boringssl/crypto/err/ssl.errordata
David Benjamin cd24a39f1b Limit DHE groups to 4096-bit.
dh.c had a 10k-bit limit but it wasn't quite correctly enforced. However,
that's still 1.12s of jank on the IO thread, which is too long. Since the SSL
code consumes DHE groups from the network, it should be responsible for
enforcing what sanity it needs on them.

Costs of various bit lengths on 2013 Macbook Air:
1024 - 1.4ms
2048 - 14ms
3072 - 24ms
4096 - 55ms
5000 - 160ms
10000 - 1.12s

UMA says that DHE groups are 0.2% 4096-bit and otherwise are 5.5% 2048-bit and
94% 1024-bit and some noise. Set the limit to 4096-bit to be conservative,
although that's already quite a lot of jank.

BUG=554295

Change-Id: I8e167748a67e4e1adfb62d73dfff094abfa7d215
Reviewed-on: https://boringssl-review.googlesource.com/6464
Reviewed-by: Adam Langley <agl@google.com>
2015-11-11 22:18:39 +00:00

219 lines
6.9 KiB
Plaintext

SSL,100,APP_DATA_IN_HANDSHAKE
SSL,101,ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT
SSL,102,BAD_ALERT
SSL,103,BAD_CHANGE_CIPHER_SPEC
SSL,104,BAD_DATA_RETURNED_BY_CALLBACK
SSL,105,BAD_DH_P_LENGTH
SSL,106,BAD_DIGEST_LENGTH
SSL,107,BAD_ECC_CERT
SSL,108,BAD_ECPOINT
SSL,109,BAD_HANDSHAKE_LENGTH
SSL,110,BAD_HANDSHAKE_RECORD
SSL,111,BAD_HELLO_REQUEST
SSL,112,BAD_LENGTH
SSL,113,BAD_PACKET_LENGTH
SSL,114,BAD_RSA_ENCRYPT
SSL,115,BAD_SIGNATURE
SSL,116,BAD_SRTP_MKI_VALUE
SSL,117,BAD_SRTP_PROTECTION_PROFILE_LIST
SSL,118,BAD_SSL_FILETYPE
SSL,119,BAD_WRITE_RETRY
SSL,120,BIO_NOT_SET
SSL,121,BN_LIB
SSL,272,BUFFER_TOO_SMALL
SSL,122,CANNOT_SERIALIZE_PUBLIC_KEY
SSL,123,CA_DN_LENGTH_MISMATCH
SSL,124,CA_DN_TOO_LONG
SSL,125,CCS_RECEIVED_EARLY
SSL,126,CERTIFICATE_VERIFY_FAILED
SSL,127,CERT_CB_ERROR
SSL,128,CERT_LENGTH_MISMATCH
SSL,129,CHANNEL_ID_NOT_P256
SSL,130,CHANNEL_ID_SIGNATURE_INVALID
SSL,131,CIPHER_CODE_WRONG_LENGTH
SSL,132,CIPHER_OR_HASH_UNAVAILABLE
SSL,133,CLIENTHELLO_PARSE_FAILED
SSL,134,CLIENTHELLO_TLSEXT
SSL,135,CONNECTION_REJECTED
SSL,136,CONNECTION_TYPE_NOT_SET
SSL,137,COOKIE_MISMATCH
SSL,284,CUSTOM_EXTENSION_CONTENTS_TOO_LARGE
SSL,285,CUSTOM_EXTENSION_ERROR
SSL,138,D2I_ECDSA_SIG
SSL,139,DATA_BETWEEN_CCS_AND_FINISHED
SSL,140,DATA_LENGTH_TOO_LONG
SSL,141,DECODE_ERROR
SSL,142,DECRYPTION_FAILED
SSL,143,DECRYPTION_FAILED_OR_BAD_RECORD_MAC
SSL,144,DH_PUBLIC_VALUE_LENGTH_IS_WRONG
SSL,287,DH_P_TOO_LONG
SSL,145,DIGEST_CHECK_FAILED
SSL,146,DTLS_MESSAGE_TOO_BIG
SSL,147,ECC_CERT_NOT_FOR_SIGNING
SSL,148,EMPTY_SRTP_PROTECTION_PROFILE_LIST
SSL,276,EMS_STATE_INCONSISTENT
SSL,149,ENCRYPTED_LENGTH_TOO_LONG
SSL,281,ERROR_ADDING_EXTENSION
SSL,150,ERROR_IN_RECEIVED_CIPHER_LIST
SSL,282,ERROR_PARSING_EXTENSION
SSL,151,EVP_DIGESTSIGNFINAL_FAILED
SSL,152,EVP_DIGESTSIGNINIT_FAILED
SSL,153,EXCESSIVE_MESSAGE_SIZE
SSL,154,EXTRA_DATA_IN_MESSAGE
SSL,271,FRAGMENT_MISMATCH
SSL,155,GOT_A_FIN_BEFORE_A_CCS
SSL,156,GOT_CHANNEL_ID_BEFORE_A_CCS
SSL,157,GOT_NEXT_PROTO_BEFORE_A_CCS
SSL,158,GOT_NEXT_PROTO_WITHOUT_EXTENSION
SSL,159,HANDSHAKE_FAILURE_ON_CLIENT_HELLO
SSL,160,HANDSHAKE_RECORD_BEFORE_CCS
SSL,161,HTTPS_PROXY_REQUEST
SSL,162,HTTP_REQUEST
SSL,163,INAPPROPRIATE_FALLBACK
SSL,164,INVALID_COMMAND
SSL,165,INVALID_MESSAGE
SSL,166,INVALID_SSL_SESSION
SSL,167,INVALID_TICKET_KEYS_LENGTH
SSL,168,LENGTH_MISMATCH
SSL,169,LIBRARY_HAS_NO_CIPHERS
SSL,170,MISSING_DH_KEY
SSL,171,MISSING_ECDSA_SIGNING_CERT
SSL,283,MISSING_EXTENSION
SSL,172,MISSING_RSA_CERTIFICATE
SSL,173,MISSING_RSA_ENCRYPTING_CERT
SSL,174,MISSING_RSA_SIGNING_CERT
SSL,175,MISSING_TMP_DH_KEY
SSL,176,MISSING_TMP_ECDH_KEY
SSL,177,MIXED_SPECIAL_OPERATOR_WITH_GROUPS
SSL,178,MTU_TOO_SMALL
SSL,286,NEGOTIATED_BOTH_NPN_AND_ALPN
SSL,179,NESTED_GROUP
SSL,180,NO_CERTIFICATES_RETURNED
SSL,181,NO_CERTIFICATE_ASSIGNED
SSL,182,NO_CERTIFICATE_SET
SSL,183,NO_CIPHERS_AVAILABLE
SSL,184,NO_CIPHERS_PASSED
SSL,185,NO_CIPHERS_SPECIFIED
SSL,186,NO_CIPHER_MATCH
SSL,187,NO_COMPRESSION_SPECIFIED
SSL,188,NO_METHOD_SPECIFIED
SSL,189,NO_P256_SUPPORT
SSL,190,NO_PRIVATE_KEY_ASSIGNED
SSL,191,NO_RENEGOTIATION
SSL,192,NO_REQUIRED_DIGEST
SSL,193,NO_SHARED_CIPHER
SSL,194,NO_SHARED_SIGATURE_ALGORITHMS
SSL,195,NO_SRTP_PROFILES
SSL,196,NULL_SSL_CTX
SSL,197,NULL_SSL_METHOD_PASSED
SSL,198,OLD_SESSION_CIPHER_NOT_RETURNED
SSL,273,OLD_SESSION_VERSION_NOT_RETURNED
SSL,274,OUTPUT_ALIASES_INPUT
SSL,199,PACKET_LENGTH_TOO_LONG
SSL,200,PARSE_TLSEXT
SSL,201,PATH_TOO_LONG
SSL,202,PEER_DID_NOT_RETURN_A_CERTIFICATE
SSL,203,PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE
SSL,204,PROTOCOL_IS_SHUTDOWN
SSL,205,PSK_IDENTITY_NOT_FOUND
SSL,206,PSK_NO_CLIENT_CB
SSL,207,PSK_NO_SERVER_CB
SSL,208,READ_BIO_NOT_SET
SSL,209,READ_TIMEOUT_EXPIRED
SSL,210,RECORD_LENGTH_MISMATCH
SSL,211,RECORD_TOO_LARGE
SSL,212,RENEGOTIATE_EXT_TOO_LONG
SSL,213,RENEGOTIATION_ENCODING_ERR
SSL,214,RENEGOTIATION_MISMATCH
SSL,215,REQUIRED_CIPHER_MISSING
SSL,275,RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION
SSL,277,RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION
SSL,216,SCSV_RECEIVED_WHEN_RENEGOTIATING
SSL,217,SERVERHELLO_TLSEXT
SSL,218,SESSION_ID_CONTEXT_UNINITIALIZED
SSL,219,SESSION_MAY_NOT_BE_CREATED
SSL,220,SIGNATURE_ALGORITHMS_ERROR
SSL,280,SIGNATURE_ALGORITHMS_EXTENSION_SENT_BY_SERVER
SSL,221,SRTP_COULD_NOT_ALLOCATE_PROFILES
SSL,222,SRTP_PROTECTION_PROFILE_LIST_TOO_LONG
SSL,223,SRTP_UNKNOWN_PROTECTION_PROFILE
SSL,224,SSL3_EXT_INVALID_SERVERNAME
SSL,225,SSL3_EXT_INVALID_SERVERNAME_TYPE
SSL,1042,SSLV3_ALERT_BAD_CERTIFICATE
SSL,1020,SSLV3_ALERT_BAD_RECORD_MAC
SSL,1045,SSLV3_ALERT_CERTIFICATE_EXPIRED
SSL,1044,SSLV3_ALERT_CERTIFICATE_REVOKED
SSL,1046,SSLV3_ALERT_CERTIFICATE_UNKNOWN
SSL,1000,SSLV3_ALERT_CLOSE_NOTIFY
SSL,1030,SSLV3_ALERT_DECOMPRESSION_FAILURE
SSL,1040,SSLV3_ALERT_HANDSHAKE_FAILURE
SSL,1047,SSLV3_ALERT_ILLEGAL_PARAMETER
SSL,1041,SSLV3_ALERT_NO_CERTIFICATE
SSL,1010,SSLV3_ALERT_UNEXPECTED_MESSAGE
SSL,1043,SSLV3_ALERT_UNSUPPORTED_CERTIFICATE
SSL,226,SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION
SSL,227,SSL_HANDSHAKE_FAILURE
SSL,228,SSL_SESSION_ID_CALLBACK_FAILED
SSL,229,SSL_SESSION_ID_CONFLICT
SSL,230,SSL_SESSION_ID_CONTEXT_TOO_LONG
SSL,231,SSL_SESSION_ID_HAS_BAD_LENGTH
SSL,1049,TLSV1_ALERT_ACCESS_DENIED
SSL,1050,TLSV1_ALERT_DECODE_ERROR
SSL,1021,TLSV1_ALERT_DECRYPTION_FAILED
SSL,1051,TLSV1_ALERT_DECRYPT_ERROR
SSL,1060,TLSV1_ALERT_EXPORT_RESTRICTION
SSL,1086,TLSV1_ALERT_INAPPROPRIATE_FALLBACK
SSL,1071,TLSV1_ALERT_INSUFFICIENT_SECURITY
SSL,1080,TLSV1_ALERT_INTERNAL_ERROR
SSL,1100,TLSV1_ALERT_NO_RENEGOTIATION
SSL,1070,TLSV1_ALERT_PROTOCOL_VERSION
SSL,1022,TLSV1_ALERT_RECORD_OVERFLOW
SSL,1048,TLSV1_ALERT_UNKNOWN_CA
SSL,1090,TLSV1_ALERT_USER_CANCELLED
SSL,1114,TLSV1_BAD_CERTIFICATE_HASH_VALUE
SSL,1113,TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE
SSL,1111,TLSV1_CERTIFICATE_UNOBTAINABLE
SSL,1112,TLSV1_UNRECOGNIZED_NAME
SSL,1110,TLSV1_UNSUPPORTED_EXTENSION
SSL,232,TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER
SSL,233,TLS_ILLEGAL_EXPORTER_LABEL
SSL,234,TLS_INVALID_ECPOINTFORMAT_LIST
SSL,235,TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
SSL,236,TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG
SSL,237,TOO_MANY_EMPTY_FRAGMENTS
SSL,278,TOO_MANY_WARNING_ALERTS
SSL,238,UNABLE_TO_FIND_ECDH_PARAMETERS
SSL,239,UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS
SSL,279,UNEXPECTED_EXTENSION
SSL,240,UNEXPECTED_GROUP_CLOSE
SSL,241,UNEXPECTED_MESSAGE
SSL,242,UNEXPECTED_OPERATOR_IN_GROUP
SSL,243,UNEXPECTED_RECORD
SSL,244,UNINITIALIZED
SSL,245,UNKNOWN_ALERT_TYPE
SSL,246,UNKNOWN_CERTIFICATE_TYPE
SSL,247,UNKNOWN_CIPHER_RETURNED
SSL,248,UNKNOWN_CIPHER_TYPE
SSL,249,UNKNOWN_DIGEST
SSL,250,UNKNOWN_KEY_EXCHANGE_TYPE
SSL,251,UNKNOWN_PROTOCOL
SSL,252,UNKNOWN_SSL_VERSION
SSL,253,UNKNOWN_STATE
SSL,254,UNPROCESSED_HANDSHAKE_DATA
SSL,255,UNSAFE_LEGACY_RENEGOTIATION_DISABLED
SSL,256,UNSUPPORTED_CIPHER
SSL,257,UNSUPPORTED_COMPRESSION_ALGORITHM
SSL,258,UNSUPPORTED_ELLIPTIC_CURVE
SSL,259,UNSUPPORTED_PROTOCOL
SSL,260,UNSUPPORTED_SSL_VERSION
SSL,261,USE_SRTP_NOT_NEGOTIATED
SSL,262,WRONG_CERTIFICATE_TYPE
SSL,263,WRONG_CIPHER_RETURNED
SSL,264,WRONG_CURVE
SSL,265,WRONG_MESSAGE_TYPE
SSL,266,WRONG_SIGNATURE_TYPE
SSL,267,WRONG_SSL_VERSION
SSL,268,WRONG_VERSION_NUMBER
SSL,269,X509_LIB
SSL,270,X509_VERIFICATION_SETUP_PROBLEMS