summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2013-12-19 21:11:15 +0100
committerDr. Stephen Henson <steve@openssl.org>2014-01-09 16:43:28 +0100
commit5a21cadbeb9fa13ddeffb31b5749336cdd8c4081 (patch)
tree5a24b7c405a9969d02771e8f6d184931c64fb56b
parentemit "DHE" instead of "edh" for kX packet trace output (diff)
downloadopenssl-5a21cadbeb9fa13ddeffb31b5749336cdd8c4081.tar.xz
openssl-5a21cadbeb9fa13ddeffb31b5749336cdd8c4081.zip
use SSL_kDHE throughout instead of SSL_kEDH
DHE is the standard term used by the RFCs and by other TLS implementations. It's useful to have the internal variables use the standard terminology. This patch leaves a synonym SSL_kEDH in place, though, so that older code can still be built against it, since that has been the traditional API. SSL_kEDH should probably be deprecated at some point, though.
-rw-r--r--doc/apps/ciphers.pod2
-rw-r--r--doc/ssleay.txt2
-rw-r--r--ssl/d1_srvr.c2
-rw-r--r--ssl/s3_clnt.c8
-rw-r--r--ssl/s3_lib.c86
-rw-r--r--ssl/s3_srvr.c8
-rw-r--r--ssl/ssl_ciph.c20
-rw-r--r--ssl/ssl_lib.c10
-rw-r--r--ssl/ssl_locl.h5
-rw-r--r--ssl/t1_trce.c8
10 files changed, 76 insertions, 75 deletions
diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod
index c571830950..03056ebb50 100644
--- a/doc/apps/ciphers.pod
+++ b/doc/apps/ciphers.pod
@@ -179,7 +179,7 @@ attack and so their use is normally discouraged.
cipher suites using RSA key exchange, authentication or either respectively.
-=item B<kEDH>
+=item B<kDHE>
cipher suites using ephemeral DH key agreement.
diff --git a/doc/ssleay.txt b/doc/ssleay.txt
index 868a4a610b..8c0f3aca4e 100644
--- a/doc/ssleay.txt
+++ b/doc/ssleay.txt
@@ -6026,7 +6026,7 @@ one at a time, or use 'aliases' to specify the preference and order for
the ciphers.
There are a large number of aliases, but the most importaint are
-kRSA, kDHr, kDHd and kEDH for key exchange types.
+kRSA, kDHr, kDHd and kDHE for key exchange types.
aRSA, aDSS, aNULL and aDH for authentication
DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers
diff --git a/ssl/d1_srvr.c b/ssl/d1_srvr.c
index 267b8caee3..7816bbb503 100644
--- a/ssl/d1_srvr.c
+++ b/ssl/d1_srvr.c
@@ -491,7 +491,7 @@ int dtls1_accept(SSL *s)
#ifndef OPENSSL_NO_PSK
|| ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
#endif
- || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+ || (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
|| (alg_k & SSL_kECDHE)
|| ((alg_k & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 0054e7f25d..5f547bb114 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1656,7 +1656,7 @@ int ssl3_get_key_exchange(SSL *s)
;
#endif
#ifndef OPENSSL_NO_DH
- else if (alg_k & SSL_kEDH)
+ else if (alg_k & SSL_kDHE)
{
if ((dh=DH_new()) == NULL)
{
@@ -2581,7 +2581,7 @@ int ssl3_send_client_key_exchange(SSL *s)
}
#endif
#ifndef OPENSSL_NO_DH
- else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+ else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
{
DH *dh_srvr,*dh_clnt;
SESS_CERT *scert = s->session->sess_cert;
@@ -3469,7 +3469,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
}
#endif
#ifndef OPENSSL_NO_DH
- if ((alg_k & SSL_kEDH) &&
+ if ((alg_k & SSL_kDHE) &&
!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
{
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
@@ -3506,7 +3506,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
else
#endif
#ifndef OPENSSL_NO_DH
- if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+ if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
{
if (dh == NULL
|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index f68aeba24c..ef7a5d7e05 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -430,7 +430,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_DES,
SSL_SHA1,
@@ -446,7 +446,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_DES,
SSL_SHA1,
@@ -462,7 +462,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_3DES,
SSL_SHA1,
@@ -478,7 +478,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_DES,
SSL_SHA1,
@@ -494,7 +494,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_DES,
SSL_SHA1,
@@ -510,7 +510,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_3DES,
SSL_SHA1,
@@ -526,7 +526,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_ADH_RC4_40_MD5,
SSL3_CK_ADH_RC4_40_MD5,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_RC4,
SSL_MD5,
@@ -542,7 +542,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_ADH_RC4_128_MD5,
SSL3_CK_ADH_RC4_128_MD5,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_RC4,
SSL_MD5,
@@ -558,7 +558,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_ADH_DES_40_CBC_SHA,
SSL3_CK_ADH_DES_40_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_DES,
SSL_SHA1,
@@ -574,7 +574,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_ADH_DES_64_CBC_SHA,
SSL3_CK_ADH_DES_64_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_DES,
SSL_SHA1,
@@ -590,7 +590,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
SSL3_TXT_ADH_DES_192_CBC_SHA,
SSL3_CK_ADH_DES_192_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_3DES,
SSL_SHA1,
@@ -930,7 +930,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_AES128,
SSL_SHA1,
@@ -945,7 +945,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_AES128,
SSL_SHA1,
@@ -960,7 +960,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ADH_WITH_AES_128_SHA,
TLS1_CK_ADH_WITH_AES_128_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_AES128,
SSL_SHA1,
@@ -1023,7 +1023,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_AES256,
SSL_SHA1,
@@ -1039,7 +1039,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_AES256,
SSL_SHA1,
@@ -1055,7 +1055,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ADH_WITH_AES_256_SHA,
TLS1_CK_ADH_WITH_AES_256_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_AES256,
SSL_SHA1,
@@ -1152,7 +1152,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_AES128,
SSL_SHA256,
@@ -1219,7 +1219,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_CAMELLIA128,
SSL_SHA1,
@@ -1235,7 +1235,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_CAMELLIA128,
SSL_SHA1,
@@ -1251,7 +1251,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_CAMELLIA128,
SSL_SHA1,
@@ -1320,7 +1320,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_DES,
SSL_SHA1,
@@ -1352,7 +1352,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_RC4,
SSL_SHA1,
@@ -1368,7 +1368,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_RC4,
SSL_SHA1,
@@ -1386,7 +1386,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_AES128,
SSL_SHA256,
@@ -1434,7 +1434,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_AES256,
SSL_SHA256,
@@ -1450,7 +1450,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_AES256,
SSL_SHA256,
@@ -1466,7 +1466,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ADH_WITH_AES_128_SHA256,
TLS1_CK_ADH_WITH_AES_128_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_AES128,
SSL_SHA256,
@@ -1482,7 +1482,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ADH_WITH_AES_256_SHA256,
TLS1_CK_ADH_WITH_AES_256_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_AES256,
SSL_SHA256,
@@ -1607,7 +1607,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_CAMELLIA256,
SSL_SHA1,
@@ -1623,7 +1623,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_CAMELLIA256,
SSL_SHA1,
@@ -1639,7 +1639,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_CAMELLIA256,
SSL_SHA1,
@@ -1773,7 +1773,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
TLS1_CK_DHE_DSS_WITH_SEED_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_SEED,
SSL_SHA1,
@@ -1789,7 +1789,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
TLS1_CK_DHE_RSA_WITH_SEED_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_SEED,
SSL_SHA1,
@@ -1805,7 +1805,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ADH_WITH_SEED_SHA,
TLS1_CK_ADH_WITH_SEED_SHA,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_SEED,
SSL_SHA1,
@@ -1857,7 +1857,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_AES128GCM,
SSL_AEAD,
@@ -1873,7 +1873,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aRSA,
SSL_AES256GCM,
SSL_AEAD,
@@ -1921,7 +1921,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_AES128GCM,
SSL_AEAD,
@@ -1937,7 +1937,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aDSS,
SSL_AES256GCM,
SSL_AEAD,
@@ -1985,7 +1985,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_AES128GCM,
SSL_AEAD,
@@ -2001,7 +2001,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
1,
TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
- SSL_kEDH,
+ SSL_kDHE,
SSL_aNULL,
SSL_AES256GCM,
SSL_AEAD,
@@ -4240,7 +4240,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
#endif
#ifndef OPENSSL_NO_DH
- if (alg_k & (SSL_kDHr|SSL_kEDH))
+ if (alg_k & (SSL_kDHr|SSL_kDHE))
{
# ifndef OPENSSL_NO_RSA
/* Since this refers to a certificate signed with an RSA
@@ -4255,7 +4255,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
# endif
}
if ((s->version == SSL3_VERSION) &&
- (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
+ (alg_k & (SSL_kDHE|SSL_kDHd|SSL_kDHr)))
{
# ifndef OPENSSL_NO_RSA
p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 4630374a6c..a3baff93f9 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -493,7 +493,7 @@ int ssl3_accept(SSL *s)
/* SRP: send ServerKeyExchange */
|| (alg_k & SSL_kSRP)
#endif
- || (alg_k & SSL_kEDH)
+ || (alg_k & SSL_kDHE)
|| (alg_k & SSL_kECDHE)
|| ((alg_k & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
@@ -1414,7 +1414,7 @@ int ssl3_get_client_hello(SSL *s)
/* check whether we should disable session resumption */
if (s->not_resumable_session_cb != NULL)
s->session->not_resumable=s->not_resumable_session_cb(s,
- ((c->algorithm_mkey & (SSL_kEDH | SSL_kECDHE)) != 0));
+ ((c->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0));
if (s->session->not_resumable)
/* do not send a session ticket */
s->tlsext_ticket_expected = 0;
@@ -1663,7 +1663,7 @@ int ssl3_send_server_key_exchange(SSL *s)
else
#endif
#ifndef OPENSSL_NO_DH
- if (type & SSL_kEDH)
+ if (type & SSL_kDHE)
{
dhp=cert->dh_tmp;
if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
@@ -2346,7 +2346,7 @@ int ssl3_get_client_key_exchange(SSL *s)
else
#endif
#ifndef OPENSSL_NO_DH
- if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+ if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
{
int idx = -1;
EVP_PKEY *skey = NULL;
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 846478483b..64764342af 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -230,20 +230,20 @@ static const SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_CMPALL,0, 0,0,SSL_eNULL,0,0,0,0,0,0},
/* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
- {0,SSL_TXT_CMPDEF,0, SSL_kEDH|SSL_kECDHE,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
+ {0,SSL_TXT_CMPDEF,0, SSL_kDHE|SSL_kECDHE,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
/* key exchange aliases
* (some of those using only a single bit here combine
* multiple key exchange algs according to the RFCs,
- * e.g. kEDH combines DHE_DSS and DHE_RSA) */
+ * e.g. kDHE combines DHE_DSS and DHE_RSA) */
{0,SSL_TXT_kRSA,0, SSL_kRSA, 0,0,0,0,0,0,0,0},
{0,SSL_TXT_kDHr,0, SSL_kDHr, 0,0,0,0,0,0,0,0},
{0,SSL_TXT_kDHd,0, SSL_kDHd, 0,0,0,0,0,0,0,0},
{0,SSL_TXT_kDH,0, SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0},
- {0,SSL_TXT_kEDH,0, SSL_kEDH, 0,0,0,0,0,0,0,0},
- {0,SSL_TXT_kDHE,0, SSL_kEDH, 0,0,0,0,0,0,0,0},
- {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_kEDH,0, SSL_kDHE, 0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_kDHE,0, SSL_kDHE, 0,0,0,0,0,0,0,0},
+ {0,SSL_TXT_DH,0, SSL_kDHr|SSL_kDHd|SSL_kDHE,0,0,0,0,0,0,0,0},
{0,SSL_TXT_kKRB5,0, SSL_kKRB5, 0,0,0,0,0,0,0,0},
@@ -274,14 +274,14 @@ static const SSL_CIPHER cipher_aliases[]={
{0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
/* aliases combining key exchange and server authentication */
- {0,SSL_TXT_EDH,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
- {0,SSL_TXT_DHE,0, SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
+ {0,SSL_TXT_EDH,0, SSL_kDHE,~SSL_aNULL,0,0,0,0,0,0,0},
+ {0,SSL_TXT_DHE,0, SSL_kDHE,~SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_EECDH,0, SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_ECDHE,0, SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_NULL,0, 0,0,SSL_eNULL, 0,0,0,0,0,0},
{0,SSL_TXT_KRB5,0, SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
{0,SSL_TXT_RSA,0, SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
- {0,SSL_TXT_ADH,0, SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
+ {0,SSL_TXT_ADH,0, SSL_kDHE,SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_AECDH,0, SSL_kECDHE,SSL_aNULL,0,0,0,0,0,0,0},
{0,SSL_TXT_PSK,0, SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
{0,SSL_TXT_SRP,0, SSL_kSRP,0,0,0,0,0,0,0,0},
@@ -724,7 +724,7 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
*auth |= SSL_aDSS;
#endif
#ifdef OPENSSL_NO_DH
- *mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
+ *mkey |= SSL_kDHr|SSL_kDHd|SSL_kDHE;
*auth |= SSL_aDH;
#endif
#ifdef OPENSSL_NO_KRB5
@@ -1661,7 +1661,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_kKRB5:
kx="KRB5";
break;
- case SSL_kEDH:
+ case SSL_kDHE:
kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
break;
case SSL_kECDHr:
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 8f0eb15443..3c7d54d9d2 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2411,20 +2411,20 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
emask_k|=SSL_kRSA;
#if 0
- /* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
+ /* The match needs to be both kDHE and aRSA or aDSA, so don't worry */
if ( (dh_tmp || dh_rsa || dh_dsa) &&
(rsa_enc || rsa_sign || dsa_sign))
- mask_k|=SSL_kEDH;
+ mask_k|=SSL_kDHE;
if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
(rsa_enc || rsa_sign || dsa_sign))
- emask_k|=SSL_kEDH;
+ emask_k|=SSL_kDHE;
#endif
if (dh_tmp_export)
- emask_k|=SSL_kEDH;
+ emask_k|=SSL_kDHE;
if (dh_tmp)
- mask_k|=SSL_kEDH;
+ mask_k|=SSL_kDHE;
if (dh_rsa) mask_k|=SSL_kDHr;
if (dh_rsa_export) emask_k|=SSL_kDHr;
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index d9f378fd9e..c493f7e08f 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -291,7 +291,8 @@
#define SSL_kRSA 0x00000001L /* RSA key exchange */
#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */
#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */
-#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */
+#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */
+#define SSL_kEDH SSL_kDHE /* synonym */
#define SSL_kKRB5 0x00000010L /* Kerberos5 key exchange */
#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
@@ -481,7 +482,7 @@
/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
* <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
* SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
- * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
* SSL_aRSA <- RSA_ENC | RSA_SIGN
* SSL_aDSS <- DSA_SIGN
*/
diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
index bc901556a6..2d0a74ce80 100644
--- a/ssl/t1_trce.c
+++ b/ssl/t1_trce.c
@@ -810,10 +810,10 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
*pname = "krb5";
return SSL_kKRB5;
}
- if (alg_k & SSL_kEDH)
+ if (alg_k & SSL_kDHE)
{
*pname = "DHE";
- return SSL_kEDH;
+ return SSL_kDHE;
}
if (alg_k & SSL_kECDHE)
{
@@ -885,7 +885,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
BIO_puts(bio, "implicit\n");
break;
}
- case SSL_kEDH:
+ case SSL_kDHE:
if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2,
&msg, &msglen))
return 0;
@@ -938,7 +938,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
return 0;
break;
- case SSL_kEDH:
+ case SSL_kDHE:
if (!ssl_print_hexbuf(bio, indent + 2, "dh_p", 2,
&msg, &msglen))
return 0;