From 4082fea81c150e9f2643819148d275e500f309a3 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 19 Dec 2013 13:57:49 -0500 Subject: [PATCH] use SSL_kECDHE throughout instead of SSL_kEECDH ECDHE is the standard term used by the RFCs and by other TLS implementations. It's useful to have the internal variables use the standard terminology. This patch leaves a synonym SSL_kEECDH in place, though, so that older code can still be built against it, since that has been the traditional API. SSL_kEECDH should probably be deprecated at some point, though. --- ssl/d1_srvr.c | 2 +- ssl/s3_clnt.c | 4 ++-- ssl/s3_lib.c | 52 +++++++++++++++++++++++++------------------------- ssl/s3_srvr.c | 12 ++++++------ ssl/ssl_ciph.c | 26 ++++++++++++------------- ssl/ssl_lib.c | 4 ++-- ssl/ssl_locl.h | 3 ++- ssl/t1_lib.c | 6 +++--- ssl/t1_trce.c | 8 ++++---- 9 files changed, 59 insertions(+), 58 deletions(-) diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c index c69d44b839..267b8caee3 100644 --- a/ssl/d1_srvr.c +++ b/ssl/d1_srvr.c @@ -492,7 +492,7 @@ int dtls1_accept(SSL *s) || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint) #endif || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) - || (alg_k & SSL_kEECDH) + || (alg_k & SSL_kECDHE) || ((alg_k & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c index bf1ef47766..0054e7f25d 100644 --- a/ssl/s3_clnt.c +++ b/ssl/s3_clnt.c @@ -1734,7 +1734,7 @@ int ssl3_get_key_exchange(SSL *s) #endif /* !OPENSSL_NO_DH */ #ifndef OPENSSL_NO_ECDH - else if (alg_k & SSL_kEECDH) + else if (alg_k & SSL_kECDHE) { EC_GROUP *ngroup; const EC_GROUP *group; @@ -2685,7 +2685,7 @@ int ssl3_send_client_key_exchange(SSL *s) #endif #ifndef OPENSSL_NO_ECDH - else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) + else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { const EC_GROUP *srvr_group = NULL; EC_KEY *tkey; diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index 71143040ff..f68aeba24c 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2114,7 +2114,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA, TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_eNULL, SSL_SHA1, @@ -2130,7 +2130,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_RC4, SSL_SHA1, @@ -2146,7 +2146,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_3DES, SSL_SHA1, @@ -2162,7 +2162,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_AES128, SSL_SHA1, @@ -2178,7 +2178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_AES256, SSL_SHA1, @@ -2274,7 +2274,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA, TLS1_CK_ECDHE_RSA_WITH_NULL_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_eNULL, SSL_SHA1, @@ -2290,7 +2290,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1, @@ -2306,7 +2306,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, @@ -2322,7 +2322,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, @@ -2338,7 +2338,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, @@ -2354,7 +2354,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_anon_WITH_NULL_SHA, TLS1_CK_ECDH_anon_WITH_NULL_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aNULL, SSL_eNULL, SSL_SHA1, @@ -2370,7 +2370,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, TLS1_CK_ECDH_anon_WITH_RC4_128_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aNULL, SSL_RC4, SSL_SHA1, @@ -2386,7 +2386,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA, TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aNULL, SSL_3DES, SSL_SHA1, @@ -2402,7 +2402,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA, TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aNULL, SSL_AES128, SSL_SHA1, @@ -2418,7 +2418,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA, TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, - SSL_kEECDH, + SSL_kECDHE, SSL_aNULL, SSL_AES256, SSL_SHA1, @@ -2584,7 +2584,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_AES128, SSL_SHA256, @@ -2600,7 +2600,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_AES256, SSL_SHA384, @@ -2648,7 +2648,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256, TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_AES128, SSL_SHA256, @@ -2664,7 +2664,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384, TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_AES256, SSL_SHA384, @@ -2714,7 +2714,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_AES128GCM, SSL_AEAD, @@ -2730,7 +2730,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - SSL_kEECDH, + SSL_kECDHE, SSL_aECDSA, SSL_AES256GCM, SSL_AEAD, @@ -2778,7 +2778,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_AES128GCM, SSL_AEAD, @@ -2794,7 +2794,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ 1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - SSL_kEECDH, + SSL_kECDHE, SSL_aRSA, SSL_AES256GCM, SSL_AEAD, @@ -4161,7 +4161,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, #ifndef OPENSSL_NO_EC /* if we are considering an ECC cipher suite that uses * an ephemeral EC key check it */ - if (alg_k & SSL_kEECDH) + if (alg_k & SSL_kECDHE) ok = ok && tls1_check_ec_tmp_key(s, c->id); #endif /* OPENSSL_NO_EC */ #endif /* OPENSSL_NO_TLSEXT */ @@ -4171,7 +4171,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, if (ii >= 0) { #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT) - if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) + if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { if (!ret) ret=sk_SSL_CIPHER_value(allow,ii); continue; @@ -4285,7 +4285,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p) #ifndef OPENSSL_NO_ECDSA /* ECDSA certs can be used with RSA cipher suites as well - * so we don't need to check for SSL_kECDH or SSL_kEECDH + * so we don't need to check for SSL_kECDH or SSL_kECDHE */ if (s->version >= TLS1_VERSION) { diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c index 41a5ba5503..4630374a6c 100644 --- a/ssl/s3_srvr.c +++ b/ssl/s3_srvr.c @@ -494,7 +494,7 @@ int ssl3_accept(SSL *s) || (alg_k & SSL_kSRP) #endif || (alg_k & SSL_kEDH) - || (alg_k & SSL_kEECDH) + || (alg_k & SSL_kECDHE) || ((alg_k & SSL_kRSA) && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) @@ -1414,7 +1414,7 @@ int ssl3_get_client_hello(SSL *s) /* check whether we should disable session resumption */ if (s->not_resumable_session_cb != NULL) s->session->not_resumable=s->not_resumable_session_cb(s, - ((c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)) != 0)); + ((c->algorithm_mkey & (SSL_kEDH | SSL_kECDHE)) != 0)); if (s->session->not_resumable) /* do not send a session ticket */ s->tlsext_ticket_expected = 0; @@ -1719,7 +1719,7 @@ int ssl3_send_server_key_exchange(SSL *s) else #endif #ifndef OPENSSL_NO_ECDH - if (type & SSL_kEECDH) + if (type & SSL_kECDHE) { const EC_GROUP *group; @@ -1935,7 +1935,7 @@ int ssl3_send_server_key_exchange(SSL *s) } #ifndef OPENSSL_NO_ECDH - if (type & SSL_kEECDH) + if (type & SSL_kECDHE) { /* XXX: For now, we only support named (not generic) curves. * In this situation, the serverKeyExchange message has: @@ -2638,7 +2638,7 @@ int ssl3_get_client_key_exchange(SSL *s) #endif /* OPENSSL_NO_KRB5 */ #ifndef OPENSSL_NO_ECDH - if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) + if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) { int ret = 1; int field_size = 0; @@ -2691,7 +2691,7 @@ int ssl3_get_client_key_exchange(SSL *s) { /* Client Publickey was in Client Certificate */ - if (alg_k & SSL_kEECDH) + if (alg_k & SSL_kECDHE) { al=SSL_AD_HANDSHAKE_FAILURE; SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY); diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index b285a612c6..60b1456eb2 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -230,7 +230,7 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0}, /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */ - {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0}, + {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kECDHE,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0}, /* key exchange aliases * (some of those using only a single bit here combine @@ -249,9 +249,9 @@ static const SSL_CIPHER cipher_aliases[]={ {0,SSL_TXT_kECDHr,0, SSL_kECDHr,0,0,0,0,0,0,0,0}, {0,SSL_TXT_kECDHe,0, SSL_kECDHe,0,0,0,0,0,0,0,0}, {0,SSL_TXT_kECDH,0, SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kEECDH,0, SSL_kEECDH,0,0,0,0,0,0,0,0}, - {0,SSL_TXT_kECDHE,0, SSL_kEECDH,0,0,0,0,0,0,0,0}, - {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0}, + {0,SSL_TXT_kEECDH,0, SSL_kECDHE,0,0,0,0,0,0,0,0}, + {0,SSL_TXT_kECDHE,0, SSL_kECDHE,0,0,0,0,0,0,0,0}, + {0,SSL_TXT_ECDH,0, SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,0,0,0,0,0,0,0,0}, {0,SSL_TXT_kPSK,0, SSL_kPSK, 0,0,0,0,0,0,0,0}, {0,SSL_TXT_kSRP,0, SSL_kSRP, 0,0,0,0,0,0,0,0}, @@ -274,13 +274,13 @@ static const SSL_CIPHER cipher_aliases[]={ /* aliases combining key exchange and server authentication */ {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0}, - {0,SSL_TXT_EECDH,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0}, - {0,SSL_TXT_ECDHE,0, SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0}, + {0,SSL_TXT_EECDH,0, SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0}, + {0,SSL_TXT_ECDHE,0, SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0}, {0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0}, {0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0}, {0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0}, {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0}, - {0,SSL_TXT_AECDH,0, SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0}, + {0,SSL_TXT_AECDH,0, SSL_kECDHE,SSL_aNULL,0,0,0,0,0,0,0}, {0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0}, {0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0}, @@ -1477,8 +1477,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, /* Now arrange all ciphers by preference: */ /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */ - ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); - ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); + ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); + ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); /* AES is our preferred symmetric cipher */ ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); @@ -1668,7 +1668,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len) case SSL_kECDHe: kx="ECDH/ECDSA"; break; - case SSL_kEECDH: + case SSL_kECDHE: kx="ECDH"; break; case SSL_kPSK: @@ -1939,13 +1939,13 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c) if (alg_k & (SSL_kECDHr|SSL_kECDHe)) { - /* we don't need to look at SSL_kEECDH + /* we don't need to look at SSL_kECDHE * since no certificate is needed for * anon ECDH and for authenticated - * EECDH, the check for the auth + * ECDHE, the check for the auth * algorithm will set i correctly * NOTE: For ECDH-RSA, we need an ECC - * not an RSA cert but for EECDH-RSA + * not an RSA cert but for ECDHE-RSA * we need an RSA cert. Placing the * checks for SSL_kECDH before RSA * checks ensures the correct cert is chosen. diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index fe795a1a55..8f0eb15443 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2522,8 +2522,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher) #ifndef OPENSSL_NO_ECDH if (have_ecdh_tmp) { - mask_k|=SSL_kEECDH; - emask_k|=SSL_kEECDH; + mask_k|=SSL_kECDHE; + emask_k|=SSL_kECDHE; } #endif diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h index 51e8891c51..d9f378fd9e 100644 --- a/ssl/ssl_locl.h +++ b/ssl/ssl_locl.h @@ -295,7 +295,8 @@ #define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */ #define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */ #define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */ -#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */ +#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */ +#define SSL_kEECDH SSL_kECDHE /* synonym */ #define SSL_kPSK 0x00000100L /* PSK */ #define SSL_kGOST 0x00000200L /* GOST key exchange */ #define SSL_kSRP 0x00000400L /* SRP */ diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index e21b8a2f03..628aee2f34 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1108,7 +1108,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha alg_k = c->algorithm_mkey; alg_a = c->algorithm_auth; - if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) + if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) || (alg_a & SSL_aECDSA))) { using_ecc = 1; @@ -1519,7 +1519,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha #ifndef OPENSSL_NO_EC unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey; unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; - int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); + int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA); using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL); #endif /* don't add extensions for SSLv3, unless doing secure renegotiation */ @@ -3137,7 +3137,7 @@ int ssl_check_serverhello_tlsext(SSL *s) unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth; if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && - ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) + ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) { /* we are using an ECC cipher */ size_t i; diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 751e0fff5c..4552c99ede 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -815,10 +815,10 @@ static int ssl_get_keyex(const char **pname, SSL *ssl) *pname = "edh"; return SSL_kEDH; } - if (alg_k & SSL_kEECDH) + if (alg_k & SSL_kECDHE) { *pname = "ECDHE"; - return SSL_kEECDH; + return SSL_kECDHE; } if (alg_k & SSL_kECDHr) { @@ -899,7 +899,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl, BIO_puts(bio, "implicit\n"); break; } - case SSL_kEECDH: + case SSL_kECDHE: if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1, &msg, &msglen)) return 0; @@ -950,7 +950,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl, return 0; break; - case SSL_kEECDH: + case SSL_kECDHE: if (msglen < 1) return 0; BIO_indent(bio, indent + 2, 80); -- 2.25.1