Rename EECDH and EDH to ECDHE and DHE.
Align with upstream's renames from a while ago. These names are considerably
more standard. This also aligns with upstream in that both "ECDHE" and "EECDH"
are now accepted in the various cipher string parsing bits.
Change-Id: I84c3daeacf806f79f12bc661c314941828656b04
Reviewed-on: https://boringssl-review.googlesource.com/4053
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 3d854a1..8a0d80d 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -178,8 +178,10 @@
#define SSL_TXT_aNULL "aNULL"
#define SSL_TXT_kRSA "kRSA"
-#define SSL_TXT_kEDH "kEDH"
-#define SSL_TXT_kEECDH "kEECDH"
+#define SSL_TXT_kDHE "kDHE"
+#define SSL_TXT_kEDH "kEDH" /* same as "kDHE" */
+#define SSL_TXT_kECDHE "kECDHE"
+#define SSL_TXT_kEECDH "kEECDH" /* same as "kECDHE" */
#define SSL_TXT_kPSK "kPSK"
#define SSL_TXT_aRSA "aRSA"
@@ -187,11 +189,13 @@
#define SSL_TXT_aPSK "aPSK"
#define SSL_TXT_DH "DH"
-#define SSL_TXT_EDH "EDH" /* same as "kEDH:-ADH" */
+#define SSL_TXT_DHE "DHE" /* same as "kDHE:-ADH" */
+#define SSL_TXT_EDH "EDH" /* same as "DHE" */
#define SSL_TXT_ADH "ADH"
#define SSL_TXT_RSA "RSA"
#define SSL_TXT_ECDH "ECDH"
-#define SSL_TXT_EECDH "EECDH" /* same as "kEECDH:-AECDH" */
+#define SSL_TXT_ECDHE "ECDHE" /* same as "kECDHE:-AECDH" */
+#define SSL_TXT_EECDH "EECDH" /* same as "ECDHE" */
#define SSL_TXT_AECDH "AECDH"
#define SSL_TXT_ECDSA "ECDSA"
#define SSL_TXT_PSK "PSK"
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 00cd014..d49965c 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1174,7 +1174,7 @@
}
}
- if (alg_k & SSL_kEDH) {
+ if (alg_k & SSL_kDHE) {
CBS dh_p, dh_g, dh_Ys;
if (!CBS_get_u16_length_prefixed(&server_key_exchange, &dh_p) ||
@@ -1216,7 +1216,7 @@
s->session->sess_cert->peer_dh_tmp = dh;
dh = NULL;
- } else if (alg_k & SSL_kEECDH) {
+ } else if (alg_k & SSL_kECDHE) {
uint16_t curve_id;
int curve_nid = 0;
const EC_GROUP *group;
@@ -1779,7 +1779,7 @@
if (s->version > SSL3_VERSION) {
s2n(enc_pms_len, q);
}
- } else if (alg_k & SSL_kEDH) {
+ } else if (alg_k & SSL_kDHE) {
DH *dh_srvr, *dh_clnt;
SESS_CERT *scert = s->session->sess_cert;
int dh_len;
@@ -1835,7 +1835,7 @@
n += 2 + pub_len;
DH_free(dh_clnt);
- } else if (alg_k & SSL_kEECDH) {
+ } else if (alg_k & SSL_kECDHE) {
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
int field_size = 0, ecdh_len;
@@ -2246,7 +2246,7 @@
goto f_err;
}
- if ((alg_k & SSL_kEDH) &&
+ if ((alg_k & SSL_kDHE) &&
!(has_bits(i, EVP_PK_DH | EVP_PKT_EXCH) || dh != NULL)) {
OPENSSL_PUT_ERROR(SSL, ssl3_check_cert_and_algorithm, SSL_R_MISSING_DH_KEY);
goto f_err;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 264a59e..d67d381 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -189,7 +189,7 @@
/* Cipher 18 */
{
- 1, SSL3_TXT_ADH_RC4_128_MD5, SSL3_CK_ADH_RC4_128_MD5, SSL_kEDH, SSL_aNULL,
+ 1, SSL3_TXT_ADH_RC4_128_MD5, SSL3_CK_ADH_RC4_128_MD5, SSL_kDHE, SSL_aNULL,
SSL_RC4, SSL_MD5, SSL_SSLV3, SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
},
@@ -207,13 +207,13 @@
/* Cipher 33 */
{
1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
- SSL_kEDH, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
+ SSL_kDHE, SSL_aRSA, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
},
/* Cipher 34 */
{
- 1, TLS1_TXT_ADH_WITH_AES_128_SHA, TLS1_CK_ADH_WITH_AES_128_SHA, SSL_kEDH,
+ 1, TLS1_TXT_ADH_WITH_AES_128_SHA, TLS1_CK_ADH_WITH_AES_128_SHA, SSL_kDHE,
SSL_aNULL, SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
},
@@ -228,13 +228,13 @@
/* Cipher 39 */
{
1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
- SSL_kEDH, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
+ SSL_kDHE, SSL_aRSA, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
},
/* Cipher 3A */
{
- 1, TLS1_TXT_ADH_WITH_AES_256_SHA, TLS1_CK_ADH_WITH_AES_256_SHA, SSL_kEDH,
+ 1, TLS1_TXT_ADH_WITH_AES_256_SHA, TLS1_CK_ADH_WITH_AES_256_SHA, SSL_kDHE,
SSL_aNULL, SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
},
@@ -259,7 +259,7 @@
/* Cipher 67 */
{
1, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
- TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kEDH, SSL_aRSA, SSL_AES128,
+ TLS1_CK_DHE_RSA_WITH_AES_128_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128,
SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,
},
@@ -267,7 +267,7 @@
/* Cipher 6B */
{
1, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
- TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kEDH, SSL_aRSA, SSL_AES256,
+ TLS1_CK_DHE_RSA_WITH_AES_256_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES256,
SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256,
},
@@ -275,14 +275,14 @@
/* Cipher 6C */
{
1, TLS1_TXT_ADH_WITH_AES_128_SHA256, TLS1_CK_ADH_WITH_AES_128_SHA256,
- SSL_kEDH, SSL_aNULL, SSL_AES128, SSL_SHA256, SSL_TLSV1_2,
+ SSL_kDHE, SSL_aNULL, SSL_AES128, SSL_SHA256, SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,
},
/* Cipher 6D */
{
1, TLS1_TXT_ADH_WITH_AES_256_SHA256, TLS1_CK_ADH_WITH_AES_256_SHA256,
- SSL_kEDH, SSL_aNULL, SSL_AES256, SSL_SHA256, SSL_TLSV1_2,
+ SSL_kDHE, SSL_aNULL, SSL_AES256, SSL_SHA256, SSL_TLSV1_2,
SSL_HIGH | SSL_FIPS, SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 256, 256,
},
@@ -333,7 +333,7 @@
/* Cipher 9E */
{
1, TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kEDH, SSL_aRSA, SSL_AES128GCM,
+ TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aRSA, SSL_AES128GCM,
SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
@@ -343,7 +343,7 @@
/* Cipher 9F */
{
1, TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kEDH, SSL_aRSA, SSL_AES256GCM,
+ TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aRSA, SSL_AES256GCM,
SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
@@ -353,7 +353,7 @@
/* Cipher A6 */
{
1, TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, SSL_kEDH, SSL_aNULL, SSL_AES128GCM,
+ TLS1_CK_ADH_WITH_AES_128_GCM_SHA256, SSL_kDHE, SSL_aNULL, SSL_AES128GCM,
SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
@@ -363,7 +363,7 @@
/* Cipher A7 */
{
1, TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, SSL_kEDH, SSL_aNULL, SSL_AES256GCM,
+ TLS1_CK_ADH_WITH_AES_256_GCM_SHA384, SSL_kDHE, SSL_aNULL, SSL_AES256GCM,
SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
@@ -373,7 +373,7 @@
/* Cipher C007 */
{
1, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kEECDH, SSL_aECDSA, SSL_RC4,
+ TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_kECDHE, SSL_aECDSA, SSL_RC4,
SSL_SHA1, SSL_TLSV1, SSL_MEDIUM, SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128,
128,
},
@@ -381,7 +381,7 @@
/* Cipher C009 */
{
1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kEECDH, SSL_aECDSA,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aECDSA,
SSL_AES128, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
},
@@ -389,7 +389,7 @@
/* Cipher C00A */
{
1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kEECDH, SSL_aECDSA,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aECDSA,
SSL_AES256, SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
},
@@ -397,14 +397,14 @@
/* Cipher C011 */
{
1, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA, TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
- SSL_kEECDH, SSL_aRSA, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM,
+ SSL_kECDHE, SSL_aRSA, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
},
/* Cipher C013 */
{
1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kEECDH, SSL_aRSA, SSL_AES128,
+ TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES128,
SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
},
@@ -412,7 +412,7 @@
/* Cipher C014 */
{
1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kEECDH, SSL_aRSA, SSL_AES256,
+ TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aRSA, SSL_AES256,
SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
},
@@ -420,14 +420,14 @@
/* Cipher C016 */
{
1, TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA, TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
- SSL_kEECDH, SSL_aNULL, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM,
+ SSL_kECDHE, SSL_aNULL, SSL_RC4, SSL_SHA1, SSL_TLSV1, SSL_MEDIUM,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
},
/* Cipher C018 */
{
1, TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
- TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, SSL_kEECDH, SSL_aNULL, SSL_AES128,
+ TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA, SSL_kECDHE, SSL_aNULL, SSL_AES128,
SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 128, 128,
},
@@ -435,7 +435,7 @@
/* Cipher C019 */
{
1, TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
- TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, SSL_kEECDH, SSL_aNULL, SSL_AES256,
+ TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA, SSL_kECDHE, SSL_aNULL, SSL_AES256,
SSL_SHA1, SSL_TLSV1, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF, 256, 256,
},
@@ -446,7 +446,7 @@
/* Cipher C023 */
{
1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kEECDH, SSL_aECDSA,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aECDSA,
SSL_AES128, SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,
},
@@ -454,7 +454,7 @@
/* Cipher C024 */
{
1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kEECDH, SSL_aECDSA,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aECDSA,
SSL_AES256, SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256,
},
@@ -462,7 +462,7 @@
/* Cipher C027 */
{
1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
- TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kEECDH, SSL_aRSA, SSL_AES128,
+ TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256, SSL_kECDHE, SSL_aRSA, SSL_AES128,
SSL_SHA256, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256, 128, 128,
},
@@ -470,7 +470,7 @@
/* Cipher C028 */
{
1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
- TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kEECDH, SSL_aRSA, SSL_AES256,
+ TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384, SSL_kECDHE, SSL_aRSA, SSL_AES256,
SSL_SHA384, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, 256, 256,
},
@@ -481,7 +481,7 @@
/* Cipher C02B */
{
1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kEECDH, SSL_aECDSA,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aECDSA,
SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
@@ -491,7 +491,7 @@
/* Cipher C02C */
{
1, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kEECDH, SSL_aECDSA,
+ TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aECDSA,
SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
@@ -501,7 +501,7 @@
/* Cipher C02F */
{
1, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kEECDH, SSL_aRSA,
+ TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aRSA,
SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
@@ -511,7 +511,7 @@
/* Cipher C030 */
{
1, TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kEECDH, SSL_aRSA,
+ TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_kECDHE, SSL_aRSA,
SSL_AES256GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH | SSL_FIPS,
SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384 | SSL_CIPHER_ALGORITHM2_AEAD |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
@@ -524,7 +524,7 @@
/* Cipher CAFE */
{
1, TLS1_TXT_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
- TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256, SSL_kEECDH, SSL_aPSK,
+ TLS1_CK_ECDHE_PSK_WITH_AES_128_GCM_SHA256, SSL_kECDHE, SSL_aPSK,
SSL_AES128GCM, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD |
SSL_CIPHER_ALGORITHM2_VARIABLE_NONCE_INCLUDED_IN_RECORD,
@@ -533,7 +533,7 @@
{
1, TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
- TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kEECDH, SSL_aRSA,
+ TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aRSA,
SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,
256, 0,
@@ -541,7 +541,7 @@
{
1, TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
- TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, SSL_kEECDH, SSL_aECDSA,
+ TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, SSL_kECDHE, SSL_aECDSA,
SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,
256, 0,
@@ -549,7 +549,7 @@
{
1, TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
- TLS1_CK_DHE_RSA_CHACHA20_POLY1305, SSL_kEDH, SSL_aRSA,
+ TLS1_CK_DHE_RSA_CHACHA20_POLY1305, SSL_kDHE, SSL_aRSA,
SSL_CHACHA20POLY1305, SSL_AEAD, SSL_TLSV1_2, SSL_HIGH,
SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256 | SSL_CIPHER_ALGORITHM2_AEAD,
256, 0,
@@ -1370,7 +1370,7 @@
}
/* ECDSA certs can be used with RSA cipher suites as well so we don't need to
- * check for SSL_kECDH or SSL_kEECDH. */
+ * check for SSL_kECDH or SSL_kECDHE. */
if (s->version >= TLS1_VERSION && have_ecdsa_sign) {
p[ret++] = TLS_CT_ECDSA_SIGN;
}
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 535c1df..a2fc6b6 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -1242,7 +1242,7 @@
/* We only accept ChannelIDs on connections with ECDHE in order to avoid a
* known attack while we fix ChannelID itself. */
if (s->s3->tlsext_channel_id_valid &&
- (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kEECDH) == 0) {
+ (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kECDHE) == 0) {
s->s3->tlsext_channel_id_valid = 0;
}
@@ -1375,7 +1375,7 @@
n += 2 + psk_identity_hint_len;
}
- if (alg_k & SSL_kEDH) {
+ if (alg_k & SSL_kDHE) {
dhp = cert->dh_tmp;
if (dhp == NULL && s->cert->dh_tmp_cb != NULL) {
dhp = s->cert->dh_tmp_cb(s, 0, 1024);
@@ -1418,7 +1418,7 @@
r[0] = dh->p;
r[1] = dh->g;
r[2] = dh->pub_key;
- } else if (alg_k & SSL_kEECDH) {
+ } else if (alg_k & SSL_kECDHE) {
const EC_GROUP *group;
ecdhp = cert->ecdh_tmp;
@@ -1558,7 +1558,7 @@
p += nr[i];
}
- /* Note: ECDHE PSK ciphersuites use SSL_kEECDH and SSL_aPSK. When one of
+ /* Note: ECDHE PSK ciphersuites use SSL_kECDHE and SSL_aPSK. When one of
* them is used, the server key exchange record needs to have both the
* psk_identity_hint and the ServerECDHParams. */
if (alg_a & SSL_aPSK) {
@@ -1570,7 +1570,7 @@
}
}
- if (alg_k & SSL_kEECDH) {
+ if (alg_k & SSL_kECDHE) {
/* We only support named (not generic) curves. In this situation, the
* serverKeyExchange message has:
* [1 byte CurveType], [2 byte CurveName]
@@ -1928,7 +1928,7 @@
}
premaster_secret_len = sizeof(rand_premaster_secret);
- } else if (alg_k & SSL_kEDH) {
+ } else if (alg_k & SSL_kDHE) {
CBS dh_Yc;
int dh_len;
@@ -1976,7 +1976,7 @@
pub = NULL;
premaster_secret_len = dh_len;
- } else if (alg_k & SSL_kEECDH) {
+ } else if (alg_k & SSL_kECDHE) {
int field_size = 0, ecdh_len;
const EC_KEY *tkey;
const EC_GROUP *group;
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index ad2e301..5ab43e7 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -182,7 +182,7 @@
/* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
ALL!) */
- {0, SSL_TXT_CMPDEF, 0, SSL_kEDH | SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0,
+ {0, SSL_TXT_CMPDEF, 0, SSL_kDHE | SSL_kECDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0,
0},
/* key exchange aliases
@@ -191,11 +191,13 @@
* e.g. kEDH combines DHE_DSS and DHE_RSA) */
{0, SSL_TXT_kRSA, 0, SSL_kRSA, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_kEDH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_DH, 0, SSL_kEDH, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_kDHE, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_kEDH, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_DH, 0, SSL_kDHE, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_kEECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_ECDH, 0, SSL_kEECDH, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_kECDHE, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_kEECDH, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_ECDH, 0, SSL_kECDHE, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
@@ -207,11 +209,13 @@
{0, SSL_TXT_aPSK, 0, 0, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
/* aliases combining key exchange and server authentication */
- {0, SSL_TXT_EDH, 0, SSL_kEDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_EECDH, 0, SSL_kEECDH, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_DHE, 0, SSL_kDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_EDH, 0, SSL_kDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_ECDHE, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_EECDH, 0, SSL_kECDHE, ~SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_RSA, 0, SSL_kRSA, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
- {0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_ADH, 0, SSL_kDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_AECDH, 0, SSL_kECDHE, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
/* symmetric encryption aliases */
@@ -956,11 +960,11 @@
/* Everything else being equal, prefer ECDHE_ECDSA then ECDHE_RSA over other
* key exchange mechanisms */
- ssl_cipher_apply_rule(0, SSL_kEECDH, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD, -1,
+ ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD, -1,
0, &head, &tail);
- ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, 0, &head,
+ ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, 0, &head,
&tail);
- ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, 0, &head,
+ ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, 0, &head,
&tail);
/* Order the bulk ciphers. First the preferred AEAD ciphers. We prefer
@@ -999,7 +1003,7 @@
ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, 0, &head, &tail);
/* Move ciphers without forward secrecy to the end. */
- ssl_cipher_apply_rule(0, ~(SSL_kEDH | SSL_kEECDH), 0, 0, 0, 0, 0, CIPHER_ORD,
+ ssl_cipher_apply_rule(0, ~(SSL_kDHE | SSL_kECDHE), 0, 0, 0, 0, 0, CIPHER_ORD,
-1, 0, &head, &tail);
/* Move anonymous ciphers to the end. Usually, these will remain disabled.
@@ -1161,11 +1165,11 @@
kx = "RSA";
break;
- case SSL_kEDH:
+ case SSL_kDHE:
kx = "DH";
break;
- case SSL_kEECDH:
+ case SSL_kECDHE:
kx = "ECDH";
break;
@@ -1324,7 +1328,7 @@
case SSL_kRSA:
return "RSA";
- case SSL_kEDH:
+ case SSL_kDHE:
switch (cipher->algorithm_auth) {
case SSL_aRSA:
return "DHE_RSA";
@@ -1335,7 +1339,7 @@
return "UNKNOWN";
}
- case SSL_kEECDH:
+ case SSL_kECDHE:
switch (cipher->algorithm_auth) {
case SSL_aECDSA:
return "ECDHE_ECDSA";
@@ -1498,7 +1502,7 @@
* communicate a psk_identity_hint, so it is optional. */
int ssl_cipher_requires_server_key_exchange(const SSL_CIPHER *cipher) {
/* Ephemeral Diffie-Hellman key exchanges require a ServerKeyExchange. */
- if (cipher->algorithm_mkey & SSL_kEDH || cipher->algorithm_mkey & SSL_kEECDH) {
+ if (cipher->algorithm_mkey & SSL_kDHE || cipher->algorithm_mkey & SSL_kECDHE) {
return 1;
}
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index b2fecc7..d710114 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2042,7 +2042,7 @@
mask_k |= SSL_kRSA;
}
if (dh_tmp) {
- mask_k |= SSL_kEDH;
+ mask_k |= SSL_kDHE;
}
if (rsa_enc || rsa_sign) {
mask_a |= SSL_aRSA;
@@ -2070,7 +2070,7 @@
/* If we are considering an ECC cipher suite that uses an ephemeral EC
* key, check it. */
if (have_ecdh_tmp && tls1_check_ec_tmp_key(s)) {
- mask_k |= SSL_kEECDH;
+ mask_k |= SSL_kECDHE;
}
/* PSK requires a server callback. */
@@ -2889,8 +2889,8 @@
SSL_version(s) >= TLS1_2_VERSION &&
(s->s3->alpn_selected || s->s3->next_proto_neg_seen) &&
cipher != NULL &&
- (cipher->algorithm_mkey == SSL_kEDH ||
- cipher->algorithm_mkey == SSL_kEECDH) &&
+ (cipher->algorithm_mkey == SSL_kDHE ||
+ cipher->algorithm_mkey == SSL_kECDHE) &&
(cipher->algorithm_enc == SSL_AES128GCM ||
cipher->algorithm_enc == SSL_AES256GCM ||
cipher->algorithm_enc == SSL_CHACHA20POLY1305);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index eafff92..13fdd91 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -287,8 +287,8 @@
/* Bits for algorithm_mkey (key exchange algorithm) */
#define SSL_kRSA 0x00000001L /* RSA key exchange */
-#define SSL_kEDH 0x00000002L /* tmp DH key no DH cert */
-#define SSL_kEECDH 0x00000004L /* ephemeral ECDH */
+#define SSL_kDHE 0x00000002L /* tmp DH key no DH cert */
+#define SSL_kECDHE 0x00000004L /* ephemeral ECDH */
#define SSL_kPSK 0x00000008L /* PSK */
/* Bits for algorithm_auth (server authentication) */
@@ -390,7 +390,7 @@
/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
* <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
* SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
- * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
* SSL_aRSA <- RSA_ENC | RSA_SIGN
* SSL_aDSS <- DSA_SIGN */
diff --git a/ssl/ssl_test.c b/ssl/ssl_test.c
index 776f629..3a57475 100644
--- a/ssl/ssl_test.c
+++ b/ssl/ssl_test.c
@@ -90,7 +90,7 @@
* selections. Select AES_128_GCM, but order the key exchanges RSA,
* DHE_RSA, ECDHE_RSA. */
static const char kRule5[] =
- "ALL:-kEECDH:-kEDH:-kRSA:-ALL:"
+ "ALL:-kECDHE:-kDHE:-kRSA:-ALL:"
"AESGCM+AES128+aRSA";
static const EXPECTED_CIPHER kExpected5[] = {
@@ -140,7 +140,7 @@
"ALL:-CHACHA20:-AES256:-AES128:-RC4:-ALL:"
/* Select ECDHE ones and sort them by strength. Ties should resolve
* based on the order above. */
- "kEECDH:@STRENGTH:-ALL:"
+ "kECDHE:@STRENGTH:-ALL:"
/* Now bring back everything uses RSA. ECDHE_RSA should be first,
* sorted by strength. Then RSA, backwards by strength. */
"aRSA";
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 627df3f..4086c41 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -800,7 +800,7 @@
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
- if ((alg_k & SSL_kEECDH) || (alg_a & SSL_aECDSA)) {
+ if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) {
using_ecc = 1;
break;
}
@@ -1108,7 +1108,7 @@
int next_proto_neg_seen;
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
- int using_ecc = (alg_k & SSL_kEECDH) || (alg_a & SSL_aECDSA);
+ int using_ecc = (alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA);
using_ecc = using_ecc && (s->s3->tmp.peer_ecpointformatlist != NULL);
/* don't add extensions for SSLv3, unless doing secure renegotiation */
@@ -1980,7 +1980,7 @@
* uncompressed. */
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
- if (((alg_k & SSL_kEECDH) || (alg_a & SSL_aECDSA)) &&
+ if (((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA)) &&
!tls1_check_point_format(s, TLSEXT_ECPOINTFORMAT_uncompressed)) {
OPENSSL_PUT_ERROR(SSL, ssl_check_serverhello_tlsext,
SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
