From 33d8c111a77ac681a8ecffcda0713ec96c6fe953 Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sat, 18 Apr 2020 13:47:58 +0000
Subject: Tweak previous active cipher suite code.

Use a boolean value rather than using a counter, as suggested by tb@
during the previous review.

ok tb@
---
 src/lib/libssl/ssl_ciph.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'src/lib')

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index 08ddc86c3c..5952595c5d 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.114 2020/04/17 17:26:00 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.115 2020/04/18 13:47:58 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1171,7 +1171,7 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
 	const SSL_CIPHER **ca_list = NULL;
 	int tls13_seen = 0;
-	int active;
+	int any_active;
 
 	/*
 	 * Return with error if nothing to do.
@@ -1324,15 +1324,14 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	 * TLSv1.3 cipher suites. If the rule string resulted in no active
 	 * cipher suites then we return an empty stack.
 	 */
-	active = 0;
+	any_active = 0;
 	for (curr = head; curr != NULL; curr = curr->next) {
 		if (curr->active ||
 		    (!tls13_seen && curr->cipher->algorithm_ssl == SSL_TLSV1_3))
 			sk_SSL_CIPHER_push(cipherstack, curr->cipher);
-		if (curr->active)
-			active++;
+		any_active |= curr->active;
 	}
-	if (active == 0)
+	if (!any_active)
 		sk_SSL_CIPHER_zero(cipherstack);
 
 	free(co_list);	/* Not needed any longer */
-- 
cgit v1.2.3-55-g6feb