Based on changes to OpenSSL trunk.
ok beck@ miod@
-/* $OpenBSD: d1_clnt.c,v 1.30 2014/07/12 13:11:53 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.31 2014/07/12 22:33:39 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
s->session->master_key,
tmp_buf, sizeof tmp_buf);
OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
- } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
+ } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {
DH *dh_srvr, *dh_clnt;
if (s->session->sess_cert->peer_dh_tmp != NULL)
DH_free(dh_clnt);
/* perhaps clean things up a bit EAY EAY EAY EAY*/
- } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
+ } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
int ecdh_clnt_cert = 0;
-/* $OpenBSD: d1_srvr.c,v 1.32 2014/07/12 13:11:53 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.33 2014/07/12 22:33:39 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
/* only send if a DH key exchange or
* RSA but we have a sign only certificate */
if (s->s3->tmp.use_rsa_tmp
- || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- || (alg_k & SSL_kEECDH)
+ || (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
+ || (alg_k & SSL_kECDHE)
|| ((alg_k & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
)
r[1] = rsa->e;
s->s3->tmp.use_rsa_tmp = 1;
} else
- if (type & SSL_kEDH) {
+ if (type & SSL_kDHE) {
dhp = cert->dh_tmp;
if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
dhp = s->cert->dh_tmp_cb(s, 0, 0);
r[1] = dh->g;
r[2] = dh->pub_key;
} else
- if (type & SSL_kEECDH) {
+ if (type & SSL_kECDHE) {
const EC_GROUP *group;
ecdhp = cert->ecdh_tmp;
p += nr[i];
}
- if (type & SSL_kEECDH) {
+ if (type & SSL_kECDHE) {
/* XXX: For now, we only support named (not generic) curves.
* In this situation, the serverKeyExchange message has:
* [1 byte CurveType], [2 byte CurveName]
-/* $OpenBSD: s3_clnt.c,v 1.82 2014/07/12 22:17:59 jsg Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.83 2014/07/12 22:33:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
}
s->session->sess_cert->peer_rsa_tmp = rsa;
rsa = NULL;
- } else if (alg_k & SSL_kEDH) {
+ } else if (alg_k & SSL_kDHE) {
if ((dh = DH_new()) == NULL) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
ERR_R_DH_LIB);
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
goto f_err;
- } else if (alg_k & SSL_kEECDH) {
+ } else if (alg_k & SSL_kECDHE) {
EC_GROUP *ngroup;
const EC_GROUP *group;
s->method->ssl3_enc->generate_master_secret(
s, s->session->master_key, tmp_buf, sizeof tmp_buf);
OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
- } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
+ } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {
DH *dh_srvr, *dh_clnt;
if (s->session->sess_cert == NULL) {
DH_free(dh_clnt);
/* perhaps clean things up a bit EAY EAY EAY EAY*/
- } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
+ } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
int ecdh_clnt_cert = 0;
SSL_R_MISSING_RSA_ENCRYPTING_CERT);
goto f_err;
}
- if ((alg_k & SSL_kEDH) &&
+ if ((alg_k & SSL_kDHE) &&
!(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_MISSING_DH_KEY);
-/* $OpenBSD: s3_lib.c,v 1.69 2014/07/11 09:24:44 beck Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.70 2014/07/12 22:33:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
.valid = 0, /* Weakened 40-bit export cipher. */
.name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
.id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
.id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
.id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_3DES,
.algorithm_mac = SSL_SHA1,
.valid = 0, /* Weakened 40-bit export cipher. */
.name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
.id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
.id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
.id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_3DES,
.algorithm_mac = SSL_SHA1,
.valid = 0, /* Weakened 40-bit export cipher. */
.name = SSL3_TXT_ADH_RC4_40_MD5,
.id = SSL3_CK_ADH_RC4_40_MD5,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_RC4,
.algorithm_mac = SSL_MD5,
.valid = 1,
.name = SSL3_TXT_ADH_RC4_128_MD5,
.id = SSL3_CK_ADH_RC4_128_MD5,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_RC4,
.algorithm_mac = SSL_MD5,
.valid = 0, /* Weakened 40-bit export cipher. */
.name = SSL3_TXT_ADH_DES_40_CBC_SHA,
.id = SSL3_CK_ADH_DES_40_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = SSL3_TXT_ADH_DES_64_CBC_SHA,
.id = SSL3_CK_ADH_DES_64_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = SSL3_TXT_ADH_DES_192_CBC_SHA,
.id = SSL3_CK_ADH_DES_192_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_3DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
.id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
.id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_AES_128_SHA,
.id = TLS1_CK_ADH_WITH_AES_128_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
.id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
.id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_AES_256_SHA,
.id = TLS1_CK_ADH_WITH_AES_256_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
.id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
.id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_CAMELLIA128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CAMELLIA128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
.id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_CAMELLIA128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
.id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
.id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
.id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_AES_128_SHA256,
.id = TLS1_CK_ADH_WITH_AES_128_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_AES_256_SHA256,
.id = TLS1_CK_ADH_WITH_AES_256_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
.id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_CAMELLIA256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CAMELLIA256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
.id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_CAMELLIA256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
.id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
.id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
.id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_AES128GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
.id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_AES256GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
.id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES128GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
.id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES256GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
.id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_eNULL,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
.id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_RC4,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
.id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_3DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
.id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_eNULL,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
.id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_RC4,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
.id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_3DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
.id = TLS1_CK_ECDH_anon_WITH_NULL_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_eNULL,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
.id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_RC4,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
.id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_3DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
.id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
.id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA384,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA384,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES128GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES256GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
.id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CHACHA20POLY1305,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
.id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_CHACHA20POLY1305,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
.id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CHACHA20POLY1305,
.algorithm_mac = SSL_AEAD,
* if we are considering an ECC cipher suite that uses an
* ephemeral EC key
*/
- (alg_k & SSL_kEECDH)
+ (alg_k & SSL_kECDHE)
/* and we have an ephemeral EC key */
&& (s->cert->ecdh_tmp != NULL)
/* and the client specified an EllipticCurves extension */
continue;
ii = sk_SSL_CIPHER_find(allow, c);
if (ii >= 0) {
- if ((alg_k & SSL_kEECDH) &&
+ if ((alg_k & SSL_kECDHE) &&
(alg_a & SSL_aECDSA) && s->s3->is_probably_safari) {
if (!ret)
ret = sk_SSL_CIPHER_value(allow, ii);
}
#endif
- if (alg_k & (SSL_kDHr|SSL_kEDH)) {
+ if (alg_k & (SSL_kDHr|SSL_kDHE)) {
p[ret++] = SSL3_CT_RSA_FIXED_DH;
p[ret++] = SSL3_CT_DSS_FIXED_DH;
}
if ((s->version == SSL3_VERSION) &&
- (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) {
+ (alg_k & (SSL_kDHE|SSL_kDHd|SSL_kDHr))) {
p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
}
/*
* ECDSA certs can be used with RSA cipher suites as well
- * so we don't need to check for SSL_kECDH or SSL_kEECDH
+ * so we don't need to check for SSL_kECDH or SSL_kECDHE
*/
if (s->version >= TLS1_VERSION) {
p[ret++] = TLS_CT_ECDSA_SIGN;
-/* $OpenBSD: s3_srvr.c,v 1.77 2014/07/12 13:11:53 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* public key for key exchange.
*/
if (s->s3->tmp.use_rsa_tmp ||
- (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH)) ||
- (alg_k & SSL_kEECDH) ||
+ (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kDHE)) ||
+ (alg_k & SSL_kECDHE) ||
((alg_k & SSL_kRSA) &&
(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey ==
NULL))) {
r[1] = rsa->e;
s->s3->tmp.use_rsa_tmp = 1;
} else
- if (type & SSL_kEDH) {
+ if (type & SSL_kDHE) {
dhp = cert->dh_tmp;
if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
dhp = s->cert->dh_tmp_cb(s, 0, 0);
r[1] = dh->g;
r[2] = dh->pub_key;
} else
- if (type & SSL_kEECDH) {
+ if (type & SSL_kECDHE) {
const EC_GROUP *group;
ecdhp = cert->ecdh_tmp;
p += nr[i];
}
- if (type & SSL_kEECDH) {
+ if (type & SSL_kECDHE) {
/*
* XXX: For now, we only support named (not generic)
* curves.
p, i);
OPENSSL_cleanse(p, i);
} else
- if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
+ if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {
if (2 > n)
goto truncated;
n2s(p, i);
OPENSSL_cleanse(p, i);
} else
- if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
+ if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
int ret = 1;
int field_size = 0;
const EC_KEY *tkey;
if (n == 0L) {
/* Client Publickey was in Client Certificate */
- if (alg_k & SSL_kEECDH) {
+ if (alg_k & SSL_kECDHE) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_MISSING_TMP_ECDH_KEY);
-/* $OpenBSD: d1_clnt.c,v 1.30 2014/07/12 13:11:53 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.31 2014/07/12 22:33:39 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
s->session->master_key,
tmp_buf, sizeof tmp_buf);
OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
- } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
+ } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {
DH *dh_srvr, *dh_clnt;
if (s->session->sess_cert->peer_dh_tmp != NULL)
DH_free(dh_clnt);
/* perhaps clean things up a bit EAY EAY EAY EAY*/
- } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
+ } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
int ecdh_clnt_cert = 0;
-/* $OpenBSD: d1_srvr.c,v 1.32 2014/07/12 13:11:53 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.33 2014/07/12 22:33:39 jsing Exp $ */
/*
* DTLS implementation written by Nagendra Modadugu
* (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
/* only send if a DH key exchange or
* RSA but we have a sign only certificate */
if (s->s3->tmp.use_rsa_tmp
- || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
- || (alg_k & SSL_kEECDH)
+ || (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
+ || (alg_k & SSL_kECDHE)
|| ((alg_k & SSL_kRSA)
&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
)
r[1] = rsa->e;
s->s3->tmp.use_rsa_tmp = 1;
} else
- if (type & SSL_kEDH) {
+ if (type & SSL_kDHE) {
dhp = cert->dh_tmp;
if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
dhp = s->cert->dh_tmp_cb(s, 0, 0);
r[1] = dh->g;
r[2] = dh->pub_key;
} else
- if (type & SSL_kEECDH) {
+ if (type & SSL_kECDHE) {
const EC_GROUP *group;
ecdhp = cert->ecdh_tmp;
p += nr[i];
}
- if (type & SSL_kEECDH) {
+ if (type & SSL_kECDHE) {
/* XXX: For now, we only support named (not generic) curves.
* In this situation, the serverKeyExchange message has:
* [1 byte CurveType], [2 byte CurveName]
-/* $OpenBSD: s3_clnt.c,v 1.82 2014/07/12 22:17:59 jsg Exp $ */
+/* $OpenBSD: s3_clnt.c,v 1.83 2014/07/12 22:33:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
}
s->session->sess_cert->peer_rsa_tmp = rsa;
rsa = NULL;
- } else if (alg_k & SSL_kEDH) {
+ } else if (alg_k & SSL_kDHE) {
if ((dh = DH_new()) == NULL) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
ERR_R_DH_LIB);
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,
SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER);
goto f_err;
- } else if (alg_k & SSL_kEECDH) {
+ } else if (alg_k & SSL_kECDHE) {
EC_GROUP *ngroup;
const EC_GROUP *group;
s->method->ssl3_enc->generate_master_secret(
s, s->session->master_key, tmp_buf, sizeof tmp_buf);
OPENSSL_cleanse(tmp_buf, sizeof tmp_buf);
- } else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
+ } else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {
DH *dh_srvr, *dh_clnt;
if (s->session->sess_cert == NULL) {
DH_free(dh_clnt);
/* perhaps clean things up a bit EAY EAY EAY EAY*/
- } else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
+ } else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
const EC_GROUP *srvr_group = NULL;
EC_KEY *tkey;
int ecdh_clnt_cert = 0;
SSL_R_MISSING_RSA_ENCRYPTING_CERT);
goto f_err;
}
- if ((alg_k & SSL_kEDH) &&
+ if ((alg_k & SSL_kDHE) &&
!(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_MISSING_DH_KEY);
-/* $OpenBSD: s3_lib.c,v 1.69 2014/07/11 09:24:44 beck Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.70 2014/07/12 22:33:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
.valid = 0, /* Weakened 40-bit export cipher. */
.name = SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
.id = SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
.id = SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
.id = SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_3DES,
.algorithm_mac = SSL_SHA1,
.valid = 0, /* Weakened 40-bit export cipher. */
.name = SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
.id = SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
.id = SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
.id = SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_3DES,
.algorithm_mac = SSL_SHA1,
.valid = 0, /* Weakened 40-bit export cipher. */
.name = SSL3_TXT_ADH_RC4_40_MD5,
.id = SSL3_CK_ADH_RC4_40_MD5,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_RC4,
.algorithm_mac = SSL_MD5,
.valid = 1,
.name = SSL3_TXT_ADH_RC4_128_MD5,
.id = SSL3_CK_ADH_RC4_128_MD5,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_RC4,
.algorithm_mac = SSL_MD5,
.valid = 0, /* Weakened 40-bit export cipher. */
.name = SSL3_TXT_ADH_DES_40_CBC_SHA,
.id = SSL3_CK_ADH_DES_40_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = SSL3_TXT_ADH_DES_64_CBC_SHA,
.id = SSL3_CK_ADH_DES_64_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = SSL3_TXT_ADH_DES_192_CBC_SHA,
.id = SSL3_CK_ADH_DES_192_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_3DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
.id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
.id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_AES_128_SHA,
.id = TLS1_CK_ADH_WITH_AES_128_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
.id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
.id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_AES_256_SHA,
.id = TLS1_CK_ADH_WITH_AES_256_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
.id = TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
.id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_CAMELLIA128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CAMELLIA128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
.id = TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_CAMELLIA128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
.id = TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
.id = TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
.id = TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_AES_128_SHA256,
.id = TLS1_CK_ADH_WITH_AES_128_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_AES_256_SHA256,
.id = TLS1_CK_ADH_WITH_AES_256_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
.id = TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_CAMELLIA256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
.id = TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CAMELLIA256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
.id = TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_CAMELLIA256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
.id = TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
.id = TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
.id = TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_AES128GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
.id = TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aDSS,
.algorithm_enc = SSL_AES256GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
.id = TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES128GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
.id = TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES256GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
.id = TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_eNULL,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
.id = TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_RC4,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
.id = TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_3DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
.id = TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_eNULL,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
.id = TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_RC4,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
.id = TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_3DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
.id = TLS1_CK_ECDH_anon_WITH_NULL_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_eNULL,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
.id = TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_RC4,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
.id = TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_3DES,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
.id = TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
.id = TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA1,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA384,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128,
.algorithm_mac = SSL_SHA256,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256,
.algorithm_mac = SSL_SHA384,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES128GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
.id = TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_AES256GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES128GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
.id = TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_AES256GCM,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
.id = TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CHACHA20POLY1305,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
.id = TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aECDSA,
.algorithm_enc = SSL_CHACHA20POLY1305,
.algorithm_mac = SSL_AEAD,
.valid = 1,
.name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
.id = TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aRSA,
.algorithm_enc = SSL_CHACHA20POLY1305,
.algorithm_mac = SSL_AEAD,
* if we are considering an ECC cipher suite that uses an
* ephemeral EC key
*/
- (alg_k & SSL_kEECDH)
+ (alg_k & SSL_kECDHE)
/* and we have an ephemeral EC key */
&& (s->cert->ecdh_tmp != NULL)
/* and the client specified an EllipticCurves extension */
continue;
ii = sk_SSL_CIPHER_find(allow, c);
if (ii >= 0) {
- if ((alg_k & SSL_kEECDH) &&
+ if ((alg_k & SSL_kECDHE) &&
(alg_a & SSL_aECDSA) && s->s3->is_probably_safari) {
if (!ret)
ret = sk_SSL_CIPHER_value(allow, ii);
}
#endif
- if (alg_k & (SSL_kDHr|SSL_kEDH)) {
+ if (alg_k & (SSL_kDHr|SSL_kDHE)) {
p[ret++] = SSL3_CT_RSA_FIXED_DH;
p[ret++] = SSL3_CT_DSS_FIXED_DH;
}
if ((s->version == SSL3_VERSION) &&
- (alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) {
+ (alg_k & (SSL_kDHE|SSL_kDHd|SSL_kDHr))) {
p[ret++] = SSL3_CT_RSA_EPHEMERAL_DH;
p[ret++] = SSL3_CT_DSS_EPHEMERAL_DH;
}
/*
* ECDSA certs can be used with RSA cipher suites as well
- * so we don't need to check for SSL_kECDH or SSL_kEECDH
+ * so we don't need to check for SSL_kECDH or SSL_kECDHE
*/
if (s->version >= TLS1_VERSION) {
p[ret++] = TLS_CT_ECDSA_SIGN;
-/* $OpenBSD: s3_srvr.c,v 1.77 2014/07/12 13:11:53 jsing Exp $ */
+/* $OpenBSD: s3_srvr.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* public key for key exchange.
*/
if (s->s3->tmp.use_rsa_tmp ||
- (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kEDH)) ||
- (alg_k & SSL_kEECDH) ||
+ (alg_k & (SSL_kDHr|SSL_kDHd|SSL_kDHE)) ||
+ (alg_k & SSL_kECDHE) ||
((alg_k & SSL_kRSA) &&
(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey ==
NULL))) {
r[1] = rsa->e;
s->s3->tmp.use_rsa_tmp = 1;
} else
- if (type & SSL_kEDH) {
+ if (type & SSL_kDHE) {
dhp = cert->dh_tmp;
if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
dhp = s->cert->dh_tmp_cb(s, 0, 0);
r[1] = dh->g;
r[2] = dh->pub_key;
} else
- if (type & SSL_kEECDH) {
+ if (type & SSL_kECDHE) {
const EC_GROUP *group;
ecdhp = cert->ecdh_tmp;
p += nr[i];
}
- if (type & SSL_kEECDH) {
+ if (type & SSL_kECDHE) {
/*
* XXX: For now, we only support named (not generic)
* curves.
p, i);
OPENSSL_cleanse(p, i);
} else
- if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) {
+ if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd)) {
if (2 > n)
goto truncated;
n2s(p, i);
OPENSSL_cleanse(p, i);
} else
- if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) {
+ if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) {
int ret = 1;
int field_size = 0;
const EC_KEY *tkey;
if (n == 0L) {
/* Client Publickey was in Client Certificate */
- if (alg_k & SSL_kEECDH) {
+ if (alg_k & SSL_kECDHE) {
al = SSL_AD_HANDSHAKE_FAILURE;
SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
SSL_R_MISSING_TMP_ECDH_KEY);
-/* $OpenBSD: ssl_ciph.c,v 1.65 2014/07/12 13:11:53 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.66 2014/07/12 22:33:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
*/
{
.name = SSL_TXT_CMPDEF,
- .algorithm_mkey = SSL_kEDH|SSL_kEECDH,
+ .algorithm_mkey = SSL_kDHE|SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = ~SSL_eNULL,
},
},
{
.name = SSL_TXT_kEDH,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
},
{
.name = SSL_TXT_DH,
- .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kEDH,
+ .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kDHE,
},
{
},
{
.name = SSL_TXT_kEECDH,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
},
{
.name = SSL_TXT_ECDH,
- .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,
},
{
/* aliases combining key exchange and server authentication */
{
.name = SSL_TXT_EDH,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = ~SSL_aNULL,
},
{
.name = SSL_TXT_EECDH,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = ~SSL_aNULL,
},
{
},
{
.name = SSL_TXT_ADH,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
},
{
.name = SSL_TXT_AECDH,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
},
/* Now arrange all ciphers by preference: */
/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
- ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
- ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
/*
* CHACHA20 is fast and safe on all hardware and is thus our preferred
case SSL_kDHd:
kx = "DH/DSS";
break;
- case SSL_kEDH:
+ case SSL_kDHE:
kx = "DH";
break;
case SSL_kECDHr:
case SSL_kECDHe:
kx = "ECDH/ECDSA";
break;
- case SSL_kEECDH:
+ case SSL_kECDHE:
kx = "ECDH";
break;
default:
-/* $OpenBSD: ssl_lib.c,v 1.77 2014/07/12 19:45:53 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
mask_k|=SSL_kRSA;
if (dh_tmp)
- mask_k|=SSL_kEDH;
+ mask_k|=SSL_kDHE;
if (dh_rsa)
mask_k|=SSL_kDHr;
}
if (have_ecdh_tmp) {
- mask_k|=SSL_kEECDH;
+ mask_k|=SSL_kECDHE;
}
if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
/*
- * We don't need to look at SSL_kEECDH
+ * We don't need to look at SSL_kECDHE
* since no certificate is needed for
* anon ECDH and for authenticated
- * EECDH, the check for the auth
+ * ECDHE, the check for the auth
* algorithm will set i correctly
* NOTE: For ECDH-RSA, we need an ECC
* not an RSA cert but for EECDH-RSA
-/* $OpenBSD: ssl_locl.h,v 1.61 2014/07/12 19:45:53 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.62 2014/07/12 22:33:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
#define SSL_kRSA 0x00000001L /* RSA key exchange */
#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */
#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */
-#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */
+#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */
#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
-#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */
+#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
#define SSL_kGOST 0x00000200L /* GOST key exchange */
/* Bits for algorithm_auth (server authentication) */
/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
* <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
* SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
- * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
* SSL_aRSA <- RSA_ENC | RSA_SIGN
* SSL_aDSS <- DSA_SIGN
*/
-/* $OpenBSD: t1_lib.c,v 1.49 2014/07/09 11:10:51 bcook Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.50 2014/07/12 22:33:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
- if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) ||
+ if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) ||
(alg_a & SSL_aECDSA))) {
using_ecc = 1;
break;
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
- int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
+ int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
if (using_ecc) {
(s->tlsext_ecpointformatlist_length > 0) &&
(s->session->tlsext_ecpointformatlist != NULL) &&
(s->session->tlsext_ecpointformatlist_length > 0) &&
- ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) {
+ ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) {
/* we are using an ECC cipher */
size_t i;
unsigned char *list;
-/* $OpenBSD: ssl_ciph.c,v 1.65 2014/07/12 13:11:53 jsing Exp $ */
+/* $OpenBSD: ssl_ciph.c,v 1.66 2014/07/12 22:33:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
*/
{
.name = SSL_TXT_CMPDEF,
- .algorithm_mkey = SSL_kEDH|SSL_kEECDH,
+ .algorithm_mkey = SSL_kDHE|SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
.algorithm_enc = ~SSL_eNULL,
},
},
{
.name = SSL_TXT_kEDH,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
},
{
.name = SSL_TXT_DH,
- .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kEDH,
+ .algorithm_mkey = SSL_kDHr|SSL_kDHd|SSL_kDHE,
},
{
},
{
.name = SSL_TXT_kEECDH,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
},
{
.name = SSL_TXT_ECDH,
- .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,
},
{
/* aliases combining key exchange and server authentication */
{
.name = SSL_TXT_EDH,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = ~SSL_aNULL,
},
{
.name = SSL_TXT_EECDH,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = ~SSL_aNULL,
},
{
},
{
.name = SSL_TXT_ADH,
- .algorithm_mkey = SSL_kEDH,
+ .algorithm_mkey = SSL_kDHE,
.algorithm_auth = SSL_aNULL,
},
{
.name = SSL_TXT_AECDH,
- .algorithm_mkey = SSL_kEECDH,
+ .algorithm_mkey = SSL_kECDHE,
.algorithm_auth = SSL_aNULL,
},
/* Now arrange all ciphers by preference: */
/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
- ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
- ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+ ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
/*
* CHACHA20 is fast and safe on all hardware and is thus our preferred
case SSL_kDHd:
kx = "DH/DSS";
break;
- case SSL_kEDH:
+ case SSL_kDHE:
kx = "DH";
break;
case SSL_kECDHr:
case SSL_kECDHe:
kx = "ECDH/ECDSA";
break;
- case SSL_kEECDH:
+ case SSL_kECDHE:
kx = "ECDH";
break;
default:
-/* $OpenBSD: ssl_lib.c,v 1.77 2014/07/12 19:45:53 jsing Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.78 2014/07/12 22:33:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
mask_k|=SSL_kRSA;
if (dh_tmp)
- mask_k|=SSL_kEDH;
+ mask_k|=SSL_kDHE;
if (dh_rsa)
mask_k|=SSL_kDHr;
}
if (have_ecdh_tmp) {
- mask_k|=SSL_kEECDH;
+ mask_k|=SSL_kECDHE;
}
if (alg_k & (SSL_kECDHr|SSL_kECDHe)) {
/*
- * We don't need to look at SSL_kEECDH
+ * We don't need to look at SSL_kECDHE
* since no certificate is needed for
* anon ECDH and for authenticated
- * EECDH, the check for the auth
+ * ECDHE, the check for the auth
* algorithm will set i correctly
* NOTE: For ECDH-RSA, we need an ECC
* not an RSA cert but for EECDH-RSA
-/* $OpenBSD: ssl_locl.h,v 1.61 2014/07/12 19:45:53 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.62 2014/07/12 22:33:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
#define SSL_kRSA 0x00000001L /* RSA key exchange */
#define SSL_kDHr 0x00000002L /* DH cert, RSA CA cert */ /* no such ciphersuites supported! */
#define SSL_kDHd 0x00000004L /* DH cert, DSA CA cert */ /* no such ciphersuite supported! */
-#define SSL_kEDH 0x00000008L /* tmp DH key no DH cert */
+#define SSL_kDHE 0x00000008L /* tmp DH key no DH cert */
#define SSL_kECDHr 0x00000020L /* ECDH cert, RSA CA cert */
#define SSL_kECDHe 0x00000040L /* ECDH cert, ECDSA CA cert */
-#define SSL_kEECDH 0x00000080L /* ephemeral ECDH */
+#define SSL_kECDHE 0x00000080L /* ephemeral ECDH */
#define SSL_kGOST 0x00000200L /* GOST key exchange */
/* Bits for algorithm_auth (server authentication) */
/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
* <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
* SSL_kDH <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
- * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
* SSL_aRSA <- RSA_ENC | RSA_SIGN
* SSL_aDSS <- DSA_SIGN
*/
-/* $OpenBSD: t1_lib.c,v 1.49 2014/07/09 11:10:51 bcook Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.50 2014/07/12 22:33:39 jsing Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
- if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe) ||
+ if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe) ||
(alg_a & SSL_aECDSA))) {
using_ecc = 1;
break;
unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
- int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
+ int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
if (using_ecc) {
(s->tlsext_ecpointformatlist_length > 0) &&
(s->session->tlsext_ecpointformatlist != NULL) &&
(s->session->tlsext_ecpointformatlist_length > 0) &&
- ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) {
+ ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA))) {
/* we are using an ECC cipher */
size_t i;
unsigned char *list;
projects / openbsd / commitdiff