boringssl/crypto/err/rsa.errordata
David Benjamin c1c6eeb5e2 Check d is mostly-reduced in RSA_check_key.
We don't check it is fully reduced because different implementations use
Carmichael vs Euler totients, but if d exceeds n, something is wrong.
Note the fixed-width BIGNUM changes already fail operations with
oversized d.

Update-Note: Some blatantly invalid RSA private keys will be rejected at
    RSA_check_key time. Note that most of those keys already are not
    usable with BoringSSL anyway. This CL moves the failure from
    sign/decrypt to RSA_check_key.

Change-Id: I468dbba74a148aa58c5994cc27f549e7ae1486a2
Reviewed-on: https://boringssl-review.googlesource.com/26374
Reviewed-by: Adam Langley <alangley@gmail.com>
2018-03-30 19:54:10 +00:00

49 lines
1.3 KiB
Plaintext

RSA,100,BAD_ENCODING
RSA,101,BAD_E_VALUE
RSA,102,BAD_FIXED_HEADER_DECRYPT
RSA,103,BAD_PAD_BYTE_COUNT
RSA,104,BAD_RSA_PARAMETERS
RSA,105,BAD_SIGNATURE
RSA,106,BAD_VERSION
RSA,107,BLOCK_TYPE_IS_NOT_01
RSA,108,BN_NOT_INITIALIZED
RSA,109,CANNOT_RECOVER_MULTI_PRIME_KEY
RSA,110,CRT_PARAMS_ALREADY_GIVEN
RSA,111,CRT_VALUES_INCORRECT
RSA,112,DATA_LEN_NOT_EQUAL_TO_MOD_LEN
RSA,113,DATA_TOO_LARGE
RSA,114,DATA_TOO_LARGE_FOR_KEY_SIZE
RSA,115,DATA_TOO_LARGE_FOR_MODULUS
RSA,116,DATA_TOO_SMALL
RSA,117,DATA_TOO_SMALL_FOR_KEY_SIZE
RSA,118,DIGEST_TOO_BIG_FOR_RSA_KEY
RSA,119,D_E_NOT_CONGRUENT_TO_1
RSA,147,D_OUT_OF_RANGE
RSA,120,EMPTY_PUBLIC_KEY
RSA,121,ENCODE_ERROR
RSA,122,FIRST_OCTET_INVALID
RSA,123,INCONSISTENT_SET_OF_CRT_VALUES
RSA,124,INTERNAL_ERROR
RSA,125,INVALID_MESSAGE_LENGTH
RSA,126,KEY_SIZE_TOO_SMALL
RSA,127,LAST_OCTET_INVALID
RSA,128,MODULUS_TOO_LARGE
RSA,129,MUST_HAVE_AT_LEAST_TWO_PRIMES
RSA,130,NO_PUBLIC_EXPONENT
RSA,131,NULL_BEFORE_BLOCK_MISSING
RSA,132,N_NOT_EQUAL_P_Q
RSA,133,OAEP_DECODING_ERROR
RSA,134,ONLY_ONE_OF_P_Q_GIVEN
RSA,135,OUTPUT_BUFFER_TOO_SMALL
RSA,136,PADDING_CHECK_FAILED
RSA,137,PKCS_DECODING_ERROR
RSA,146,PUBLIC_KEY_VALIDATION_FAILED
RSA,138,SLEN_CHECK_FAILED
RSA,139,SLEN_RECOVERY_FAILED
RSA,140,TOO_LONG
RSA,141,TOO_MANY_ITERATIONS
RSA,142,UNKNOWN_ALGORITHM_TYPE
RSA,143,UNKNOWN_PADDING_TYPE
RSA,144,VALUE_MISSING
RSA,145,WRONG_SIGNATURE_LENGTH