The correct name for EDH is DHE, likewise EECDH should be ECDHE.

Based on changes to OpenSSL trunk. ok beck@ miod@
author: jsing <> 2014-07-12 22:33:39 +0000
committer: jsing <> 2014-07-12 22:33:39 +0000
commit: 1576d117fd48c972306b2973f975d424551988e9 (patch)
tree: ac193b1a184864cbde82877d05b433080052c5d1 /src/lib/libssl/s3_clnt.c
parent: 929d339dda473f536b3f3af87fc016274b499e50 (diff)
download: openbsd-1576d117fd48c972306b2973f975d424551988e9.tar.gz
openbsd-1576d117fd48c972306b2973f975d424551988e9.tar.bz2
openbsd-1576d117fd48c972306b2973f975d424551988e9.zip
1 files changed, 6 insertions, 6 deletions
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c
index 252100f587..b55b2e62c6 100644
--- a/src/lib/libssl/s3_clnt.c
+++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_clnt.c,v 1.82 2014/07/12 22:17:59 jsg Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.83 2014/07/12 22:33:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1253,7 +1253,7 @@ ssl3_get_key_exchange(SSL *s)
                }
                s->session->sess_cert->peer_rsa_tmp = rsa;
                rsa = NULL;
-        } else if (alg_k & SSL_kEDH) {
+        } else if (alg_k & SSL_kDHE) {
                if ((dh = DH_new()) == NULL) {
                        SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
                            ERR_R_DH_LIB);
@@ -1328,7 +1328,7 @@ ssl3_get_key_exchange(SSL *s)
                SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
                    SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
                goto f_err;
-        } else if (alg_k & SSL_kEECDH) {
+        } else if (alg_k & SSL_kECDHE) {
                EC_GROUP *ngroup;
                const EC_GROUP *group;
@@ -1987,7 +1987,7 @@ ssl3_send_client_key_exchange(SSL *s)
                            s->method->ssl3_enc->generate_master_secret(
                            s, s->session->master_key, tmp_buf, sizeof tmp_buf);
                        OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
-                } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
+                } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {
                        DH *dh_srvr, *dh_clnt;
                        if (s->session->sess_cert == NULL) {
@@ -2051,7 +2051,7 @@ ssl3_send_client_key_exchange(SSL *s)
                        DH_free(dh_clnt);
                        /* perhaps clean things up a bit EAY EAY EAY EAY*/
-                } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
+                } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
                        const EC_GROUP *srvr_group = NULL;
                        EC_KEY *tkey;
                        int ecdh_clnt_cert = 0;
@@ -2640,7 +2640,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
                    SSL_R_MISSING_RSA_ENCRYPTING_CERT);
                goto f_err;
        }
-        if ((alg_k & SSL_kEDH) &&
+        if ((alg_k & SSL_kDHE) &&
            !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
                SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
                    SSL_R_MISSING_DH_KEY);
author	jsing <>	2014-07-12 22:33:39 +0000
committer	jsing <>	2014-07-12 22:33:39 +0000
commit	1576d117fd48c972306b2973f975d424551988e9 (patch)
tree	ac193b1a184864cbde82877d05b433080052c5d1 /src/lib/libssl/s3_clnt.c
parent	929d339dda473f536b3f3af87fc016274b499e50 (diff)
download	openbsd-1576d117fd48c972306b2973f975d424551988e9.tar.gz openbsd-1576d117fd48c972306b2973f975d424551988e9.tar.bz2 openbsd-1576d117fd48c972306b2973f975d424551988e9.zip

diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 252100f587..b55b2e62c6 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_clnt.c,v 1.82 2014/07/12 22:17:59 jsg Exp $ */	1	/* $OpenBSD: s3_clnt.c,v 1.83 2014/07/12 22:33:39 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1253,7 +1253,7 @@ ssl3_get_key_exchange(SSL *s)
1253	}	1253	}
1254	s->session->sess_cert->peer_rsa_tmp = rsa;	1254	s->session->sess_cert->peer_rsa_tmp = rsa;
1255	rsa = NULL;	1255	rsa = NULL;
1256	} else if (alg_k & SSL_kEDH) {	1256	} else if (alg_k & SSL_kDHE) {
1257	if ((dh = DH_new()) == NULL) {	1257	if ((dh = DH_new()) == NULL) {
1258	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,	1258	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1259	ERR_R_DH_LIB);	1259	ERR_R_DH_LIB);
@@ -1328,7 +1328,7 @@ ssl3_get_key_exchange(SSL *s)
1328	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,	1328	SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
1329	SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);	1329	SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
1330	goto f_err;	1330	goto f_err;
1331	} else if (alg_k & SSL_kEECDH) {	1331	} else if (alg_k & SSL_kECDHE) {
1332	EC_GROUP *ngroup;	1332	EC_GROUP *ngroup;
1333	const EC_GROUP *group;	1333	const EC_GROUP *group;
1334		1334
@@ -1987,7 +1987,7 @@ ssl3_send_client_key_exchange(SSL *s)
1987	s->method->ssl3_enc->generate_master_secret(	1987	s->method->ssl3_enc->generate_master_secret(
1988	s, s->session->master_key, tmp_buf, sizeof tmp_buf);	1988	s, s->session->master_key, tmp_buf, sizeof tmp_buf);
1989	OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);	1989	OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
1990	} else if (alg_k & (SSL_kEDH\|SSL_kDHr\|SSL_kDHd)) {	1990	} else if (alg_k & (SSL_kDHE\|SSL_kDHr\|SSL_kDHd)) {
1991	DH dh_srvr, dh_clnt;	1991	DH dh_srvr, dh_clnt;
1992		1992
1993	if (s->session->sess_cert == NULL) {	1993	if (s->session->sess_cert == NULL) {
@@ -2051,7 +2051,7 @@ ssl3_send_client_key_exchange(SSL *s)
2051	DH_free(dh_clnt);	2051	DH_free(dh_clnt);
2052		2052
2053	/* perhaps clean things up a bit EAY EAY EAY EAY*/	2053	/* perhaps clean things up a bit EAY EAY EAY EAY*/
2054	} else if (alg_k & (SSL_kEECDH\|SSL_kECDHr\|SSL_kECDHe)) {	2054	} else if (alg_k & (SSL_kECDHE\|SSL_kECDHr\|SSL_kECDHe)) {
2055	const EC_GROUP *srvr_group = NULL;	2055	const EC_GROUP *srvr_group = NULL;
2056	EC_KEY *tkey;	2056	EC_KEY *tkey;
2057	int ecdh_clnt_cert = 0;	2057	int ecdh_clnt_cert = 0;
@@ -2640,7 +2640,7 @@ ssl3_check_cert_and_algorithm(SSL *s)
2640	SSL_R_MISSING_RSA_ENCRYPTING_CERT);	2640	SSL_R_MISSING_RSA_ENCRYPTING_CERT);
2641	goto f_err;	2641	goto f_err;
2642	}	2642	}
2643	if ((alg_k & SSL_kEDH) &&	2643	if ((alg_k & SSL_kDHE) &&
2644	!(has_bits(i, EVP_PK_DH\|EVP_PKT_EXCH) \|\| (dh != NULL))) {	2644	!(has_bits(i, EVP_PK_DH\|EVP_PKT_EXCH) \|\| (dh != NULL))) {
2645	SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,	2645	SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
2646	SSL_R_MISSING_DH_KEY);	2646	SSL_R_MISSING_DH_KEY);