boringssl/crypto/err/ssl.errordata
David Benjamin 61672818ef Check for buffered handshake messages on cipher change in DTLS.
This is the equivalent of FragmentAcrossChangeCipherSuite for DTLS. It
is possible for us to, while receiving pre-CCS handshake messages, to
buffer up a message with sequence number meant for a post-CCS Finished.
When we then get to the new epoch and attempt to read the Finished, we
will process the buffered Finished although it was sent with the wrong
encryption.

Move ssl_set_{read,write}_state to SSL_PROTOCOL_METHOD hooks as this is
a property of the transport. Notably, read_state may fail. In DTLS
check the handshake buffer size. We could place this check in
read_change_cipher_spec, but TLS 1.3 has no ChangeCipherSpec message, so
we will need to implement this at the cipher change point anyway. (For
now, there is only an assert on the TLS side. This will be replaced with
a proper check in TLS 1.3.)

Change-Id: Ia52b0b81e7db53e9ed2d4f6d334a1cce13e93297
Reviewed-on: https://boringssl-review.googlesource.com/8790
Reviewed-by: Steven Valdez <svaldez@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-07-16 08:25:02 +00:00

187 lines
5.8 KiB
Plaintext

SSL,100,APP_DATA_IN_HANDSHAKE
SSL,101,ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT
SSL,102,BAD_ALERT
SSL,103,BAD_CHANGE_CIPHER_SPEC
SSL,104,BAD_DATA_RETURNED_BY_CALLBACK
SSL,105,BAD_DH_P_LENGTH
SSL,106,BAD_DIGEST_LENGTH
SSL,107,BAD_ECC_CERT
SSL,108,BAD_ECPOINT
SSL,109,BAD_HANDSHAKE_RECORD
SSL,110,BAD_HELLO_REQUEST
SSL,111,BAD_LENGTH
SSL,112,BAD_PACKET_LENGTH
SSL,113,BAD_RSA_ENCRYPT
SSL,114,BAD_SIGNATURE
SSL,115,BAD_SRTP_MKI_VALUE
SSL,116,BAD_SRTP_PROTECTION_PROFILE_LIST
SSL,117,BAD_SSL_FILETYPE
SSL,118,BAD_WRITE_RETRY
SSL,119,BIO_NOT_SET
SSL,120,BN_LIB
SSL,255,BUFFERED_MESSAGES_ON_CIPHER_CHANGE
SSL,121,BUFFER_TOO_SMALL
SSL,122,CA_DN_LENGTH_MISMATCH
SSL,123,CA_DN_TOO_LONG
SSL,124,CCS_RECEIVED_EARLY
SSL,125,CERTIFICATE_VERIFY_FAILED
SSL,126,CERT_CB_ERROR
SSL,127,CERT_LENGTH_MISMATCH
SSL,128,CHANNEL_ID_NOT_P256
SSL,129,CHANNEL_ID_SIGNATURE_INVALID
SSL,130,CIPHER_OR_HASH_UNAVAILABLE
SSL,131,CLIENTHELLO_PARSE_FAILED
SSL,132,CLIENTHELLO_TLSEXT
SSL,133,CONNECTION_REJECTED
SSL,134,CONNECTION_TYPE_NOT_SET
SSL,135,CUSTOM_EXTENSION_ERROR
SSL,136,DATA_LENGTH_TOO_LONG
SSL,137,DECODE_ERROR
SSL,138,DECRYPTION_FAILED
SSL,139,DECRYPTION_FAILED_OR_BAD_RECORD_MAC
SSL,140,DH_PUBLIC_VALUE_LENGTH_IS_WRONG
SSL,141,DH_P_TOO_LONG
SSL,142,DIGEST_CHECK_FAILED
SSL,254,DOWNGRADE_DETECTED
SSL,143,DTLS_MESSAGE_TOO_BIG
SSL,144,ECC_CERT_NOT_FOR_SIGNING
SSL,145,EMS_STATE_INCONSISTENT
SSL,146,ENCRYPTED_LENGTH_TOO_LONG
SSL,147,ERROR_ADDING_EXTENSION
SSL,148,ERROR_IN_RECEIVED_CIPHER_LIST
SSL,149,ERROR_PARSING_EXTENSION
SSL,150,EXCESSIVE_MESSAGE_SIZE
SSL,151,EXTRA_DATA_IN_MESSAGE
SSL,152,FRAGMENT_MISMATCH
SSL,153,GOT_NEXT_PROTO_WITHOUT_EXTENSION
SSL,154,HANDSHAKE_FAILURE_ON_CLIENT_HELLO
SSL,155,HTTPS_PROXY_REQUEST
SSL,156,HTTP_REQUEST
SSL,157,INAPPROPRIATE_FALLBACK
SSL,158,INVALID_COMMAND
SSL,159,INVALID_MESSAGE
SSL,251,INVALID_OUTER_RECORD_TYPE
SSL,160,INVALID_SSL_SESSION
SSL,161,INVALID_TICKET_KEYS_LENGTH
SSL,162,LENGTH_MISMATCH
SSL,163,LIBRARY_HAS_NO_CIPHERS
SSL,164,MISSING_EXTENSION
SSL,165,MISSING_RSA_CERTIFICATE
SSL,166,MISSING_TMP_DH_KEY
SSL,167,MISSING_TMP_ECDH_KEY
SSL,168,MIXED_SPECIAL_OPERATOR_WITH_GROUPS
SSL,169,MTU_TOO_SMALL
SSL,170,NEGOTIATED_BOTH_NPN_AND_ALPN
SSL,171,NESTED_GROUP
SSL,172,NO_CERTIFICATES_RETURNED
SSL,173,NO_CERTIFICATE_ASSIGNED
SSL,174,NO_CERTIFICATE_SET
SSL,175,NO_CIPHERS_AVAILABLE
SSL,176,NO_CIPHERS_PASSED
SSL,177,NO_CIPHER_MATCH
SSL,253,NO_COMMON_SIGNATURE_ALGORITHMS
SSL,178,NO_COMPRESSION_SPECIFIED
SSL,179,NO_METHOD_SPECIFIED
SSL,180,NO_P256_SUPPORT
SSL,181,NO_PRIVATE_KEY_ASSIGNED
SSL,182,NO_RENEGOTIATION
SSL,183,NO_REQUIRED_DIGEST
SSL,184,NO_SHARED_CIPHER
SSL,185,NULL_SSL_CTX
SSL,186,NULL_SSL_METHOD_PASSED
SSL,187,OLD_SESSION_CIPHER_NOT_RETURNED
SSL,188,OLD_SESSION_VERSION_NOT_RETURNED
SSL,189,OUTPUT_ALIASES_INPUT
SSL,190,PARSE_TLSEXT
SSL,191,PATH_TOO_LONG
SSL,192,PEER_DID_NOT_RETURN_A_CERTIFICATE
SSL,193,PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE
SSL,194,PROTOCOL_IS_SHUTDOWN
SSL,195,PSK_IDENTITY_NOT_FOUND
SSL,196,PSK_NO_CLIENT_CB
SSL,197,PSK_NO_SERVER_CB
SSL,198,READ_TIMEOUT_EXPIRED
SSL,199,RECORD_LENGTH_MISMATCH
SSL,200,RECORD_TOO_LARGE
SSL,201,RENEGOTIATION_ENCODING_ERR
SSL,202,RENEGOTIATION_MISMATCH
SSL,203,REQUIRED_CIPHER_MISSING
SSL,204,RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION
SSL,205,RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION
SSL,206,SCSV_RECEIVED_WHEN_RENEGOTIATING
SSL,207,SERVERHELLO_TLSEXT
SSL,208,SESSION_ID_CONTEXT_UNINITIALIZED
SSL,209,SESSION_MAY_NOT_BE_CREATED
SSL,250,SHUTDOWN_WHILE_IN_INIT
SSL,210,SIGNATURE_ALGORITHMS_EXTENSION_SENT_BY_SERVER
SSL,211,SRTP_COULD_NOT_ALLOCATE_PROFILES
SSL,212,SRTP_UNKNOWN_PROTECTION_PROFILE
SSL,213,SSL3_EXT_INVALID_SERVERNAME
SSL,1042,SSLV3_ALERT_BAD_CERTIFICATE
SSL,1020,SSLV3_ALERT_BAD_RECORD_MAC
SSL,1045,SSLV3_ALERT_CERTIFICATE_EXPIRED
SSL,1044,SSLV3_ALERT_CERTIFICATE_REVOKED
SSL,1046,SSLV3_ALERT_CERTIFICATE_UNKNOWN
SSL,1000,SSLV3_ALERT_CLOSE_NOTIFY
SSL,1030,SSLV3_ALERT_DECOMPRESSION_FAILURE
SSL,1040,SSLV3_ALERT_HANDSHAKE_FAILURE
SSL,1047,SSLV3_ALERT_ILLEGAL_PARAMETER
SSL,1041,SSLV3_ALERT_NO_CERTIFICATE
SSL,1010,SSLV3_ALERT_UNEXPECTED_MESSAGE
SSL,1043,SSLV3_ALERT_UNSUPPORTED_CERTIFICATE
SSL,214,SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION
SSL,215,SSL_HANDSHAKE_FAILURE
SSL,216,SSL_SESSION_ID_CONTEXT_TOO_LONG
SSL,1049,TLSV1_ALERT_ACCESS_DENIED
SSL,1050,TLSV1_ALERT_DECODE_ERROR
SSL,1021,TLSV1_ALERT_DECRYPTION_FAILED
SSL,1051,TLSV1_ALERT_DECRYPT_ERROR
SSL,1060,TLSV1_ALERT_EXPORT_RESTRICTION
SSL,1086,TLSV1_ALERT_INAPPROPRIATE_FALLBACK
SSL,1071,TLSV1_ALERT_INSUFFICIENT_SECURITY
SSL,1080,TLSV1_ALERT_INTERNAL_ERROR
SSL,1100,TLSV1_ALERT_NO_RENEGOTIATION
SSL,1070,TLSV1_ALERT_PROTOCOL_VERSION
SSL,1022,TLSV1_ALERT_RECORD_OVERFLOW
SSL,1048,TLSV1_ALERT_UNKNOWN_CA
SSL,1090,TLSV1_ALERT_USER_CANCELLED
SSL,1114,TLSV1_BAD_CERTIFICATE_HASH_VALUE
SSL,1113,TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE
SSL,1111,TLSV1_CERTIFICATE_UNOBTAINABLE
SSL,1112,TLSV1_UNRECOGNIZED_NAME
SSL,1110,TLSV1_UNSUPPORTED_EXTENSION
SSL,217,TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
SSL,218,TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG
SSL,219,TOO_MANY_EMPTY_FRAGMENTS
SSL,220,TOO_MANY_WARNING_ALERTS
SSL,221,UNABLE_TO_FIND_ECDH_PARAMETERS
SSL,222,UNEXPECTED_EXTENSION
SSL,223,UNEXPECTED_MESSAGE
SSL,224,UNEXPECTED_OPERATOR_IN_GROUP
SSL,225,UNEXPECTED_RECORD
SSL,226,UNINITIALIZED
SSL,227,UNKNOWN_ALERT_TYPE
SSL,228,UNKNOWN_CERTIFICATE_TYPE
SSL,229,UNKNOWN_CIPHER_RETURNED
SSL,230,UNKNOWN_CIPHER_TYPE
SSL,231,UNKNOWN_DIGEST
SSL,232,UNKNOWN_KEY_EXCHANGE_TYPE
SSL,233,UNKNOWN_PROTOCOL
SSL,234,UNKNOWN_SSL_VERSION
SSL,235,UNKNOWN_STATE
SSL,236,UNSAFE_LEGACY_RENEGOTIATION_DISABLED
SSL,237,UNSUPPORTED_CIPHER
SSL,238,UNSUPPORTED_COMPRESSION_ALGORITHM
SSL,239,UNSUPPORTED_ELLIPTIC_CURVE
SSL,240,UNSUPPORTED_PROTOCOL
SSL,252,UNSUPPORTED_PROTOCOL_FOR_CUSTOM_KEY
SSL,241,WRONG_CERTIFICATE_TYPE
SSL,242,WRONG_CIPHER_RETURNED
SSL,243,WRONG_CURVE
SSL,244,WRONG_MESSAGE_TYPE
SSL,245,WRONG_SIGNATURE_TYPE
SSL,246,WRONG_SSL_VERSION
SSL,247,WRONG_VERSION_NUMBER
SSL,248,X509_LIB
SSL,249,X509_VERIFICATION_SETUP_PROBLEMS