From f74f5c8586b2bd30738f0bd45aec1f9e95d5945f Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 16 Dec 2014 10:53:36 +0000 Subject: [PATCH] Add more meaningful OPENSSL_NO_ECDH error message for suite b mode MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Reviewed-by: Emilia Käsper (cherry picked from commit db812f2d70f0695fd53b386fe5e870bef8ca3c22) --- ssl/ssl.h | 1 + ssl/ssl_ciph.c | 2 +- ssl/ssl_err.c | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/ssl/ssl.h b/ssl/ssl.h index a5af6fca57..d51ae387f4 100644 --- a/ssl/ssl.h +++ b/ssl/ssl.h @@ -2778,6 +2778,7 @@ void ERR_load_SSL_strings(void); #define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318 #define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322 #define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323 +#define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310 #define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354 #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index b26a57e439..0ad11dd1b7 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1440,7 +1440,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c, c->ecdh_tmp_auto = 1; return 1; #else - SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS); + SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE); return 0; #endif } diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index fd63d37257..8fca51ba56 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -385,6 +385,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"}, {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"}, {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"}, +{ERR_REASON(SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE),"ecdh required for suiteb mode"}, {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"}, {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"}, {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"}, -- 2.34.1