use SSL_kDHE throughout instead of SSL_kEDH
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Thu, 19 Dec 2013 20:11:15 +0000 (15:11 -0500)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 9 Jan 2014 15:43:28 +0000 (15:43 +0000)
DHE is the standard term used by the RFCs and by other TLS
implementations.  It's useful to have the internal variables use the
standard terminology.

This patch leaves a synonym SSL_kEDH in place, though, so that older
code can still be built against it, since that has been the
traditional API.  SSL_kEDH should probably be deprecated at some
point, though.

doc/apps/ciphers.pod
doc/ssleay.txt
ssl/d1_srvr.c
ssl/s3_clnt.c
ssl/s3_lib.c
ssl/s3_srvr.c
ssl/ssl_ciph.c
ssl/ssl_lib.c
ssl/ssl_locl.h
ssl/t1_trce.c

index c571830..03056eb 100644 (file)
@@ -179,7 +179,7 @@ attack and so their use is normally discouraged.
 
 cipher suites using RSA key exchange, authentication or either respectively.
 
-=item B<kEDH>
+=item B<kDHE>
 
 cipher suites using ephemeral DH key agreement.
 
index 868a4a6..8c0f3ac 100644 (file)
@@ -6026,7 +6026,7 @@ one at a time, or use 'aliases' to specify the preference and order for
 the ciphers.
 
 There are a large number of aliases, but the most importaint are
-kRSA, kDHr, kDHd and kEDH for key exchange types.
+kRSA, kDHr, kDHd and kDHE for key exchange types.
 
 aRSA, aDSS, aNULL and aDH for authentication
 DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers
index 267b8ca..7816bbb 100644 (file)
@@ -491,7 +491,7 @@ int dtls1_accept(SSL *s)
 #ifndef OPENSSL_NO_PSK
                            || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
-                           || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+                           || (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
                            || (alg_k & SSL_kECDHE)
                            || ((alg_k & SSL_kRSA)
                                && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
index 0054e7f..5f547bb 100644 (file)
@@ -1656,7 +1656,7 @@ int ssl3_get_key_exchange(SSL *s)
                ;
 #endif
 #ifndef OPENSSL_NO_DH
-       else if (alg_k & SSL_kEDH)
+       else if (alg_k & SSL_kDHE)
                {
                if ((dh=DH_new()) == NULL)
                        {
@@ -2581,7 +2581,7 @@ int ssl3_send_client_key_exchange(SSL *s)
                        }
 #endif
 #ifndef OPENSSL_NO_DH
-               else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+               else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
                        {
                        DH *dh_srvr,*dh_clnt;
                        SESS_CERT *scert = s->session->sess_cert;
@@ -3469,7 +3469,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
                }
 #endif
 #ifndef OPENSSL_NO_DH
-       if ((alg_k & SSL_kEDH) && 
+       if ((alg_k & SSL_kDHE) && 
                !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
                {
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
@@ -3506,7 +3506,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
                else
 #endif
 #ifndef OPENSSL_NO_DH
-                       if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+                       if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
                            {
                            if (dh == NULL
                                || DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
index f68aeba..ef7a5d7 100644 (file)
@@ -430,7 +430,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
        SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aDSS,
        SSL_DES,
        SSL_SHA1,
@@ -446,7 +446,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
        SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aDSS,
        SSL_DES,
        SSL_SHA1,
@@ -462,7 +462,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
        SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aDSS,
        SSL_3DES,
        SSL_SHA1,
@@ -478,7 +478,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
        SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aRSA,
        SSL_DES,
        SSL_SHA1,
@@ -494,7 +494,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
        SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aRSA,
        SSL_DES,
        SSL_SHA1,
@@ -510,7 +510,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
        SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aRSA,
        SSL_3DES,
        SSL_SHA1,
@@ -526,7 +526,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_ADH_RC4_40_MD5,
        SSL3_CK_ADH_RC4_40_MD5,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aNULL,
        SSL_RC4,
        SSL_MD5,
@@ -542,7 +542,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_ADH_RC4_128_MD5,
        SSL3_CK_ADH_RC4_128_MD5,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aNULL,
        SSL_RC4,
        SSL_MD5,
@@ -558,7 +558,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_ADH_DES_40_CBC_SHA,
        SSL3_CK_ADH_DES_40_CBC_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aNULL,
        SSL_DES,
        SSL_SHA1,
@@ -574,7 +574,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_ADH_DES_64_CBC_SHA,
        SSL3_CK_ADH_DES_64_CBC_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aNULL,
        SSL_DES,
        SSL_SHA1,
@@ -590,7 +590,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        SSL3_TXT_ADH_DES_192_CBC_SHA,
        SSL3_CK_ADH_DES_192_CBC_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aNULL,
        SSL_3DES,
        SSL_SHA1,
@@ -930,7 +930,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
        TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aDSS,
        SSL_AES128,
        SSL_SHA1,
@@ -945,7 +945,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
        TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aRSA,
        SSL_AES128,
        SSL_SHA1,
@@ -960,7 +960,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ADH_WITH_AES_128_SHA,
        TLS1_CK_ADH_WITH_AES_128_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aNULL,
        SSL_AES128,
        SSL_SHA1,
@@ -1023,7 +1023,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
        TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aDSS,
        SSL_AES256,
        SSL_SHA1,
@@ -1039,7 +1039,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
        TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aRSA,
        SSL_AES256,
        SSL_SHA1,
@@ -1055,7 +1055,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ADH_WITH_AES_256_SHA,
        TLS1_CK_ADH_WITH_AES_256_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aNULL,
        SSL_AES256,
        SSL_SHA1,
@@ -1152,7 +1152,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
        TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aDSS,
        SSL_AES128,
        SSL_SHA256,
@@ -1219,7 +1219,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aDSS,
        SSL_CAMELLIA128,
        SSL_SHA1,
@@ -1235,7 +1235,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aRSA,
        SSL_CAMELLIA128,
        SSL_SHA1,
@@ -1251,7 +1251,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
        TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aNULL,
        SSL_CAMELLIA128,
        SSL_SHA1,
@@ -1320,7 +1320,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
        TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aDSS,
        SSL_DES,
        SSL_SHA1,
@@ -1352,7 +1352,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
        TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aDSS,
        SSL_RC4,
        SSL_SHA1,
@@ -1368,7 +1368,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
        TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aDSS,
        SSL_RC4,
        SSL_SHA1,
@@ -1386,7 +1386,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
        TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aRSA,
        SSL_AES128,
        SSL_SHA256,
@@ -1434,7 +1434,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
        TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aDSS,
        SSL_AES256,
        SSL_SHA256,
@@ -1450,7 +1450,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
        TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aRSA,
        SSL_AES256,
        SSL_SHA256,
@@ -1466,7 +1466,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ADH_WITH_AES_128_SHA256,
        TLS1_CK_ADH_WITH_AES_128_SHA256,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aNULL,
        SSL_AES128,
        SSL_SHA256,
@@ -1482,7 +1482,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ADH_WITH_AES_256_SHA256,
        TLS1_CK_ADH_WITH_AES_256_SHA256,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aNULL,
        SSL_AES256,
        SSL_SHA256,
@@ -1607,7 +1607,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aDSS,
        SSL_CAMELLIA256,
        SSL_SHA1,
@@ -1623,7 +1623,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aRSA,
        SSL_CAMELLIA256,
        SSL_SHA1,
@@ -1639,7 +1639,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
        TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aNULL,
        SSL_CAMELLIA256,
        SSL_SHA1,
@@ -1773,7 +1773,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
        TLS1_CK_DHE_DSS_WITH_SEED_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aDSS,
        SSL_SEED,
        SSL_SHA1,
@@ -1789,7 +1789,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
        TLS1_CK_DHE_RSA_WITH_SEED_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aRSA,
        SSL_SEED,
        SSL_SHA1,
@@ -1805,7 +1805,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ADH_WITH_SEED_SHA,
        TLS1_CK_ADH_WITH_SEED_SHA,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aNULL,
        SSL_SEED,
        SSL_SHA1,
@@ -1857,7 +1857,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
        TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aRSA,
        SSL_AES128GCM,
        SSL_AEAD,
@@ -1873,7 +1873,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
        TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aRSA,
        SSL_AES256GCM,
        SSL_AEAD,
@@ -1921,7 +1921,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
        TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aDSS,
        SSL_AES128GCM,
        SSL_AEAD,
@@ -1937,7 +1937,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
        TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aDSS,
        SSL_AES256GCM,
        SSL_AEAD,
@@ -1985,7 +1985,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
        TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aNULL,
        SSL_AES128GCM,
        SSL_AEAD,
@@ -2001,7 +2001,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        1,
        TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
        TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
-       SSL_kEDH,
+       SSL_kDHE,
        SSL_aNULL,
        SSL_AES256GCM,
        SSL_AEAD,
@@ -4240,7 +4240,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 #endif
 
 #ifndef OPENSSL_NO_DH
-       if (alg_k & (SSL_kDHr|SSL_kEDH))
+       if (alg_k & (SSL_kDHr|SSL_kDHE))
                {
 #  ifndef OPENSSL_NO_RSA
                /* Since this refers to a certificate signed with an RSA
@@ -4255,7 +4255,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 #  endif
                }
        if ((s->version == SSL3_VERSION) &&
-               (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
+               (alg_k & (SSL_kDHE|SSL_kDHd|SSL_kDHr)))
                {
 #  ifndef OPENSSL_NO_RSA
                p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
index 4630374..a3baff9 100644 (file)
@@ -493,7 +493,7 @@ int ssl3_accept(SSL *s)
                            /* SRP: send ServerKeyExchange */
                            || (alg_k & SSL_kSRP)
 #endif
-                           || (alg_k & SSL_kEDH)
+                           || (alg_k & SSL_kDHE)
                            || (alg_k & SSL_kECDHE)
                            || ((alg_k & SSL_kRSA)
                                && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
@@ -1414,7 +1414,7 @@ int ssl3_get_client_hello(SSL *s)
                /* check whether we should disable session resumption */
                if (s->not_resumable_session_cb != NULL)
                        s->session->not_resumable=s->not_resumable_session_cb(s,
-                               ((c->algorithm_mkey & (SSL_kEDH | SSL_kECDHE)) != 0));
+                               ((c->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0));
                if (s->session->not_resumable)
                        /* do not send a session ticket */
                        s->tlsext_ticket_expected = 0;
@@ -1663,7 +1663,7 @@ int ssl3_send_server_key_exchange(SSL *s)
                else
 #endif
 #ifndef OPENSSL_NO_DH
-                       if (type & SSL_kEDH)
+                       if (type & SSL_kDHE)
                        {
                        dhp=cert->dh_tmp;
                        if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
@@ -2346,7 +2346,7 @@ int ssl3_get_client_key_exchange(SSL *s)
        else
 #endif
 #ifndef OPENSSL_NO_DH
-               if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+               if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
                {
                int idx = -1;
                EVP_PKEY *skey = NULL;
index 8464784..6476434 100644 (file)
@@ -230,20 +230,20 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_CMPALL,0,  0,0,SSL_eNULL,0,0,0,0,0,0},
 
        /* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
-       {0,SSL_TXT_CMPDEF,0,  SSL_kEDH|SSL_kECDHE,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
+       {0,SSL_TXT_CMPDEF,0,  SSL_kDHE|SSL_kECDHE,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
 
        /* key exchange aliases
         * (some of those using only a single bit here combine
         * multiple key exchange algs according to the RFCs,
-        * e.g. kEDH combines DHE_DSS and DHE_RSA) */
+        * e.g. kDHE combines DHE_DSS and DHE_RSA) */
        {0,SSL_TXT_kRSA,0,    SSL_kRSA,  0,0,0,0,0,0,0,0},
 
        {0,SSL_TXT_kDHr,0,    SSL_kDHr,  0,0,0,0,0,0,0,0},
        {0,SSL_TXT_kDHd,0,    SSL_kDHd,  0,0,0,0,0,0,0,0},
        {0,SSL_TXT_kDH,0,     SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0},
-       {0,SSL_TXT_kEDH,0,    SSL_kEDH,  0,0,0,0,0,0,0,0},
-       {0,SSL_TXT_kDHE,0,    SSL_kEDH,  0,0,0,0,0,0,0,0},
-       {0,SSL_TXT_DH,0,      SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_kEDH,0,    SSL_kDHE,  0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_kDHE,0,    SSL_kDHE,  0,0,0,0,0,0,0,0},
+       {0,SSL_TXT_DH,0,      SSL_kDHr|SSL_kDHd|SSL_kDHE,0,0,0,0,0,0,0,0},
 
        {0,SSL_TXT_kKRB5,0,   SSL_kKRB5, 0,0,0,0,0,0,0,0},
 
@@ -274,14 +274,14 @@ static const SSL_CIPHER cipher_aliases[]={
        {0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
 
        /* aliases combining key exchange and server authentication */
-       {0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
-       {0,SSL_TXT_DHE,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
+       {0,SSL_TXT_EDH,0,     SSL_kDHE,~SSL_aNULL,0,0,0,0,0,0,0},
+       {0,SSL_TXT_DHE,0,     SSL_kDHE,~SSL_aNULL,0,0,0,0,0,0,0},
        {0,SSL_TXT_EECDH,0,   SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
        {0,SSL_TXT_ECDHE,0,   SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
        {0,SSL_TXT_NULL,0,    0,0,SSL_eNULL, 0,0,0,0,0,0},
        {0,SSL_TXT_KRB5,0,    SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
        {0,SSL_TXT_RSA,0,     SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
-       {0,SSL_TXT_ADH,0,     SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
+       {0,SSL_TXT_ADH,0,     SSL_kDHE,SSL_aNULL,0,0,0,0,0,0,0},
        {0,SSL_TXT_AECDH,0,   SSL_kECDHE,SSL_aNULL,0,0,0,0,0,0,0},
         {0,SSL_TXT_PSK,0,     SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
        {0,SSL_TXT_SRP,0,     SSL_kSRP,0,0,0,0,0,0,0,0},
@@ -724,7 +724,7 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
        *auth |= SSL_aDSS;
 #endif
 #ifdef OPENSSL_NO_DH
-       *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
+       *mkey |= SSL_kDHr|SSL_kDHd|SSL_kDHE;
        *auth |= SSL_aDH;
 #endif
 #ifdef OPENSSL_NO_KRB5
@@ -1661,7 +1661,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_kKRB5:
                kx="KRB5";
                break;
-       case SSL_kEDH:
+       case SSL_kDHE:
                kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
                break;
        case SSL_kECDHr:
index 8f0eb15..3c7d54d 100644 (file)
@@ -2411,20 +2411,20 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
                emask_k|=SSL_kRSA;
 
 #if 0
-       /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
+       /* The match needs to be both kDHE and aRSA or aDSA, so don't worry */
        if (    (dh_tmp || dh_rsa || dh_dsa) &&
                (rsa_enc || rsa_sign || dsa_sign))
-               mask_k|=SSL_kEDH;
+               mask_k|=SSL_kDHE;
        if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
                (rsa_enc || rsa_sign || dsa_sign))
-               emask_k|=SSL_kEDH;
+               emask_k|=SSL_kDHE;
 #endif
 
        if (dh_tmp_export)
-               emask_k|=SSL_kEDH;
+               emask_k|=SSL_kDHE;
 
        if (dh_tmp)
-               mask_k|=SSL_kEDH;
+               mask_k|=SSL_kDHE;
 
        if (dh_rsa) mask_k|=SSL_kDHr;
        if (dh_rsa_export) emask_k|=SSL_kDHr;
index d9f378f..c493f7e 100644 (file)
 #define SSL_kRSA               0x00000001L /* RSA key exchange */
 #define SSL_kDHr               0x00000002L /* DH cert, RSA CA cert */
 #define SSL_kDHd               0x00000004L /* DH cert, DSA CA cert */
-#define SSL_kEDH               0x00000008L /* tmp DH key no DH cert */
+#define SSL_kDHE               0x00000008L /* tmp DH key no DH cert */
+#define SSL_kEDH               SSL_kDHE    /* synonym */
 #define SSL_kKRB5              0x00000010L /* Kerberos5 key exchange */
 #define SSL_kECDHr             0x00000020L /* ECDH cert, RSA CA cert */
 #define SSL_kECDHe             0x00000040L /* ECDH cert, ECDSA CA cert */
 /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
  *         <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
  * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
- * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
  * SSL_aRSA <- RSA_ENC | RSA_SIGN
  * SSL_aDSS <- DSA_SIGN
  */
index bc90155..2d0a74c 100644 (file)
@@ -810,10 +810,10 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
                *pname = "krb5";
                return SSL_kKRB5;
                }
-       if (alg_k & SSL_kEDH)
+       if (alg_k & SSL_kDHE)
                {
                *pname = "DHE";
-               return SSL_kEDH;
+               return SSL_kDHE;
                }
        if (alg_k & SSL_kECDHE)
                {
@@ -885,7 +885,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
                        BIO_puts(bio, "implicit\n");
                        break;
                        }
-       case SSL_kEDH:
+       case SSL_kDHE:
                if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2,
                                                                &msg, &msglen))
                        return 0;
@@ -938,7 +938,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
                        return 0;
                break;
 
-       case SSL_kEDH:
+       case SSL_kDHE:
                if (!ssl_print_hexbuf(bio, indent + 2, "dh_p", 2,
                                                &msg, &msglen))
                        return 0;