From 6861a5a72a0bd87259b9e40bd0a0f7c85fd11e9c Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Tue, 23 Jul 2024 14:40:54 +0000
Subject: Remove get_cipher from SSL_METHOD.

Inline the get_cipher implementation (including the special handling
for DTLS) in ssl_cipher_collect_ciphers() (the only consumer), remove
the get_cipher member of SSL_METHOD and mop up dtls1_get_cipher().

ssl3_get_cipher() has always had a strange property of being a reverse
index, which is relied on by the cipher list ordering code, since it
currently assumes that high cipher suite values are preferable. Rather
than complicating ssl3_get_cipher() (and regress), change the iteration
order in ssl_cipher_collect_ciphers() to match what it requires. Lastly,
rename ssl3_get_cipher() to be more descriptive.

ok tb@
---
 src/lib/libssl/s3_lib.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

(limited to 'src/lib/libssl/s3_lib.c')

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index d30eb6deb7..86b32aec15 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.256 2024/07/22 14:47:15 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.257 2024/07/23 14:40:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1127,12 +1127,12 @@ ssl3_num_ciphers(void)
 }
 
 const SSL_CIPHER *
-ssl3_get_cipher(unsigned int u)
+ssl3_get_cipher_by_index(int idx)
 {
-	if (u < SSL3_NUM_CIPHERS)
-		return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
-	else
-		return (NULL);
+	if (idx < 0 || idx >= SSL3_NUM_CIPHERS)
+		return NULL;
+
+	return &ssl3_ciphers[idx];
 }
 
 static int
-- 
cgit v1.2.3-55-g6feb