summaryrefslogtreecommitdiff
path: root/src/lib/libssl/ssl_seclevel.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libssl/ssl_seclevel.c')
-rw-r--r--src/lib/libssl/ssl_seclevel.c27
1 files changed, 2 insertions, 25 deletions
diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c
index 59760154f8..b9c724e262 100644
--- a/src/lib/libssl/ssl_seclevel.c
+++ b/src/lib/libssl/ssl_seclevel.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssl_seclevel.c,v 1.20 2022/07/05 16:14:18 tb Exp $ */ 1/* $OpenBSD: ssl_seclevel.c,v 1.21 2022/07/07 13:04:39 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2020 Theo Buehler <tb@openbsd.org> 3 * Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
4 * 4 *
@@ -212,14 +212,7 @@ ssl_security_default_cb(const SSL *ssl, const SSL_CTX *ctx, int secop, int bits,
212 } 212 }
213} 213}
214 214
215int 215static int
216ssl_security_dummy_cb(const SSL *ssl, const SSL_CTX *ctx, int secop, int bits,
217 int version, void *cipher, void *ex_data)
218{
219 return 1;
220}
221
222int
223ssl_ctx_security(const SSL_CTX *ctx, int secop, int bits, int nid, void *other) 216ssl_ctx_security(const SSL_CTX *ctx, int secop, int bits, int nid, void *other)
224{ 217{
225 return ctx->internal->cert->security_cb(NULL, ctx, secop, bits, nid, 218 return ctx->internal->cert->security_cb(NULL, ctx, secop, bits, nid,
@@ -236,12 +229,8 @@ ssl_security(const SSL *ssl, int secop, int bits, int nid, void *other)
236int 229int
237ssl_security_sigalg_check(const SSL *ssl, const EVP_PKEY *pkey) 230ssl_security_sigalg_check(const SSL *ssl, const EVP_PKEY *pkey)
238{ 231{
239#if defined(LIBRESSL_HAS_SECURITY_LEVEL)
240 return ssl_security(ssl, SSL_SECOP_SIGALG_CHECK, 232 return ssl_security(ssl, SSL_SECOP_SIGALG_CHECK,
241 EVP_PKEY_security_bits(pkey), 0, NULL); 233 EVP_PKEY_security_bits(pkey), 0, NULL);
242#else
243 return 1;
244#endif
245} 234}
246 235
247int 236int
@@ -283,25 +272,16 @@ ssl_security_supported_cipher(const SSL *ssl, SSL_CIPHER *cipher)
283int 272int
284ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh) 273ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh)
285{ 274{
286#if defined(LIBRESSL_HAS_SECURITY_LEVEL)
287 return ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, 275 return ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0,
288 dh); 276 dh);
289#else
290 return 1;
291#endif
292} 277}
293 278
294int 279int
295ssl_security_dh(const SSL *ssl, DH *dh) 280ssl_security_dh(const SSL *ssl, DH *dh)
296{ 281{
297#if defined(LIBRESSL_HAS_SECURITY_LEVEL)
298 return ssl_security(ssl, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh); 282 return ssl_security(ssl, SSL_SECOP_TMP_DH, DH_security_bits(dh), 0, dh);
299#else
300 return 1;
301#endif
302} 283}
303 284
304#if defined(LIBRESSL_HAS_SECURITY_LEVEL)
305static int 285static int
306ssl_cert_pubkey_security_bits(const X509 *x509) 286ssl_cert_pubkey_security_bits(const X509 *x509)
307{ 287{
@@ -377,13 +357,11 @@ ssl_security_cert_sig(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, int secop)
377 357
378 return ssl_ctx_security(ctx, secop, security_bits, md_nid, x509); 358 return ssl_ctx_security(ctx, secop, security_bits, md_nid, x509);
379} 359}
380#endif
381 360
382int 361int
383ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, 362ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509,
384 int is_ee, int *out_error) 363 int is_ee, int *out_error)
385{ 364{
386#if defined(LIBRESSL_HAS_SECURITY_LEVEL)
387 int key_error, operation; 365 int key_error, operation;
388 366
389 *out_error = 0; 367 *out_error = 0;
@@ -406,7 +384,6 @@ ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509,
406 return 0; 384 return 0;
407 } 385 }
408 386
409#endif
410 return 1; 387 return 1;
411} 388}
412 389
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 22:33:53 +0000