Remove get_cipher from SSL_METHOD.

Inline the get_cipher implementation (including the special handling
for DTLS) in ssl_cipher_collect_ciphers() (the only consumer), remove
the get_cipher member of SSL_METHOD and mop up dtls1_get_cipher().

ssl3_get_cipher() has always had a strange property of being a reverse
index, which is relied on by the cipher list ordering code, since it
currently assumes that high cipher suite values are preferable. Rather
than complicating ssl3_get_cipher() (and regress), change the iteration
order in ssl_cipher_collect_ciphers() to match what it requires. Lastly,
rename ssl3_get_cipher() to be more descriptive.

ok tb@

1 files changed, 6 insertions, 6 deletions

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index d30eb6deb7..86b32aec15 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.256 2024/07/22 14:47:15 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.257 2024/07/23 14:40:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1127,12 +1127,12 @@ ssl3_num_ciphers(void)
 }
 
 const SSL_CIPHER *
-ssl3_get_cipher(unsigned int u)
+ssl3_get_cipher_by_index(int idx)
 {
-        if (u < SSL3_NUM_CIPHERS)
-                return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
-        else
-                return (NULL);
+        if (idx < 0 || idx >= SSL3_NUM_CIPHERS)
+                return NULL;
+
+        return &ssl3_ciphers[idx];
 }
 
 static int