5 files changed, 32 insertions, 73 deletions
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index ae6a6650ab..69db8a0df4 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.64 2022/11/26 16:08:55 tb Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.65 2024/07/23 14:40:53 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -250,27 +250,6 @@ dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
        return (ret);
 }
-/*
- * As it's impossible to use stream ciphers in "datagram" mode, this
- * simple filter is designed to disengage them in DTLS. Unfortunately
- * there is no universal way to identify stream SSL_CIPHER, so we have
- * to explicitly list their SSL_* codes. Currently RC4 is the only one
- * available, but if new ones emerge, they will have to be added...
- */
-const SSL_CIPHER *
-dtls1_get_cipher(unsigned int u)
-{
-        const SSL_CIPHER *cipher;
-        if ((cipher = ssl3_get_cipher(u)) == NULL)
-                return NULL;
-        if (cipher->algorithm_enc == SSL_RC4)
-                return NULL;
-        return cipher;
-}
 void
 dtls1_start_timer(SSL *s)
 {
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index d30eb6deb7..86b32aec15 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.256 2024/07/22 14:47:15 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.257 2024/07/23 14:40:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1127,12 +1127,12 @@ ssl3_num_ciphers(void)
 }
 const SSL_CIPHER *
-ssl3_get_cipher(unsigned int u)
+ssl3_get_cipher_by_index(int idx)
 {
-        if (u < SSL3_NUM_CIPHERS)
+        if (idx < 0 || idx >= SSL3_NUM_CIPHERS)
-                return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
+                return NULL;
-        else
-                return (NULL);
+        return &ssl3_ciphers[idx];
 }
 static int
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index dce141101d..2478d70eac 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.146 2024/07/22 14:47:15 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.147 2024/07/23 14:40:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -576,22 +576,6 @@ ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
        *head = curr;
 }
-/* XXX beck: remove this in a followon to removing GOST */
-static void
-ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
-    unsigned long *enc, unsigned long *mac, unsigned long *ssl)
-{
-        *mkey = 0;
-        *auth = 0;
-        *enc = 0;
-        *mac = 0;
-        *ssl = 0;
-#ifdef SSL_FORBID_ENULL
-        *enc |= SSL_eNULL;
-#endif
-}
 static void
 ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers,
    unsigned long disabled_mkey, unsigned long disabled_auth,
@@ -608,10 +592,15 @@ ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers,
         * a linked list with at most num entries.
         */
-        /* Get the initial list of ciphers */
+        /*
+         * Get the initial list of ciphers, iterating backwards over the
+         * cipher list - the list is ordered by cipher value and we currently
+         * hope that ciphers with higher cipher values are preferable...
+         */
        co_list_num = 0;        /* actual count of ciphers */
-        for (i = 0; i < num_of_ciphers; i++) {
+        for (i = num_of_ciphers - 1; i >= 0; i--) {
-                c = ssl_method->get_cipher(i);
+                c = ssl3_get_cipher_by_index(i);
                /*
                 * Drop any invalid ciphers and any which use unavailable
                 * algorithms.
@@ -1153,11 +1142,19 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        if (rule_str == NULL || cipher_list == NULL)
                goto err;
-        /*
+        disabled_mkey = 0;
-         * To reduce the work to do we only want to process the compiled
+        disabled_auth = 0;
-         * in algorithms, so we first get the mask of disabled ciphers.
+        disabled_enc = 0;
-         */
+        disabled_mac = 0;
-        ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
+        disabled_ssl = 0;
+#ifdef SSL_FORBID_ENULL
+        disabled_enc |= SSL_eNULL;
+#endif
+        /* DTLS cannot be used with stream ciphers. */
+        if (ssl_method->dtls)
+                disabled_enc |= SSL_RC4;
        /*
         * Now we have to collect the available ciphers from the compiled
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h
index 34197e5920..4cbc13f8ac 100644
--- a/src/lib/libssl/ssl_local.h
+++ b/src/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.22 2024/07/22 14:47:15 jsing Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.23 2024/07/23 14:40:54 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -379,8 +379,6 @@ struct ssl_method_st {
            int peek);
        int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
-        const SSL_CIPHER *(*get_cipher)(unsigned int ncipher);
        unsigned int enc_flags;         /* SSL_ENC_FLAG_* */
 };
@@ -1290,7 +1288,7 @@ int ssl3_send_alert(SSL *s, int level, int desc);
 int ssl3_get_req_cert_types(SSL *s, CBB *cbb);
 int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max);
 int ssl3_num_ciphers(void);
-const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl3_get_cipher_by_index(int idx);
 const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);
 int ssl3_renegotiate(SSL *ssl);
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
index ca80da62fd..dee52decf1 100644
--- a/src/lib/libssl/ssl_methods.c
+++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.31 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.32 2024/07/23 14:40:54 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -77,7 +77,6 @@ static const SSL_METHOD DTLS_method_data = {
        .ssl_pending = ssl3_pending,
        .ssl_read_bytes = dtls1_read_bytes,
        .ssl_write_bytes = dtls1_write_app_data_bytes,
-        .get_cipher = dtls1_get_cipher,
        .enc_flags = TLSV1_2_ENC_FLAGS,
 };
@@ -98,7 +97,6 @@ static const SSL_METHOD DTLS_client_method_data = {
        .ssl_pending = ssl3_pending,
        .ssl_read_bytes = dtls1_read_bytes,
        .ssl_write_bytes = dtls1_write_app_data_bytes,
-        .get_cipher = dtls1_get_cipher,
        .enc_flags = TLSV1_2_ENC_FLAGS,
 };
@@ -119,7 +117,6 @@ static const SSL_METHOD DTLSv1_method_data = {
        .ssl_pending = ssl3_pending,
        .ssl_read_bytes = dtls1_read_bytes,
        .ssl_write_bytes = dtls1_write_app_data_bytes,
-        .get_cipher = dtls1_get_cipher,
        .enc_flags = TLSV1_1_ENC_FLAGS,
 };
@@ -140,7 +137,6 @@ static const SSL_METHOD DTLSv1_client_method_data = {
        .ssl_pending = ssl3_pending,
        .ssl_read_bytes = dtls1_read_bytes,
        .ssl_write_bytes = dtls1_write_app_data_bytes,
-        .get_cipher = dtls1_get_cipher,
        .enc_flags = TLSV1_1_ENC_FLAGS,
 };
@@ -161,7 +157,6 @@ static const SSL_METHOD DTLSv1_2_method_data = {
        .ssl_pending = ssl3_pending,
        .ssl_read_bytes = dtls1_read_bytes,
        .ssl_write_bytes = dtls1_write_app_data_bytes,
-        .get_cipher = dtls1_get_cipher,
        .enc_flags = TLSV1_2_ENC_FLAGS,
 };
@@ -182,7 +177,6 @@ static const SSL_METHOD DTLSv1_2_client_method_data = {
        .ssl_pending = ssl3_pending,
        .ssl_read_bytes = dtls1_read_bytes,
        .ssl_write_bytes = dtls1_write_app_data_bytes,
-        .get_cipher = dtls1_get_cipher,
        .enc_flags = TLSV1_2_ENC_FLAGS,
 };
@@ -266,7 +260,6 @@ static const SSL_METHOD TLS_method_data = {
        .ssl_pending = tls13_legacy_pending,
        .ssl_read_bytes = tls13_legacy_read_bytes,
        .ssl_write_bytes = tls13_legacy_write_bytes,
-        .get_cipher = ssl3_get_cipher,
        .enc_flags = TLSV1_3_ENC_FLAGS,
 };
@@ -287,7 +280,6 @@ static const SSL_METHOD TLS_legacy_method_data = {
        .ssl_pending = ssl3_pending,
        .ssl_read_bytes = ssl3_read_bytes,
        .ssl_write_bytes = ssl3_write_bytes,
-        .get_cipher = ssl3_get_cipher,
        .enc_flags = TLSV1_2_ENC_FLAGS,
 };
@@ -308,7 +300,6 @@ static const SSL_METHOD TLS_client_method_data = {
        .ssl_pending = tls13_legacy_pending,
        .ssl_read_bytes = tls13_legacy_read_bytes,
        .ssl_write_bytes = tls13_legacy_write_bytes,
-        .get_cipher = ssl3_get_cipher,
        .enc_flags = TLSV1_3_ENC_FLAGS,
 };
@@ -329,7 +320,6 @@ static const SSL_METHOD TLSv1_method_data = {
        .ssl_pending = ssl3_pending,
        .ssl_read_bytes = ssl3_read_bytes,
        .ssl_write_bytes = ssl3_write_bytes,
-        .get_cipher = ssl3_get_cipher,
        .enc_flags = TLSV1_ENC_FLAGS,
 };
@@ -350,7 +340,6 @@ static const SSL_METHOD TLSv1_client_method_data = {
        .ssl_pending = ssl3_pending,
        .ssl_read_bytes = ssl3_read_bytes,
        .ssl_write_bytes = ssl3_write_bytes,
-        .get_cipher = ssl3_get_cipher,
        .enc_flags = TLSV1_ENC_FLAGS,
 };
@@ -371,7 +360,6 @@ static const SSL_METHOD TLSv1_1_method_data = {
        .ssl_pending = ssl3_pending,
        .ssl_read_bytes = ssl3_read_bytes,
        .ssl_write_bytes = ssl3_write_bytes,
-        .get_cipher = ssl3_get_cipher,
        .enc_flags = TLSV1_1_ENC_FLAGS,
 };
@@ -392,7 +380,6 @@ static const SSL_METHOD TLSv1_1_client_method_data = {
        .ssl_pending = ssl3_pending,
        .ssl_read_bytes = ssl3_read_bytes,
        .ssl_write_bytes = ssl3_write_bytes,
-        .get_cipher = ssl3_get_cipher,
        .enc_flags = TLSV1_1_ENC_FLAGS,
 };
@@ -413,7 +400,6 @@ static const SSL_METHOD TLSv1_2_method_data = {
        .ssl_pending = ssl3_pending,
        .ssl_read_bytes = ssl3_read_bytes,
        .ssl_write_bytes = ssl3_write_bytes,
-        .get_cipher = ssl3_get_cipher,
        .enc_flags = TLSV1_2_ENC_FLAGS,
 };
@@ -434,7 +420,6 @@ static const SSL_METHOD TLSv1_2_client_method_data = {
        .ssl_pending = ssl3_pending,
        .ssl_read_bytes = ssl3_read_bytes,
        .ssl_write_bytes = ssl3_write_bytes,
-        .get_cipher = ssl3_get_cipher,
        .enc_flags = TLSV1_2_ENC_FLAGS,
 };

diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c index ae6a6650ab..69db8a0df4 100644 --- a/src/lib/libssl/d1_lib.c +++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_lib.c,v 1.64 2022/11/26 16:08:55 tb Exp $ */	1	/* $OpenBSD: d1_lib.c,v 1.65 2024/07/23 14:40:53 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -250,27 +250,6 @@ dtls1_ctrl(SSL s, int cmd, long larg, void parg)
250	return (ret);	250	return (ret);
251	}	251	}
252		252
253	/*
254	* As it's impossible to use stream ciphers in "datagram" mode, this
255	* simple filter is designed to disengage them in DTLS. Unfortunately
256	* there is no universal way to identify stream SSL_CIPHER, so we have
257	* to explicitly list their SSL_* codes. Currently RC4 is the only one
258	* available, but if new ones emerge, they will have to be added...
259	*/
260	const SSL_CIPHER *
261	dtls1_get_cipher(unsigned int u)
262	{
263	const SSL_CIPHER *cipher;
264
265	if ((cipher = ssl3_get_cipher(u)) == NULL)
266	return NULL;
267
268	if (cipher->algorithm_enc == SSL_RC4)
269	return NULL;
270
271	return cipher;
272	}
273
274	void	253	void
275	dtls1_start_timer(SSL *s)	254	dtls1_start_timer(SSL *s)
276	{	255	{


diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index d30eb6deb7..86b32aec15 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.256 2024/07/22 14:47:15 jsing Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.257 2024/07/23 14:40:53 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1127,12 +1127,12 @@ ssl3_num_ciphers(void)
1127	}	1127	}
1128		1128
1129	const SSL_CIPHER *	1129	const SSL_CIPHER *
1130	ssl3_get_cipher(unsigned int u)	1130	ssl3_get_cipher_by_index(int idx)
1131	{	1131	{
1132	if (u < SSL3_NUM_CIPHERS)	1132	if (idx < 0 \|\| idx >= SSL3_NUM_CIPHERS)
1133	return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));	1133	return NULL;
1134	else	1134
1135	return (NULL);	1135	return &ssl3_ciphers[idx];
1136	}	1136	}
1137		1137
1138	static int	1138	static int


diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index dce141101d..2478d70eac 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_ciph.c,v 1.146 2024/07/22 14:47:15 jsing Exp $ */	1	/* $OpenBSD: ssl_ciph.c,v 1.147 2024/07/23 14:40:53 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -576,22 +576,6 @@ ll_append_head(CIPHER_ORDER *head, CIPHER_ORDER curr,
576	*head = curr;	576	*head = curr;
577	}	577	}
578		578
579	/* XXX beck: remove this in a followon to removing GOST */
580	static void
581	ssl_cipher_get_disabled(unsigned long mkey, unsigned long auth,
582	unsigned long enc, unsigned long mac, unsigned long *ssl)
583	{
584	*mkey = 0;
585	*auth = 0;
586	*enc = 0;
587	*mac = 0;
588	*ssl = 0;
589
590	#ifdef SSL_FORBID_ENULL
591	*enc \|= SSL_eNULL;
592	#endif
593	}
594
595	static void	579	static void
596	ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers,	580	ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers,
597	unsigned long disabled_mkey, unsigned long disabled_auth,	581	unsigned long disabled_mkey, unsigned long disabled_auth,
@@ -608,10 +592,15 @@ ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers,
608	* a linked list with at most num entries.	592	* a linked list with at most num entries.
609	*/	593	*/
610		594
611	/* Get the initial list of ciphers */	595	/*
		596	* Get the initial list of ciphers, iterating backwards over the
		597	* cipher list - the list is ordered by cipher value and we currently
		598	* hope that ciphers with higher cipher values are preferable...
		599	*/
612	co_list_num = 0; /* actual count of ciphers */	600	co_list_num = 0; /* actual count of ciphers */
613	for (i = 0; i < num_of_ciphers; i++) {	601	for (i = num_of_ciphers - 1; i >= 0; i--) {
614	c = ssl_method->get_cipher(i);	602	c = ssl3_get_cipher_by_index(i);
		603
615	/*	604	/*
616	* Drop any invalid ciphers and any which use unavailable	605	* Drop any invalid ciphers and any which use unavailable
617	* algorithms.	606	* algorithms.
@@ -1153,11 +1142,19 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1153	if (rule_str == NULL \|\| cipher_list == NULL)	1142	if (rule_str == NULL \|\| cipher_list == NULL)
1154	goto err;	1143	goto err;
1155		1144
1156	/*	1145	disabled_mkey = 0;
1157	* To reduce the work to do we only want to process the compiled	1146	disabled_auth = 0;
1158	* in algorithms, so we first get the mask of disabled ciphers.	1147	disabled_enc = 0;
1159	*/	1148	disabled_mac = 0;
1160	ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);	1149	disabled_ssl = 0;
		1150
		1151	#ifdef SSL_FORBID_ENULL
		1152	disabled_enc \|= SSL_eNULL;
		1153	#endif
		1154
		1155	/* DTLS cannot be used with stream ciphers. */
		1156	if (ssl_method->dtls)
		1157	disabled_enc \|= SSL_RC4;
1161		1158
1162	/*	1159	/*
1163	* Now we have to collect the available ciphers from the compiled	1160	* Now we have to collect the available ciphers from the compiled


diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h index 34197e5920..4cbc13f8ac 100644 --- a/src/lib/libssl/ssl_local.h +++ b/src/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_local.h,v 1.22 2024/07/22 14:47:15 jsing Exp $ */	1	/* $OpenBSD: ssl_local.h,v 1.23 2024/07/23 14:40:54 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -379,8 +379,6 @@ struct ssl_method_st {
379	int peek);	379	int peek);
380	int (ssl_write_bytes)(SSL s, int type, const void *buf_, int len);	380	int (ssl_write_bytes)(SSL s, int type, const void *buf_, int len);
381		381
382	const SSL_CIPHER (get_cipher)(unsigned int ncipher);
383
384	unsigned int enc_flags; /* SSL_ENC_FLAG_* */	382	unsigned int enc_flags; /* SSL_ENC_FLAG_* */
385	};	383	};
386		384
@@ -1290,7 +1288,7 @@ int ssl3_send_alert(SSL *s, int level, int desc);
1290	int ssl3_get_req_cert_types(SSL s, CBB cbb);	1288	int ssl3_get_req_cert_types(SSL s, CBB cbb);
1291	int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max);	1289	int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max);
1292	int ssl3_num_ciphers(void);	1290	int ssl3_num_ciphers(void);
1293	const SSL_CIPHER *ssl3_get_cipher(unsigned int u);	1291	const SSL_CIPHER *ssl3_get_cipher_by_index(int idx);
1294	const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);	1292	const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);
1295	int ssl3_renegotiate(SSL *ssl);	1293	int ssl3_renegotiate(SSL *ssl);
1296		1294


diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c index ca80da62fd..dee52decf1 100644 --- a/src/lib/libssl/ssl_methods.c +++ b/src/lib/libssl/ssl_methods.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_methods.c,v 1.31 2023/07/08 16:40:13 beck Exp $ */	1	/* $OpenBSD: ssl_methods.c,v 1.32 2024/07/23 14:40:54 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -77,7 +77,6 @@ static const SSL_METHOD DTLS_method_data = {
77	.ssl_pending = ssl3_pending,	77	.ssl_pending = ssl3_pending,
78	.ssl_read_bytes = dtls1_read_bytes,	78	.ssl_read_bytes = dtls1_read_bytes,
79	.ssl_write_bytes = dtls1_write_app_data_bytes,	79	.ssl_write_bytes = dtls1_write_app_data_bytes,
80	.get_cipher = dtls1_get_cipher,
81	.enc_flags = TLSV1_2_ENC_FLAGS,	80	.enc_flags = TLSV1_2_ENC_FLAGS,
82	};	81	};
83		82
@@ -98,7 +97,6 @@ static const SSL_METHOD DTLS_client_method_data = {
98	.ssl_pending = ssl3_pending,	97	.ssl_pending = ssl3_pending,
99	.ssl_read_bytes = dtls1_read_bytes,	98	.ssl_read_bytes = dtls1_read_bytes,
100	.ssl_write_bytes = dtls1_write_app_data_bytes,	99	.ssl_write_bytes = dtls1_write_app_data_bytes,
101	.get_cipher = dtls1_get_cipher,
102	.enc_flags = TLSV1_2_ENC_FLAGS,	100	.enc_flags = TLSV1_2_ENC_FLAGS,
103	};	101	};
104		102
@@ -119,7 +117,6 @@ static const SSL_METHOD DTLSv1_method_data = {
119	.ssl_pending = ssl3_pending,	117	.ssl_pending = ssl3_pending,
120	.ssl_read_bytes = dtls1_read_bytes,	118	.ssl_read_bytes = dtls1_read_bytes,
121	.ssl_write_bytes = dtls1_write_app_data_bytes,	119	.ssl_write_bytes = dtls1_write_app_data_bytes,
122	.get_cipher = dtls1_get_cipher,
123	.enc_flags = TLSV1_1_ENC_FLAGS,	120	.enc_flags = TLSV1_1_ENC_FLAGS,
124	};	121	};
125		122
@@ -140,7 +137,6 @@ static const SSL_METHOD DTLSv1_client_method_data = {
140	.ssl_pending = ssl3_pending,	137	.ssl_pending = ssl3_pending,
141	.ssl_read_bytes = dtls1_read_bytes,	138	.ssl_read_bytes = dtls1_read_bytes,
142	.ssl_write_bytes = dtls1_write_app_data_bytes,	139	.ssl_write_bytes = dtls1_write_app_data_bytes,
143	.get_cipher = dtls1_get_cipher,
144	.enc_flags = TLSV1_1_ENC_FLAGS,	140	.enc_flags = TLSV1_1_ENC_FLAGS,
145	};	141	};
146		142
@@ -161,7 +157,6 @@ static const SSL_METHOD DTLSv1_2_method_data = {
161	.ssl_pending = ssl3_pending,	157	.ssl_pending = ssl3_pending,
162	.ssl_read_bytes = dtls1_read_bytes,	158	.ssl_read_bytes = dtls1_read_bytes,
163	.ssl_write_bytes = dtls1_write_app_data_bytes,	159	.ssl_write_bytes = dtls1_write_app_data_bytes,
164	.get_cipher = dtls1_get_cipher,
165	.enc_flags = TLSV1_2_ENC_FLAGS,	160	.enc_flags = TLSV1_2_ENC_FLAGS,
166	};	161	};
167		162
@@ -182,7 +177,6 @@ static const SSL_METHOD DTLSv1_2_client_method_data = {
182	.ssl_pending = ssl3_pending,	177	.ssl_pending = ssl3_pending,
183	.ssl_read_bytes = dtls1_read_bytes,	178	.ssl_read_bytes = dtls1_read_bytes,
184	.ssl_write_bytes = dtls1_write_app_data_bytes,	179	.ssl_write_bytes = dtls1_write_app_data_bytes,
185	.get_cipher = dtls1_get_cipher,
186	.enc_flags = TLSV1_2_ENC_FLAGS,	180	.enc_flags = TLSV1_2_ENC_FLAGS,
187	};	181	};
188		182
@@ -266,7 +260,6 @@ static const SSL_METHOD TLS_method_data = {
266	.ssl_pending = tls13_legacy_pending,	260	.ssl_pending = tls13_legacy_pending,
267	.ssl_read_bytes = tls13_legacy_read_bytes,	261	.ssl_read_bytes = tls13_legacy_read_bytes,
268	.ssl_write_bytes = tls13_legacy_write_bytes,	262	.ssl_write_bytes = tls13_legacy_write_bytes,
269	.get_cipher = ssl3_get_cipher,
270	.enc_flags = TLSV1_3_ENC_FLAGS,	263	.enc_flags = TLSV1_3_ENC_FLAGS,
271	};	264	};
272		265
@@ -287,7 +280,6 @@ static const SSL_METHOD TLS_legacy_method_data = {
287	.ssl_pending = ssl3_pending,	280	.ssl_pending = ssl3_pending,
288	.ssl_read_bytes = ssl3_read_bytes,	281	.ssl_read_bytes = ssl3_read_bytes,
289	.ssl_write_bytes = ssl3_write_bytes,	282	.ssl_write_bytes = ssl3_write_bytes,
290	.get_cipher = ssl3_get_cipher,
291	.enc_flags = TLSV1_2_ENC_FLAGS,	283	.enc_flags = TLSV1_2_ENC_FLAGS,
292	};	284	};
293		285
@@ -308,7 +300,6 @@ static const SSL_METHOD TLS_client_method_data = {
308	.ssl_pending = tls13_legacy_pending,	300	.ssl_pending = tls13_legacy_pending,
309	.ssl_read_bytes = tls13_legacy_read_bytes,	301	.ssl_read_bytes = tls13_legacy_read_bytes,
310	.ssl_write_bytes = tls13_legacy_write_bytes,	302	.ssl_write_bytes = tls13_legacy_write_bytes,
311	.get_cipher = ssl3_get_cipher,
312	.enc_flags = TLSV1_3_ENC_FLAGS,	303	.enc_flags = TLSV1_3_ENC_FLAGS,
313	};	304	};
314		305
@@ -329,7 +320,6 @@ static const SSL_METHOD TLSv1_method_data = {
329	.ssl_pending = ssl3_pending,	320	.ssl_pending = ssl3_pending,
330	.ssl_read_bytes = ssl3_read_bytes,	321	.ssl_read_bytes = ssl3_read_bytes,
331	.ssl_write_bytes = ssl3_write_bytes,	322	.ssl_write_bytes = ssl3_write_bytes,
332	.get_cipher = ssl3_get_cipher,
333	.enc_flags = TLSV1_ENC_FLAGS,	323	.enc_flags = TLSV1_ENC_FLAGS,
334	};	324	};
335		325
@@ -350,7 +340,6 @@ static const SSL_METHOD TLSv1_client_method_data = {
350	.ssl_pending = ssl3_pending,	340	.ssl_pending = ssl3_pending,
351	.ssl_read_bytes = ssl3_read_bytes,	341	.ssl_read_bytes = ssl3_read_bytes,
352	.ssl_write_bytes = ssl3_write_bytes,	342	.ssl_write_bytes = ssl3_write_bytes,
353	.get_cipher = ssl3_get_cipher,
354	.enc_flags = TLSV1_ENC_FLAGS,	343	.enc_flags = TLSV1_ENC_FLAGS,
355	};	344	};
356		345
@@ -371,7 +360,6 @@ static const SSL_METHOD TLSv1_1_method_data = {
371	.ssl_pending = ssl3_pending,	360	.ssl_pending = ssl3_pending,
372	.ssl_read_bytes = ssl3_read_bytes,	361	.ssl_read_bytes = ssl3_read_bytes,
373	.ssl_write_bytes = ssl3_write_bytes,	362	.ssl_write_bytes = ssl3_write_bytes,
374	.get_cipher = ssl3_get_cipher,
375	.enc_flags = TLSV1_1_ENC_FLAGS,	363	.enc_flags = TLSV1_1_ENC_FLAGS,
376	};	364	};
377		365
@@ -392,7 +380,6 @@ static const SSL_METHOD TLSv1_1_client_method_data = {
392	.ssl_pending = ssl3_pending,	380	.ssl_pending = ssl3_pending,
393	.ssl_read_bytes = ssl3_read_bytes,	381	.ssl_read_bytes = ssl3_read_bytes,
394	.ssl_write_bytes = ssl3_write_bytes,	382	.ssl_write_bytes = ssl3_write_bytes,
395	.get_cipher = ssl3_get_cipher,
396	.enc_flags = TLSV1_1_ENC_FLAGS,	383	.enc_flags = TLSV1_1_ENC_FLAGS,
397	};	384	};
398		385
@@ -413,7 +400,6 @@ static const SSL_METHOD TLSv1_2_method_data = {
413	.ssl_pending = ssl3_pending,	400	.ssl_pending = ssl3_pending,
414	.ssl_read_bytes = ssl3_read_bytes,	401	.ssl_read_bytes = ssl3_read_bytes,
415	.ssl_write_bytes = ssl3_write_bytes,	402	.ssl_write_bytes = ssl3_write_bytes,
416	.get_cipher = ssl3_get_cipher,
417	.enc_flags = TLSV1_2_ENC_FLAGS,	403	.enc_flags = TLSV1_2_ENC_FLAGS,
418	};	404	};
419		405
@@ -434,7 +420,6 @@ static const SSL_METHOD TLSv1_2_client_method_data = {
434	.ssl_pending = ssl3_pending,	420	.ssl_pending = ssl3_pending,
435	.ssl_read_bytes = ssl3_read_bytes,	421	.ssl_read_bytes = ssl3_read_bytes,
436	.ssl_write_bytes = ssl3_write_bytes,	422	.ssl_write_bytes = ssl3_write_bytes,
437	.get_cipher = ssl3_get_cipher,
438	.enc_flags = TLSV1_2_ENC_FLAGS,	423	.enc_flags = TLSV1_2_ENC_FLAGS,
439	};	424	};
440		425