src - OpenBSD base system

diff options


context:
space:
mode:

author	Joel Sing <jsing@cvs.openbsd.org>	2014-07-12 22:33:40 +0000
committer	Joel Sing <jsing@cvs.openbsd.org>	2014-07-12 22:33:40 +0000
commit	adaab4ef7a74e2b50b495d1427460fa446fece27 (patch)
tree	c4c38516bbbe309e08113f219b3ce07132c793c1 /lib/libssl
parent	0b70cb3261f3fcaeed9ef15cc104492f061265d4 (diff)

The correct name for EDH is DHE, likewise EECDH should be ECDHE.

Based on changes to OpenSSL trunk. ok beck@ miod@

Diffstat (limited to 'lib/libssl')

-rw-r--r--

lib/libssl/src/ssl/d1_clnt.c

-rw-r--r--

lib/libssl/src/ssl/d1_srvr.c

-rw-r--r--

lib/libssl/src/ssl/s3_clnt.c

-rw-r--r--

lib/libssl/src/ssl/s3_lib.c

134

-rw-r--r--

lib/libssl/src/ssl/s3_srvr.c

-rw-r--r--

lib/libssl/src/ssl/ssl_ciph.c

-rw-r--r--

lib/libssl/src/ssl/ssl_lib.c

-rw-r--r--

lib/libssl/src/ssl/ssl_locl.h

-rw-r--r--

lib/libssl/src/ssl/t1_lib.c

9 files changed, 118 insertions, 118 deletions

diff --git a/lib/libssl/src/ssl/d1_clnt.c b/lib/libssl/src/ssl/d1_clnt.c
index 004fd6e04f5..552667f6c13 100644
--- a/lib/libssl/src/ssl/d1_clnt.c
+++ b/lib/libssl/src/ssl/d1_clnt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: d1_clnt.c,v 1.30 2014/07/12 13:11:53 jsing Exp $ */

+/* $OpenBSD: d1_clnt.c,v 1.31 2014/07/12 22:33:39 jsing Exp $ */

* DTLS implementation written by Nagendra Modadugu

* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.

@@ -984,7 +984,7 @@ dtls1_send_client_key_exchange(SSL *s)

s->session->master_key,

tmp_buf, sizeof tmp_buf);

OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);

- } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {

+ } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {

DH *dh_srvr, *dh_clnt;

if (s->session->sess_cert->peer_dh_tmp != NULL)

@@ -1037,7 +1037,7 @@ dtls1_send_client_key_exchange(SSL *s)

DH_free(dh_clnt);

/* perhaps clean things up a bit EAY EAY EAY EAY*/

- } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {

+ } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {

const EC_GROUP *srvr_group = NULL;

EC_KEY *tkey;

int ecdh_clnt_cert = 0;

diff --git a/lib/libssl/src/ssl/d1_srvr.c b/lib/libssl/src/ssl/d1_srvr.c
index a94b7ed61b1..ecf4a198b16 100644
--- a/lib/libssl/src/ssl/d1_srvr.c
+++ b/lib/libssl/src/ssl/d1_srvr.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: d1_srvr.c,v 1.32 2014/07/12 13:11:53 jsing Exp $ */

+/* $OpenBSD: d1_srvr.c,v 1.33 2014/07/12 22:33:39 jsing Exp $ */

* DTLS implementation written by Nagendra Modadugu

* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.

@@ -464,8 +464,8 @@ dtls1_accept(SSL *s)

/* only send if a DH key exchange or

* RSA but we have a sign only certificate */

if (s->s3->tmp.use_rsa_tmp

- || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))

- || (alg_k & SSL_kEECDH)

+ || (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))

+ || (alg_k & SSL_kECDHE)

|| ((alg_k & SSL_kRSA)

&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL

)

@@ -1052,7 +1052,7 @@ dtls1_send_server_key_exchange(SSL *s)

r[1] = rsa->e;

s->s3->tmp.use_rsa_tmp = 1;

} else

- if (type & SSL_kEDH) {

+ if (type & SSL_kDHE) {

dhp = cert->dh_tmp;

if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))

dhp = s->cert->dh_tmp_cb(s, 0, 0);

@@ -1094,7 +1094,7 @@ dtls1_send_server_key_exchange(SSL *s)

r[1] = dh->g;

r[2] = dh->pub_key;

} else

- if (type & SSL_kEECDH) {

+ if (type & SSL_kECDHE) {

const EC_GROUP *group;

ecdhp = cert->ecdh_tmp;

@@ -1232,7 +1232,7 @@ dtls1_send_server_key_exchange(SSL *s)

p += nr[i];

}

- if (type & SSL_kEECDH) {

+ if (type & SSL_kECDHE) {

/* XXX: For now, we only support named (not generic) curves.

* In this situation, the serverKeyExchange message has:

* [1 byte CurveType], [2 byte CurveName]

diff --git a/lib/libssl/src/ssl/s3_clnt.c b/lib/libssl/src/ssl/s3_clnt.c
index 252100f587d..b55b2e62c6a 100644
--- a/lib/libssl/src/ssl/s3_clnt.c
+++ b/lib/libssl/src/ssl/s3_clnt.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_clnt.c,v 1.82 2014/07/12 22:17:59 jsg Exp $ */

+/* $OpenBSD: s3_clnt.c,v 1.83 2014/07/12 22:33:39 jsing Exp $ */

@@ -1253,7 +1253,7 @@ ssl3_get_key_exchange(SSL *s)

}

s->session->sess_cert->peer_rsa_tmp = rsa;

rsa = NULL;

- } else if (alg_k & SSL_kEDH) {

+ } else if (alg_k & SSL_kDHE) {

if ((dh = DH_new()) == NULL) {

SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,

ERR_R_DH_LIB);

@@ -1328,7 +1328,7 @@ ssl3_get_key_exchange(SSL *s)

SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,

SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);

goto f_err;

- } else if (alg_k & SSL_kEECDH) {

+ } else if (alg_k & SSL_kECDHE) {

EC_GROUP *ngroup;

const EC_GROUP *group;

@@ -1987,7 +1987,7 @@ ssl3_send_client_key_exchange(SSL *s)

s->method->ssl3_enc->generate_master_secret(

s, s->session->master_key, tmp_buf, sizeof tmp_buf);

OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);

- } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {

+ } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {

DH *dh_srvr, *dh_clnt;

if (s->session->sess_cert == NULL) {

@@ -2051,7 +2051,7 @@ ssl3_send_client_key_exchange(SSL *s)

DH_free(dh_clnt);

/* perhaps clean things up a bit EAY EAY EAY EAY*/

- } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {

+ } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {

const EC_GROUP *srvr_group = NULL;

EC_KEY *tkey;

int ecdh_clnt_cert = 0;

@@ -2640,7 +2640,7 @@ ssl3_check_cert_and_algorithm(SSL *s)

SSL_R_MISSING_RSA_ENCRYPTING_CERT);

goto f_err;

}

- if ((alg_k & SSL_kEDH) &&

+ if ((alg_k & SSL_kDHE) &&

!(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {

SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,

SSL_R_MISSING_DH_KEY);

diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c
index f94e207fc4e..decdda90a3d 100644
--- a/lib/libssl/src/ssl/s3_lib.c
+++ b/lib/libssl/src/ssl/s3_lib.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_lib.c,v 1.69 2014/07/11 09:24:44 beck Exp $ */

+/* $OpenBSD: s3_lib.c,v 1.70 2014/07/12 22:33:39 jsing Exp $ */

@@ -433,7 +433,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 0, /* Weakened 40-bit export cipher. */

.name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,

.id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aDSS,

.algorithm_enc = SSL_DES,

.algorithm_mac = SSL_SHA1,

@@ -449,7 +449,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,

.id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aDSS,

.algorithm_enc = SSL_DES,

.algorithm_mac = SSL_SHA1,

@@ -465,7 +465,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,

.id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aDSS,

.algorithm_enc = SSL_3DES,

.algorithm_mac = SSL_SHA1,

@@ -481,7 +481,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 0, /* Weakened 40-bit export cipher. */

.name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,

.id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_DES,

.algorithm_mac = SSL_SHA1,

@@ -497,7 +497,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,

.id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_DES,

.algorithm_mac = SSL_SHA1,

@@ -513,7 +513,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,

.id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_3DES,

.algorithm_mac = SSL_SHA1,

@@ -529,7 +529,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 0, /* Weakened 40-bit export cipher. */

.name = SSL3_TXT_ADH_RC4_40_MD5,

.id = SSL3_CK_ADH_RC4_40_MD5,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_RC4,

.algorithm_mac = SSL_MD5,

@@ -545,7 +545,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = SSL3_TXT_ADH_RC4_128_MD5,

.id = SSL3_CK_ADH_RC4_128_MD5,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_RC4,

.algorithm_mac = SSL_MD5,

@@ -561,7 +561,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 0, /* Weakened 40-bit export cipher. */

.name = SSL3_TXT_ADH_DES_40_CBC_SHA,

.id = SSL3_CK_ADH_DES_40_CBC_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_DES,

.algorithm_mac = SSL_SHA1,

@@ -577,7 +577,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = SSL3_TXT_ADH_DES_64_CBC_SHA,

.id = SSL3_CK_ADH_DES_64_CBC_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_DES,

.algorithm_mac = SSL_SHA1,

@@ -593,7 +593,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = SSL3_TXT_ADH_DES_192_CBC_SHA,

.id = SSL3_CK_ADH_DES_192_CBC_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_3DES,

.algorithm_mac = SSL_SHA1,

@@ -655,7 +655,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,

.id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aDSS,

.algorithm_enc = SSL_AES128,

.algorithm_mac = SSL_SHA1,

@@ -670,7 +670,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,

.id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_AES128,

.algorithm_mac = SSL_SHA1,

@@ -685,7 +685,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ADH_WITH_AES_128_SHA,

.id = TLS1_CK_ADH_WITH_AES_128_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_AES128,

.algorithm_mac = SSL_SHA1,

@@ -748,7 +748,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,

.id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aDSS,

.algorithm_enc = SSL_AES256,

.algorithm_mac = SSL_SHA1,

@@ -764,7 +764,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,

.id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_AES256,

.algorithm_mac = SSL_SHA1,

@@ -780,7 +780,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ADH_WITH_AES_256_SHA,

.id = TLS1_CK_ADH_WITH_AES_256_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_AES256,

.algorithm_mac = SSL_SHA1,

@@ -877,7 +877,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,

.id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aDSS,

.algorithm_enc = SSL_AES128,

.algorithm_mac = SSL_SHA256,

@@ -944,7 +944,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,

.id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aDSS,

.algorithm_enc = SSL_CAMELLIA128,

.algorithm_mac = SSL_SHA1,

@@ -960,7 +960,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,

.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_CAMELLIA128,

.algorithm_mac = SSL_SHA1,

@@ -976,7 +976,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,

.id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_CAMELLIA128,

.algorithm_mac = SSL_SHA1,

@@ -994,7 +994,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,

.id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_AES128,

.algorithm_mac = SSL_SHA256,

@@ -1042,7 +1042,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,

.id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aDSS,

.algorithm_enc = SSL_AES256,

.algorithm_mac = SSL_SHA256,

@@ -1058,7 +1058,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,

.id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_AES256,

.algorithm_mac = SSL_SHA256,

@@ -1074,7 +1074,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ADH_WITH_AES_128_SHA256,

.id = TLS1_CK_ADH_WITH_AES_128_SHA256,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_AES128,

.algorithm_mac = SSL_SHA256,

@@ -1090,7 +1090,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ADH_WITH_AES_256_SHA256,

.id = TLS1_CK_ADH_WITH_AES_256_SHA256,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_AES256,

.algorithm_mac = SSL_SHA256,

@@ -1218,7 +1218,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,

.id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aDSS,

.algorithm_enc = SSL_CAMELLIA256,

.algorithm_mac = SSL_SHA1,

@@ -1234,7 +1234,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,

.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_CAMELLIA256,

.algorithm_mac = SSL_SHA1,

@@ -1250,7 +1250,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,

.id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_CAMELLIA256,

.algorithm_mac = SSL_SHA1,

@@ -1306,7 +1306,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,

.id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_AES128GCM,

.algorithm_mac = SSL_AEAD,

@@ -1324,7 +1324,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,

.id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_AES256GCM,

.algorithm_mac = SSL_AEAD,

@@ -1378,7 +1378,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,

.id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aDSS,

.algorithm_enc = SSL_AES128GCM,

.algorithm_mac = SSL_AEAD,

@@ -1396,7 +1396,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,

.id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aDSS,

.algorithm_enc = SSL_AES256GCM,

.algorithm_mac = SSL_AEAD,

@@ -1450,7 +1450,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,

.id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_AES128GCM,

.algorithm_mac = SSL_AEAD,

@@ -1468,7 +1468,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,

.id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_AES256GCM,

.algorithm_mac = SSL_AEAD,

@@ -1566,7 +1566,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,

.id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aECDSA,

.algorithm_enc = SSL_eNULL,

.algorithm_mac = SSL_SHA1,

@@ -1582,7 +1582,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,

.id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aECDSA,

.algorithm_enc = SSL_RC4,

.algorithm_mac = SSL_SHA1,

@@ -1598,7 +1598,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,

.id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aECDSA,

.algorithm_enc = SSL_3DES,

.algorithm_mac = SSL_SHA1,

@@ -1614,7 +1614,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,

.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aECDSA,

.algorithm_enc = SSL_AES128,

.algorithm_mac = SSL_SHA1,

@@ -1630,7 +1630,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,

.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aECDSA,

.algorithm_enc = SSL_AES256,

.algorithm_mac = SSL_SHA1,

@@ -1726,7 +1726,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,

.id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_eNULL,

.algorithm_mac = SSL_SHA1,

@@ -1742,7 +1742,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,

.id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_RC4,

.algorithm_mac = SSL_SHA1,

@@ -1758,7 +1758,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,

.id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_3DES,

.algorithm_mac = SSL_SHA1,

@@ -1774,7 +1774,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,

.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_AES128,

.algorithm_mac = SSL_SHA1,

@@ -1790,7 +1790,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,

.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_AES256,

.algorithm_mac = SSL_SHA1,

@@ -1806,7 +1806,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA,

.id = TLS1_CK_ECDH_anon_WITH_NULL_SHA,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_eNULL,

.algorithm_mac = SSL_SHA1,

@@ -1822,7 +1822,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,

.id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_RC4,

.algorithm_mac = SSL_SHA1,

@@ -1838,7 +1838,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,

.id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_3DES,

.algorithm_mac = SSL_SHA1,

@@ -1854,7 +1854,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,

.id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_AES128,

.algorithm_mac = SSL_SHA1,

@@ -1870,7 +1870,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,

.id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = SSL_AES256,

.algorithm_mac = SSL_SHA1,

@@ -1889,7 +1889,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,

.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aECDSA,

.algorithm_enc = SSL_AES128,

.algorithm_mac = SSL_SHA256,

@@ -1905,7 +1905,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,

.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aECDSA,

.algorithm_enc = SSL_AES256,

.algorithm_mac = SSL_SHA384,

@@ -1953,7 +1953,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,

.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_AES128,

.algorithm_mac = SSL_SHA256,

@@ -1969,7 +1969,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,

.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_AES256,

.algorithm_mac = SSL_SHA384,

@@ -2019,7 +2019,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,

.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aECDSA,

.algorithm_enc = SSL_AES128GCM,

.algorithm_mac = SSL_AEAD,

@@ -2037,7 +2037,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,

.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aECDSA,

.algorithm_enc = SSL_AES256GCM,

.algorithm_mac = SSL_AEAD,

@@ -2091,7 +2091,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_AES128GCM,

.algorithm_mac = SSL_AEAD,

@@ -2109,7 +2109,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,

.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_AES256GCM,

.algorithm_mac = SSL_AEAD,

@@ -2224,7 +2224,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,

.id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_CHACHA20POLY1305,

.algorithm_mac = SSL_AEAD,

@@ -2240,7 +2240,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,

.id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aECDSA,

.algorithm_enc = SSL_CHACHA20POLY1305,

.algorithm_mac = SSL_AEAD,

@@ -2256,7 +2256,7 @@ SSL_CIPHER ssl3_ciphers[] = {

.valid = 1,

.name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,

.id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aRSA,

.algorithm_enc = SSL_CHACHA20POLY1305,

.algorithm_mac = SSL_AEAD,

@@ -3069,7 +3069,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,

* if we are considering an ECC cipher suite that uses an

* ephemeral EC key

- (alg_k & SSL_kEECDH)

+ (alg_k & SSL_kECDHE)

/* and we have an ephemeral EC key */

&& (s->cert->ecdh_tmp != NULL)

/* and the client specified an EllipticCurves extension */

@@ -3108,7 +3108,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,

continue;

ii = sk_SSL_CIPHER_find(allow, c);

if (ii >= 0) {

- if ((alg_k & SSL_kEECDH) &&

+ if ((alg_k & SSL_kECDHE) &&

(alg_a & SSL_aECDSA) && s->s3->is_probably_safari) {

if (!ret)

ret = sk_SSL_CIPHER_value(allow, ii);

@@ -3139,12 +3139,12 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)

}

#endif

- if (alg_k & (SSL_kDHr|SSL_kEDH)) {

+ if (alg_k & (SSL_kDHr|SSL_kDHE)) {

p[ret++] = SSL3_CT_RSA_FIXED_DH;

p[ret++] = SSL3_CT_DSS_FIXED_DH;

}

if ((s->version == SSL3_VERSION) &&

- (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) {

+ (alg_k & (SSL_kDHE|SSL_kDHd|SSL_kDHr))) {

p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;

p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;

}

@@ -3157,7 +3157,7 @@ ssl3_get_req_cert_type(SSL *s, unsigned char *p)

* ECDSA certs can be used with RSA cipher suites as well

- * so we don't need to check for SSL_kECDH or SSL_kEECDH

+ * so we don't need to check for SSL_kECDH or SSL_kECDHE

if (s->version >= TLS1_VERSION) {

p[ret++] = TLS_CT_ECDSA_SIGN;

diff --git a/lib/libssl/src/ssl/s3_srvr.c b/lib/libssl/src/ssl/s3_srvr.c
index e0a7d78995e..8d47a16b559 100644
--- a/lib/libssl/src/ssl/s3_srvr.c
+++ b/lib/libssl/src/ssl/s3_srvr.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: s3_srvr.c,v 1.77 2014/07/12 13:11:53 jsing Exp $ */

+/* $OpenBSD: s3_srvr.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */

@@ -422,8 +422,8 @@ ssl3_accept(SSL *s)

* public key for key exchange.

if (s->s3->tmp.use_rsa_tmp ||

- (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH)) ||

- (alg_k & SSL_kEECDH) ||

+ (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kDHE)) ||

+ (alg_k & SSL_kECDHE) ||

((alg_k & SSL_kRSA) &&

(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey ==

NULL))) {

@@ -1416,7 +1416,7 @@ ssl3_send_server_key_exchange(SSL *s)

r[1] = rsa->e;

s->s3->tmp.use_rsa_tmp = 1;

} else

- if (type & SSL_kEDH) {

+ if (type & SSL_kDHE) {

dhp = cert->dh_tmp;

if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))

dhp = s->cert->dh_tmp_cb(s, 0, 0);

@@ -1463,7 +1463,7 @@ ssl3_send_server_key_exchange(SSL *s)

r[1] = dh->g;

r[2] = dh->pub_key;

} else

- if (type & SSL_kEECDH) {

+ if (type & SSL_kECDHE) {

const EC_GROUP *group;

ecdhp = cert->ecdh_tmp;

@@ -1614,7 +1614,7 @@ ssl3_send_server_key_exchange(SSL *s)

p += nr[i];

}

- if (type & SSL_kEECDH) {

+ if (type & SSL_kECDHE) {

* XXX: For now, we only support named (not generic)

* curves.

@@ -1968,7 +1968,7 @@ ssl3_get_client_key_exchange(SSL *s)

p, i);

OPENSSL_cleanse(p, i);

} else

- if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {

+ if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {

if (2 > n)

goto truncated;

n2s(p, i);

@@ -2026,7 +2026,7 @@ ssl3_get_client_key_exchange(SSL *s)

OPENSSL_cleanse(p, i);

} else

- if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {

+ if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {

int ret = 1;

int field_size = 0;

const EC_KEY *tkey;

@@ -2072,7 +2072,7 @@ ssl3_get_client_key_exchange(SSL *s)

if (n == 0L) {

/* Client Publickey was in Client Certificate */

- if (alg_k & SSL_kEECDH) {

+ if (alg_k & SSL_kECDHE) {

al = SSL_AD_HANDSHAKE_FAILURE;

SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,

SSL_R_MISSING_TMP_ECDH_KEY);

diff --git a/lib/libssl/src/ssl/ssl_ciph.c b/lib/libssl/src/ssl/ssl_ciph.c
index a2dec527ca1..70c91bf6007 100644
--- a/lib/libssl/src/ssl/ssl_ciph.c
+++ b/lib/libssl/src/ssl/ssl_ciph.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_ciph.c,v 1.65 2014/07/12 13:11:53 jsing Exp $ */

+/* $OpenBSD: ssl_ciph.c,v 1.66 2014/07/12 22:33:39 jsing Exp $ */

@@ -233,7 +233,7 @@ static const SSL_CIPHER cipher_aliases[] = {

{

.name = SSL_TXT_CMPDEF,

- .algorithm_mkey = SSL_kEDH|SSL_kEECDH,

+ .algorithm_mkey = SSL_kDHE|SSL_kECDHE,

.algorithm_auth = SSL_aNULL,

.algorithm_enc = ~SSL_eNULL,

@@ -265,11 +265,11 @@ static const SSL_CIPHER cipher_aliases[] = {

{

.name = SSL_TXT_kEDH,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

{

.name = SSL_TXT_DH,

- .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kEDH,

+ .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kDHE,

{

@@ -286,11 +286,11 @@ static const SSL_CIPHER cipher_aliases[] = {

{

.name = SSL_TXT_kEECDH,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

{

.name = SSL_TXT_ECDH,

- .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,

{

@@ -348,12 +348,12 @@ static const SSL_CIPHER cipher_aliases[] = {

/* aliases combining key exchange and server authentication */

{

.name = SSL_TXT_EDH,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = ~SSL_aNULL,

{

.name = SSL_TXT_EECDH,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = ~SSL_aNULL,

{

@@ -367,12 +367,12 @@ static const SSL_CIPHER cipher_aliases[] = {

{

.name = SSL_TXT_ADH,

- .algorithm_mkey = SSL_kEDH,

+ .algorithm_mkey = SSL_kDHE,

.algorithm_auth = SSL_aNULL,

{

.name = SSL_TXT_AECDH,

- .algorithm_mkey = SSL_kEECDH,

+ .algorithm_mkey = SSL_kECDHE,

.algorithm_auth = SSL_aNULL,

@@ -1451,8 +1451,8 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,

/* Now arrange all ciphers by preference: */

/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */

- ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);

- ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);

+ ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);

+ ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);

* CHACHA20 is fast and safe on all hardware and is thus our preferred

@@ -1609,7 +1609,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)

case SSL_kDHd:

kx = "DH/DSS";

break;

- case SSL_kEDH:

+ case SSL_kDHE:

kx = "DH";

break;

case SSL_kECDHr:

@@ -1618,7 +1618,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)

case SSL_kECDHe:

kx = "ECDH/ECDSA";

break;

- case SSL_kEECDH:

+ case SSL_kECDHE:

kx = "ECDH";

break;

default:

diff --git a/lib/libssl/src/ssl/ssl_lib.c b/lib/libssl/src/ssl/ssl_lib.c
index b563071cdad..6b62713bca5 100644
--- a/lib/libssl/src/ssl/ssl_lib.c
+++ b/lib/libssl/src/ssl/ssl_lib.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_lib.c,v 1.77 2014/07/12 19:45:53 jsing Exp $ */

+/* $OpenBSD: ssl_lib.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */

@@ -1973,7 +1973,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)

mask_k|=SSL_kRSA;

if (dh_tmp)

- mask_k|=SSL_kEDH;

+ mask_k|=SSL_kDHE;

if (dh_rsa)

mask_k|=SSL_kDHr;

@@ -2022,7 +2022,7 @@ ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)

}

if (have_ecdh_tmp) {

- mask_k|=SSL_kEECDH;

+ mask_k|=SSL_kECDHE;

}

@@ -2108,10 +2108,10 @@ ssl_get_server_send_pkey(const SSL *s)

if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {

- * We don't need to look at SSL_kEECDH

+ * We don't need to look at SSL_kECDHE

* since no certificate is needed for

* anon ECDH and for authenticated

- * EECDH, the check for the auth

+ * ECDHE, the check for the auth

* algorithm will set i correctly

* NOTE: For ECDH-RSA, we need an ECC

* not an RSA cert but for EECDH-RSA

diff --git a/lib/libssl/src/ssl/ssl_locl.h b/lib/libssl/src/ssl/ssl_locl.h
index 22ba8d926e5..34e6337856b 100644
--- a/lib/libssl/src/ssl/ssl_locl.h
+++ b/lib/libssl/src/ssl/ssl_locl.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: ssl_locl.h,v 1.61 2014/07/12 19:45:53 jsing Exp $ */

+/* $OpenBSD: ssl_locl.h,v 1.62 2014/07/12 22:33:39 jsing Exp $ */

@@ -256,10 +256,10 @@

#define SSL_kRSA 0x00000001L /* RSA key exchange */

#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */

#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */

-#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */

+#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */

#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */

#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */

-#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */

+#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */

#define SSL_kGOST 0x00000200L /* GOST key exchange */

/* Bits for algorithm_auth (server authentication) */

@@ -397,7 +397,7 @@

/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |

* <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)

* SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)

- * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN

+ * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN

* SSL_aRSA <- RSA_ENC | RSA_SIGN

* SSL_aDSS <- DSA_SIGN

diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c
index 03af6e29efa..46b47a95b7b 100644
--- a/lib/libssl/src/ssl/t1_lib.c
+++ b/lib/libssl/src/ssl/t1_lib.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: t1_lib.c,v 1.49 2014/07/09 11:10:51 bcook Exp $ */

+/* $OpenBSD: t1_lib.c,v 1.50 2014/07/12 22:33:39 jsing Exp $ */

@@ -1477,7 +1477,7 @@ ssl_prepare_clienthello_tlsext(SSL *s)

alg_k = c->algorithm_mkey;

alg_a = c->algorithm_auth;

- if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) ||

+ if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) ||

(alg_a & SSL_aECDSA))) {

using_ecc = 1;

break;

@@ -1524,7 +1524,7 @@ ssl_prepare_serverhello_tlsext(SSL *s)

unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;

unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;

- int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);

+ int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);

using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);

if (using_ecc) {

@@ -1650,7 +1650,7 @@ ssl_check_serverhello_tlsext(SSL *s)

(s->tlsext_ecpointformatlist_length > 0) &&

(s->session->tlsext_ecpointformatlist != NULL) &&

(s->session->tlsext_ecpointformatlist_length > 0) &&

- ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) {

+ ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) {

/* we are using an ECC cipher */

size_t i;

unsigned char *list;