The correct name for EDH is DHE, likewise EECDH should be ECDHE.

Based on changes to OpenSSL trunk. ok beck@ miod@
author: jsing <> 2014-07-12 22:33:39 +0000
committer: jsing <> 2014-07-12 22:33:39 +0000
commit: a5fd5047b3335510b9ae8ea0b02073c33c7a8f72 (patch)
tree: ac193b1a184864cbde82877d05b433080052c5d1 /src/lib/libssl/ssl_ciph.c
parent: e0fe7621bce09dd6ba62ddb9889bc82d64e677f7 (diff)
download: openbsd-a5fd5047b3335510b9ae8ea0b02073c33c7a8f72.tar.gz
openbsd-a5fd5047b3335510b9ae8ea0b02073c33c7a8f72.tar.bz2
openbsd-a5fd5047b3335510b9ae8ea0b02073c33c7a8f72.zip
1 files changed, 14 insertions, 14 deletions
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
index a2dec527ca..70c91bf600 100644
--- a/src/lib/libssl/ssl_ciph.c
+++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_ciph.c,v 1.65 2014/07/12 13:11:53 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.66 2014/07/12 22:33:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -233,7 +233,7 @@ static const SSL_CIPHER cipher_aliases[] = {
         */
        {
                .name = SSL_TXT_CMPDEF,
-                .algorithm_mkey = SSL_kEDH|SSL_kEECDH,
+                .algorithm_mkey = SSL_kDHE|SSL_kECDHE,
                .algorithm_auth = SSL_aNULL,
                .algorithm_enc = ~SSL_eNULL,
        },
@@ -265,11 +265,11 @@ static const SSL_CIPHER cipher_aliases[] = {
        },
        {
                .name = SSL_TXT_kEDH,
-                .algorithm_mkey = SSL_kEDH,
+                .algorithm_mkey = SSL_kDHE,
        },
        {
                .name = SSL_TXT_DH,
-                .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kEDH,
+                .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kDHE,
        },
        
        {
@@ -286,11 +286,11 @@ static const SSL_CIPHER cipher_aliases[] = {
        },
        {
                .name = SSL_TXT_kEECDH,
-                .algorithm_mkey = SSL_kEECDH,
+                .algorithm_mkey = SSL_kECDHE,
        },
        {
                .name = SSL_TXT_ECDH,
-                .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,
+                .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,
        },
        
        {
@@ -348,12 +348,12 @@ static const SSL_CIPHER cipher_aliases[] = {
        /* aliases combining key exchange and server authentication */
        {
                .name = SSL_TXT_EDH,
-                .algorithm_mkey = SSL_kEDH,
+                .algorithm_mkey = SSL_kDHE,
                .algorithm_auth = ~SSL_aNULL,
        },
        {
                .name = SSL_TXT_EECDH,
-                .algorithm_mkey = SSL_kEECDH,
+                .algorithm_mkey = SSL_kECDHE,
                .algorithm_auth = ~SSL_aNULL,
        },
        {
@@ -367,12 +367,12 @@ static const SSL_CIPHER cipher_aliases[] = {
        },
        {
                .name = SSL_TXT_ADH,
-                .algorithm_mkey = SSL_kEDH,
+                .algorithm_mkey = SSL_kDHE,
                .algorithm_auth = SSL_aNULL,
        },
        {
                .name = SSL_TXT_AECDH,
-                .algorithm_mkey = SSL_kEECDH,
+                .algorithm_mkey = SSL_kECDHE,
                .algorithm_auth = SSL_aNULL,
        },
@@ -1451,8 +1451,8 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
        /* Now arrange all ciphers by preference: */
        /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
-        ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+        ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
-        ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+        ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
        /*
         * CHACHA20 is fast and safe on all hardware and is thus our preferred
@@ -1609,7 +1609,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_kDHd:
                kx = "DH/DSS";
                break;
-        case SSL_kEDH:
+        case SSL_kDHE:
                kx = "DH";
                break;
        case SSL_kECDHr:
@@ -1618,7 +1618,7 @@ SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
        case SSL_kECDHe:
                kx = "ECDH/ECDSA";
                break;
-        case SSL_kEECDH:
+        case SSL_kECDHE:
                kx = "ECDH";
                break;
        default:
author	jsing <>	2014-07-12 22:33:39 +0000
committer	jsing <>	2014-07-12 22:33:39 +0000
commit	a5fd5047b3335510b9ae8ea0b02073c33c7a8f72 (patch)
tree	ac193b1a184864cbde82877d05b433080052c5d1 /src/lib/libssl/ssl_ciph.c
parent	e0fe7621bce09dd6ba62ddb9889bc82d64e677f7 (diff)
download	openbsd-a5fd5047b3335510b9ae8ea0b02073c33c7a8f72.tar.gz openbsd-a5fd5047b3335510b9ae8ea0b02073c33c7a8f72.tar.bz2 openbsd-a5fd5047b3335510b9ae8ea0b02073c33c7a8f72.zip

diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index a2dec527ca..70c91bf600 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_ciph.c,v 1.65 2014/07/12 13:11:53 jsing Exp $ */	1	/* $OpenBSD: ssl_ciph.c,v 1.66 2014/07/12 22:33:39 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -233,7 +233,7 @@ static const SSL_CIPHER cipher_aliases[] = {
233	*/	233	*/
234	{	234	{
235	.name = SSL_TXT_CMPDEF,	235	.name = SSL_TXT_CMPDEF,
236	.algorithm_mkey = SSL_kEDH\|SSL_kEECDH,	236	.algorithm_mkey = SSL_kDHE\|SSL_kECDHE,
237	.algorithm_auth = SSL_aNULL,	237	.algorithm_auth = SSL_aNULL,
238	.algorithm_enc = ~SSL_eNULL,	238	.algorithm_enc = ~SSL_eNULL,
239	},	239	},
@@ -265,11 +265,11 @@ static const SSL_CIPHER cipher_aliases[] = {
265	},	265	},
266	{	266	{
267	.name = SSL_TXT_kEDH,	267	.name = SSL_TXT_kEDH,
268	.algorithm_mkey = SSL_kEDH,	268	.algorithm_mkey = SSL_kDHE,
269	},	269	},
270	{	270	{
271	.name = SSL_TXT_DH,	271	.name = SSL_TXT_DH,
272	.algorithm_mkey = SSL_kDHr\|SSL_kDHd\|SSL_kEDH,	272	.algorithm_mkey = SSL_kDHr\|SSL_kDHd\|SSL_kDHE,
273	},	273	},
274		274
275	{	275	{
@@ -286,11 +286,11 @@ static const SSL_CIPHER cipher_aliases[] = {
286	},	286	},
287	{	287	{
288	.name = SSL_TXT_kEECDH,	288	.name = SSL_TXT_kEECDH,
289	.algorithm_mkey = SSL_kEECDH,	289	.algorithm_mkey = SSL_kECDHE,
290	},	290	},
291	{	291	{
292	.name = SSL_TXT_ECDH,	292	.name = SSL_TXT_ECDH,
293	.algorithm_mkey = SSL_kECDHr\|SSL_kECDHe\|SSL_kEECDH,	293	.algorithm_mkey = SSL_kECDHr\|SSL_kECDHe\|SSL_kECDHE,
294	},	294	},
295		295
296	{	296	{
@@ -348,12 +348,12 @@ static const SSL_CIPHER cipher_aliases[] = {
348	/* aliases combining key exchange and server authentication */	348	/* aliases combining key exchange and server authentication */
349	{	349	{
350	.name = SSL_TXT_EDH,	350	.name = SSL_TXT_EDH,
351	.algorithm_mkey = SSL_kEDH,	351	.algorithm_mkey = SSL_kDHE,
352	.algorithm_auth = ~SSL_aNULL,	352	.algorithm_auth = ~SSL_aNULL,
353	},	353	},
354	{	354	{
355	.name = SSL_TXT_EECDH,	355	.name = SSL_TXT_EECDH,
356	.algorithm_mkey = SSL_kEECDH,	356	.algorithm_mkey = SSL_kECDHE,
357	.algorithm_auth = ~SSL_aNULL,	357	.algorithm_auth = ~SSL_aNULL,
358	},	358	},
359	{	359	{
@@ -367,12 +367,12 @@ static const SSL_CIPHER cipher_aliases[] = {
367	},	367	},
368	{	368	{
369	.name = SSL_TXT_ADH,	369	.name = SSL_TXT_ADH,
370	.algorithm_mkey = SSL_kEDH,	370	.algorithm_mkey = SSL_kDHE,
371	.algorithm_auth = SSL_aNULL,	371	.algorithm_auth = SSL_aNULL,
372	},	372	},
373	{	373	{
374	.name = SSL_TXT_AECDH,	374	.name = SSL_TXT_AECDH,
375	.algorithm_mkey = SSL_kEECDH,	375	.algorithm_mkey = SSL_kECDHE,
376	.algorithm_auth = SSL_aNULL,	376	.algorithm_auth = SSL_aNULL,
377	},	377	},
378		378
@@ -1451,8 +1451,8 @@ ssl_create_cipher_list(const SSL_METHOD *ssl_method,
1451	/* Now arrange all ciphers by preference: */	1451	/* Now arrange all ciphers by preference: */
1452		1452
1453	/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */	1453	/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
1454	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);	1454	ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
1455	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);	1455	ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
1456		1456
1457	/*	1457	/*
1458	* CHACHA20 is fast and safe on all hardware and is thus our preferred	1458	* CHACHA20 is fast and safe on all hardware and is thus our preferred
@@ -1609,7 +1609,7 @@ SSL_CIPHER_description(const SSL_CIPHER cipher, char buf, int len)
1609	case SSL_kDHd:	1609	case SSL_kDHd:
1610	kx = "DH/DSS";	1610	kx = "DH/DSS";
1611	break;	1611	break;
1612	case SSL_kEDH:	1612	case SSL_kDHE:
1613	kx = "DH";	1613	kx = "DH";
1614	break;	1614	break;
1615	case SSL_kECDHr:	1615	case SSL_kECDHr:
@@ -1618,7 +1618,7 @@ SSL_CIPHER_description(const SSL_CIPHER cipher, char buf, int len)
1618	case SSL_kECDHe:	1618	case SSL_kECDHe:
1619	kx = "ECDH/ECDSA";	1619	kx = "ECDH/ECDSA";
1620	break;	1620	break;
1621	case SSL_kEECDH:	1621	case SSL_kECDHE:
1622	kx = "ECDH";	1622	kx = "ECDH";
1623	break;	1623	break;
1624	default:	1624	default: