Add more meaningful OPENSSL_NO_ECDH error message for suite b mode
authorMatt Caswell <matt@openssl.org>
Tue, 16 Dec 2014 10:53:36 +0000 (10:53 +0000)
committerMatt Caswell <matt@openssl.org>
Tue, 16 Dec 2014 14:14:09 +0000 (14:14 +0000)
Reviewed-by: Emilia Käsper <emilia@openssl.org>
ssl/ssl.h
ssl/ssl_ciph.c
ssl/ssl_err.c

index 51b8df0..02c53c7 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2811,6 +2811,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_ECC_CERT_NOT_FOR_SIGNING                  318
 #define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE        322
 #define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE       323
+#define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE             374
 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER              310
 #define SSL_R_EE_KEY_TOO_SMALL                          399
 #define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST        354
index 60e5772..4a673ec 100644 (file)
@@ -1456,7 +1456,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
        c->ecdh_tmp_auto = 1;
        return 1;
 #else
-       SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+       SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
        return 0;
 #endif
        }
index 5f8c075..4ec771c 100644 (file)
@@ -355,6 +355,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"},
 {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"},
 {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"},
+{ERR_REASON(SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE),"ecdh required for suiteb mode"},
 {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
 {ERR_REASON(SSL_R_EE_KEY_TOO_SMALL)      ,"ee key too small"},
 {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"},