From: Nicola Tuveri <nic.tuv@gmail.com>
Date: Tue, 22 Feb 2022 12:47:11 +0000 (+0200)
Subject: [ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias
X-Git-Tag: openssl-3.2.0-alpha1~2902
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=66914fc024cfe0fec00dc0f2c7bd8a7957da5ec4;p=thirdparty%2Fopenssl.git

[ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias

`SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already
marked as aliases of each other in the headers.
This commit, for each pair, replaces the leftover uses of the latter
synonym with the first one, which is considered more common.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17763)
---

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 3b3cc8a32ae..101d879faf5 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -2168,7 +2168,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
-     SSL_kEDH,
+     SSL_kDHE,
      SSL_aDSS,
      SSL_CAMELLIA128,
      SSL_SHA256,
@@ -2184,7 +2184,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-     SSL_kEDH,
+     SSL_kDHE,
      SSL_aRSA,
      SSL_CAMELLIA128,
      SSL_SHA256,
@@ -2200,7 +2200,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
      TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
-     SSL_kEDH,
+     SSL_kDHE,
      SSL_aNULL,
      SSL_CAMELLIA128,
      SSL_SHA256,
@@ -2232,7 +2232,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
      TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
      TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
-     SSL_kEDH,
+     SSL_kDHE,
      SSL_aDSS,
      SSL_CAMELLIA256,
      SSL_SHA256,
@@ -2248,7 +2248,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
      TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
      TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
-     SSL_kEDH,
+     SSL_kDHE,
      SSL_aRSA,
      SSL_CAMELLIA256,
      SSL_SHA256,
@@ -2264,7 +2264,7 @@ static SSL_CIPHER ssl3_ciphers[] = {
      TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
      TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
      TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
-     SSL_kEDH,
+     SSL_kDHE,
      SSL_aNULL,
      SSL_CAMELLIA256,
      SSL_SHA256,
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 4cfd005ebe8..e13bbe8981d 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -1034,7 +1034,7 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
                 return 0;
             /* Level 3: forward secure ciphersuites only */
             if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
-                               !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH)))
+                               !(c->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)))
                 return 0;
             break;
         }