_error = SSL_R_CA_KEY_TOO_SMALL;
-        }
-        if (!ssl_security_cert_key(ctx, ssl, x509, operation)) {
-                *out_error = key_error;
-                return 0;
-        }
-        if (!ssl_security_cert_sig(ctx, ssl, x509, SSL_SECOP_CA_MD)) {
-                *out_error = SSL_R_CA_MD_TOO_WEAK;
-                return 0;
-        }
-        return 1;
-}
-/*
- * Check security of a chain. If |sk| includes the end entity certificate
- * then |x509| must be NULL.
- */
-int
-ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, X509 *x509,
-    int *out_error)
-{
-        int start_idx = 0;
-        int is_ee;
-        int i;
-        if (x509 == NULL) {
-                x509 = sk_X509_value(sk, 0);
-                start_idx = 1;
-        }
-        is_ee = 1;
-        if (!ssl_security_cert(NULL, ssl, x509, is_ee, out_error))
-                return 0;
-        is_ee = 0;
-        for (i = start_idx; i < sk_X509_num(sk); i++) {
-                x509 = sk_X509_value(sk, i);
-                if (!ssl_security_cert(NULL, ssl, x509, is_ee, out_error))
-                        return 0;
-        }
-        return 1;
-}
-static int
-ssl_security_group(const SSL *ssl, uint16_t group_id, int secop)
-{
-        CBB cbb;
-        int bits, nid;
-        uint8_t group[2];
-        if (!tls1_ec_group_id2bits(group_id, &bits))
-                return 0;
-        if (!tls1_ec_group_id2nid(group_id, &nid))
-                return 0;
-        if (!CBB_init_fixed(&cbb, group, sizeof(group)))
-                return 0;
-        if (!CBB_add_u16(&cbb, group_id))
-                return 0;
-        if (!CBB_finish(&cbb, NULL, NULL))
-                return 0;
-        return ssl_security(ssl, secop, bits, nid, group);
-}
-int
-ssl_security_shared_group(const SSL *ssl, uint16_t group_id)
-{
-        return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SHARED);
-}
-int
-ssl_security_supported_group(const SSL *ssl, uint16_t group_id)
-{
-        return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SUPPORTED);
-}

diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c deleted file mode 100644 index 1869c8108d..0000000000 --- a/src/lib/libssl/ssl_seclevel.c +++ /dev/null
@@ -1,473 +0,0 @@
1	/* $OpenBSD: ssl_seclevel.c,v 1.27 2022/11/26 16:08:56 tb Exp $ */
2	/*
3	* Copyright (c) 2020-2022 Theo Buehler <tb@openbsd.org>
4	*
5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above
7	* copyright notice and this permission notice appear in all copies.
8	*
9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/
17
18	#include <stddef.h>
19
20	#include <openssl/asn1.h>
21	#include <openssl/dh.h>
22	#include <openssl/evp.h>
23	#include <openssl/objects.h>
24	#include <openssl/ossl_typ.h>
25	#include <openssl/ssl.h>
26	#include <openssl/tls1.h>
27	#include <openssl/x509.h>
28	#include <openssl/x509v3.h>
29
30	#include "bytestring.h"
31	#include "ssl_local.h"
32
33	static int
34	ssl_security_normalize_level(const SSL_CTX ctx, const SSL ssl, int *out_level)
35	{
36	int security_level;
37
38	if (ctx != NULL)
39	security_level = SSL_CTX_get_security_level(ctx);
40	else
41	security_level = SSL_get_security_level(ssl);
42
43	if (security_level < 0)
44	security_level = 0;
45	if (security_level > 5)
46	security_level = 5;
47
48	*out_level = security_level;
49
50	return 1;
51	}
52
53	static int
54	ssl_security_level_to_minimum_bits(int security_level, int *out_minimum_bits)
55	{
56	if (security_level < 0)
57	return 0;
58
59	if (security_level == 0)
60	*out_minimum_bits = 0;
61	else if (security_level == 1)
62	*out_minimum_bits = 80;
63	else if (security_level == 2)
64	*out_minimum_bits = 112;
65	else if (security_level == 3)
66	*out_minimum_bits = 128;
67	else if (security_level == 4)
68	*out_minimum_bits = 192;
69	else if (security_level >= 5)
70	*out_minimum_bits = 256;
71
72	return 1;
73	}
74
75	static int
76	ssl_security_level_and_minimum_bits(const SSL_CTX ctx, const SSL ssl,
77	int out_level, int out_minimum_bits)
78	{
79	int security_level = 0, minimum_bits = 0;
80
81	if (!ssl_security_normalize_level(ctx, ssl, &security_level))
82	return 0;
83	if (!ssl_security_level_to_minimum_bits(security_level, &minimum_bits))
84	return 0;
85
86	if (out_level != NULL)
87	*out_level = security_level;
88	if (out_minimum_bits != NULL)
89	*out_minimum_bits = minimum_bits;
90
91	return 1;
92	}
93
94	static int
95	ssl_security_secop_cipher(const SSL_CTX ctx, const SSL ssl, int bits,
96	void *arg)
97	{
98	const SSL_CIPHER *cipher = arg;
99	int security_level, minimum_bits;
100
101	if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level,
102	&minimum_bits))
103	return 0;
104
105	if (security_level <= 0)
106	return 1;
107
108	if (bits < minimum_bits)
109	return 0;
110
111	/* No unauthenticated ciphersuites. */
112	if (cipher->algorithm_auth & SSL_aNULL)
113	return 0;
114
115	if (cipher->algorithm_mac & SSL_MD5)
116	return 0;
117
118	if (security_level <= 1)
119	return 1;
120
121	if (cipher->algorithm_enc & SSL_RC4)
122	return 0;
123
124	if (security_level <= 2)
125	return 1;
126
127	/* Security level >= 3 requires a cipher with forward secrecy. */
128	if ((cipher->algorithm_mkey & (SSL_kDHE \| SSL_kECDHE)) == 0 &&
129	cipher->algorithm_ssl != SSL_TLSV1_3)
130	return 0;
131
132	if (security_level <= 3)
133	return 1;
134
135	if (cipher->algorithm_mac & SSL_SHA1)
136	return 0;
137
138	return 1;
139	}
140
141	static int
142	ssl_security_secop_version(const SSL_CTX ctx, const SSL ssl, int version)
143	{
144	int min_version = TLS1_2_VERSION;
145	int security_level;
146
147	if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, NULL))
148	return 0;
149
150	if (security_level < 4)
151	min_version = TLS1_1_VERSION;
152	if (security_level < 3)
153	min_version = TLS1_VERSION;
154
155	return ssl_tls_version(version) >= min_version;
156	}
157
158	static int
159	ssl_security_secop_compression(const SSL_CTX ctx, const SSL ssl)
160	{
161	return 0;
162	}
163
164	static int
165	ssl_security_secop_tickets(const SSL_CTX ctx, const SSL ssl)
166	{
167	int security_level;
168
169	if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, NULL))
170	return 0;
171
172	return security_level < 3;
173	}
174
175	static int
176	ssl_security_secop_tmp_dh(const SSL_CTX ctx, const SSL ssl, int bits)
177	{
178	int security_level, minimum_bits;
179
180	if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level,
181	&minimum_bits))
182	return 0;
183
184	/* Disallow DHE keys weaker than 1024 bits even at security level 0. */
185	if (security_level <= 0 && bits < 80)
186	return 0;
187
188	return bits >= minimum_bits;
189	}
190
191	static int
192	ssl_security_secop_default(const SSL_CTX ctx, const SSL ssl, int bits)
193	{
194	int minimum_bits;
195
196	if (!ssl_security_level_and_minimum_bits(ctx, ssl, NULL, &minimum_bits))
197	return 0;
198
199	return bits >= minimum_bits;
200	}
201
202	int
203	ssl_security_default_cb(const SSL ssl, const SSL_CTX ctx, int secop, int bits,
204	int version, void cipher, void ex_data)
205	{
206	switch (secop) {
207	case SSL_SECOP_CIPHER_SUPPORTED:
208	case SSL_SECOP_CIPHER_SHARED:
209	case SSL_SECOP_CIPHER_CHECK:
210	return ssl_security_secop_cipher(ctx, ssl, bits, cipher);
211	case SSL_SECOP_VERSION:
212	return ssl_security_secop_version(ctx, ssl, version);
213	case SSL_SECOP_COMPRESSION:
214	return ssl_security_secop_compression(ctx, ssl);
215	case SSL_SECOP_TICKET:
216	return ssl_security_secop_tickets(ctx, ssl);
217	case SSL_SECOP_TMP_DH:
218	return ssl_security_secop_tmp_dh(ctx, ssl, bits);
219	default:
220	return ssl_security_secop_default(ctx, ssl, bits);
221	}
222	}
223
224	static int
225	ssl_ctx_security(const SSL_CTX ctx, int secop, int bits, int nid, void other)
226	{
227	return ctx->cert->security_cb(NULL, ctx, secop, bits, nid,
228	other, ctx->cert->security_ex_data);
229	}
230
231	static int
232	ssl_security(const SSL ssl, int secop, int bits, int nid, void other)
233	{
234	return ssl->cert->security_cb(ssl, NULL, secop, bits, nid, other,
235	ssl->cert->security_ex_data);
236	}
237
238	int
239	ssl_security_sigalg_check(const SSL ssl, const EVP_PKEY pkey)
240	{
241	int bits;
242
243	bits = EVP_PKEY_security_bits(pkey);
244
245	return ssl_security(ssl, SSL_SECOP_SIGALG_CHECK, bits, 0, NULL);
246	}
247
248	int
249	ssl_security_tickets(const SSL *ssl)
250	{
251	return ssl_security(ssl, SSL_SECOP_TICKET, 0, 0, NULL);
252	}
253
254	int
255	ssl_security_version(const SSL *ssl, int version)
256	{
257	return ssl_security(ssl, SSL_SECOP_VERSION, 0, version, NULL);
258	}
259
260	static int
261	ssl_security_cipher(const SSL ssl, SSL_CIPHER cipher, int secop)
262	{
263	return ssl_security(ssl, secop, cipher->strength_bits, 0, cipher);
264	}
265
266	int
267	ssl_security_cipher_check(const SSL ssl, SSL_CIPHER cipher)
268	{
269	return ssl_security_cipher(ssl, cipher, SSL_SECOP_CIPHER_CHECK);
270	}
271
272	int
273	ssl_security_shared_cipher(const SSL ssl, SSL_CIPHER cipher)
274	{
275	return ssl_security_cipher(ssl, cipher, SSL_SECOP_CIPHER_SHARED);
276	}
277
278	int
279	ssl_security_supported_cipher(const SSL ssl, SSL_CIPHER cipher)
280	{
281	return ssl_security_cipher(ssl, cipher, SSL_SECOP_CIPHER_SUPPORTED);
282	}
283
284	int
285	ssl_ctx_security_dh(const SSL_CTX ctx, DH dh)
286	{
287	int bits;
288
289	bits = DH_security_bits(dh);
290
291	return ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, bits, 0, dh);
292	}
293
294	int
295	ssl_security_dh(const SSL ssl, DH dh)
296	{
297	int bits;
298
299	bits = DH_security_bits(dh);
300
301	return ssl_security(ssl, SSL_SECOP_TMP_DH, bits, 0, dh);
302	}
303
304	static int
305	ssl_cert_pubkey_security_bits(const X509 *x509)
306	{
307	EVP_PKEY *pkey;
308
309	if ((pkey = X509_get0_pubkey(x509)) == NULL)
310	return -1;
311
312	/*
313	* XXX: DSA_security_bits() returns -1 on keys without parameters and
314	* makes the default security callback fail.
315	*/
316
317	return EVP_PKEY_security_bits(pkey);
318	}
319
320	static int
321	ssl_security_cert_key(const SSL_CTX ctx, const SSL ssl, X509 *x509, int secop)
322	{
323	int security_bits;
324
325	security_bits = ssl_cert_pubkey_security_bits(x509);
326
327	if (ssl != NULL)
328	return ssl_security(ssl, secop, security_bits, 0, x509);
329
330	return ssl_ctx_security(ctx, secop, security_bits, 0, x509);
331	}
332
333	static int
334	ssl_cert_signature_md_nid(X509 *x509)
335	{
336	int md_nid, signature_nid;
337
338	if ((signature_nid = X509_get_signature_nid(x509)) == NID_undef)
339	return NID_undef;
340
341	if (!OBJ_find_sigid_algs(signature_nid, &md_nid, NULL))
342	return NID_undef;
343
344	return md_nid;
345	}
346
347	static int
348	ssl_cert_md_nid_security_bits(int md_nid)
349	{
350	const EVP_MD *md;
351
352	if (md_nid == NID_undef)
353	return -1;
354
355	if ((md = EVP_get_digestbynid(md_nid)) == NULL)
356	return -1;
357
358	/* Assume 4 bits of collision resistance for each hash octet. */
359	return EVP_MD_size(md) * 4;
360	}
361
362	static int
363	ssl_security_cert_sig(const SSL_CTX ctx, const SSL ssl, X509 *x509, int secop)
364	{
365	int md_nid, security_bits;
366
367	/* Don't check signature if self signed. */
368	if ((X509_get_extension_flags(x509) & EXFLAG_SS) != 0)
369	return 1;
370
371	md_nid = ssl_cert_signature_md_nid(x509);
372	security_bits = ssl_cert_md_nid_security_bits(md_nid);
373
374	if (ssl != NULL)
375	return ssl_security(ssl, secop, security_bits, md_nid, x509);
376
377	return ssl_ctx_security(ctx, secop, security_bits, md_nid, x509);
378	}
379
380	int
381	ssl_security_cert(const SSL_CTX ctx, const SSL ssl, X509 *x509,
382	int is_ee, int *out_error)
383	{
384	int key_error, operation;
385
386	*out_error = 0;
387
388	if (is_ee) {
389	operation = SSL_SECOP_EE_KEY;
390	key_error = SSL_R_EE_KEY_TOO_SMALL;
391	} else {
392	operation = SSL_SECOP_CA_KEY;
393	key_error = SSL_R_CA_KEY_TOO_SMALL;
394	}
395
396	if (!ssl_security_cert_key(ctx, ssl, x509, operation)) {
397	*out_error = key_error;
398	return 0;
399	}
400
401	if (!ssl_security_cert_sig(ctx, ssl, x509, SSL_SECOP_CA_MD)) {
402	*out_error = SSL_R_CA_MD_TOO_WEAK;
403	return 0;
404	}
405
406	return 1;
407	}
408
409	/*
410	* Check security of a chain. If \|sk\| includes the end entity certificate
411	* then \|x509\| must be NULL.
412	*/
413	int
414	ssl_security_cert_chain(const SSL ssl, STACK_OF(X509) sk, X509 *x509,
415	int *out_error)
416	{
417	int start_idx = 0;
418	int is_ee;
419	int i;
420
421	if (x509 == NULL) {
422	x509 = sk_X509_value(sk, 0);
423	start_idx = 1;
424	}
425
426	is_ee = 1;
427	if (!ssl_security_cert(NULL, ssl, x509, is_ee, out_error))
428	return 0;
429
430	is_ee = 0;
431	for (i = start_idx; i < sk_X509_num(sk); i++) {
432	x509 = sk_X509_value(sk, i);
433
434	if (!ssl_security_cert(NULL, ssl, x509, is_ee, out_error))
435	return 0;
436	}
437
438	return 1;
439	}
440
441	static int
442	ssl_security_group(const SSL *ssl, uint16_t group_id, int secop)
443	{
444	CBB cbb;
445	int bits, nid;
446	uint8_t group[2];
447
448	if (!tls1_ec_group_id2bits(group_id, &bits))
449	return 0;
450	if (!tls1_ec_group_id2nid(group_id, &nid))
451	return 0;
452
453	if (!CBB_init_fixed(&cbb, group, sizeof(group)))
454	return 0;
455	if (!CBB_add_u16(&cbb, group_id))
456	return 0;
457	if (!CBB_finish(&cbb, NULL, NULL))
458	return 0;
459
460	return ssl_security(ssl, secop, bits, nid, group);
461	}
462
463	int
464	ssl_security_shared_group(const SSL *ssl, uint16_t group_id)
465	{
466	return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SHARED);
467	}
468
469	int
470	ssl_security_supported_group(const SSL *ssl, uint16_t group_id)
471	{
472	return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SUPPORTED);
473	}