boringssl/crypto/err
David Benjamin d12f2ba55e Tweak RSA errors for compatibility.
cryptography.io wants RSA_R_BLOCK_TYPE_IS_NOT_02, only used by the
ancient RSA_padding_check_SSLv23 function. Define it but never emit it.

Additionally, it's rather finicky about RSA_R_TOO_LARGE* errors. We
merged them in BoringSSL because having RSA_R_TOO_LARGE,
RSA_R_TOO_LARGE_FOR_MODULUS, and RSA_R_TOO_LARGE_FOR_KEY_SIZE is a
little silly. But since we don't expect well-behaved code to condition
on error codes anyway, perhaps that wasn't worth it.  Split them back
up.

Looking through OpenSSL, there is a vague semantic difference:

RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY - Specifically emitted if a digest is
too big for PKCS#1 signing with this key.

RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE - You asked me to sign or encrypt a
digest/plaintext, but it's too big for this key.

RSA_R_DATA_TOO_LARGE_FOR_MODULUS - You gave me an RSA ciphertext or
signature and it is not fully reduced modulo N.
-OR-
The padding functions produced something that isn't reduced, but I
believe this is unreachable outside of RSA_NO_PADDING.

RSA_R_DATA_TOO_LARGE - Some low-level padding function was told to copy
a digest/plaintext into some buffer, but the buffer was too small. I
think this is basically unreachable.
-OR-
You asked me to verify a PSS signature, but I didn't need to bother
because the digest/salt parameters you picked were too big.

Update-Note: This depends on cl/196566462.
Change-Id: I2e539e075eff8bfcd52ccde365e975ebcee72567
Reviewed-on: https://boringssl-review.googlesource.com/28547
Reviewed-by: Adam Langley <agl@google.com>
2018-05-15 23:02:49 +00:00
..
asn1.errordata Use new encoding functions in ASN1_mbstring_ncopy. 2018-05-11 21:58:47 +00:00
bio.errordata
bn.errordata Update BN_enhanced_miller_rabin_primality_test to enforce preconditions and accept BN_prime_checks. 2017-04-21 22:24:01 +00:00
cipher.errordata Enforce incrementing counter for TLS 1.2 AES-GCM. 2017-05-26 20:06:36 +00:00
CMakeLists.txt Move PKCS#7 functions into their own directory. 2017-04-19 17:24:51 +00:00
conf.errordata Fix out-of-memory condition in conf. 2017-03-21 16:19:22 +00:00
dh.errordata Reimplement PKCS #3 DH parameter parsing with crypto/bytestring. 2016-05-09 19:36:41 +00:00
digest.errordata Decouple PKCS#12 hash lookup from the OID table. 2017-03-25 21:22:50 +00:00
dsa.errordata
ec.errordata Make ECDSA signing 10% faster and plug some timing leaks. 2017-11-22 22:51:40 +00:00
ecdh.errordata
ecdsa.errordata
engine.errordata
err_data_generate.go Make err_data_generator.go silent by default. 2016-04-18 19:42:15 +00:00
err_test.cc Reland "Fix bssl client/server's error-handling." 2018-05-07 17:19:59 +00:00
err.c Add some more compatibility functions. 2018-05-08 20:51:15 +00:00
evp.errordata Implement scrypt from RFC 7914. 2017-06-12 20:32:21 +00:00
hkdf.errordata
internal.h Add the ability to save and restore the error state. 2017-10-09 21:43:13 +00:00
obj.errordata Reimplement OBJ_txt2obj and add a lower-level function. 2017-11-27 21:29:00 +00:00
pem.errordata
pkcs7.errordata Move PKCS#7 functions into their own directory. 2017-04-19 17:24:51 +00:00
pkcs8.errordata Add PKCS12_create. 2018-05-11 21:59:34 +00:00
rsa.errordata Tweak RSA errors for compatibility. 2018-05-15 23:02:49 +00:00
ssl.errordata Implement legacy OCSP APIs for libssl. 2018-05-11 22:21:26 +00:00
x509.errordata Teach crypto/x509 how to verify an Ed25519 signature. 2017-04-05 23:35:30 +00:00
x509v3.errordata