From 9be8472ba52c1a9f37b1ca315b94647fe080cc48 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Tue, 28 Jun 2022 20:46:45 +0000
Subject: [PATCH] Add security level related error codes.

ok beck jsing sthen
---
 lib/libssl/ssl_err.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/libssl/ssl_err.c b/lib/libssl/ssl_err.c
index 761a3e2302d..98ac620bd79 100644
--- a/lib/libssl/ssl_err.c
+++ b/lib/libssl/ssl_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_err.c,v 1.41 2022/06/28 20:46:05 tb Exp $ */
+/* $OpenBSD: ssl_err.c,v 1.42 2022/06/28 20:46:45 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -208,6 +208,8 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
 	{ERR_REASON(SSL_R_BN_LIB)                , "bn lib"},
 	{ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) , "ca dn length mismatch"},
 	{ERR_REASON(SSL_R_CA_DN_TOO_LONG)        , "ca dn too long"},
+	{ERR_REASON(SSL_R_CA_KEY_TOO_SMALL)      , "ca key too small"},
+	{ERR_REASON(SSL_R_CA_MD_TOO_WEAK)        , "ca md too weak"},
 	{ERR_REASON(SSL_R_CCS_RECEIVED_EARLY)    , "ccs received early"},
 	{ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"},
 	{ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH)  , "cert length mismatch"},
@@ -229,6 +231,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
 	{ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG)  , "data length too long"},
 	{ERR_REASON(SSL_R_DECRYPTION_FAILED)     , "decryption failed"},
 	{ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"},
+	{ERR_REASON(SSL_R_DH_KEY_TOO_SMALL)      , "dh key too small"},
 	{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"},
 	{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED)   , "digest check failed"},
 	{ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG)  , "dtls message too big"},
@@ -238,6 +241,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
 	{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE), "ecc cert should have rsa signature"},
 	{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE), "ecc cert should have sha1 signature"},
 	{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER), "ecgroup too large for cipher"},
+	{ERR_REASON(SSL_R_EE_KEY_TOO_SMALL)      , "ee key too small"},
 	{ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "empty srtp protection profile list"},
 	{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"},
 	{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "error generating tmp rsa key"},
@@ -454,6 +458,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= {
 	{ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"},
 	{ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"},
 	{ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"},
+	{ERR_REASON(SSL_R_VERSION_TOO_LOW)       , "version too low"},
 	{ERR_REASON(SSL_R_WRITE_BIO_NOT_SET)     , "write bio not set"},
 	{ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"},
 	{ERR_REASON(SSL_R_WRONG_CURVE)           , "wrong curve"},
-- 
2.20.1