cd24a39f1b
dh.c had a 10k-bit limit but it wasn't quite correctly enforced. However, that's still 1.12s of jank on the IO thread, which is too long. Since the SSL code consumes DHE groups from the network, it should be responsible for enforcing what sanity it needs on them. Costs of various bit lengths on 2013 Macbook Air: 1024 - 1.4ms 2048 - 14ms 3072 - 24ms 4096 - 55ms 5000 - 160ms 10000 - 1.12s UMA says that DHE groups are 0.2% 4096-bit and otherwise are 5.5% 2048-bit and 94% 1024-bit and some noise. Set the limit to 4096-bit to be conservative, although that's already quite a lot of jank. BUG=554295 Change-Id: I8e167748a67e4e1adfb62d73dfff094abfa7d215 Reviewed-on: https://boringssl-review.googlesource.com/6464 Reviewed-by: Adam Langley <agl@google.com>
219 lines
6.9 KiB
Plaintext
219 lines
6.9 KiB
Plaintext
SSL,100,APP_DATA_IN_HANDSHAKE
|
|
SSL,101,ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT
|
|
SSL,102,BAD_ALERT
|
|
SSL,103,BAD_CHANGE_CIPHER_SPEC
|
|
SSL,104,BAD_DATA_RETURNED_BY_CALLBACK
|
|
SSL,105,BAD_DH_P_LENGTH
|
|
SSL,106,BAD_DIGEST_LENGTH
|
|
SSL,107,BAD_ECC_CERT
|
|
SSL,108,BAD_ECPOINT
|
|
SSL,109,BAD_HANDSHAKE_LENGTH
|
|
SSL,110,BAD_HANDSHAKE_RECORD
|
|
SSL,111,BAD_HELLO_REQUEST
|
|
SSL,112,BAD_LENGTH
|
|
SSL,113,BAD_PACKET_LENGTH
|
|
SSL,114,BAD_RSA_ENCRYPT
|
|
SSL,115,BAD_SIGNATURE
|
|
SSL,116,BAD_SRTP_MKI_VALUE
|
|
SSL,117,BAD_SRTP_PROTECTION_PROFILE_LIST
|
|
SSL,118,BAD_SSL_FILETYPE
|
|
SSL,119,BAD_WRITE_RETRY
|
|
SSL,120,BIO_NOT_SET
|
|
SSL,121,BN_LIB
|
|
SSL,272,BUFFER_TOO_SMALL
|
|
SSL,122,CANNOT_SERIALIZE_PUBLIC_KEY
|
|
SSL,123,CA_DN_LENGTH_MISMATCH
|
|
SSL,124,CA_DN_TOO_LONG
|
|
SSL,125,CCS_RECEIVED_EARLY
|
|
SSL,126,CERTIFICATE_VERIFY_FAILED
|
|
SSL,127,CERT_CB_ERROR
|
|
SSL,128,CERT_LENGTH_MISMATCH
|
|
SSL,129,CHANNEL_ID_NOT_P256
|
|
SSL,130,CHANNEL_ID_SIGNATURE_INVALID
|
|
SSL,131,CIPHER_CODE_WRONG_LENGTH
|
|
SSL,132,CIPHER_OR_HASH_UNAVAILABLE
|
|
SSL,133,CLIENTHELLO_PARSE_FAILED
|
|
SSL,134,CLIENTHELLO_TLSEXT
|
|
SSL,135,CONNECTION_REJECTED
|
|
SSL,136,CONNECTION_TYPE_NOT_SET
|
|
SSL,137,COOKIE_MISMATCH
|
|
SSL,284,CUSTOM_EXTENSION_CONTENTS_TOO_LARGE
|
|
SSL,285,CUSTOM_EXTENSION_ERROR
|
|
SSL,138,D2I_ECDSA_SIG
|
|
SSL,139,DATA_BETWEEN_CCS_AND_FINISHED
|
|
SSL,140,DATA_LENGTH_TOO_LONG
|
|
SSL,141,DECODE_ERROR
|
|
SSL,142,DECRYPTION_FAILED
|
|
SSL,143,DECRYPTION_FAILED_OR_BAD_RECORD_MAC
|
|
SSL,144,DH_PUBLIC_VALUE_LENGTH_IS_WRONG
|
|
SSL,287,DH_P_TOO_LONG
|
|
SSL,145,DIGEST_CHECK_FAILED
|
|
SSL,146,DTLS_MESSAGE_TOO_BIG
|
|
SSL,147,ECC_CERT_NOT_FOR_SIGNING
|
|
SSL,148,EMPTY_SRTP_PROTECTION_PROFILE_LIST
|
|
SSL,276,EMS_STATE_INCONSISTENT
|
|
SSL,149,ENCRYPTED_LENGTH_TOO_LONG
|
|
SSL,281,ERROR_ADDING_EXTENSION
|
|
SSL,150,ERROR_IN_RECEIVED_CIPHER_LIST
|
|
SSL,282,ERROR_PARSING_EXTENSION
|
|
SSL,151,EVP_DIGESTSIGNFINAL_FAILED
|
|
SSL,152,EVP_DIGESTSIGNINIT_FAILED
|
|
SSL,153,EXCESSIVE_MESSAGE_SIZE
|
|
SSL,154,EXTRA_DATA_IN_MESSAGE
|
|
SSL,271,FRAGMENT_MISMATCH
|
|
SSL,155,GOT_A_FIN_BEFORE_A_CCS
|
|
SSL,156,GOT_CHANNEL_ID_BEFORE_A_CCS
|
|
SSL,157,GOT_NEXT_PROTO_BEFORE_A_CCS
|
|
SSL,158,GOT_NEXT_PROTO_WITHOUT_EXTENSION
|
|
SSL,159,HANDSHAKE_FAILURE_ON_CLIENT_HELLO
|
|
SSL,160,HANDSHAKE_RECORD_BEFORE_CCS
|
|
SSL,161,HTTPS_PROXY_REQUEST
|
|
SSL,162,HTTP_REQUEST
|
|
SSL,163,INAPPROPRIATE_FALLBACK
|
|
SSL,164,INVALID_COMMAND
|
|
SSL,165,INVALID_MESSAGE
|
|
SSL,166,INVALID_SSL_SESSION
|
|
SSL,167,INVALID_TICKET_KEYS_LENGTH
|
|
SSL,168,LENGTH_MISMATCH
|
|
SSL,169,LIBRARY_HAS_NO_CIPHERS
|
|
SSL,170,MISSING_DH_KEY
|
|
SSL,171,MISSING_ECDSA_SIGNING_CERT
|
|
SSL,283,MISSING_EXTENSION
|
|
SSL,172,MISSING_RSA_CERTIFICATE
|
|
SSL,173,MISSING_RSA_ENCRYPTING_CERT
|
|
SSL,174,MISSING_RSA_SIGNING_CERT
|
|
SSL,175,MISSING_TMP_DH_KEY
|
|
SSL,176,MISSING_TMP_ECDH_KEY
|
|
SSL,177,MIXED_SPECIAL_OPERATOR_WITH_GROUPS
|
|
SSL,178,MTU_TOO_SMALL
|
|
SSL,286,NEGOTIATED_BOTH_NPN_AND_ALPN
|
|
SSL,179,NESTED_GROUP
|
|
SSL,180,NO_CERTIFICATES_RETURNED
|
|
SSL,181,NO_CERTIFICATE_ASSIGNED
|
|
SSL,182,NO_CERTIFICATE_SET
|
|
SSL,183,NO_CIPHERS_AVAILABLE
|
|
SSL,184,NO_CIPHERS_PASSED
|
|
SSL,185,NO_CIPHERS_SPECIFIED
|
|
SSL,186,NO_CIPHER_MATCH
|
|
SSL,187,NO_COMPRESSION_SPECIFIED
|
|
SSL,188,NO_METHOD_SPECIFIED
|
|
SSL,189,NO_P256_SUPPORT
|
|
SSL,190,NO_PRIVATE_KEY_ASSIGNED
|
|
SSL,191,NO_RENEGOTIATION
|
|
SSL,192,NO_REQUIRED_DIGEST
|
|
SSL,193,NO_SHARED_CIPHER
|
|
SSL,194,NO_SHARED_SIGATURE_ALGORITHMS
|
|
SSL,195,NO_SRTP_PROFILES
|
|
SSL,196,NULL_SSL_CTX
|
|
SSL,197,NULL_SSL_METHOD_PASSED
|
|
SSL,198,OLD_SESSION_CIPHER_NOT_RETURNED
|
|
SSL,273,OLD_SESSION_VERSION_NOT_RETURNED
|
|
SSL,274,OUTPUT_ALIASES_INPUT
|
|
SSL,199,PACKET_LENGTH_TOO_LONG
|
|
SSL,200,PARSE_TLSEXT
|
|
SSL,201,PATH_TOO_LONG
|
|
SSL,202,PEER_DID_NOT_RETURN_A_CERTIFICATE
|
|
SSL,203,PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE
|
|
SSL,204,PROTOCOL_IS_SHUTDOWN
|
|
SSL,205,PSK_IDENTITY_NOT_FOUND
|
|
SSL,206,PSK_NO_CLIENT_CB
|
|
SSL,207,PSK_NO_SERVER_CB
|
|
SSL,208,READ_BIO_NOT_SET
|
|
SSL,209,READ_TIMEOUT_EXPIRED
|
|
SSL,210,RECORD_LENGTH_MISMATCH
|
|
SSL,211,RECORD_TOO_LARGE
|
|
SSL,212,RENEGOTIATE_EXT_TOO_LONG
|
|
SSL,213,RENEGOTIATION_ENCODING_ERR
|
|
SSL,214,RENEGOTIATION_MISMATCH
|
|
SSL,215,REQUIRED_CIPHER_MISSING
|
|
SSL,275,RESUMED_EMS_SESSION_WITHOUT_EMS_EXTENSION
|
|
SSL,277,RESUMED_NON_EMS_SESSION_WITH_EMS_EXTENSION
|
|
SSL,216,SCSV_RECEIVED_WHEN_RENEGOTIATING
|
|
SSL,217,SERVERHELLO_TLSEXT
|
|
SSL,218,SESSION_ID_CONTEXT_UNINITIALIZED
|
|
SSL,219,SESSION_MAY_NOT_BE_CREATED
|
|
SSL,220,SIGNATURE_ALGORITHMS_ERROR
|
|
SSL,280,SIGNATURE_ALGORITHMS_EXTENSION_SENT_BY_SERVER
|
|
SSL,221,SRTP_COULD_NOT_ALLOCATE_PROFILES
|
|
SSL,222,SRTP_PROTECTION_PROFILE_LIST_TOO_LONG
|
|
SSL,223,SRTP_UNKNOWN_PROTECTION_PROFILE
|
|
SSL,224,SSL3_EXT_INVALID_SERVERNAME
|
|
SSL,225,SSL3_EXT_INVALID_SERVERNAME_TYPE
|
|
SSL,1042,SSLV3_ALERT_BAD_CERTIFICATE
|
|
SSL,1020,SSLV3_ALERT_BAD_RECORD_MAC
|
|
SSL,1045,SSLV3_ALERT_CERTIFICATE_EXPIRED
|
|
SSL,1044,SSLV3_ALERT_CERTIFICATE_REVOKED
|
|
SSL,1046,SSLV3_ALERT_CERTIFICATE_UNKNOWN
|
|
SSL,1000,SSLV3_ALERT_CLOSE_NOTIFY
|
|
SSL,1030,SSLV3_ALERT_DECOMPRESSION_FAILURE
|
|
SSL,1040,SSLV3_ALERT_HANDSHAKE_FAILURE
|
|
SSL,1047,SSLV3_ALERT_ILLEGAL_PARAMETER
|
|
SSL,1041,SSLV3_ALERT_NO_CERTIFICATE
|
|
SSL,1010,SSLV3_ALERT_UNEXPECTED_MESSAGE
|
|
SSL,1043,SSLV3_ALERT_UNSUPPORTED_CERTIFICATE
|
|
SSL,226,SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION
|
|
SSL,227,SSL_HANDSHAKE_FAILURE
|
|
SSL,228,SSL_SESSION_ID_CALLBACK_FAILED
|
|
SSL,229,SSL_SESSION_ID_CONFLICT
|
|
SSL,230,SSL_SESSION_ID_CONTEXT_TOO_LONG
|
|
SSL,231,SSL_SESSION_ID_HAS_BAD_LENGTH
|
|
SSL,1049,TLSV1_ALERT_ACCESS_DENIED
|
|
SSL,1050,TLSV1_ALERT_DECODE_ERROR
|
|
SSL,1021,TLSV1_ALERT_DECRYPTION_FAILED
|
|
SSL,1051,TLSV1_ALERT_DECRYPT_ERROR
|
|
SSL,1060,TLSV1_ALERT_EXPORT_RESTRICTION
|
|
SSL,1086,TLSV1_ALERT_INAPPROPRIATE_FALLBACK
|
|
SSL,1071,TLSV1_ALERT_INSUFFICIENT_SECURITY
|
|
SSL,1080,TLSV1_ALERT_INTERNAL_ERROR
|
|
SSL,1100,TLSV1_ALERT_NO_RENEGOTIATION
|
|
SSL,1070,TLSV1_ALERT_PROTOCOL_VERSION
|
|
SSL,1022,TLSV1_ALERT_RECORD_OVERFLOW
|
|
SSL,1048,TLSV1_ALERT_UNKNOWN_CA
|
|
SSL,1090,TLSV1_ALERT_USER_CANCELLED
|
|
SSL,1114,TLSV1_BAD_CERTIFICATE_HASH_VALUE
|
|
SSL,1113,TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE
|
|
SSL,1111,TLSV1_CERTIFICATE_UNOBTAINABLE
|
|
SSL,1112,TLSV1_UNRECOGNIZED_NAME
|
|
SSL,1110,TLSV1_UNSUPPORTED_EXTENSION
|
|
SSL,232,TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER
|
|
SSL,233,TLS_ILLEGAL_EXPORTER_LABEL
|
|
SSL,234,TLS_INVALID_ECPOINTFORMAT_LIST
|
|
SSL,235,TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST
|
|
SSL,236,TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG
|
|
SSL,237,TOO_MANY_EMPTY_FRAGMENTS
|
|
SSL,278,TOO_MANY_WARNING_ALERTS
|
|
SSL,238,UNABLE_TO_FIND_ECDH_PARAMETERS
|
|
SSL,239,UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS
|
|
SSL,279,UNEXPECTED_EXTENSION
|
|
SSL,240,UNEXPECTED_GROUP_CLOSE
|
|
SSL,241,UNEXPECTED_MESSAGE
|
|
SSL,242,UNEXPECTED_OPERATOR_IN_GROUP
|
|
SSL,243,UNEXPECTED_RECORD
|
|
SSL,244,UNINITIALIZED
|
|
SSL,245,UNKNOWN_ALERT_TYPE
|
|
SSL,246,UNKNOWN_CERTIFICATE_TYPE
|
|
SSL,247,UNKNOWN_CIPHER_RETURNED
|
|
SSL,248,UNKNOWN_CIPHER_TYPE
|
|
SSL,249,UNKNOWN_DIGEST
|
|
SSL,250,UNKNOWN_KEY_EXCHANGE_TYPE
|
|
SSL,251,UNKNOWN_PROTOCOL
|
|
SSL,252,UNKNOWN_SSL_VERSION
|
|
SSL,253,UNKNOWN_STATE
|
|
SSL,254,UNPROCESSED_HANDSHAKE_DATA
|
|
SSL,255,UNSAFE_LEGACY_RENEGOTIATION_DISABLED
|
|
SSL,256,UNSUPPORTED_CIPHER
|
|
SSL,257,UNSUPPORTED_COMPRESSION_ALGORITHM
|
|
SSL,258,UNSUPPORTED_ELLIPTIC_CURVE
|
|
SSL,259,UNSUPPORTED_PROTOCOL
|
|
SSL,260,UNSUPPORTED_SSL_VERSION
|
|
SSL,261,USE_SRTP_NOT_NEGOTIATED
|
|
SSL,262,WRONG_CERTIFICATE_TYPE
|
|
SSL,263,WRONG_CIPHER_RETURNED
|
|
SSL,264,WRONG_CURVE
|
|
SSL,265,WRONG_MESSAGE_TYPE
|
|
SSL,266,WRONG_SIGNATURE_TYPE
|
|
SSL,267,WRONG_SSL_VERSION
|
|
SSL,268,WRONG_VERSION_NUMBER
|
|
SSL,269,X509_LIB
|
|
SSL,270,X509_VERIFICATION_SETUP_PROBLEMS
|