Allow "ECDHE" as a synonym of "EECDH" when specifiying ciphers

The standard terminology in https://tools.ietf.org/html/rfc4492 is
ECDHE.  "openssl ciphers" outputs ECDHE.  But users of the library
currently cannot specify ECDHE, they must specify EECDH.

This change allows users to specify the common term in cipher suite
strings without breaking backward compatibility.

diff --git a/ssl/ssl.h b/ssl/ssl.h
index 2eccca29e0c22a649bf02633a095409d19b152e0..1c8309eef78a3b75a8506cb6d49c0e07a99b1357 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -249,7 +249,8 @@ extern "C" {
 #define SSL_TXT_kECDHr         "kECDHr"
 #define SSL_TXT_kECDHe         "kECDHe"
 #define SSL_TXT_kECDH          "kECDH"
 #define SSL_TXT_kECDHr         "kECDHr"
 #define SSL_TXT_kECDHe         "kECDHe"
 #define SSL_TXT_kECDH          "kECDH"

-#define SSL_TXT_kEECDH         "kEECDH"
+#define SSL_TXT_kEECDH         "kEECDH" /* alias for kECDHE */
+#define SSL_TXT_kECDHE         "kECDHE"

 #define SSL_TXT_kPSK            "kPSK"
 #define SSL_TXT_kGOST          "kGOST"
 #define SSL_TXT_kSRP           "kSRP"
 #define SSL_TXT_kPSK            "kPSK"
 #define SSL_TXT_kGOST          "kGOST"
 #define SSL_TXT_kSRP           "kSRP"


@@ -271,7 +272,8 @@ extern "C" {
 #define SSL_TXT_ADH            "ADH"
 #define SSL_TXT_RSA            "RSA"
 #define SSL_TXT_ECDH           "ECDH"
 #define SSL_TXT_ADH            "ADH"
 #define SSL_TXT_RSA            "RSA"
 #define SSL_TXT_ECDH           "ECDH"

-#define SSL_TXT_EECDH          "EECDH" /* same as "kEECDH:-AECDH" */
+#define SSL_TXT_EECDH          "EECDH" /* alias for ECDHE" */
+#define SSL_TXT_ECDHE          "ECDHE" /* same as "kECDHE:-AECDH" */

 #define SSL_TXT_AECDH          "AECDH"
 #define SSL_TXT_ECDSA          "ECDSA"
 #define SSL_TXT_KRB5           "KRB5"
 #define SSL_TXT_AECDH          "AECDH"
 #define SSL_TXT_ECDSA          "ECDSA"
 #define SSL_TXT_KRB5           "KRB5"

diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index a5c417a9ed55ac713ffec5144e7f23087095d6e8..b285a612c675c8fd27a5dec4c40e22f5291ebbd3 100644 (file)
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -250,6 +250,7 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_kECDHe,0,  SSL_kECDHe,0,0,0,0,0,0,0,0},
        {0,SSL_TXT_kECDH,0,   SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
        {0,SSL_TXT_kEECDH,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},
        {0,SSL_TXT_kECDHe,0,  SSL_kECDHe,0,0,0,0,0,0,0,0},
        {0,SSL_TXT_kECDH,0,   SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
        {0,SSL_TXT_kEECDH,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},

+       {0,SSL_TXT_kECDHE,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},

        {0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
 
         {0,SSL_TXT_kPSK,0,    SSL_kPSK,  0,0,0,0,0,0,0,0},
        {0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
 
         {0,SSL_TXT_kPSK,0,    SSL_kPSK,  0,0,0,0,0,0,0,0},


@@ -274,6 +275,7 @@ static const SSL_CIPHER cipher_aliases[]={
        /* aliases combining key exchange and server authentication */
        {0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
        {0,SSL_TXT_EECDH,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
        /* aliases combining key exchange and server authentication */
        {0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
        {0,SSL_TXT_EECDH,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},

+       {0,SSL_TXT_ECDHE,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},

        {0,SSL_TXT_NULL,0,    0,0,SSL_eNULL, 0,0,0,0,0,0},
        {0,SSL_TXT_KRB5,0,    SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
        {0,SSL_TXT_RSA,0,     SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
        {0,SSL_TXT_NULL,0,    0,0,SSL_eNULL, 0,0,0,0,0,0},
        {0,SSL_TXT_KRB5,0,    SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
        {0,SSL_TXT_RSA,0,     SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},