From 4082fea81c150e9f2643819148d275e500f309a3 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 19 Dec 2013 13:57:49 -0500
Subject: [PATCH] use SSL_kECDHE throughout instead of SSL_kEECDH
ECDHE is the standard term used by the RFCs and by other TLS
implementations. It's useful to have the internal variables use the
standard terminology.
This patch leaves a synonym SSL_kEECDH in place, though, so that older
code can still be built against it, since that has been the
traditional API. SSL_kEECDH should probably be deprecated at some
point, though.
---
ssl/d1_srvr.c | 2 +-
ssl/s3_clnt.c | 4 ++--
ssl/s3_lib.c | 52 +++++++++++++++++++++++++-------------------------
ssl/s3_srvr.c | 12 ++++++------
ssl/ssl_ciph.c | 26 ++++++++++++-------------
ssl/ssl_lib.c | 4 ++--
ssl/ssl_locl.h | 3 ++-
ssl/t1_lib.c | 6 +++---
ssl/t1_trce.c | 8 ++++----
9 files changed, 59 insertions(+), 58 deletions(-)
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index c69d44b839..267b8caee3 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -492,7 +492,7 @@ int dtls1_accept(SSL *s)
|| ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
#endif
|| (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- || (alg_k & SSL_kEECDH)
+ || (alg_k & SSL_kECDHE)
|| ((alg_k & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
|| (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index bf1ef47766..0054e7f25d 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1734,7 +1734,7 @@ int ssl3_get_key_exchange(SSL *s)
#endif /* !OPENSSL_NO_DH */
#ifndef OPENSSL_NO_ECDH
- else if (alg_k & SSL_kEECDH)
+ else if (alg_k & SSL_kECDHE)
{
EC_GROUP *ngroup;
const EC_GROUP *group;
@@ -2685,7 +2685,7 @@ int ssl3_send_client_key_exchange(SSL *s)
#endif
#ifndef OPENSSL_NO_ECDH
- else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
+ else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe))
{
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 71143040ff..f68aeba24c 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2114,7 +2114,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_eNULL,
SSL_SHA1,
@@ -2130,7 +2130,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_RC4,
SSL_SHA1,
@@ -2146,7 +2146,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_3DES,
SSL_SHA1,
@@ -2162,7 +2162,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES128,
SSL_SHA1,
@@ -2178,7 +2178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES256,
SSL_SHA1,
@@ -2274,7 +2274,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_eNULL,
SSL_SHA1,
@@ -2290,7 +2290,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_RC4,
SSL_SHA1,
@@ -2306,7 +2306,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
@@ -2322,7 +2322,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
@@ -2338,7 +2338,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
@@ -2354,7 +2354,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
TLS1_CK_ECDH_anon_WITH_NULL_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aNULL,
SSL_eNULL,
SSL_SHA1,
@@ -2370,7 +2370,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aNULL,
SSL_RC4,
SSL_SHA1,
@@ -2386,7 +2386,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aNULL,
SSL_3DES,
SSL_SHA1,
@@ -2402,7 +2402,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aNULL,
SSL_AES128,
SSL_SHA1,
@@ -2418,7 +2418,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aNULL,
SSL_AES256,
SSL_SHA1,
@@ -2584,7 +2584,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES128,
SSL_SHA256,
@@ -2600,7 +2600,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES256,
SSL_SHA384,
@@ -2648,7 +2648,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES128,
SSL_SHA256,
@@ -2664,7 +2664,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES256,
SSL_SHA384,
@@ -2714,7 +2714,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES128GCM,
SSL_AEAD,
@@ -2730,7 +2730,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aECDSA,
SSL_AES256GCM,
SSL_AEAD,
@@ -2778,7 +2778,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES128GCM,
SSL_AEAD,
@@ -2794,7 +2794,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kEECDH,
+ SSL_kECDHE,
SSL_aRSA,
SSL_AES256GCM,
SSL_AEAD,
@@ -4161,7 +4161,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#ifndef OPENSSL_NO_EC
/* if we are considering an ECC cipher suite that uses
* an ephemeral EC key check it */
- if (alg_k & SSL_kEECDH)
+ if (alg_k & SSL_kECDHE)
ok = ok && tls1_check_ec_tmp_key(s, c->id);
#endif /* OPENSSL_NO_EC */
#endif /* OPENSSL_NO_TLSEXT */
@@ -4171,7 +4171,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
if (ii >= 0)
{
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
- if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
+ if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
{
if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
continue;
@@ -4285,7 +4285,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
#ifndef OPENSSL_NO_ECDSA
/* ECDSA certs can be used with RSA cipher suites as well
- * so we don't need to check for SSL_kECDH or SSL_kEECDH
+ * so we don't need to check for SSL_kECDH or SSL_kECDHE
*/
if (s->version >= TLS1_VERSION)
{
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 41a5ba5503..4630374a6c 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -494,7 +494,7 @@ int ssl3_accept(SSL *s)
|| (alg_k & SSL_kSRP)
#endif
|| (alg_k & SSL_kEDH)
- || (alg_k & SSL_kEECDH)
+ || (alg_k & SSL_kECDHE)
|| ((alg_k & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
|| (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
@@ -1414,7 +1414,7 @@ int ssl3_get_client_hello(SSL *s)
/* check whether we should disable session resumption */
if (s->not_resumable_session_cb != NULL)
s->session->not_resumable=s->not_resumable_session_cb(s,
- ((c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)) != 0));
+ ((c->algorithm_mkey & (SSL_kEDH | SSL_kECDHE)) != 0));
if (s->session->not_resumable)
/* do not send a session ticket */
s->tlsext_ticket_expected = 0;
@@ -1719,7 +1719,7 @@ int ssl3_send_server_key_exchange(SSL *s)
else
#endif
#ifndef OPENSSL_NO_ECDH
- if (type & SSL_kEECDH)
+ if (type & SSL_kECDHE)
{
const EC_GROUP *group;
@@ -1935,7 +1935,7 @@ int ssl3_send_server_key_exchange(SSL *s)
}
#ifndef OPENSSL_NO_ECDH
- if (type & SSL_kEECDH)
+ if (type & SSL_kECDHE)
{
/* XXX: For now, we only support named (not generic) curves.
* In this situation, the serverKeyExchange message has:
@@ -2638,7 +2638,7 @@ int ssl3_get_client_key_exchange(SSL *s)
#endif /* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_ECDH
- if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
+ if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe))
{
int ret = 1;
int field_size = 0;
@@ -2691,7 +2691,7 @@ int ssl3_get_client_key_exchange(SSL *s)
{
/* Client Publickey was in Client Certificate */
- if (alg_k & SSL_kEECDH)
+ if (alg_k & SSL_kECDHE)
{
al=SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index b285a612c6..60b1456eb2 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -230,7 +230,7 @@ static const SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},
/* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
- {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
+ {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kECDHE,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
/* key exchange aliases
* (some of those using only a single bit here combine
@@ -249,9 +249,9 @@ static const SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
- {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
- {0,SSL_TXT_kECDHE,0, SSL_kEECDH,0,0,0,0,0,0,0,0},
- {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_kEECDH,0, SSL_kECDHE,0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_kECDHE,0, SSL_kECDHE,0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0},
{0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0},
@@ -274,13 +274,13 @@ static const SSL_CIPHER cipher_aliases[]={
/* aliases combining key exchange and server authentication */
{0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
- {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
- {0,SSL_TXT_ECDHE,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
+ {0,SSL_TXT_EECDH,0, SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
+ {0,SSL_TXT_ECDHE,0, SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
{0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
{0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
{0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
- {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
+ {0,SSL_TXT_AECDH,0, SSL_kECDHE,SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
{0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0},
@@ -1477,8 +1477,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
/* Now arrange all ciphers by preference: */
/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
- ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
- ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
/* AES is our preferred symmetric cipher */
ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
@@ -1668,7 +1668,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_kECDHe:
kx="ECDH/ECDSA";
break;
- case SSL_kEECDH:
+ case SSL_kECDHE:
kx="ECDH";
break;
case SSL_kPSK:
@@ -1939,13 +1939,13 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
if (alg_k & (SSL_kECDHr|SSL_kECDHe))
{
- /* we don't need to look at SSL_kEECDH
+ /* we don't need to look at SSL_kECDHE
* since no certificate is needed for
* anon ECDH and for authenticated
- * EECDH, the check for the auth
+ * ECDHE, the check for the auth
* algorithm will set i correctly
* NOTE: For ECDH-RSA, we need an ECC
- * not an RSA cert but for EECDH-RSA
+ * not an RSA cert but for ECDHE-RSA
* we need an RSA cert. Placing the
* checks for SSL_kECDH before RSA
* checks ensures the correct cert is chosen.
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index fe795a1a55..8f0eb15443 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2522,8 +2522,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
#ifndef OPENSSL_NO_ECDH
if (have_ecdh_tmp)
{
- mask_k|=SSL_kEECDH;
- emask_k|=SSL_kEECDH;
+ mask_k|=SSL_kECDHE;
+ emask_k|=SSL_kECDHE;
}
#endif
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 51e8891c51..d9f378fd9e 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -295,7 +295,8 @@
#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */
#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
-#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */
+#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
+#define SSL_kEECDH SSL_kECDHE /* synonym */
#define SSL_kPSK 0x00000100L /* PSK */
#define SSL_kGOST 0x00000200L /* GOST key exchange */
#define SSL_kSRP 0x00000400L /* SRP */
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e21b8a2f03..628aee2f34 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1108,7 +1108,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
- if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)
+ if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)
|| (alg_a & SSL_aECDSA)))
{
using_ecc = 1;
@@ -1519,7 +1519,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
#ifndef OPENSSL_NO_EC
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
- int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
+ int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
#endif
/* don't add extensions for SSLv3, unless doing secure renegotiation */
@@ -3137,7 +3137,7 @@ int ssl_check_serverhello_tlsext(SSL *s)
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) &&
(s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) &&
- ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
+ ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
{
/* we are using an ECC cipher */
size_t i;
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index 751e0fff5c..4552c99ede 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -815,10 +815,10 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
*pname = "edh";
return SSL_kEDH;
}
- if (alg_k & SSL_kEECDH)
+ if (alg_k & SSL_kECDHE)
{
*pname = "ECDHE";
- return SSL_kEECDH;
+ return SSL_kECDHE;
}
if (alg_k & SSL_kECDHr)
{
@@ -899,7 +899,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
BIO_puts(bio, "implicit\n");
break;
}
- case SSL_kEECDH:
+ case SSL_kECDHE:
if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1,
&msg, &msglen))
return 0;
@@ -950,7 +950,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
return 0;
break;
- case SSL_kEECDH:
+ case SSL_kECDHE:
if (msglen < 1)
return 0;
BIO_indent(bio, indent + 2, 80);
--
2.25.1