use SSL_kECDHE throughout instead of SSL_kEECDH
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Thu, 19 Dec 2013 18:57:49 +0000 (13:57 -0500)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 9 Jan 2014 15:43:27 +0000 (15:43 +0000)
ECDHE is the standard term used by the RFCs and by other TLS
implementations.  It's useful to have the internal variables use the
standard terminology.

This patch leaves a synonym SSL_kEECDH in place, though, so that older
code can still be built against it, since that has been the
traditional API.  SSL_kEECDH should probably be deprecated at some
point, though.

ssl/d1_srvr.c
ssl/s3_clnt.c
ssl/s3_lib.c
ssl/s3_srvr.c
ssl/ssl_ciph.c
ssl/ssl_lib.c
ssl/ssl_locl.h
ssl/t1_lib.c
ssl/t1_trce.c

index c69d44b..267b8ca 100644 (file)
@@ -492,7 +492,7 @@ int dtls1_accept(SSL *s)
                            || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
                            || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-                           || (alg_k & SSL_kEECDH)
+                           || (alg_k & SSL_kECDHE)
                            || ((alg_k & SSL_kRSA)
                                && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
                                    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
index bf1ef47..0054e7f 100644 (file)
@@ -1734,7 +1734,7 @@ int ssl3_get_key_exchange(SSL *s)
 #endif /* !OPENSSL_NO_DH */
 
 #ifndef OPENSSL_NO_ECDH
-       else if (alg_k & SSL_kEECDH)
+       else if (alg_k & SSL_kECDHE)
                {
                EC_GROUP *ngroup;
                const EC_GROUP *group;
@@ -2685,7 +2685,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 #endif
 
 #ifndef OPENSSL_NO_ECDH 
-               else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
+               else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe))
                        {
                        const EC_GROUP *srvr_group = NULL;
                        EC_KEY *tkey;
index 7114304..f68aeba 100644 (file)
@@ -2114,7 +2114,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
        TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aECDSA,
        SSL_eNULL,
        SSL_SHA1,
@@ -2130,7 +2130,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
        TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aECDSA,
        SSL_RC4,
        SSL_SHA1,
@@ -2146,7 +2146,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
        TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aECDSA,
        SSL_3DES,
        SSL_SHA1,
@@ -2162,7 +2162,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
        TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aECDSA,
        SSL_AES128,
        SSL_SHA1,
@@ -2178,7 +2178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
        TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aECDSA,
        SSL_AES256,
        SSL_SHA1,
@@ -2274,7 +2274,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
        TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aRSA,
        SSL_eNULL,
        SSL_SHA1,
@@ -2290,7 +2290,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
        TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aRSA,
        SSL_RC4,
        SSL_SHA1,
@@ -2306,7 +2306,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
        TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aRSA,
        SSL_3DES,
        SSL_SHA1,
@@ -2322,7 +2322,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
        TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aRSA,
        SSL_AES128,
        SSL_SHA1,
@@ -2338,7 +2338,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
        TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aRSA,
        SSL_AES256,
        SSL_SHA1,
@@ -2354,7 +2354,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
        TLS1_CK_ECDH_anon_WITH_NULL_SHA,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aNULL,
        SSL_eNULL,
        SSL_SHA1,
@@ -2370,7 +2370,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
        TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aNULL,
        SSL_RC4,
        SSL_SHA1,
@@ -2386,7 +2386,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
        TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aNULL,
        SSL_3DES,
        SSL_SHA1,
@@ -2402,7 +2402,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
        TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aNULL,
        SSL_AES128,
        SSL_SHA1,
@@ -2418,7 +2418,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
        TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aNULL,
        SSL_AES256,
        SSL_SHA1,
@@ -2584,7 +2584,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
        TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aECDSA,
        SSL_AES128,
        SSL_SHA256,
@@ -2600,7 +2600,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
        TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aECDSA,
        SSL_AES256,
        SSL_SHA384,
@@ -2648,7 +2648,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
        TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aRSA,
        SSL_AES128,
        SSL_SHA256,
@@ -2664,7 +2664,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
        TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aRSA,
        SSL_AES256,
        SSL_SHA384,
@@ -2714,7 +2714,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
        TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aECDSA,
        SSL_AES128GCM,
        SSL_AEAD,
@@ -2730,7 +2730,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
        TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aECDSA,
        SSL_AES256GCM,
        SSL_AEAD,
@@ -2778,7 +2778,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
        TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aRSA,
        SSL_AES128GCM,
        SSL_AEAD,
@@ -2794,7 +2794,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
        TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-       SSL_kEECDH,
+       SSL_kECDHE,
        SSL_aRSA,
        SSL_AES256GCM,
        SSL_AEAD,
@@ -4161,7 +4161,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 #ifndef OPENSSL_NO_EC
                /* if we are considering an ECC cipher suite that uses
                 * an ephemeral EC key check it */
-               if (alg_k & SSL_kEECDH)
+               if (alg_k & SSL_kECDHE)
                        ok = ok && tls1_check_ec_tmp_key(s, c->id);
 #endif /* OPENSSL_NO_EC */
 #endif /* OPENSSL_NO_TLSEXT */
@@ -4171,7 +4171,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
                if (ii >= 0)
                        {
 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
-                       if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
+                       if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
                                {
                                if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
                                continue;
@@ -4285,7 +4285,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 
 #ifndef OPENSSL_NO_ECDSA
        /* ECDSA certs can be used with RSA cipher suites as well 
-        * so we don't need to check for SSL_kECDH or SSL_kEECDH
+        * so we don't need to check for SSL_kECDH or SSL_kECDHE
         */
        if (s->version >= TLS1_VERSION)
                {
index 41a5ba5..4630374 100644 (file)
@@ -494,7 +494,7 @@ int ssl3_accept(SSL *s)
                            || (alg_k & SSL_kSRP)
 #endif
                            || (alg_k & SSL_kEDH)
-                           || (alg_k & SSL_kEECDH)
+                           || (alg_k & SSL_kECDHE)
                            || ((alg_k & SSL_kRSA)
                                && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
                                    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
@@ -1414,7 +1414,7 @@ int ssl3_get_client_hello(SSL *s)
                /* check whether we should disable session resumption */
                if (s->not_resumable_session_cb != NULL)
                        s->session->not_resumable=s->not_resumable_session_cb(s,
-                               ((c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)) != 0));
+                               ((c->algorithm_mkey & (SSL_kEDH | SSL_kECDHE)) != 0));
                if (s->session->not_resumable)
                        /* do not send a session ticket */
                        s->tlsext_ticket_expected = 0;
@@ -1719,7 +1719,7 @@ int ssl3_send_server_key_exchange(SSL *s)
                else 
 #endif
 #ifndef OPENSSL_NO_ECDH
-                       if (type & SSL_kEECDH)
+                       if (type & SSL_kECDHE)
                        {
                        const EC_GROUP *group;
 
@@ -1935,7 +1935,7 @@ int ssl3_send_server_key_exchange(SSL *s)
                        }
 
 #ifndef OPENSSL_NO_ECDH
-               if (type & SSL_kEECDH
+               if (type & SSL_kECDHE
                        {
                        /* XXX: For now, we only support named (not generic) curves.
                         * In this situation, the serverKeyExchange message has:
@@ -2638,7 +2638,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 #endif /* OPENSSL_NO_KRB5 */
 
 #ifndef OPENSSL_NO_ECDH
-               if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
+               if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe))
                {
                int ret = 1;
                int field_size = 0;
@@ -2691,7 +2691,7 @@ int ssl3_get_client_key_exchange(SSL *s)
                        {
                        /* Client Publickey was in Client Certificate */
 
-                        if (alg_k & SSL_kEECDH)
+                        if (alg_k & SSL_kECDHE)
                                 {
                                 al=SSL_AD_HANDSHAKE_FAILURE;
                                 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);
index b285a61..60b1456 100644 (file)
@@ -230,7 +230,7 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_CMPALL,0,  0,0,SSL_eNULL,0,0,0,0,0,0},
 
        /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
-       {0,SSL_TXT_CMPDEF,0,  SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
+       {0,SSL_TXT_CMPDEF,0,  SSL_kEDH|SSL_kECDHE,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
 
        /* key exchange aliases
         * (some of those using only a single bit here combine
@@ -249,9 +249,9 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_kECDHr,0,  SSL_kECDHr,0,0,0,0,0,0,0,0},
        {0,SSL_TXT_kECDHe,0,  SSL_kECDHe,0,0,0,0,0,0,0,0},
        {0,SSL_TXT_kECDH,0,   SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
-       {0,SSL_TXT_kEECDH,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},
-       {0,SSL_TXT_kECDHE,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},
-       {0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_kEECDH,0,  SSL_kECDHE,0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_kECDHE,0,  SSL_kECDHE,0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,0,0,0,0,0,0,0,0},
 
         {0,SSL_TXT_kPSK,0,    SSL_kPSK,  0,0,0,0,0,0,0,0},
        {0,SSL_TXT_kSRP,0,    SSL_kSRP,  0,0,0,0,0,0,0,0},
@@ -274,13 +274,13 @@ static const SSL_CIPHER cipher_aliases[]={
 
        /* aliases combining key exchange and server authentication */
        {0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
-       {0,SSL_TXT_EECDH,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
-       {0,SSL_TXT_ECDHE,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
+       {0,SSL_TXT_EECDH,0,   SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
+       {0,SSL_TXT_ECDHE,0,   SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
        {0,SSL_TXT_NULL,0,    0,0,SSL_eNULL, 0,0,0,0,0,0},
        {0,SSL_TXT_KRB5,0,    SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
        {0,SSL_TXT_RSA,0,     SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
        {0,SSL_TXT_ADH,0,     SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
-       {0,SSL_TXT_AECDH,0,   SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
+       {0,SSL_TXT_AECDH,0,   SSL_kECDHE,SSL_aNULL,0,0,0,0,0,0,0},
         {0,SSL_TXT_PSK,0,     SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
        {0,SSL_TXT_SRP,0,     SSL_kSRP,0,0,0,0,0,0,0,0},
 
@@ -1477,8 +1477,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        /* Now arrange all ciphers by preference: */
 
        /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
-       ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
-       ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+       ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+       ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
 
        /* AES is our preferred symmetric cipher */
        ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
@@ -1668,7 +1668,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_kECDHe:
                kx="ECDH/ECDSA";
                break;
-       case SSL_kEECDH:
+       case SSL_kECDHE:
                kx="ECDH";
                break;
        case SSL_kPSK:
@@ -1939,13 +1939,13 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
 
        if (alg_k & (SSL_kECDHr|SSL_kECDHe))
                {
-               /* we don't need to look at SSL_kEECDH
+               /* we don't need to look at SSL_kECDHE
                 * since no certificate is needed for
                 * anon ECDH and for authenticated
-                * EECDH, the check for the auth
+                * ECDHE, the check for the auth
                 * algorithm will set i correctly
                 * NOTE: For ECDH-RSA, we need an ECC
-                * not an RSA cert but for EECDH-RSA
+                * not an RSA cert but for ECDHE-RSA
                 * we need an RSA cert. Placing the
                 * checks for SSL_kECDH before RSA
                 * checks ensures the correct cert is chosen.
index fe795a1..8f0eb15 100644 (file)
@@ -2522,8 +2522,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 #ifndef OPENSSL_NO_ECDH
        if (have_ecdh_tmp)
                {
-               mask_k|=SSL_kEECDH;
-               emask_k|=SSL_kEECDH;
+               mask_k|=SSL_kECDHE;
+               emask_k|=SSL_kECDHE;
                }
 #endif
 
index 51e8891..d9f378f 100644 (file)
 #define SSL_kKRB5              0x00000010L /* Kerberos5 key exchange */
 #define SSL_kECDHr             0x00000020L /* ECDH cert, RSA CA cert */
 #define SSL_kECDHe             0x00000040L /* ECDH cert, ECDSA CA cert */
-#define SSL_kEECDH             0x00000080L /* ephemeral ECDH */
+#define SSL_kECDHE             0x00000080L /* ephemeral ECDH */
+#define SSL_kEECDH             SSL_kECDHE  /* synonym */
 #define SSL_kPSK               0x00000100L /* PSK */
 #define SSL_kGOST       0x00000200L /* GOST key exchange */
 #define SSL_kSRP        0x00000400L /* SRP */
index e21b8a2..628aee2 100644 (file)
@@ -1108,7 +1108,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 
                        alg_k = c->algorithm_mkey;
                        alg_a = c->algorithm_auth;
-                       if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)
+                       if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)
                                || (alg_a & SSL_aECDSA)))
                                {
                                using_ecc = 1;
@@ -1519,7 +1519,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 #ifndef OPENSSL_NO_EC
        unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
        unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-       int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
+       int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
        using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
 #endif
        /* don't add extensions for SSLv3, unless doing secure renegotiation */
@@ -3137,7 +3137,7 @@ int ssl_check_serverhello_tlsext(SSL *s)
        unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
        if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && 
            (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && 
-           ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
+           ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
                {
                /* we are using an ECC cipher */
                size_t i;
index 751e0ff..4552c99 100644 (file)
@@ -815,10 +815,10 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
                *pname = "edh";
                return SSL_kEDH;
                }
-       if (alg_k & SSL_kEECDH)
+       if (alg_k & SSL_kECDHE)
                {
                *pname = "ECDHE";
-               return SSL_kEECDH;
+               return SSL_kECDHE;
                }
        if (alg_k & SSL_kECDHr)
                {
@@ -899,7 +899,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
                        BIO_puts(bio, "implicit\n");
                        break;
                        }
-       case SSL_kEECDH:
+       case SSL_kECDHE:
                if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1,
                                                        &msg, &msglen))
                        return 0;
@@ -950,7 +950,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
                        return 0;
                break;
 
-       case SSL_kEECDH:
+       case SSL_kECDHE:
                if (msglen < 1)
                        return 0;
                BIO_indent(bio, indent + 2, 80);