Commit f74f5c85 authored Dec 16, 2014 by Matt Caswell

Add more meaningful OPENSSL_NO_ECDH error message for suite b mode



Reviewed-by: Emilia Käsper <emilia@openssl.org>
(cherry picked from commit db812f2d)

parent a38ae11c

ssl/ssl.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -2778,6 +2778,7 @@ void ERR_load_SSL_strings(void);
		#define SSL_R_ECC_CERT_NOT_FOR_SIGNING 318
		#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE 322
		#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE 323
		#define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE 374
		#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER 310
		#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST 354
		#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150

ssl/ssl_ciph.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1440,7 +1440,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD meth, CERT c,
		c->ecdh_tmp_auto = 1;
		return 1;
		#else
		SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
		SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
		return 0;
		#endif
		}

ssl/ssl_err.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -385,6 +385,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
		{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"},
		{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"},
		{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"},
		{ERR_REASON(SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE),"ecdh required for suiteb mode"},
		{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
		{ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"},
		{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},