fedora crypto-policies: small cleanup.

wolfSSL · Nov 27, 2024 · 0f32e56 · 0f32e56
1 parent 8bc9faf
commit 0f32e56
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 31 deletions.
diff --git a/src/ssl.c b/src/ssl.c
@@ -283,12 +283,7 @@ int wc_OBJ_sn2nid(const char *sn)
 
 
 #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
-/* Whether a system level crypto-policy is in effect.
- * When enabled, user setting of ciphers will fail with
- * error CRYPTO_POLICY_FORBIDDEN.
- *
- * The user must call wolfSSL_crypto_policy_disable to
- * override.
+/* The system wide crypto-policy. Configured by wolfSSL_crypto_policy_enable.
  * */
 static struct SystemCryptoPolicy crypto_policy;
 #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
@@ -5962,9 +5957,7 @@ int wolfSSL_Init(void)
 
 #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
     /* System wide crypto policy disabled by default. */
-    if (ret == WOLFSSL_SUCCESS) {
-        XMEMSET(&crypto_policy, 0, sizeof(crypto_policy));
-    }
+    XMEMSET(&crypto_policy, 0, sizeof(crypto_policy));
 #endif /* WOLFSSL_SYS_CRYPTO_POLICY */
 
     if (ret == WOLFSSL_SUCCESS) {
@@ -5997,7 +5990,7 @@ int wolfSSL_Init(void)
  * */
 static int crypto_policy_parse(void)
 {
-    const char * hdr = WOLFSSL_CRYPTO_POLICY_HDR;
+    const char * hdr = WOLFSSL_SECLEVEL_STR;
     int          sec_level = 0;
     size_t       i = 0;
 
@@ -6053,8 +6046,6 @@ static int crypto_policy_parse(void)
  *     automatically by the policy.
  *   - Attempting to use lesser strength parameters will fail with
  *     error CRYPTO_POLICY_FORBIDDEN.
- *   - API such as wolfSSL_CTX_SetMinVersion, and wolfSSL_CTX_set_cipher_list
- *     will fail with CRYPTO_POLICY_FORBIDDEN.
  *
  * Disable with wolfSSL_crypto_policy_disable.
  *
@@ -6206,27 +6197,9 @@ const char * wolfSSL_crypto_policy_get_ciphers(void)
     WOLFSSL_ENTER("wolfSSL_crypto_policy_get_ciphers");
 
     if (crypto_policy.enabled == 1) {
-        int          len = 0;
-        int          hdr_len = XSTRLEN(WOLFSSL_CRYPTO_POLICY_HDR);
         /* The crypto policy config will have
          * this form:
          *   "@SECLEVEL=2:kEECDH:kRSA..." */
-
-        if (*crypto_policy.str == '\0') {
-            WOLFSSL_MSG("crypto_policy_get_ciphers: "
-                           "empty policy config");
-            return NULL;
-        }
-
-        len = XSTRLEN(crypto_policy.str);
-
-        if (len <= hdr_len + 2) {
-            WOLFSSL_MSG_EX("crypto_policy_get_ciphers: "
-                           "invalid policy config: %d",
-                           len);
-            return NULL;
-        }
-
         return crypto_policy.str;
     }
 

diff --git a/wolfssl/internal.h b/wolfssl/internal.h
@@ -6272,7 +6272,6 @@ struct WOLFSSL {
 };
 
 #if defined(WOLFSSL_SYS_CRYPTO_POLICY)
-#define WOLFSSL_CRYPTO_POLICY_HDR "@SECLEVEL="
 #define WOLFSSL_SECLEVEL_STR "@SECLEVEL="
 struct SystemCryptoPolicy {
     int    enabled;