1 /* 2 * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright 2005 Nokia. All rights reserved. 4 * 5 * Licensed under the OpenSSL license (the "License"). You may not use 6 * this file except in compliance with the License. You can obtain a copy 7 * in the file LICENSE in the source distribution or at 8 * https://www.openssl.org/source/license.html 9 */ 10 11 #include <stdio.h> 12 #include "ssl_locl.h" 13 #include <openssl/evp.h> 14 #include <openssl/md5.h> 15 #include "internal/cryptlib.h" 16 17 static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num) 18 { 19 EVP_MD_CTX *m5; 20 EVP_MD_CTX *s1; 21 unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; 22 unsigned char c = 'A'; 23 unsigned int i, j, k; 24 int ret = 0; 25 26 #ifdef CHARSET_EBCDIC 27 c = os_toascii[c]; /* 'A' in ASCII */ 28 #endif 29 k = 0; 30 m5 = EVP_MD_CTX_new(); 31 s1 = EVP_MD_CTX_new(); 32 if (m5 == NULL || s1 == NULL) { 33 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, 34 ERR_R_MALLOC_FAILURE); 35 goto err; 36 } 37 EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); 38 for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { 39 k++; 40 if (k > sizeof(buf)) { 41 /* bug: 'buf' is too small for this ciphersuite */ 42 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, 43 ERR_R_INTERNAL_ERROR); 44 goto err; 45 } 46 47 for (j = 0; j < k; j++) 48 buf[j] = c; 49 c++; 50 if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL) 51 || !EVP_DigestUpdate(s1, buf, k) 52 || !EVP_DigestUpdate(s1, s->session->master_key, 53 s->session->master_key_length) 54 || !EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE) 55 || !EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE) 56 || !EVP_DigestFinal_ex(s1, smd, NULL) 57 || !EVP_DigestInit_ex(m5, EVP_md5(), NULL) 58 || !EVP_DigestUpdate(m5, s->session->master_key, 59 s->session->master_key_length) 60 || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) { 61 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK, 62 ERR_R_INTERNAL_ERROR); 63 goto err; 64 } 65 if ((int)(i + MD5_DIGEST_LENGTH) > num) { 66 if (!EVP_DigestFinal_ex(m5, smd, NULL)) { 67 SSLfatal(s, SSL_AD_INTERNAL_ERROR, 68 SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); 69 goto err; 70 } 71 memcpy(km, smd, (num - i)); 72 } else { 73 if (!EVP_DigestFinal_ex(m5, km, NULL)) { 74 SSLfatal(s, SSL_AD_INTERNAL_ERROR, 75 SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR); 76 goto err; 77 } 78 } 79 80 km += MD5_DIGEST_LENGTH; 81 } 82 OPENSSL_cleanse(smd, sizeof(smd)); 83 ret = 1; 84 err: 85 EVP_MD_CTX_free(m5); 86 EVP_MD_CTX_free(s1); 87 return ret; 88 } 89 90 int ssl3_change_cipher_state(SSL *s, int which) 91 { 92 unsigned char *p, *mac_secret; 93 unsigned char exp_key[EVP_MAX_KEY_LENGTH]; 94 unsigned char exp_iv[EVP_MAX_IV_LENGTH]; 95 unsigned char *ms, *key, *iv; 96 EVP_CIPHER_CTX *dd; 97 const EVP_CIPHER *c; 98 #ifndef OPENSSL_NO_COMP 99 COMP_METHOD *comp; 100 #endif 101 const EVP_MD *m; 102 int mdi; 103 size_t n, i, j, k, cl; 104 int reuse_dd = 0; 105 106 c = s->s3->tmp.new_sym_enc; 107 m = s->s3->tmp.new_hash; 108 /* m == NULL will lead to a crash later */ 109 if (!ossl_assert(m != NULL)) { 110 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, 111 ERR_R_INTERNAL_ERROR); 112 goto err; 113 } 114 #ifndef OPENSSL_NO_COMP 115 if (s->s3->tmp.new_compression == NULL) 116 comp = NULL; 117 else 118 comp = s->s3->tmp.new_compression->method; 119 #endif 120 121 if (which & SSL3_CC_READ) { 122 if (s->enc_read_ctx != NULL) { 123 reuse_dd = 1; 124 } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) { 125 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, 126 ERR_R_MALLOC_FAILURE); 127 goto err; 128 } else { 129 /* 130 * make sure it's initialised in case we exit later with an error 131 */ 132 EVP_CIPHER_CTX_reset(s->enc_read_ctx); 133 } 134 dd = s->enc_read_ctx; 135 136 if (ssl_replace_hash(&s->read_hash, m) == NULL) { 137 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, 138 ERR_R_INTERNAL_ERROR); 139 goto err; 140 } 141 #ifndef OPENSSL_NO_COMP 142 /* COMPRESS */ 143 COMP_CTX_free(s->expand); 144 s->expand = NULL; 145 if (comp != NULL) { 146 s->expand = COMP_CTX_new(comp); 147 if (s->expand == NULL) { 148 SSLfatal(s, SSL_AD_INTERNAL_ERROR, 149 SSL_F_SSL3_CHANGE_CIPHER_STATE, 150 SSL_R_COMPRESSION_LIBRARY_ERROR); 151 goto err; 152 } 153 } 154 #endif 155 RECORD_LAYER_reset_read_sequence(&s->rlayer); 156 mac_secret = &(s->s3->read_mac_secret[0]); 157 } else { 158 s->statem.enc_write_state = ENC_WRITE_STATE_INVALID; 159 if (s->enc_write_ctx != NULL) { 160 reuse_dd = 1; 161 } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) { 162 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, 163 ERR_R_MALLOC_FAILURE); 164 goto err; 165 } else { 166 /* 167 * make sure it's initialised in case we exit later with an error 168 */ 169 EVP_CIPHER_CTX_reset(s->enc_write_ctx); 170 } 171 dd = s->enc_write_ctx; 172 if (ssl_replace_hash(&s->write_hash, m) == NULL) { 173 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, 174 ERR_R_MALLOC_FAILURE); 175 goto err; 176 } 177 #ifndef OPENSSL_NO_COMP 178 /* COMPRESS */ 179 COMP_CTX_free(s->compress); 180 s->compress = NULL; 181 if (comp != NULL) { 182 s->compress = COMP_CTX_new(comp); 183 if (s->compress == NULL) { 184 SSLfatal(s, SSL_AD_INTERNAL_ERROR, 185 SSL_F_SSL3_CHANGE_CIPHER_STATE, 186 SSL_R_COMPRESSION_LIBRARY_ERROR); 187 goto err; 188 } 189 } 190 #endif 191 RECORD_LAYER_reset_write_sequence(&s->rlayer); 192 mac_secret = &(s->s3->write_mac_secret[0]); 193 } 194 195 if (reuse_dd) 196 EVP_CIPHER_CTX_reset(dd); 197 198 p = s->s3->tmp.key_block; 199 mdi = EVP_MD_size(m); 200 if (mdi < 0) { 201 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, 202 ERR_R_INTERNAL_ERROR); 203 goto err; 204 } 205 i = mdi; 206 cl = EVP_CIPHER_key_length(c); 207 j = cl; 208 k = EVP_CIPHER_iv_length(c); 209 if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || 210 (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { 211 ms = &(p[0]); 212 n = i + i; 213 key = &(p[n]); 214 n += j + j; 215 iv = &(p[n]); 216 n += k + k; 217 } else { 218 n = i; 219 ms = &(p[n]); 220 n += i + j; 221 key = &(p[n]); 222 n += j + k; 223 iv = &(p[n]); 224 n += k; 225 } 226 227 if (n > s->s3->tmp.key_block_length) { 228 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, 229 ERR_R_INTERNAL_ERROR); 230 goto err; 231 } 232 233 memcpy(mac_secret, ms, i); 234 235 if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) { 236 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE, 237 ERR_R_INTERNAL_ERROR); 238 goto err; 239 } 240 241 s->statem.enc_write_state = ENC_WRITE_STATE_VALID; 242 OPENSSL_cleanse(exp_key, sizeof(exp_key)); 243 OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); 244 return 1; 245 err: 246 OPENSSL_cleanse(exp_key, sizeof(exp_key)); 247 OPENSSL_cleanse(exp_iv, sizeof(exp_iv)); 248 return 0; 249 } 250 251 int ssl3_setup_key_block(SSL *s) 252 { 253 unsigned char *p; 254 const EVP_CIPHER *c; 255 const EVP_MD *hash; 256 int num; 257 int ret = 0; 258 SSL_COMP *comp; 259 260 if (s->s3->tmp.key_block_length != 0) 261 return 1; 262 263 if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) { 264 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK, 265 SSL_R_CIPHER_OR_HASH_UNAVAILABLE); 266 return 0; 267 } 268 269 s->s3->tmp.new_sym_enc = c; 270 s->s3->tmp.new_hash = hash; 271 #ifdef OPENSSL_NO_COMP 272 s->s3->tmp.new_compression = NULL; 273 #else 274 s->s3->tmp.new_compression = comp; 275 #endif 276 277 num = EVP_MD_size(hash); 278 if (num < 0) 279 return 0; 280 281 num = EVP_CIPHER_key_length(c) + num + EVP_CIPHER_iv_length(c); 282 num *= 2; 283 284 ssl3_cleanup_key_block(s); 285 286 if ((p = OPENSSL_malloc(num)) == NULL) { 287 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK, 288 ERR_R_MALLOC_FAILURE); 289 return 0; 290 } 291 292 s->s3->tmp.key_block_length = num; 293 s->s3->tmp.key_block = p; 294 295 /* Calls SSLfatal() as required */ 296 ret = ssl3_generate_key_block(s, p, num); 297 298 if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) { 299 /* 300 * enable vulnerability countermeasure for CBC ciphers with known-IV 301 * problem (http://www.openssl.org/~bodo/tls-cbc.txt) 302 */ 303 s->s3->need_empty_fragments = 1; 304 305 if (s->session->cipher != NULL) { 306 if (s->session->cipher->algorithm_enc == SSL_eNULL) 307 s->s3->need_empty_fragments = 0; 308 309 #ifndef OPENSSL_NO_RC4 310 if (s->session->cipher->algorithm_enc == SSL_RC4) 311 s->s3->need_empty_fragments = 0; 312 #endif 313 } 314 } 315 316 return ret; 317 } 318 319 void ssl3_cleanup_key_block(SSL *s) 320 { 321 OPENSSL_clear_free(s->s3->tmp.key_block, s->s3->tmp.key_block_length); 322 s->s3->tmp.key_block = NULL; 323 s->s3->tmp.key_block_length = 0; 324 } 325 326 int ssl3_init_finished_mac(SSL *s) 327 { 328 BIO *buf = BIO_new(BIO_s_mem()); 329 330 if (buf == NULL) { 331 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_INIT_FINISHED_MAC, 332 ERR_R_MALLOC_FAILURE); 333 return 0; 334 } 335 ssl3_free_digest_list(s); 336 s->s3->handshake_buffer = buf; 337 (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE); 338 return 1; 339 } 340 341 /* 342 * Free digest list. Also frees handshake buffer since they are always freed 343 * together. 344 */ 345 346 void ssl3_free_digest_list(SSL *s) 347 { 348 BIO_free(s->s3->handshake_buffer); 349 s->s3->handshake_buffer = NULL; 350 EVP_MD_CTX_free(s->s3->handshake_dgst); 351 s->s3->handshake_dgst = NULL; 352 } 353 354 int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len) 355 { 356 int ret; 357 358 if (s->s3->handshake_dgst == NULL) { 359 /* Note: this writes to a memory BIO so a failure is a fatal error */ 360 if (len > INT_MAX) { 361 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, 362 SSL_R_OVERFLOW_ERROR); 363 return 0; 364 } 365 ret = BIO_write(s->s3->handshake_buffer, (void *)buf, (int)len); 366 if (ret <= 0 || ret != (int)len) { 367 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, 368 ERR_R_INTERNAL_ERROR); 369 return 0; 370 } 371 } else { 372 ret = EVP_DigestUpdate(s->s3->handshake_dgst, buf, len); 373 if (!ret) { 374 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC, 375 ERR_R_INTERNAL_ERROR); 376 return 0; 377 } 378 } 379 return 1; 380 } 381 382 int ssl3_digest_cached_records(SSL *s, int keep) 383 { 384 const EVP_MD *md; 385 long hdatalen; 386 void *hdata; 387 388 if (s->s3->handshake_dgst == NULL) { 389 hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata); 390 if (hdatalen <= 0) { 391 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, 392 SSL_R_BAD_HANDSHAKE_LENGTH); 393 return 0; 394 } 395 396 s->s3->handshake_dgst = EVP_MD_CTX_new(); 397 if (s->s3->handshake_dgst == NULL) { 398 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, 399 ERR_R_MALLOC_FAILURE); 400 return 0; 401 } 402 403 md = ssl_handshake_md(s); 404 if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL) 405 || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) { 406 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS, 407 ERR_R_INTERNAL_ERROR); 408 return 0; 409 } 410 } 411 if (keep == 0) { 412 BIO_free(s->s3->handshake_buffer); 413 s->s3->handshake_buffer = NULL; 414 } 415 416 return 1; 417 } 418 419 size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len, 420 unsigned char *p) 421 { 422 int ret; 423 EVP_MD_CTX *ctx = NULL; 424 425 if (!ssl3_digest_cached_records(s, 0)) { 426 /* SSLfatal() already called */ 427 return 0; 428 } 429 430 if (EVP_MD_CTX_type(s->s3->handshake_dgst) != NID_md5_sha1) { 431 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, 432 SSL_R_NO_REQUIRED_DIGEST); 433 return 0; 434 } 435 436 ctx = EVP_MD_CTX_new(); 437 if (ctx == NULL) { 438 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, 439 ERR_R_MALLOC_FAILURE); 440 return 0; 441 } 442 if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) { 443 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, 444 ERR_R_INTERNAL_ERROR); 445 return 0; 446 } 447 448 ret = EVP_MD_CTX_size(ctx); 449 if (ret < 0) { 450 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, 451 ERR_R_INTERNAL_ERROR); 452 EVP_MD_CTX_reset(ctx); 453 return 0; 454 } 455 456 if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0) 457 || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET, 458 (int)s->session->master_key_length, 459 s->session->master_key) <= 0 460 || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { 461 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC, 462 ERR_R_INTERNAL_ERROR); 463 ret = 0; 464 } 465 466 EVP_MD_CTX_free(ctx); 467 468 return ret; 469 } 470 471 int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, 472 size_t len, size_t *secret_size) 473 { 474 static const unsigned char *salt[3] = { 475 #ifndef CHARSET_EBCDIC 476 (const unsigned char *)"A", 477 (const unsigned char *)"BB", 478 (const unsigned char *)"CCC", 479 #else 480 (const unsigned char *)"\x41", 481 (const unsigned char *)"\x42\x42", 482 (const unsigned char *)"\x43\x43\x43", 483 #endif 484 }; 485 unsigned char buf[EVP_MAX_MD_SIZE]; 486 EVP_MD_CTX *ctx = EVP_MD_CTX_new(); 487 int i, ret = 1; 488 unsigned int n; 489 size_t ret_secret_size = 0; 490 491 if (ctx == NULL) { 492 SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_MASTER_SECRET, 493 ERR_R_MALLOC_FAILURE); 494 return 0; 495 } 496 for (i = 0; i < 3; i++) { 497 if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0 498 || EVP_DigestUpdate(ctx, salt[i], 499 strlen((const char *)salt[i])) <= 0 500 || EVP_DigestUpdate(ctx, p, len) <= 0 501 || EVP_DigestUpdate(ctx, &(s->s3->client_random[0]), 502 SSL3_RANDOM_SIZE) <= 0 503 || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]), 504 SSL3_RANDOM_SIZE) <= 0 505 /* TODO(size_t) : convert me */ 506 || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 507 || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0 508 || EVP_DigestUpdate(ctx, p, len) <= 0 509 || EVP_DigestUpdate(ctx, buf, n) <= 0 510 || EVP_DigestFinal_ex(ctx, out, &n) <= 0) { 511 SSLfatal(s, SSL_AD_INTERNAL_ERROR, 512 SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR); 513 ret = 0; 514 break; 515 } 516 out += n; 517 ret_secret_size += n; 518 } 519 EVP_MD_CTX_free(ctx); 520 521 OPENSSL_cleanse(buf, sizeof(buf)); 522 if (ret) 523 *secret_size = ret_secret_size; 524 return ret; 525 } 526 527 int ssl3_alert_code(int code) 528 { 529 switch (code) { 530 case SSL_AD_CLOSE_NOTIFY: 531 return SSL3_AD_CLOSE_NOTIFY; 532 case SSL_AD_UNEXPECTED_MESSAGE: 533 return SSL3_AD_UNEXPECTED_MESSAGE; 534 case SSL_AD_BAD_RECORD_MAC: 535 return SSL3_AD_BAD_RECORD_MAC; 536 case SSL_AD_DECRYPTION_FAILED: 537 return SSL3_AD_BAD_RECORD_MAC; 538 case SSL_AD_RECORD_OVERFLOW: 539 return SSL3_AD_BAD_RECORD_MAC; 540 case SSL_AD_DECOMPRESSION_FAILURE: 541 return SSL3_AD_DECOMPRESSION_FAILURE; 542 case SSL_AD_HANDSHAKE_FAILURE: 543 return SSL3_AD_HANDSHAKE_FAILURE; 544 case SSL_AD_NO_CERTIFICATE: 545 return SSL3_AD_NO_CERTIFICATE; 546 case SSL_AD_BAD_CERTIFICATE: 547 return SSL3_AD_BAD_CERTIFICATE; 548 case SSL_AD_UNSUPPORTED_CERTIFICATE: 549 return SSL3_AD_UNSUPPORTED_CERTIFICATE; 550 case SSL_AD_CERTIFICATE_REVOKED: 551 return SSL3_AD_CERTIFICATE_REVOKED; 552 case SSL_AD_CERTIFICATE_EXPIRED: 553 return SSL3_AD_CERTIFICATE_EXPIRED; 554 case SSL_AD_CERTIFICATE_UNKNOWN: 555 return SSL3_AD_CERTIFICATE_UNKNOWN; 556 case SSL_AD_ILLEGAL_PARAMETER: 557 return SSL3_AD_ILLEGAL_PARAMETER; 558 case SSL_AD_UNKNOWN_CA: 559 return SSL3_AD_BAD_CERTIFICATE; 560 case SSL_AD_ACCESS_DENIED: 561 return SSL3_AD_HANDSHAKE_FAILURE; 562 case SSL_AD_DECODE_ERROR: 563 return SSL3_AD_HANDSHAKE_FAILURE; 564 case SSL_AD_DECRYPT_ERROR: 565 return SSL3_AD_HANDSHAKE_FAILURE; 566 case SSL_AD_EXPORT_RESTRICTION: 567 return SSL3_AD_HANDSHAKE_FAILURE; 568 case SSL_AD_PROTOCOL_VERSION: 569 return SSL3_AD_HANDSHAKE_FAILURE; 570 case SSL_AD_INSUFFICIENT_SECURITY: 571 return SSL3_AD_HANDSHAKE_FAILURE; 572 case SSL_AD_INTERNAL_ERROR: 573 return SSL3_AD_HANDSHAKE_FAILURE; 574 case SSL_AD_USER_CANCELLED: 575 return SSL3_AD_HANDSHAKE_FAILURE; 576 case SSL_AD_NO_RENEGOTIATION: 577 return -1; /* Don't send it :-) */ 578 case SSL_AD_UNSUPPORTED_EXTENSION: 579 return SSL3_AD_HANDSHAKE_FAILURE; 580 case SSL_AD_CERTIFICATE_UNOBTAINABLE: 581 return SSL3_AD_HANDSHAKE_FAILURE; 582 case SSL_AD_UNRECOGNIZED_NAME: 583 return SSL3_AD_HANDSHAKE_FAILURE; 584 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: 585 return SSL3_AD_HANDSHAKE_FAILURE; 586 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: 587 return SSL3_AD_HANDSHAKE_FAILURE; 588 case SSL_AD_UNKNOWN_PSK_IDENTITY: 589 return TLS1_AD_UNKNOWN_PSK_IDENTITY; 590 case SSL_AD_INAPPROPRIATE_FALLBACK: 591 return TLS1_AD_INAPPROPRIATE_FALLBACK; 592 case SSL_AD_NO_APPLICATION_PROTOCOL: 593 return TLS1_AD_NO_APPLICATION_PROTOCOL; 594 case SSL_AD_CERTIFICATE_REQUIRED: 595 return SSL_AD_HANDSHAKE_FAILURE; 596 default: 597 return -1; 598 } 599 } 600