use SSL_kECDHE throughout instead of SSL_kEECDH

ECDHE is the standard term used by the RFCs and by other TLS
implementations.  It's useful to have the internal variables use the
standard terminology.

This patch leaves a synonym SSL_kEECDH in place, though, so that older
code can still be built against it, since that has been the
traditional API.  SSL_kEECDH should probably be deprecated at some
point, though.

ssl/d1_srvr.c

@@ -492,7 +492,7 @@ int dtls1_accept(SSL *s)
 			    || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
 			    || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
-			    || (alg_k & SSL_kEECDH)
+			    || (alg_k & SSL_kECDHE)
 			    || ((alg_k & SSL_kRSA)
 				&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
 				    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)

ssl/s3_clnt.c

@@ -1734,7 +1734,7 @@ int ssl3_get_key_exchange(SSL *s)
 #endif /* !OPENSSL_NO_DH */
 
 #ifndef OPENSSL_NO_ECDH
-	else if (alg_k & SSL_kEECDH)
+	else if (alg_k & SSL_kECDHE)
 		{
 		EC_GROUP *ngroup;
 		const EC_GROUP *group;
@@ -2685,7 +2685,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 #endif
 
 #ifndef OPENSSL_NO_ECDH 
-		else if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
+		else if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe))
 			{
 			const EC_GROUP *srvr_group = NULL;
 			EC_KEY *tkey;

ssl/s3_lib.c

@@ -2114,7 +2114,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
 	TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aECDSA,
 	SSL_eNULL,
 	SSL_SHA1,
@@ -2130,7 +2130,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
 	TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aECDSA,
 	SSL_RC4,
 	SSL_SHA1,
@@ -2146,7 +2146,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
 	TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aECDSA,
 	SSL_3DES,
 	SSL_SHA1,
@@ -2162,7 +2162,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
 	TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aECDSA,
 	SSL_AES128,
 	SSL_SHA1,
@@ -2178,7 +2178,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
 	TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aECDSA,
 	SSL_AES256,
 	SSL_SHA1,
@@ -2274,7 +2274,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
 	TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aRSA,
 	SSL_eNULL,
 	SSL_SHA1,
@@ -2290,7 +2290,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
 	TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aRSA,
 	SSL_RC4,
 	SSL_SHA1,
@@ -2306,7 +2306,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
 	TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aRSA,
 	SSL_3DES,
 	SSL_SHA1,
@@ -2322,7 +2322,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 	TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aRSA,
 	SSL_AES128,
 	SSL_SHA1,
@@ -2338,7 +2338,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 	TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aRSA,
 	SSL_AES256,
 	SSL_SHA1,
@@ -2354,7 +2354,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
 	TLS1_CK_ECDH_anon_WITH_NULL_SHA,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aNULL,
 	SSL_eNULL,
 	SSL_SHA1,
@@ -2370,7 +2370,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
 	TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aNULL,
 	SSL_RC4,
 	SSL_SHA1,
@@ -2386,7 +2386,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
 	TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aNULL,
 	SSL_3DES,
 	SSL_SHA1,
@@ -2402,7 +2402,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
 	TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aNULL,
 	SSL_AES128,
 	SSL_SHA1,
@@ -2418,7 +2418,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
 	TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aNULL,
 	SSL_AES256,
 	SSL_SHA1,
@@ -2584,7 +2584,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
 	TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aECDSA,
 	SSL_AES128,
 	SSL_SHA256,
@@ -2600,7 +2600,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
 	TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aECDSA,
 	SSL_AES256,
 	SSL_SHA384,
@@ -2648,7 +2648,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
 	TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aRSA,
 	SSL_AES128,
 	SSL_SHA256,
@@ -2664,7 +2664,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
 	TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aRSA,
 	SSL_AES256,
 	SSL_SHA384,
@@ -2714,7 +2714,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 	TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aECDSA,
 	SSL_AES128GCM,
 	SSL_AEAD,
@@ -2730,7 +2730,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 	TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aECDSA,
 	SSL_AES256GCM,
 	SSL_AEAD,
@@ -2778,7 +2778,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 	TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aRSA,
 	SSL_AES128GCM,
 	SSL_AEAD,
@@ -2794,7 +2794,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 	TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-	SSL_kEECDH,
+	SSL_kECDHE,
 	SSL_aRSA,
 	SSL_AES256GCM,
 	SSL_AEAD,
@@ -4161,7 +4161,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 #ifndef OPENSSL_NO_EC
 		/* if we are considering an ECC cipher suite that uses
 		 * an ephemeral EC key check it */
-		if (alg_k & SSL_kEECDH)
+		if (alg_k & SSL_kECDHE)
 			ok = ok && tls1_check_ec_tmp_key(s, c->id);
 #endif /* OPENSSL_NO_EC */
 #endif /* OPENSSL_NO_TLSEXT */
@@ -4171,7 +4171,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 		if (ii >= 0)
 			{
 #if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_TLSEXT)
-			if ((alg_k & SSL_kEECDH) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
+			if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA) && s->s3->is_probably_safari)
 				{
 				if (!ret) ret=sk_SSL_CIPHER_value(allow,ii);
 				continue;
@@ -4285,7 +4285,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 
 #ifndef OPENSSL_NO_ECDSA
 	/* ECDSA certs can be used with RSA cipher suites as well 
-	 * so we don't need to check for SSL_kECDH or SSL_kEECDH
+	 * so we don't need to check for SSL_kECDH or SSL_kECDHE
 	 */
 	if (s->version >= TLS1_VERSION)
 		{

ssl/s3_srvr.c

@@ -494,7 +494,7 @@ int ssl3_accept(SSL *s)
 			    || (alg_k & SSL_kSRP)
 #endif
 			    || (alg_k & SSL_kEDH)
-			    || (alg_k & SSL_kEECDH)
+			    || (alg_k & SSL_kECDHE)
 			    || ((alg_k & SSL_kRSA)
 				&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
 				    || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher)
@@ -1414,7 +1414,7 @@ int ssl3_get_client_hello(SSL *s)
 		/* check whether we should disable session resumption */
 		if (s->not_resumable_session_cb != NULL)
 			s->session->not_resumable=s->not_resumable_session_cb(s,
-				((c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)) != 0));
+				((c->algorithm_mkey & (SSL_kEDH | SSL_kECDHE)) != 0));
 		if (s->session->not_resumable)
 			/* do not send a session ticket */
 			s->tlsext_ticket_expected = 0;
@@ -1719,7 +1719,7 @@ int ssl3_send_server_key_exchange(SSL *s)
 		else 
 #endif
 #ifndef OPENSSL_NO_ECDH
-			if (type & SSL_kEECDH)
+			if (type & SSL_kECDHE)
 			{
 			const EC_GROUP *group;
 
@@ -1935,7 +1935,7 @@ int ssl3_send_server_key_exchange(SSL *s)
 			}
 
 #ifndef OPENSSL_NO_ECDH
-		if (type & SSL_kEECDH) 
+		if (type & SSL_kECDHE) 
 			{
 			/* XXX: For now, we only support named (not generic) curves.
 			 * In this situation, the serverKeyExchange message has:
@@ -2638,7 +2638,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 #endif	/* OPENSSL_NO_KRB5 */
 
 #ifndef OPENSSL_NO_ECDH
-		if (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe))
+		if (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe))
 		{
 		int ret = 1;
 		int field_size = 0;
@@ -2691,7 +2691,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 			{
 			/* Client Publickey was in Client Certificate */
 
-			 if (alg_k & SSL_kEECDH)
+			 if (alg_k & SSL_kECDHE)
 				 {
 				 al=SSL_AD_HANDSHAKE_FAILURE;
 				 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_MISSING_TMP_ECDH_KEY);

ssl/ssl_ciph.c

@@ -230,7 +230,7 @@ static const SSL_CIPHER cipher_aliases[]={
 	{0,SSL_TXT_CMPALL,0,  0,0,SSL_eNULL,0,0,0,0,0,0},
 
 	/* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
-	{0,SSL_TXT_CMPDEF,0,  SSL_kEDH|SSL_kEECDH,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
+	{0,SSL_TXT_CMPDEF,0,  SSL_kEDH|SSL_kECDHE,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
 
 	/* key exchange aliases
 	 * (some of those using only a single bit here combine
@@ -249,9 +249,9 @@ static const SSL_CIPHER cipher_aliases[]={
 	{0,SSL_TXT_kECDHr,0,  SSL_kECDHr,0,0,0,0,0,0,0,0},
 	{0,SSL_TXT_kECDHe,0,  SSL_kECDHe,0,0,0,0,0,0,0,0},
 	{0,SSL_TXT_kECDH,0,   SSL_kECDHr|SSL_kECDHe,0,0,0,0,0,0,0,0},
-	{0,SSL_TXT_kEECDH,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},
-	{0,SSL_TXT_kECDHE,0,  SSL_kEECDH,0,0,0,0,0,0,0,0},
-	{0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kEECDH,0,0,0,0,0,0,0,0},
+	{0,SSL_TXT_kEECDH,0,  SSL_kECDHE,0,0,0,0,0,0,0,0},
+	{0,SSL_TXT_kECDHE,0,  SSL_kECDHE,0,0,0,0,0,0,0,0},
+	{0,SSL_TXT_ECDH,0,    SSL_kECDHr|SSL_kECDHe|SSL_kECDHE,0,0,0,0,0,0,0,0},
 
         {0,SSL_TXT_kPSK,0,    SSL_kPSK,  0,0,0,0,0,0,0,0},
 	{0,SSL_TXT_kSRP,0,    SSL_kSRP,  0,0,0,0,0,0,0,0},
@@ -274,13 +274,13 @@ static const SSL_CIPHER cipher_aliases[]={
 
 	/* aliases combining key exchange and server authentication */
 	{0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
-	{0,SSL_TXT_EECDH,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
-	{0,SSL_TXT_ECDHE,0,   SSL_kEECDH,~SSL_aNULL,0,0,0,0,0,0,0},
+	{0,SSL_TXT_EECDH,0,   SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
+	{0,SSL_TXT_ECDHE,0,   SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
 	{0,SSL_TXT_NULL,0,    0,0,SSL_eNULL, 0,0,0,0,0,0},
 	{0,SSL_TXT_KRB5,0,    SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
 	{0,SSL_TXT_RSA,0,     SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
 	{0,SSL_TXT_ADH,0,     SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
-	{0,SSL_TXT_AECDH,0,   SSL_kEECDH,SSL_aNULL,0,0,0,0,0,0,0},
+	{0,SSL_TXT_AECDH,0,   SSL_kECDHE,SSL_aNULL,0,0,0,0,0,0,0},
         {0,SSL_TXT_PSK,0,     SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
 	{0,SSL_TXT_SRP,0,     SSL_kSRP,0,0,0,0,0,0,0,0},
 
@@ -1477,8 +1477,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
 	/* Now arrange all ciphers by preference: */
 
 	/* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
-	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
-	ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+	ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+	ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
 
 	/* AES is our preferred symmetric cipher */
 	ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
@@ -1668,7 +1668,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
 	case SSL_kECDHe:
 		kx="ECDH/ECDSA";
 		break;
-	case SSL_kEECDH:
+	case SSL_kECDHE:
 		kx="ECDH";
 		break;
 	case SSL_kPSK:
@@ -1939,13 +1939,13 @@ int ssl_cipher_get_cert_index(const SSL_CIPHER *c)
 
 	if (alg_k & (SSL_kECDHr|SSL_kECDHe))
 		{
-		/* we don't need to look at SSL_kEECDH
+		/* we don't need to look at SSL_kECDHE
 		 * since no certificate is needed for
 		 * anon ECDH and for authenticated
-		 * EECDH, the check for the auth
+		 * ECDHE, the check for the auth
 		 * algorithm will set i correctly
 		 * NOTE: For ECDH-RSA, we need an ECC
-		 * not an RSA cert but for EECDH-RSA
+		 * not an RSA cert but for ECDHE-RSA
 		 * we need an RSA cert. Placing the
 		 * checks for SSL_kECDH before RSA
 		 * checks ensures the correct cert is chosen.

ssl/ssl_lib.c

@@ -2522,8 +2522,8 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 #ifndef OPENSSL_NO_ECDH
 	if (have_ecdh_tmp)
 		{
-		mask_k|=SSL_kEECDH;
-		emask_k|=SSL_kEECDH;
+		mask_k|=SSL_kECDHE;
+		emask_k|=SSL_kECDHE;
 		}
 #endif
 

ssl/ssl_locl.h

@@ -295,7 +295,8 @@
 #define SSL_kKRB5		0x00000010L /* Kerberos5 key exchange */
 #define SSL_kECDHr		0x00000020L /* ECDH cert, RSA CA cert */
 #define SSL_kECDHe		0x00000040L /* ECDH cert, ECDSA CA cert */
-#define SSL_kEECDH		0x00000080L /* ephemeral ECDH */
+#define SSL_kECDHE		0x00000080L /* ephemeral ECDH */
+#define SSL_kEECDH		SSL_kECDHE  /* synonym */
 #define SSL_kPSK		0x00000100L /* PSK */
 #define SSL_kGOST       0x00000200L /* GOST key exchange */
 #define SSL_kSRP        0x00000400L /* SRP */

ssl/t1_lib.c

@@ -1108,7 +1108,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned cha
 
 			alg_k = c->algorithm_mkey;
 			alg_a = c->algorithm_auth;
-			if ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)
+			if ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)
 				|| (alg_a & SSL_aECDSA)))
 				{
 				using_ecc = 1;
@@ -1519,7 +1519,7 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned cha
 #ifndef OPENSSL_NO_EC
 	unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
 	unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
-	int using_ecc = (alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
+	int using_ecc = (alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA);
 	using_ecc = using_ecc && (s->session->tlsext_ecpointformatlist != NULL);
 #endif
 	/* don't add extensions for SSLv3, unless doing secure renegotiation */
@@ -3137,7 +3137,7 @@ int ssl_check_serverhello_tlsext(SSL *s)
 	unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
 	if ((s->tlsext_ecpointformatlist != NULL) && (s->tlsext_ecpointformatlist_length > 0) && 
 	    (s->session->tlsext_ecpointformatlist != NULL) && (s->session->tlsext_ecpointformatlist_length > 0) && 
-	    ((alg_k & (SSL_kEECDH|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
+	    ((alg_k & (SSL_kECDHE|SSL_kECDHr|SSL_kECDHe)) || (alg_a & SSL_aECDSA)))
 		{
 		/* we are using an ECC cipher */
 		size_t i;

ssl/t1_trce.c

@@ -815,10 +815,10 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
 		*pname = "edh";
 		return SSL_kEDH;
 		}
-	if (alg_k & SSL_kEECDH)
+	if (alg_k & SSL_kECDHE)
 		{
 		*pname = "ECDHE";
-		return SSL_kEECDH;
+		return SSL_kECDHE;
 		}
 	if (alg_k & SSL_kECDHr)
 		{
@@ -899,7 +899,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
 			BIO_puts(bio, "implicit\n");
 			break;
 			}
-	case SSL_kEECDH:
+	case SSL_kECDHE:
 		if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1,
 							&msg, &msglen))
 			return 0;
@@ -950,7 +950,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
 			return 0;
 		break;
 
-	case SSL_kEECDH:
+	case SSL_kECDHE:
 		if (msglen < 1)
 			return 0;
 		BIO_indent(bio, indent + 2, 80);