use SSL_kDHE throughout instead of SSL_kEDH

DHE is the standard term used by the RFCs and by other TLS
implementations.  It's useful to have the internal variables use the
standard terminology.

This patch leaves a synonym SSL_kEDH in place, though, so that older
code can still be built against it, since that has been the
traditional API.  SSL_kEDH should probably be deprecated at some
point, though.

doc/apps/ciphers.pod

@@ -179,7 +179,7 @@ attack and so their use is normally discouraged.
 
 cipher suites using RSA key exchange, authentication or either respectively.
 
-=item B<kEDH>
+=item B<kDHE>
 
 cipher suites using ephemeral DH key agreement.
 

doc/ssleay.txt

@@ -6026,7 +6026,7 @@ one at a time, or use 'aliases' to specify the preference and order for
 the ciphers.
 
 There are a large number of aliases, but the most importaint are
-kRSA, kDHr, kDHd and kEDH for key exchange types.
+kRSA, kDHr, kDHd and kDHE for key exchange types.
 
 aRSA, aDSS, aNULL and aDH for authentication
 DES, 3DES, RC4, RC2, IDEA and eNULL for ciphers

ssl/d1_srvr.c

@@ -491,7 +491,7 @@ int dtls1_accept(SSL *s)
 #ifndef OPENSSL_NO_PSK
 			    || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
 #endif
-			    || (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+			    || (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
 			    || (alg_k & SSL_kECDHE)
 			    || ((alg_k & SSL_kRSA)
 				&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL

ssl/s3_clnt.c

@@ -1656,7 +1656,7 @@ int ssl3_get_key_exchange(SSL *s)
 		;
 #endif
 #ifndef OPENSSL_NO_DH
-	else if (alg_k & SSL_kEDH)
+	else if (alg_k & SSL_kDHE)
 		{
 		if ((dh=DH_new()) == NULL)
 			{
@@ -2581,7 +2581,7 @@ int ssl3_send_client_key_exchange(SSL *s)
 			}
 #endif
 #ifndef OPENSSL_NO_DH
-		else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+		else if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
 			{
 			DH *dh_srvr,*dh_clnt;
 			SESS_CERT *scert = s->session->sess_cert;
@@ -3469,7 +3469,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
 		}
 #endif
 #ifndef OPENSSL_NO_DH
-	if ((alg_k & SSL_kEDH) && 
+	if ((alg_k & SSL_kDHE) && 
 		!(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL)))
 		{
 		SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY);
@@ -3506,7 +3506,7 @@ int ssl3_check_cert_and_algorithm(SSL *s)
 		else
 #endif
 #ifndef OPENSSL_NO_DH
-			if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+			if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
 			    {
 			    if (dh == NULL
 				|| DH_size(dh)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher))

ssl/s3_lib.c

@@ -430,7 +430,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,
 	SSL3_CK_EDH_DSS_DES_40_CBC_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aDSS,
 	SSL_DES,
 	SSL_SHA1,
@@ -446,7 +446,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,
 	SSL3_CK_EDH_DSS_DES_64_CBC_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aDSS,
 	SSL_DES,
 	SSL_SHA1,
@@ -462,7 +462,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,
 	SSL3_CK_EDH_DSS_DES_192_CBC3_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aDSS,
 	SSL_3DES,
 	SSL_SHA1,
@@ -478,7 +478,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,
 	SSL3_CK_EDH_RSA_DES_40_CBC_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aRSA,
 	SSL_DES,
 	SSL_SHA1,
@@ -494,7 +494,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,
 	SSL3_CK_EDH_RSA_DES_64_CBC_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aRSA,
 	SSL_DES,
 	SSL_SHA1,
@@ -510,7 +510,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
 	SSL3_CK_EDH_RSA_DES_192_CBC3_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aRSA,
 	SSL_3DES,
 	SSL_SHA1,
@@ -526,7 +526,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_ADH_RC4_40_MD5,
 	SSL3_CK_ADH_RC4_40_MD5,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aNULL,
 	SSL_RC4,
 	SSL_MD5,
@@ -542,7 +542,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_ADH_RC4_128_MD5,
 	SSL3_CK_ADH_RC4_128_MD5,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aNULL,
 	SSL_RC4,
 	SSL_MD5,
@@ -558,7 +558,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_ADH_DES_40_CBC_SHA,
 	SSL3_CK_ADH_DES_40_CBC_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aNULL,
 	SSL_DES,
 	SSL_SHA1,
@@ -574,7 +574,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_ADH_DES_64_CBC_SHA,
 	SSL3_CK_ADH_DES_64_CBC_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aNULL,
 	SSL_DES,
 	SSL_SHA1,
@@ -590,7 +590,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	SSL3_TXT_ADH_DES_192_CBC_SHA,
 	SSL3_CK_ADH_DES_192_CBC_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aNULL,
 	SSL_3DES,
 	SSL_SHA1,
@@ -930,7 +930,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
 	TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aDSS,
 	SSL_AES128,
 	SSL_SHA1,
@@ -945,7 +945,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
 	TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aRSA,
 	SSL_AES128,
 	SSL_SHA1,
@@ -960,7 +960,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ADH_WITH_AES_128_SHA,
 	TLS1_CK_ADH_WITH_AES_128_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aNULL,
 	SSL_AES128,
 	SSL_SHA1,
@@ -1023,7 +1023,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
 	TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aDSS,
 	SSL_AES256,
 	SSL_SHA1,
@@ -1039,7 +1039,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
 	TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aRSA,
 	SSL_AES256,
 	SSL_SHA1,
@@ -1055,7 +1055,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ADH_WITH_AES_256_SHA,
 	TLS1_CK_ADH_WITH_AES_256_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aNULL,
 	SSL_AES256,
 	SSL_SHA1,
@@ -1152,7 +1152,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
 	TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aDSS,
 	SSL_AES128,
 	SSL_SHA256,
@@ -1219,7 +1219,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
 	TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aDSS,
 	SSL_CAMELLIA128,
 	SSL_SHA1,
@@ -1235,7 +1235,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
 	TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aRSA,
 	SSL_CAMELLIA128,
 	SSL_SHA1,
@@ -1251,7 +1251,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
 	TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aNULL,
 	SSL_CAMELLIA128,
 	SSL_SHA1,
@@ -1320,7 +1320,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
 	TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aDSS,
 	SSL_DES,
 	SSL_SHA1,
@@ -1352,7 +1352,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
 	TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aDSS,
 	SSL_RC4,
 	SSL_SHA1,
@@ -1368,7 +1368,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
 	TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aDSS,
 	SSL_RC4,
 	SSL_SHA1,
@@ -1386,7 +1386,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
 	TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aRSA,
 	SSL_AES128,
 	SSL_SHA256,
@@ -1434,7 +1434,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
 	TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aDSS,
 	SSL_AES256,
 	SSL_SHA256,
@@ -1450,7 +1450,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
 	TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aRSA,
 	SSL_AES256,
 	SSL_SHA256,
@@ -1466,7 +1466,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ADH_WITH_AES_128_SHA256,
 	TLS1_CK_ADH_WITH_AES_128_SHA256,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aNULL,
 	SSL_AES128,
 	SSL_SHA256,
@@ -1482,7 +1482,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ADH_WITH_AES_256_SHA256,
 	TLS1_CK_ADH_WITH_AES_256_SHA256,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aNULL,
 	SSL_AES256,
 	SSL_SHA256,
@@ -1607,7 +1607,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
 	TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aDSS,
 	SSL_CAMELLIA256,
 	SSL_SHA1,
@@ -1623,7 +1623,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
 	TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aRSA,
 	SSL_CAMELLIA256,
 	SSL_SHA1,
@@ -1639,7 +1639,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
 	TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aNULL,
 	SSL_CAMELLIA256,
 	SSL_SHA1,
@@ -1773,7 +1773,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
 	TLS1_CK_DHE_DSS_WITH_SEED_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aDSS,
 	SSL_SEED,
 	SSL_SHA1,
@@ -1789,7 +1789,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
 	TLS1_CK_DHE_RSA_WITH_SEED_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aRSA,
 	SSL_SEED,
 	SSL_SHA1,
@@ -1805,7 +1805,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ADH_WITH_SEED_SHA,
 	TLS1_CK_ADH_WITH_SEED_SHA,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aNULL,
 	SSL_SEED,
 	SSL_SHA1,
@@ -1857,7 +1857,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
 	TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aRSA,
 	SSL_AES128GCM,
 	SSL_AEAD,
@@ -1873,7 +1873,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
 	TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aRSA,
 	SSL_AES256GCM,
 	SSL_AEAD,
@@ -1921,7 +1921,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
 	TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aDSS,
 	SSL_AES128GCM,
 	SSL_AEAD,
@@ -1937,7 +1937,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
 	TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aDSS,
 	SSL_AES256GCM,
 	SSL_AEAD,
@@ -1985,7 +1985,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
 	TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aNULL,
 	SSL_AES128GCM,
 	SSL_AEAD,
@@ -2001,7 +2001,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	1,
 	TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
 	TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
-	SSL_kEDH,
+	SSL_kDHE,
 	SSL_aNULL,
 	SSL_AES256GCM,
 	SSL_AEAD,
@@ -4240,7 +4240,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 #endif
 
 #ifndef OPENSSL_NO_DH
-	if (alg_k & (SSL_kDHr|SSL_kEDH))
+	if (alg_k & (SSL_kDHr|SSL_kDHE))
 		{
 #  ifndef OPENSSL_NO_RSA
 		/* Since this refers to a certificate signed with an RSA
@@ -4255,7 +4255,7 @@ int ssl3_get_req_cert_type(SSL *s, unsigned char *p)
 #  endif
 		}
 	if ((s->version == SSL3_VERSION) &&
-		(alg_k & (SSL_kEDH|SSL_kDHd|SSL_kDHr)))
+		(alg_k & (SSL_kDHE|SSL_kDHd|SSL_kDHr)))
 		{
 #  ifndef OPENSSL_NO_RSA
 		p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH;

ssl/s3_srvr.c

@@ -493,7 +493,7 @@ int ssl3_accept(SSL *s)
 			    /* SRP: send ServerKeyExchange */
 			    || (alg_k & SSL_kSRP)
 #endif
-			    || (alg_k & SSL_kEDH)
+			    || (alg_k & SSL_kDHE)
 			    || (alg_k & SSL_kECDHE)
 			    || ((alg_k & SSL_kRSA)
 				&& (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL
@@ -1414,7 +1414,7 @@ int ssl3_get_client_hello(SSL *s)
 		/* check whether we should disable session resumption */
 		if (s->not_resumable_session_cb != NULL)
 			s->session->not_resumable=s->not_resumable_session_cb(s,
-				((c->algorithm_mkey & (SSL_kEDH | SSL_kECDHE)) != 0));
+				((c->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) != 0));
 		if (s->session->not_resumable)
 			/* do not send a session ticket */
 			s->tlsext_ticket_expected = 0;
@@ -1663,7 +1663,7 @@ int ssl3_send_server_key_exchange(SSL *s)
 		else
 #endif
 #ifndef OPENSSL_NO_DH
-			if (type & SSL_kEDH)
+			if (type & SSL_kDHE)
 			{
 			dhp=cert->dh_tmp;
 			if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL))
@@ -2346,7 +2346,7 @@ int ssl3_get_client_key_exchange(SSL *s)
 	else
 #endif
 #ifndef OPENSSL_NO_DH
-		if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))
+		if (alg_k & (SSL_kDHE|SSL_kDHr|SSL_kDHd))
 		{
 		int idx = -1;
 		EVP_PKEY *skey = NULL;

ssl/ssl_ciph.c

@@ -230,20 +230,20 @@ static const SSL_CIPHER cipher_aliases[]={
 	{0,SSL_TXT_CMPALL,0,  0,0,SSL_eNULL,0,0,0,0,0,0},
 
 	/* "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in ALL!) */
-	{0,SSL_TXT_CMPDEF,0,  SSL_kEDH|SSL_kECDHE,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
+	{0,SSL_TXT_CMPDEF,0,  SSL_kDHE|SSL_kECDHE,SSL_aNULL,~SSL_eNULL,0,0,0,0,0,0},
 
 	/* key exchange aliases
 	 * (some of those using only a single bit here combine
 	 * multiple key exchange algs according to the RFCs,
-	 * e.g. kEDH combines DHE_DSS and DHE_RSA) */
+	 * e.g. kDHE combines DHE_DSS and DHE_RSA) */
 	{0,SSL_TXT_kRSA,0,    SSL_kRSA,  0,0,0,0,0,0,0,0},
 
 	{0,SSL_TXT_kDHr,0,    SSL_kDHr,  0,0,0,0,0,0,0,0},
 	{0,SSL_TXT_kDHd,0,    SSL_kDHd,  0,0,0,0,0,0,0,0},
 	{0,SSL_TXT_kDH,0,     SSL_kDHr|SSL_kDHd,0,0,0,0,0,0,0,0},
-	{0,SSL_TXT_kEDH,0,    SSL_kEDH,  0,0,0,0,0,0,0,0},
-	{0,SSL_TXT_kDHE,0,    SSL_kEDH,  0,0,0,0,0,0,0,0},
-	{0,SSL_TXT_DH,0,      SSL_kDHr|SSL_kDHd|SSL_kEDH,0,0,0,0,0,0,0,0},
+	{0,SSL_TXT_kEDH,0,    SSL_kDHE,  0,0,0,0,0,0,0,0},
+	{0,SSL_TXT_kDHE,0,    SSL_kDHE,  0,0,0,0,0,0,0,0},
+	{0,SSL_TXT_DH,0,      SSL_kDHr|SSL_kDHd|SSL_kDHE,0,0,0,0,0,0,0,0},
 
 	{0,SSL_TXT_kKRB5,0,   SSL_kKRB5, 0,0,0,0,0,0,0,0},
 
@@ -274,14 +274,14 @@ static const SSL_CIPHER cipher_aliases[]={
 	{0,SSL_TXT_aGOST,0,0,SSL_aGOST94|SSL_aGOST01,0,0,0,0,0,0,0},
 
 	/* aliases combining key exchange and server authentication */
-	{0,SSL_TXT_EDH,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
-	{0,SSL_TXT_DHE,0,     SSL_kEDH,~SSL_aNULL,0,0,0,0,0,0,0},
+	{0,SSL_TXT_EDH,0,     SSL_kDHE,~SSL_aNULL,0,0,0,0,0,0,0},
+	{0,SSL_TXT_DHE,0,     SSL_kDHE,~SSL_aNULL,0,0,0,0,0,0,0},
 	{0,SSL_TXT_EECDH,0,   SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
 	{0,SSL_TXT_ECDHE,0,   SSL_kECDHE,~SSL_aNULL,0,0,0,0,0,0,0},
 	{0,SSL_TXT_NULL,0,    0,0,SSL_eNULL, 0,0,0,0,0,0},
 	{0,SSL_TXT_KRB5,0,    SSL_kKRB5,SSL_aKRB5,0,0,0,0,0,0,0},
 	{0,SSL_TXT_RSA,0,     SSL_kRSA,SSL_aRSA,0,0,0,0,0,0,0},
-	{0,SSL_TXT_ADH,0,     SSL_kEDH,SSL_aNULL,0,0,0,0,0,0,0},
+	{0,SSL_TXT_ADH,0,     SSL_kDHE,SSL_aNULL,0,0,0,0,0,0,0},
 	{0,SSL_TXT_AECDH,0,   SSL_kECDHE,SSL_aNULL,0,0,0,0,0,0,0},
         {0,SSL_TXT_PSK,0,     SSL_kPSK,SSL_aPSK,0,0,0,0,0,0,0},
 	{0,SSL_TXT_SRP,0,     SSL_kSRP,0,0,0,0,0,0,0,0},
@@ -724,7 +724,7 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth, un
 	*auth |= SSL_aDSS;
 #endif
 #ifdef OPENSSL_NO_DH
-	*mkey |= SSL_kDHr|SSL_kDHd|SSL_kEDH;
+	*mkey |= SSL_kDHr|SSL_kDHd|SSL_kDHE;
 	*auth |= SSL_aDH;
 #endif
 #ifdef OPENSSL_NO_KRB5
@@ -1661,7 +1661,7 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
         case SSL_kKRB5:
 		kx="KRB5";
 		break;
-	case SSL_kEDH:
+	case SSL_kDHE:
 		kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH";
 		break;
 	case SSL_kECDHr:

ssl/ssl_lib.c

@@ -2411,20 +2411,20 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
 		emask_k|=SSL_kRSA;
 
 #if 0
-	/* The match needs to be both kEDH and aRSA or aDSA, so don't worry */
+	/* The match needs to be both kDHE and aRSA or aDSA, so don't worry */
 	if (	(dh_tmp || dh_rsa || dh_dsa) &&
 		(rsa_enc || rsa_sign || dsa_sign))
-		mask_k|=SSL_kEDH;
+		mask_k|=SSL_kDHE;
 	if ((dh_tmp_export || dh_rsa_export || dh_dsa_export) &&
 		(rsa_enc || rsa_sign || dsa_sign))
-		emask_k|=SSL_kEDH;
+		emask_k|=SSL_kDHE;
 #endif
 
 	if (dh_tmp_export)
-		emask_k|=SSL_kEDH;
+		emask_k|=SSL_kDHE;
 
 	if (dh_tmp)
-		mask_k|=SSL_kEDH;
+		mask_k|=SSL_kDHE;
 
 	if (dh_rsa) mask_k|=SSL_kDHr;
 	if (dh_rsa_export) emask_k|=SSL_kDHr;

ssl/ssl_locl.h

@@ -291,7 +291,8 @@
 #define SSL_kRSA		0x00000001L /* RSA key exchange */
 #define SSL_kDHr		0x00000002L /* DH cert, RSA CA cert */
 #define SSL_kDHd		0x00000004L /* DH cert, DSA CA cert */
-#define SSL_kEDH		0x00000008L /* tmp DH key no DH cert */
+#define SSL_kDHE		0x00000008L /* tmp DH key no DH cert */
+#define SSL_kEDH		SSL_kDHE    /* synonym */
 #define SSL_kKRB5		0x00000010L /* Kerberos5 key exchange */
 #define SSL_kECDHr		0x00000020L /* ECDH cert, RSA CA cert */
 #define SSL_kECDHe		0x00000040L /* ECDH cert, ECDSA CA cert */
@@ -481,7 +482,7 @@
 /* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
  * 	    <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
  * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
- * SSL_kEDH <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
  * SSL_aRSA <- RSA_ENC | RSA_SIGN
  * SSL_aDSS <- DSA_SIGN
  */

ssl/t1_trce.c

@@ -810,10 +810,10 @@ static int ssl_get_keyex(const char **pname, SSL *ssl)
 		*pname = "krb5";
 		return SSL_kKRB5;
 		}
-	if (alg_k & SSL_kEDH)
+	if (alg_k & SSL_kDHE)
 		{
 		*pname = "DHE";
-		return SSL_kEDH;
+		return SSL_kDHE;
 		}
 	if (alg_k & SSL_kECDHE)
 		{
@@ -885,7 +885,7 @@ static int ssl_print_client_keyex(BIO *bio, int indent, SSL *ssl,
 			BIO_puts(bio, "implicit\n");
 			break;
 			}
-	case SSL_kEDH:
+	case SSL_kDHE:
 		if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2,
 								&msg, &msglen))
 			return 0;
@@ -938,7 +938,7 @@ static int ssl_print_server_keyex(BIO *bio, int indent, SSL *ssl,
 			return 0;
 		break;
 
-	case SSL_kEDH:
+	case SSL_kDHE:
 		if (!ssl_print_hexbuf(bio, indent + 2, "dh_p", 2,
 						&msg, &msglen))
 			return 0;