Sort cipher-list at runtime.

Reduces #ifdef complexity.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

ssl/ssl_ciph.c

@@ -488,7 +488,9 @@ void ssl_load_ciphers(void)
 {
     size_t i;
     const ssl_cipher_table *t;
+
     disabled_enc_mask = 0;
+    ssl_sort_cipher_list();
     for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) {
         if (t->nid == NID_undef) {
             ssl_cipher_methods[i] = NULL;

ssl/ssl_locl.h

@@ -1949,6 +1949,7 @@ __owur int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
 void ssl_set_masks(SSL *s);
 __owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 __owur int ssl_verify_alarm_type(long type);
+void ssl_sort_cipher_list(void);
 void ssl_load_ciphers(void);
 __owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
 __owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,

test/ssltest.c

@@ -1057,7 +1057,6 @@ int main(int argc, char *argv[])
 #endif
     int no_protocol;
     int min_version = 0, max_version = 0;
-
 #ifndef OPENSSL_NO_CT
     /*
      * Disable CT validation by default, because it will interfere with
@@ -1065,7 +1064,6 @@ int main(int argc, char *argv[])
      */
     ct_validation_cb ct_validation = NULL;
 #endif
-
     SSL_CONF_CTX *s_cctx = NULL, *c_cctx = NULL, *s_cctx2 = NULL;
     STACK_OF(OPENSSL_STRING) *conf_args = NULL;
     char *arg = NULL, *argn = NULL;
@@ -3569,6 +3567,7 @@ static int do_test_cipherlist(void)
      * call functions, thus avoiding auto-init
      */
     OPENSSL_init_crypto(0, NULL);
+    OPENSSL_init_ssl(0, NULL);
 
     meth = TLS_method();
     tci = NULL;