sync with OpenBSD -current

lib/libcrypto/man/BUF_MEM_new.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: BUF_MEM_new.3,v 1.18 2023/07/27 06:20:45 tb Exp $
+.\"	$OpenBSD: BUF_MEM_new.3,v 1.19 2024/07/24 08:57:58 tb Exp $
 .\"	OpenSSL doc/crypto/buffer.pod 18edda0f Sep 20 03:28:54 2000 +0000
 .\"	not merged: 74924dcb, 58e3457a, 21b0fa91, 7644a9ae
 .\"	OpenSSL doc/crypto/BUF_MEM_new.pod 53934822 Jun 9 16:39:19 2016 -0400
@@ -52,7 +52,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 27 2023 $
+.Dd $Mdocdate: July 24 2024 $
 .Dt BUF_MEM_NEW 3
 .Os
 .Sh NAME
@@ -90,8 +90,7 @@ The library uses the
 .Vt BUF_MEM
 structure defined in buffer.h:
 .Bd -literal
-typedef struct buf_mem_st
-{
+typedef struct buf_mem_st {
 	size_t length;	/* current number of bytes */
 	char *data;
 	size_t max;	/* size of buffer */

lib/libradius/Makefile

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.3 2016/03/30 06:38:43 jmc Exp $
+#	$OpenBSD: Makefile,v 1.4 2024/07/24 08:22:26 yasuoka Exp $
 
 LIB=    	radius
 SRCS=		radius.c radius_attr.c radius_msgauth.c radius_userpass.c \
@@ -9,7 +9,8 @@ CFLAGS+=	-Wall
 
 MAN=		radius_new_request_packet.3
 
-.include <bsd.lib.mk>
+VERSION_SCRIPT=	Symbols.map
+SYMBOL_LIST=	${.CURDIR}/Symbols.list
 
 includes:
 	@cd ${.CURDIR}; for i in $(INCS); do \
@@ -19,3 +20,10 @@ includes:
 		echo $$j; \
 		eval "$$j"; \
 	done
+
+${VERSION_SCRIPT}: ${SYMBOL_LIST}
+	{ printf '{\n\tglobal:\n'; \
+	  sed '/^[._a-zA-Z]/s/$$/;/; s/^/		/' ${SYMBOL_LIST}; \
+	  printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@
+
+.include <bsd.lib.mk>

lib/libradius/Symbols.list

@@ -0,0 +1,89 @@
+radius_check_accounting_request_authenticator
+radius_check_message_authenticator
+radius_check_response_authenticator
+radius_convert_packet
+radius_decrypt_mppe_key_attr
+radius_decrypt_user_password_attr
+radius_del_attr_all
+radius_del_vs_attr_all
+radius_delete_packet
+radius_encrypt_mppe_key_attr
+radius_encrypt_user_password_attr
+radius_get_authenticator
+radius_get_authenticator_retval
+radius_get_code
+radius_get_data
+radius_get_eap_msk
+radius_get_id
+radius_get_ipv4_attr
+radius_get_ipv6_attr
+radius_get_length
+radius_get_mppe_recv_key_attr
+radius_get_mppe_send_key_attr
+radius_get_raw_attr
+radius_get_raw_attr_cat
+radius_get_raw_attr_ptr
+radius_get_request_authenticator_retval
+radius_get_request_packet
+radius_get_string_attr
+radius_get_uint16_attr
+radius_get_uint32_attr
+radius_get_uint64_attr
+radius_get_user_password_attr
+radius_get_vs_ipv4_attr
+radius_get_vs_ipv6_attr
+radius_get_vs_raw_attr
+radius_get_vs_raw_attr_cat
+radius_get_vs_raw_attr_ptr
+radius_get_vs_string_attr
+radius_get_vs_uint16_attr
+radius_get_vs_uint32_attr
+radius_get_vs_uint64_attr
+radius_has_attr
+radius_has_vs_attr
+radius_new_request_packet
+radius_new_response_packet
+radius_put_ipv4_attr
+radius_put_ipv6_attr
+radius_put_message_authenticator
+radius_put_mppe_recv_key_attr
+radius_put_mppe_send_key_attr
+radius_put_raw_attr
+radius_put_raw_attr_cat
+radius_put_string_attr
+radius_put_uint16_attr
+radius_put_uint32_attr
+radius_put_uint64_attr
+radius_put_user_password_attr
+radius_put_vs_ipv4_attr
+radius_put_vs_ipv6_attr
+radius_put_vs_raw_attr
+radius_put_vs_raw_attr_cat
+radius_put_vs_string_attr
+radius_put_vs_uint16_attr
+radius_put_vs_uint32_attr
+radius_put_vs_uint64_attr
+radius_recv
+radius_recvfrom
+radius_recvmsg
+radius_send
+radius_sendmsg
+radius_sendto
+radius_set_accounting_request_authenticator
+radius_set_id
+radius_set_ipv4_attr
+radius_set_ipv6_attr
+radius_set_message_authenticator
+radius_set_raw_attr
+radius_set_request_packet
+radius_set_response_authenticator
+radius_set_uint16_attr
+radius_set_uint32_attr
+radius_set_uint64_attr
+radius_set_vs_ipv4_attr
+radius_set_vs_ipv6_attr
+radius_set_vs_raw_attr
+radius_set_vs_uint16_attr
+radius_set_vs_uint32_attr
+radius_set_vs_uint64_attr
+radius_update_id

lib/libradius/radius_attr.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: radius_attr.c,v 1.2 2023/07/08 08:53:26 yasuoka Exp $ */
+/*	$OpenBSD: radius_attr.c,v 1.3 2024/07/24 08:19:16 yasuoka Exp $ */
 
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -199,6 +199,31 @@ radius_put_raw_attr(RADIUS_PACKET * packet, uint8_t type, const void *buf,
 	return (0);
 }
 
+int
+radius_unshift_raw_attr(RADIUS_PACKET * packet, uint8_t type, const void *buf,
+    size_t length)
+{
+	RADIUS_ATTRIBUTE	*newattr;
+
+	if (length > 255 - 2)
+		return (-1);
+
+	if (radius_ensure_add_capacity(packet, length + 2) != 0)
+		return (-1);
+
+	memmove(packet->pdata->attributes + length + 2,
+	    packet->pdata->attributes,
+	    radius_get_length(packet) - sizeof(RADIUS_PACKET_DATA));
+
+	newattr = ATTRS_BEGIN(packet->pdata);
+	newattr->type = type;
+	newattr->length = length + 2;
+	memcpy(newattr->data, buf, length);
+	packet->pdata->length = htons(radius_get_length(packet) + length + 2);
+
+	return (0);
+}
+
 int
 radius_put_vs_raw_attr(RADIUS_PACKET * packet, uint32_t vendor, uint8_t vtype,
     const void *buf, size_t length)

lib/libradius/radius_local.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: radius_local.h,v 1.1 2015/07/20 23:52:29 yasuoka Exp $ */
+/*	$OpenBSD: radius_local.h,v 1.2 2024/07/24 08:19:16 yasuoka Exp $ */
 
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -74,6 +74,8 @@ struct _RADIUS_PACKET {
 #define ATTRS_ADVANCE(x) (x = ATTRS_NEXT(x))
 
 int radius_ensure_add_capacity(RADIUS_PACKET * packet, size_t capacity);
+int radius_unshift_raw_attr(RADIUS_PACKET * packet, uint8_t type,
+    const void *buf, size_t length);
 
 #define ROUNDUP(a, b)	((((a) + (b) - 1) / (b)) * (b))
 #define	MINIMUM(a, b)	(((a) < (b))? (a) : (b))

lib/libradius/radius_msgauth.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: radius_msgauth.c,v 1.2 2021/12/16 17:32:51 tb Exp $ */
+/*	$OpenBSD: radius_msgauth.c,v 1.3 2024/07/24 08:19:16 yasuoka Exp $ */
 
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -112,8 +112,8 @@ radius_put_message_authenticator(RADIUS_PACKET * packet, const char *secret)
 	 * because content of Message-Authenticator attribute is assumed zero
 	 * during calculation.
 	 */
-	if (radius_put_raw_attr(packet, RADIUS_TYPE_MESSAGE_AUTHENTICATOR,
-		ma, sizeof(ma)) != 0)
+	if (radius_unshift_raw_attr(packet, RADIUS_TYPE_MESSAGE_AUTHENTICATOR,
+	    ma, sizeof(ma)) != 0)
 		return (-1);
 
 	return (radius_set_message_authenticator(packet, secret));

lib/libradius/radius_new_request_packet.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: radius_new_request_packet.3,v 1.6 2022/09/11 06:38:11 jmc Exp $
+.\" $OpenBSD: radius_new_request_packet.3,v 1.7 2024/07/24 08:19:16 yasuoka Exp $
 .\"
 .\" Copyright (c) 2009 Internet Initiative Japan Inc.
 .\" All rights reserved.
@@ -24,7 +24,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 11 2022 $
+.Dd $Mdocdate: July 24 2024 $
 .Dt RADIUS_NEW_REQUEST_PACKET 3
 .Os
 .Sh NAME
@@ -285,6 +285,10 @@ There are helper functions for Message-Authenticator attributes.
 and
 .Fn radius_set_message_authenticator
 calculate a Message-Authenticator and put or set it to packet, respectively.
+When
+.Fn radius_put_message_authenticator
+is used,
+the Message-Authenticator attribute is placed at the first in the attributes.
 .Pp
 .Fn radius_check_message_authenticator
 checks a Message-Authenticator.
@@ -368,9 +372,9 @@ NULL on failure.
 .Sh HISTORY
 The
 .Nm radius+
-library was first written by UMEZAWA Takeshi in 2002 for the ID gateway service
-of Internet Initiative Japan.
-YASUOKA Masahiko added support for Message-Authentication attributes in 2008.
+library was first written by UMEZAWA Takeshi in 2002 for the ID Gateway service
+of Internet Initiative Japan Inc.
+YASUOKA Masahiko added support for Message-Authenticator attributes in 2008.
 .Ox
 project rewrote C++ code to pure C code in 2010.
 The

lib/libradius/shlib_version

@@ -1,2 +1,2 @@
-major=1
+major=2
 minor=0

lib/libsndio/sioctl_sun.c

@@ -472,9 +472,18 @@ sioctl_sun_pollfd(struct sioctl_hdl *addr, struct pollfd *pfd, int events)
 {
 	struct sioctl_sun_hdl *hdl = (struct sioctl_sun_hdl *)addr;
 
+	hdl->events = events;
+
+	/*
+	 * The audio(4) driver doesn't support POLLOUT, so if it is
+	 * requested, don't set the struct pollfd. The AUDIO_MIXER_WRITE
+	 * ioctl never blocks, so just return POLLOUT in sioctl_sun_revents().
+	 */
+	if (events & POLLOUT)
+		return 0;
+
 	pfd->fd = hdl->fd;
 	pfd->events = POLLIN;
-	hdl->events = events;
 	return 1;
 }
 
@@ -485,6 +494,9 @@ sioctl_sun_revents(struct sioctl_hdl *arg, struct pollfd *pfd)
 	struct volume *vol;
 	int idx, n;
 
+	if (hdl->events & POLLOUT)
+		return POLLOUT;
+
 	if (pfd->revents & POLLIN) {
 		while (1) {
 			n = read(hdl->fd, &idx, sizeof(int));
@@ -514,5 +526,5 @@ sioctl_sun_revents(struct sioctl_hdl *arg, struct pollfd *pfd)
 				return POLLHUP;
 		}
 	}
-	return hdl->events & POLLOUT;
+	return 0;
 }

lib/libssl/d1_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.64 2022/11/26 16:08:55 tb Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.65 2024/07/23 14:40:53 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -250,27 +250,6 @@ dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
 	return (ret);
 }
 
-/*
- * As it's impossible to use stream ciphers in "datagram" mode, this
- * simple filter is designed to disengage them in DTLS. Unfortunately
- * there is no universal way to identify stream SSL_CIPHER, so we have
- * to explicitly list their SSL_* codes. Currently RC4 is the only one
- * available, but if new ones emerge, they will have to be added...
- */
-const SSL_CIPHER *
-dtls1_get_cipher(unsigned int u)
-{
-	const SSL_CIPHER *cipher;
-
-	if ((cipher = ssl3_get_cipher(u)) == NULL)
-		return NULL;
-
-	if (cipher->algorithm_enc == SSL_RC4)
-		return NULL;
-
-	return cipher;
-}
-
 void
 dtls1_start_timer(SSL *s)
 {

lib/libssl/s3_lib.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.256 2024/07/22 14:47:15 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.257 2024/07/23 14:40:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1127,12 +1127,12 @@ ssl3_num_ciphers(void)
 }
 
 const SSL_CIPHER *
-ssl3_get_cipher(unsigned int u)
+ssl3_get_cipher_by_index(int idx)
 {
-	if (u < SSL3_NUM_CIPHERS)
-		return (&(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]));
-	else
-		return (NULL);
+	if (idx < 0 || idx >= SSL3_NUM_CIPHERS)
+		return NULL;
+
+	return &ssl3_ciphers[idx];
 }
 
 static int

lib/libssl/ssl_ciph.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.146 2024/07/22 14:47:15 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.147 2024/07/23 14:40:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -576,22 +576,6 @@ ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
 	*head = curr;
 }
 
-/* XXX beck: remove this in a followon to removing GOST */
-static void
-ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
-    unsigned long *enc, unsigned long *mac, unsigned long *ssl)
-{
-	*mkey = 0;
-	*auth = 0;
-	*enc = 0;
-	*mac = 0;
-	*ssl = 0;
-
-#ifdef SSL_FORBID_ENULL
-	*enc |= SSL_eNULL;
-#endif
-}
-
 static void
 ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers,
     unsigned long disabled_mkey, unsigned long disabled_auth,
@@ -608,10 +592,15 @@ ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers,
 	 * a linked list with at most num entries.
 	 */
 
-	/* Get the initial list of ciphers */
+	/*
+	 * Get the initial list of ciphers, iterating backwards over the
+	 * cipher list - the list is ordered by cipher value and we currently
+	 * hope that ciphers with higher cipher values are preferable...
+	 */
 	co_list_num = 0;	/* actual count of ciphers */
-	for (i = 0; i < num_of_ciphers; i++) {
-		c = ssl_method->get_cipher(i);
+	for (i = num_of_ciphers - 1; i >= 0; i--) {
+		c = ssl3_get_cipher_by_index(i);
+
 		/*
 		 * Drop any invalid ciphers and any which use unavailable
 		 * algorithms.
@@ -1153,11 +1142,19 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	if (rule_str == NULL || cipher_list == NULL)
 		goto err;
 
-	/*
-	 * To reduce the work to do we only want to process the compiled
-	 * in algorithms, so we first get the mask of disabled ciphers.
-	 */
-	ssl_cipher_get_disabled(&disabled_mkey, &disabled_auth, &disabled_enc, &disabled_mac, &disabled_ssl);
+	disabled_mkey = 0;
+	disabled_auth = 0;
+	disabled_enc = 0;
+	disabled_mac = 0;
+	disabled_ssl = 0;
+
+#ifdef SSL_FORBID_ENULL
+	disabled_enc |= SSL_eNULL;
+#endif
+
+	/* DTLS cannot be used with stream ciphers. */
+	if (ssl_method->dtls)
+		disabled_enc |= SSL_RC4;
 
 	/*
 	 * Now we have to collect the available ciphers from the compiled

lib/libssl/ssl_local.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.22 2024/07/22 14:47:15 jsing Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.23 2024/07/23 14:40:54 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -379,8 +379,6 @@ struct ssl_method_st {
 	    int peek);
 	int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
 
-	const SSL_CIPHER *(*get_cipher)(unsigned int ncipher);
-
 	unsigned int enc_flags;		/* SSL_ENC_FLAG_* */
 };
 
@@ -1290,7 +1288,7 @@ int ssl3_send_alert(SSL *s, int level, int desc);
 int ssl3_get_req_cert_types(SSL *s, CBB *cbb);
 int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max);
 int ssl3_num_ciphers(void);
-const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+const SSL_CIPHER *ssl3_get_cipher_by_index(int idx);
 const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);
 int ssl3_renegotiate(SSL *ssl);
 

lib/libssl/ssl_methods.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_methods.c,v 1.31 2023/07/08 16:40:13 beck Exp $ */
+/* $OpenBSD: ssl_methods.c,v 1.32 2024/07/23 14:40:54 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -77,7 +77,6 @@ static const SSL_METHOD DTLS_method_data = {
 	.ssl_pending = ssl3_pending,
 	.ssl_read_bytes = dtls1_read_bytes,
 	.ssl_write_bytes = dtls1_write_app_data_bytes,
-	.get_cipher = dtls1_get_cipher,
 	.enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
@@ -98,7 +97,6 @@ static const SSL_METHOD DTLS_client_method_data = {
 	.ssl_pending = ssl3_pending,
 	.ssl_read_bytes = dtls1_read_bytes,
 	.ssl_write_bytes = dtls1_write_app_data_bytes,
-	.get_cipher = dtls1_get_cipher,
 	.enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
@@ -119,7 +117,6 @@ static const SSL_METHOD DTLSv1_method_data = {
 	.ssl_pending = ssl3_pending,
 	.ssl_read_bytes = dtls1_read_bytes,
 	.ssl_write_bytes = dtls1_write_app_data_bytes,
-	.get_cipher = dtls1_get_cipher,
 	.enc_flags = TLSV1_1_ENC_FLAGS,
 };
 
@@ -140,7 +137,6 @@ static const SSL_METHOD DTLSv1_client_method_data = {
 	.ssl_pending = ssl3_pending,
 	.ssl_read_bytes = dtls1_read_bytes,
 	.ssl_write_bytes = dtls1_write_app_data_bytes,
-	.get_cipher = dtls1_get_cipher,
 	.enc_flags = TLSV1_1_ENC_FLAGS,
 };
 
@@ -161,7 +157,6 @@ static const SSL_METHOD DTLSv1_2_method_data = {
 	.ssl_pending = ssl3_pending,
 	.ssl_read_bytes = dtls1_read_bytes,
 	.ssl_write_bytes = dtls1_write_app_data_bytes,
-	.get_cipher = dtls1_get_cipher,
 	.enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
@@ -182,7 +177,6 @@ static const SSL_METHOD DTLSv1_2_client_method_data = {
 	.ssl_pending = ssl3_pending,
 	.ssl_read_bytes = dtls1_read_bytes,
 	.ssl_write_bytes = dtls1_write_app_data_bytes,
-	.get_cipher = dtls1_get_cipher,
 	.enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
@@ -266,7 +260,6 @@ static const SSL_METHOD TLS_method_data = {
 	.ssl_pending = tls13_legacy_pending,
 	.ssl_read_bytes = tls13_legacy_read_bytes,
 	.ssl_write_bytes = tls13_legacy_write_bytes,
-	.get_cipher = ssl3_get_cipher,
 	.enc_flags = TLSV1_3_ENC_FLAGS,
 };
 
@@ -287,7 +280,6 @@ static const SSL_METHOD TLS_legacy_method_data = {
 	.ssl_pending = ssl3_pending,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
-	.get_cipher = ssl3_get_cipher,
 	.enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
@@ -308,7 +300,6 @@ static const SSL_METHOD TLS_client_method_data = {
 	.ssl_pending = tls13_legacy_pending,
 	.ssl_read_bytes = tls13_legacy_read_bytes,
 	.ssl_write_bytes = tls13_legacy_write_bytes,
-	.get_cipher = ssl3_get_cipher,
 	.enc_flags = TLSV1_3_ENC_FLAGS,
 };
 
@@ -329,7 +320,6 @@ static const SSL_METHOD TLSv1_method_data = {
 	.ssl_pending = ssl3_pending,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
-	.get_cipher = ssl3_get_cipher,
 	.enc_flags = TLSV1_ENC_FLAGS,
 };
 
@@ -350,7 +340,6 @@ static const SSL_METHOD TLSv1_client_method_data = {
 	.ssl_pending = ssl3_pending,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
-	.get_cipher = ssl3_get_cipher,
 	.enc_flags = TLSV1_ENC_FLAGS,
 };
 
@@ -371,7 +360,6 @@ static const SSL_METHOD TLSv1_1_method_data = {
 	.ssl_pending = ssl3_pending,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
-	.get_cipher = ssl3_get_cipher,
 	.enc_flags = TLSV1_1_ENC_FLAGS,
 };
 
@@ -392,7 +380,6 @@ static const SSL_METHOD TLSv1_1_client_method_data = {
 	.ssl_pending = ssl3_pending,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
-	.get_cipher = ssl3_get_cipher,
 	.enc_flags = TLSV1_1_ENC_FLAGS,
 };
 
@@ -413,7 +400,6 @@ static const SSL_METHOD TLSv1_2_method_data = {
 	.ssl_pending = ssl3_pending,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
-	.get_cipher = ssl3_get_cipher,
 	.enc_flags = TLSV1_2_ENC_FLAGS,
 };
 
@@ -434,7 +420,6 @@ static const SSL_METHOD TLSv1_2_client_method_data = {
 	.ssl_pending = ssl3_pending,
 	.ssl_read_bytes = ssl3_read_bytes,
 	.ssl_write_bytes = ssl3_write_bytes,
-	.get_cipher = ssl3_get_cipher,
 	.enc_flags = TLSV1_2_ENC_FLAGS,
 };