Declare SSL_R_BLOCK_CIPHER_PAD_IS_WRONG and SSL_R_NO_CIPHERS_SPECIFIED.
nginx consumes these error codes without #ifdefs. Continue to define
them for compatibility, even though we never emit them.
BUG=95
Change-Id: I1e991987ce25fc4952cc85b98ffa050a8beab92e
Reviewed-on: https://boringssl-review.googlesource.com/10446
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/crypto/err/ssl.errordata b/crypto/err/ssl.errordata
index 824ea48..c08c5d2 100644
--- a/crypto/err/ssl.errordata
+++ b/crypto/err/ssl.errordata
@@ -18,6 +18,7 @@
SSL,117,BAD_SSL_FILETYPE
SSL,118,BAD_WRITE_RETRY
SSL,119,BIO_NOT_SET
+SSL,261,BLOCK_CIPHER_PAD_IS_WRONG
SSL,120,BN_LIB
SSL,255,BUFFERED_MESSAGES_ON_CIPHER_CHANGE
SSL,121,BUFFER_TOO_SMALL
@@ -82,6 +83,7 @@
SSL,174,NO_CERTIFICATE_SET
SSL,175,NO_CIPHERS_AVAILABLE
SSL,176,NO_CIPHERS_PASSED
+SSL,262,NO_CIPHERS_SPECIFIED
SSL,177,NO_CIPHER_MATCH
SSL,253,NO_COMMON_SIGNATURE_ALGORITHMS
SSL,178,NO_COMPRESSION_SPECIFIED
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 7ddbc25..4a88488 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -4809,6 +4809,8 @@
#define SSL_R_MISSING_KEY_SHARE 258
#define SSL_R_INVALID_ALPN_PROTOCOL 259
#define SSL_R_TOO_MANY_KEY_UPDATES 260
+#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG 261
+#define SSL_R_NO_CIPHERS_SPECIFIED 262
#define SSL_R_SSLV3_ALERT_CLOSE_NOTIFY 1000
#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010
#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 52701f4..4c3b40e 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -168,6 +168,11 @@
* to avoid downstream churn. */
OPENSSL_DECLARE_ERROR_REASON(SSL, UNKNOWN_PROTOCOL)
+/* The following errors are no longer emitted, but are used in nginx without
+ * #ifdefs. */
+OPENSSL_DECLARE_ERROR_REASON(SSL, BLOCK_CIPHER_PAD_IS_WRONG)
+OPENSSL_DECLARE_ERROR_REASON(SSL, NO_CIPHERS_SPECIFIED)
+
/* Some error codes are special. Ensure the make_errors.go script never
* regresses this. */
OPENSSL_COMPILE_ASSERT(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ==