Mark ssl_early_data_reason_t values stable.

SSL_get_early_data_reason solely exists for histogramming purposes. To
save everyone a lot of boilerplate, just make the values stable.

Change-Id: I3fd3d294de1a66a8eaea96cd6491495f93b1b117
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/37766
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index dbf9293..6810a64 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -3349,34 +3349,39 @@
 // connections which resumed a session.
 OPENSSL_EXPORT int32_t SSL_get_ticket_age_skew(const SSL *ssl);
 
+// An ssl_early_data_reason_t describes why 0-RTT was accepted or rejected.
+// These values are persisted to logs. Entries should not be renumbered and
+// numeric values should never be reused.
 enum ssl_early_data_reason_t BORINGSSL_ENUM_INT {
   // The handshake has not progressed far enough for the 0-RTT status to be
   // known.
-  ssl_early_data_unknown,
+  ssl_early_data_unknown = 0,
   // 0-RTT is disabled for this connection.
-  ssl_early_data_disabled,
+  ssl_early_data_disabled = 1,
   // 0-RTT was accepted.
-  ssl_early_data_accepted,
+  ssl_early_data_accepted = 2,
   // The negotiated protocol version does not support 0-RTT.
-  ssl_early_data_protocol_version,
+  ssl_early_data_protocol_version = 3,
   // The peer declined to offer or accept 0-RTT for an unknown reason.
-  ssl_early_data_peer_declined,
+  ssl_early_data_peer_declined = 4,
   // The client did not offer a session.
-  ssl_early_data_no_session_offered,
+  ssl_early_data_no_session_offered = 5,
   // The server declined to resume the session.
-  ssl_early_data_session_not_resumed,
+  ssl_early_data_session_not_resumed = 6,
   // The session does not support 0-RTT.
-  ssl_early_data_unsupported_for_session,
+  ssl_early_data_unsupported_for_session = 7,
   // The server sent a HelloRetryRequest.
-  ssl_early_data_hello_retry_request,
+  ssl_early_data_hello_retry_request = 8,
   // The negotiated ALPN protocol did not match the session.
-  ssl_early_data_alpn_mismatch,
+  ssl_early_data_alpn_mismatch = 9,
   // The connection negotiated Channel ID, which is incompatible with 0-RTT.
-  ssl_early_data_channel_id,
+  ssl_early_data_channel_id = 10,
   // The connection negotiated token binding, which is incompatible with 0-RTT.
-  ssl_early_data_token_binding,
+  ssl_early_data_token_binding = 11,
   // The client and server ticket age were too far apart.
-  ssl_early_data_ticket_age_skew,
+  ssl_early_data_ticket_age_skew = 12,
+  // The value of the largest entry.
+  ssl_early_data_reason_max_value = ssl_early_data_ticket_age_skew,
 };
 
 // SSL_get_early_data_reason returns details why 0-RTT was accepted or rejected