Add more meaningful OPENSSL_NO_ECDH error message for suite b mode

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-12-16 10:53:36 +00:00 · 2014-12-16 10:53:36 +00:00 · db812f2d70
commit db812f2d70
parent ad500fdc49
3 changed files with 3 additions and 1 deletions
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@ -2811,6 +2811,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_ECC_CERT_NOT_FOR_SIGNING			 318
 #define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE	 322
 #define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE	 323
+#define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE		 374
 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER		 310
 #define SSL_R_EE_KEY_TOO_SMALL				 399
 #define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST	 354
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@ -1456,7 +1456,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
 	c->ecdh_tmp_auto = 1;
 	return 1;
 #else
-	SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+	SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
 	return 0;
 #endif
 	}
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@ -355,6 +355,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"},
 {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"},
 {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"},
+{ERR_REASON(SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE),"ecdh required for suiteb mode"},
 {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
 {ERR_REASON(SSL_R_EE_KEY_TOO_SMALL)      ,"ee key too small"},
 {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"},