Add more meaningful OPENSSL_NO_ECDH error message for suite b mode

Reviewed-by: N Emilia Käsper <emilia@openssl.org>

Add more meaningful OPENSSL_NO_ECDH error message for suite b mode
Reviewed-by: N Emilia Käsper <emilia@openssl.org>
db812f2d · Matt Caswell · ad500fdc · db812f2d · db812f2d · db812f2d
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

ssl/ssl.h ssl/ssl.h +1 -0

ssl/ssl_ciph.c ssl/ssl_ciph.c +1 -1

ssl/ssl_err.c ssl/ssl_err.c +1 -0

未找到文件。
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -2811,6 +2811,7 @@ void ERR_load_SSL_strings(void);
 #define SSL_R_ECC_CERT_NOT_FOR_SIGNING			 318
 #define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE	 322
 #define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE	 323
+#define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE		 374
 #define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER		 310
 #define SSL_R_EE_KEY_TOO_SMALL				 399
 #define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST	 354

--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1456,7 +1456,7 @@ static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
 	c->ecdh_tmp_auto = 1;
 	return 1;
 #else
-	SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+	SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
 	return 0;
 #endif
 	}

--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -355,6 +355,7 @@ static ERR_STRING_DATA SSL_str_reasons[]=
 {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"},
 {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"},
 {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"},
+{ERR_REASON(SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE),"ecdh required for suiteb mode"},
 {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},
 {ERR_REASON(SSL_R_EE_KEY_TOO_SMALL)      ,"ee key too small"},
 {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),"empty srtp protection profile list"},