Add security level related error codes.

ok beck jsing sthen

diff --git a/lib/libssl/ssl_err.c b/lib/libssl/ssl_err.c
index 761a3e2..98ac620 100644 (file)
--- a/lib/libssl/ssl_err.c
+++ b/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.41 2022/06/28 20:46:05 tb Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.42 2022/06/28 20:46:45 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -208,6 +208,8 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
        {ERR_REASON(SSL_R_BN_LIB)                , "bn lib"},
        {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) , "ca dn length mismatch"},
        {ERR_REASON(SSL_R_CA_DN_TOO_LONG)        , "ca dn too long"},
+       {ERR_REASON(SSL_R_CA_KEY_TOO_SMALL)      , "ca key too small"},
+       {ERR_REASON(SSL_R_CA_MD_TOO_WEAK)        , "ca md too weak"},
        {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY)    , "ccs received early"},
        {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"},
        {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH)  , "cert length mismatch"},
@@ -229,6 +231,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
        {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG)  , "data length too long"},
        {ERR_REASON(SSL_R_DECRYPTION_FAILED)     , "decryption failed"},
        {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"},
+       {ERR_REASON(SSL_R_DH_KEY_TOO_SMALL)      , "dh key too small"},
        {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"},
        {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED)   , "digest check failed"},
        {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG)  , "dtls message too big"},
@@ -238,6 +241,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
        {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE), "ecc cert should have rsa signature"},
        {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE), "ecc cert should have sha1 signature"},
        {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER), "ecgroup too large for cipher"},
+       {ERR_REASON(SSL_R_EE_KEY_TOO_SMALL)      , "ee key too small"},
        {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "empty srtp protection profile list"},
        {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"},
        {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "error generating tmp rsa key"},
@@ -454,6 +458,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
        {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"},
        {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"},
        {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"},
+       {ERR_REASON(SSL_R_VERSION_TOO_LOW)       , "version too low"},
        {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET)     , "write bio not set"},
        {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"},
        {ERR_REASON(SSL_R_WRONG_CURVE)           , "wrong curve"},