From db812f2d70f0695fd53b386fe5e870bef8ca3c22 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 16 Dec 2014 10:53:36 +0000 Subject: [PATCH] Add more meaningful OPENSSL_NO_ECDH error message for suite b mode MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Reviewed-by: Emilia Käsper --- ssl/ssl.h | 1 + ssl/ssl_ciph.c | 2 +- ssl/ssl_err.c | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/ssl.h b/ssl/ssl.h index 51b8df08d5..02c53c7835 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -2811,6 +2811,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 #define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 #define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 +#define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 #define SSL_R_EE_KEY_TOO_SMALL 399 #define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 60e5772639..4a673ec0d5 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1456,7 +1456,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, c->ecdh_tmp_auto = 1; return 1; #else - SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); + SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE); return 0; #endif } diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 5f8c0758bc..4ec771c2a8 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -355,6 +355,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"}, {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"}, {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"}, +{ERR_REASON(SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE),"ecdh required for suiteb mode"}, {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"}, {ERR_REASON(SSL_R_EE_KEY_TOO_SMALL) ,"ee key too small"}, {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"}, -- 2.40.0