From 6861a5a72a0bd87259b9e40bd0a0f7c85fd11e9c Mon Sep 17 00:00:00 2001 From: jsing <> Date: Tue, 23 Jul 2024 14:40:54 +0000 Subject: Remove get_cipher from SSL_METHOD. Inline the get_cipher implementation (including the special handling for DTLS) in ssl_cipher_collect_ciphers() (the only consumer), remove the get_cipher member of SSL_METHOD and mop up dtls1_get_cipher(). ssl3_get_cipher() has always had a strange property of being a reverse index, which is relied on by the cipher list ordering code, since it currently assumes that high cipher suite values are preferable. Rather than complicating ssl3_get_cipher() (and regress), change the iteration order in ssl_cipher_collect_ciphers() to match what it requires. Lastly, rename ssl3_get_cipher() to be more descriptive. ok tb@ --- src/lib/libssl/d1_lib.c | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) (limited to 'src/lib/libssl/d1_lib.c') diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c index ae6a6650ab..69db8a0df4 100644 --- a/src/lib/libssl/d1_lib.c +++ b/src/lib/libssl/d1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: d1_lib.c,v 1.64 2022/11/26 16:08:55 tb Exp $ */ +/* $OpenBSD: d1_lib.c,v 1.65 2024/07/23 14:40:53 jsing Exp $ */ /* * DTLS implementation written by Nagendra Modadugu * (nagendra@cs.stanford.edu) for the OpenSSL project 2005. @@ -250,27 +250,6 @@ dtls1_ctrl(SSL *s, int cmd, long larg, void *parg) return (ret); } -/* - * As it's impossible to use stream ciphers in "datagram" mode, this - * simple filter is designed to disengage them in DTLS. Unfortunately - * there is no universal way to identify stream SSL_CIPHER, so we have - * to explicitly list their SSL_* codes. Currently RC4 is the only one - * available, but if new ones emerge, they will have to be added... - */ -const SSL_CIPHER * -dtls1_get_cipher(unsigned int u) -{ - const SSL_CIPHER *cipher; - - if ((cipher = ssl3_get_cipher(u)) == NULL) - return NULL; - - if (cipher->algorithm_enc == SSL_RC4) - return NULL; - - return cipher; -} - void dtls1_start_timer(SSL *s) { -- cgit v1.2.3-55-g6feb