26 /* Number of security bits corresponding to the security level */
32 int32_t SECURITY_GetSecbits(int32_t level)  in SECURITY_GetSecbits()  argument
34     if (level <= HITLS_SECURITY_LEVEL_MIN) {  in SECURITY_GetSecbits()
37         level = (level > HITLS_SECURITY_LEVEL_MAX) ? HITLS_SECURITY_LEVEL_MAX : level;  in SECURITY_GetSecbits()
39     return g_minBits[level - 1];  in SECURITY_GetSecbits()
42 static int32_t CheckCipherSuite(void *other, int32_t level)  in CheckCipherSuite()  argument
49     int32_t minBits = SECURITY_GetSecbits(level);  in CheckCipherSuite()
57 …/* The level is greater than or equal to 1, and the export cipher suite and the MD5 algorithm for …  in CheckCipherSuite()
62     /* Forbidding non-forward security cipher suites when Level is greater than or equal to 3. */  in CheckCipherSuite()
63     if ((level >= HITLS_SECURITY_LEVEL_THREE) &&  in CheckCipherSuite()
69     /* If the level is greater than or equal to 4, disable the SHA1 algorithm. */  in CheckCipherSuite()
71     if ((level >= HITLS_SECURITY_LEVEL_FOUR) && (info->macAlg == HITLS_MAC_1)) {  in CheckCipherSuite()
78 static int32_t CheckVersion(int32_t id, int32_t level)  in CheckVersion()  argument
82         /* The level is greater than or equal to 1, and DTLS1.0 cannot be used. */  in CheckVersion()
83         if ((level >= HITLS_SECURITY_LEVEL_ONE) && ((uint32_t)id > HITLS_VERSION_DTLS12)) {  in CheckVersion()
89 …/* If the level is greater than or equal to 1, SSL2.0, SSL3.0, TLS1.0, and TLS1.1 cannot be used. …  in CheckVersion()
90     if ((level >= HITLS_SECURITY_LEVEL_ONE) && ((uint32_t)id < HITLS_VERSION_TLS12) &&  in CheckVersion()
94 …/* Level is greater than or equal to 4 and TLCP1.1 is prohibited because the security strength of …  in CheckVersion()
96     if ((level >= HITLS_SECURITY_LEVEL_FOUR) && ((uint32_t)id == HITLS_VERSION_TLCP_DTLCP11)) {  in CheckVersion()
100 …/* If the level is greater than or equal to 1, SSL2.0, SSL3.0, TLS1.0, and TLS1.1 cannot be used. …  in CheckVersion()
101     if ((level >= HITLS_SECURITY_LEVEL_ONE) && ((uint32_t)id < HITLS_VERSION_TLS12)) {  in CheckVersion()
108 static int32_t CheckSessionTicket(int32_t level)  in CheckSessionTicket()  argument
110     /* If the level is greater than or equal to 3, the session ticket is prohibited. */  in CheckSessionTicket()
111     if (level >= HITLS_SECURITY_LEVEL_THREE) {  in CheckSessionTicket()
123     int32_t level = HITLS_DEFAULT_SECURITY_LEVEL;  in SECURITY_DefaultCb()  local
130         (void)HITLS_CFG_GetSecurityLevel(config, &level);  in SECURITY_DefaultCb()
132         (void)HITLS_GetSecurityLevel(ctx, &level);  in SECURITY_DefaultCb()
134     /* No restrictions are imposed when Level is 0. */  in SECURITY_DefaultCb()
135     if (level <= HITLS_SECURITY_LEVEL_MIN) {  in SECURITY_DefaultCb()
139     if (level > HITLS_SECURITY_LEVEL_MAX) {  in SECURITY_DefaultCb()
140         level = HITLS_SECURITY_LEVEL_MAX;  in SECURITY_DefaultCb()
144     minBits = SECURITY_GetSecbits(level);  in SECURITY_DefaultCb()
148             ret = CheckVersion(id, level);  in SECURITY_DefaultCb()
154             ret = CheckCipherSuite(other, level);  in SECURITY_DefaultCb()
161             if (schemeInfo != NULL && schemeInfo->secBits >= g_minBits[level - 1]) {  in SECURITY_DefaultCb()
172             if (groupInfo != NULL && groupInfo->secBits >= g_minBits[level - 1]) {  in SECURITY_DefaultCb()
180             ret = CheckSessionTicket(level);  in SECURITY_DefaultCb()
196 …/*  Default security settings. Set the default security level and default security callback functi…  in SECURITY_SetDefault()