The correct name for EDH is DHE, likewise EECDH should be ECDHE.

Based on changes to OpenSSL trunk. ok beck@ miod@
author: jsing <> 2014-07-12 22:33:39 +0000
committer: jsing <> 2014-07-12 22:33:39 +0000
commit: 1576d117fd48c972306b2973f975d424551988e9 (patch)
tree: ac193b1a184864cbde82877d05b433080052c5d1 /src/lib/libssl/d1_srvr.c
parent: 929d339dda473f536b3f3af87fc016274b499e50 (diff)
download: openbsd-1576d117fd48c972306b2973f975d424551988e9.tar.gz
openbsd-1576d117fd48c972306b2973f975d424551988e9.tar.bz2
openbsd-1576d117fd48c972306b2973f975d424551988e9.zip
1 files changed, 6 insertions, 6 deletions
diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c
index a94b7ed61b..ecf4a198b1 100644
--- a/src/lib/libssl/d1_srvr.c
+++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.32 2014/07/12 13:11:53 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.33 2014/07/12 22:33:39 jsing Exp $ */
 /* 
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
@@ -464,8 +464,8 @@ dtls1_accept(SSL *s)
                        /* only send if a DH key exchange or
                         * RSA but we have a sign only certificate */
                        if (s->s3->tmp.use_rsa_tmp
-                        || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+                        || (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
-                        || (alg_k & SSL_kEECDH)
+                        || (alg_k & SSL_kECDHE)
                        || ((alg_k & SSL_kRSA)
                        && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
                        )
@@ -1052,7 +1052,7 @@ dtls1_send_server_key_exchange(SSL *s)
                        r[1] = rsa->e;
                        s->s3->tmp.use_rsa_tmp = 1;
                } else
-                if (type & SSL_kEDH) {
+                if (type & SSL_kDHE) {
                        dhp = cert->dh_tmp;
                        if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
                                dhp = s->cert->dh_tmp_cb(s, 0, 0);
@@ -1094,7 +1094,7 @@ dtls1_send_server_key_exchange(SSL *s)
                        r[1] = dh->g;
                        r[2] = dh->pub_key;
                } else
-                if (type & SSL_kEECDH) {
+                if (type & SSL_kECDHE) {
                        const EC_GROUP *group;
                        ecdhp = cert->ecdh_tmp;
@@ -1232,7 +1232,7 @@ dtls1_send_server_key_exchange(SSL *s)
                        p += nr[i];
                }
-                if (type & SSL_kEECDH) {
+                if (type & SSL_kECDHE) {
                        /* XXX: For now, we only support named (not generic) curves.
                         * In this situation, the serverKeyExchange message has:
                         * [1 byte CurveType], [2 byte CurveName]
author	jsing <>	2014-07-12 22:33:39 +0000
committer	jsing <>	2014-07-12 22:33:39 +0000
commit	1576d117fd48c972306b2973f975d424551988e9 (patch)
tree	ac193b1a184864cbde82877d05b433080052c5d1 /src/lib/libssl/d1_srvr.c
parent	929d339dda473f536b3f3af87fc016274b499e50 (diff)
download	openbsd-1576d117fd48c972306b2973f975d424551988e9.tar.gz openbsd-1576d117fd48c972306b2973f975d424551988e9.tar.bz2 openbsd-1576d117fd48c972306b2973f975d424551988e9.zip

diff --git a/src/lib/libssl/d1_srvr.c b/src/lib/libssl/d1_srvr.c index a94b7ed61b..ecf4a198b1 100644 --- a/src/lib/libssl/d1_srvr.c +++ b/src/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: d1_srvr.c,v 1.32 2014/07/12 13:11:53 jsing Exp $ */	1	/* $OpenBSD: d1_srvr.c,v 1.33 2014/07/12 22:33:39 jsing Exp $ */
2	/*	2	/*
3	* DTLS implementation written by Nagendra Modadugu	3	* DTLS implementation written by Nagendra Modadugu
4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.	4	* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -464,8 +464,8 @@ dtls1_accept(SSL *s)
464	/* only send if a DH key exchange or	464	/* only send if a DH key exchange or
465	* RSA but we have a sign only certificate */	465	* RSA but we have a sign only certificate */
466	if (s->s3->tmp.use_rsa_tmp	466	if (s->s3->tmp.use_rsa_tmp
467	\|\| (alg_k & (SSL_kEDH\|SSL_kDHr\|SSL_kDHd))	467	\|\| (alg_k & (SSL_kDHE\|SSL_kDHr\|SSL_kDHd))
468	\|\| (alg_k & SSL_kEECDH)	468	\|\| (alg_k & SSL_kECDHE)
469	\|\| ((alg_k & SSL_kRSA)	469	\|\| ((alg_k & SSL_kRSA)
470	&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL	470	&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
471	)	471	)
@@ -1052,7 +1052,7 @@ dtls1_send_server_key_exchange(SSL *s)
1052	r[1] = rsa->e;	1052	r[1] = rsa->e;
1053	s->s3->tmp.use_rsa_tmp = 1;	1053	s->s3->tmp.use_rsa_tmp = 1;
1054	} else	1054	} else
1055	if (type & SSL_kEDH) {	1055	if (type & SSL_kDHE) {
1056	dhp = cert->dh_tmp;	1056	dhp = cert->dh_tmp;
1057	if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))	1057	if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
1058	dhp = s->cert->dh_tmp_cb(s, 0, 0);	1058	dhp = s->cert->dh_tmp_cb(s, 0, 0);
@@ -1094,7 +1094,7 @@ dtls1_send_server_key_exchange(SSL *s)
1094	r[1] = dh->g;	1094	r[1] = dh->g;
1095	r[2] = dh->pub_key;	1095	r[2] = dh->pub_key;
1096	} else	1096	} else
1097	if (type & SSL_kEECDH) {	1097	if (type & SSL_kECDHE) {
1098	const EC_GROUP *group;	1098	const EC_GROUP *group;
1099		1099
1100	ecdhp = cert->ecdh_tmp;	1100	ecdhp = cert->ecdh_tmp;
@@ -1232,7 +1232,7 @@ dtls1_send_server_key_exchange(SSL *s)
1232	p += nr[i];	1232	p += nr[i];
1233	}	1233	}
1234		1234
1235	if (type & SSL_kEECDH) {	1235	if (type & SSL_kECDHE) {
1236	/* XXX: For now, we only support named (not generic) curves.	1236	/* XXX: For now, we only support named (not generic) curves.
1237	* In this situation, the serverKeyExchange message has:	1237	* In this situation, the serverKeyExchange message has:
1238	* [1 byte CurveType], [2 byte CurveName]	1238	* [1 byte CurveType], [2 byte CurveName]