From db812f2d70f0695fd53b386fe5e870bef8ca3c22 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Tue, 16 Dec 2014 10:53:36 +0000
Subject: [PATCH] Add more meaningful OPENSSL_NO_ECDH error message for suite b
mode
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reviewed-by: Emilia Käsper <emilia@openssl.org>
---
ssl/ssl.h | 1 +
ssl/ssl_ciph.c | 2 +-
ssl/ssl_err.c | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/ssl/ssl.h b/ssl/ssl.h
index 51b8df08d5..02c53c7835 100644
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2811,6 +2811,7 @@ void ERR_load_SSL_strings(void);
#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318
#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322
#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323
+#define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374
#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
#define SSL_R_EE_KEY_TOO_SMALL 399
#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index 60e5772639..4a673ec0d5 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1456,7 +1456,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
c->ecdh_tmp_auto = 1;
return 1;
#else
- SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+ SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
return 0;
#endif
}
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index 5f8c0758bc..4ec771c2a8 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -355,6 +355,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"},
{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"},
{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"},
+{ERR_REASON(SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE),"ecdh required for suiteb mode"},
{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
{ERR_REASON(SSL_R_EE_KEY_TOO_SMALL) ,"ee key too small"},
{ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"},
--
GitLab