From: Nicola Tuveri Date: Tue, 22 Feb 2022 12:47:11 +0000 (+0200) Subject: [ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias X-Git-Tag: OpenSSL_1_1_1n~15 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6b7e6ff0970a2dbeabe5e272febf354b245986f;p=thirdparty%2Fopenssl.git [ssl] Prefer SSL_k(EC)?DHE to the SSL_kE(EC)?DH alias `SSL_kECDHE` and `SSL_kEECDH`, and `SSL_kDHE` and `SSL_kEDH` are already marked as aliases of each other in the headers. This commit, for each pair, replaces the leftover uses of the latter synonym with the first one, which is considered more common. (manually cherry picked from commit 66914fc024cfe0fec00dc0f2c7bd8a7957da5ec4) Reviewed-by: Dmitry Belyavskiy Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17791) --- diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c index b256a4b9350..f13e15101b0 100644 --- a/ssl/s3_lib.c +++ b/ssl/s3_lib.c @@ -2171,7 +2171,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_CAMELLIA128, SSL_SHA256, @@ -2187,7 +2187,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_CAMELLIA128, SSL_SHA256, @@ -2203,7 +2203,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256, TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256, TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_CAMELLIA128, SSL_SHA256, @@ -2235,7 +2235,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aDSS, SSL_CAMELLIA256, SSL_SHA256, @@ -2251,7 +2251,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aRSA, SSL_CAMELLIA256, SSL_SHA256, @@ -2267,7 +2267,7 @@ static SSL_CIPHER ssl3_ciphers[] = { TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256, TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256, TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256, - SSL_kEDH, + SSL_kDHE, SSL_aNULL, SSL_CAMELLIA256, SSL_SHA256, diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c index e7feda81d04..0f6a54a3626 100644 --- a/ssl/ssl_cert.c +++ b/ssl/ssl_cert.c @@ -937,7 +937,7 @@ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, return 0; /* Level 3: forward secure ciphersuites only */ if (level >= 3 && c->min_tls != TLS1_3_VERSION && - !(c->algorithm_mkey & (SSL_kEDH | SSL_kEECDH))) + !(c->algorithm_mkey & (SSL_kDHE | SSL_kECDHE))) return 0; break; }