]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * Copyright 2005 Nokia. All rights reserved. | |
4 | * | |
5 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
6 | * this file except in compliance with the License. You can obtain a copy | |
7 | * in the file LICENSE in the source distribution or at | |
8 | * https://www.openssl.org/source/license.html | |
9 | */ | |
10 | ||
11 | #include <stdio.h> | |
12 | #include "ssl_local.h" | |
13 | #include <openssl/evp.h> | |
14 | #include <openssl/md5.h> | |
15 | #include <openssl/core_names.h> | |
16 | #include "internal/cryptlib.h" | |
17 | ||
18 | static int ssl3_generate_key_block(SSL_CONNECTION *s, unsigned char *km, int num) | |
19 | { | |
20 | const EVP_MD *md5 = NULL, *sha1 = NULL; | |
21 | EVP_MD_CTX *m5; | |
22 | EVP_MD_CTX *s1; | |
23 | unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; | |
24 | unsigned char c = 'A'; | |
25 | unsigned int i, k; | |
26 | int ret = 0; | |
27 | SSL_CTX *sctx = SSL_CONNECTION_GET_CTX(s); | |
28 | ||
29 | #ifdef CHARSET_EBCDIC | |
30 | c = os_toascii[c]; /* 'A' in ASCII */ | |
31 | #endif | |
32 | k = 0; | |
33 | md5 = ssl_evp_md_fetch(sctx->libctx, NID_md5, sctx->propq); | |
34 | sha1 = ssl_evp_md_fetch(sctx->libctx, NID_sha1, sctx->propq); | |
35 | m5 = EVP_MD_CTX_new(); | |
36 | s1 = EVP_MD_CTX_new(); | |
37 | if (md5 == NULL || sha1 == NULL || m5 == NULL || s1 == NULL) { | |
38 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); | |
39 | goto err; | |
40 | } | |
41 | for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) { | |
42 | k++; | |
43 | if (k > sizeof(buf)) { | |
44 | /* bug: 'buf' is too small for this ciphersuite */ | |
45 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
46 | goto err; | |
47 | } | |
48 | ||
49 | memset(buf, c, k); | |
50 | c++; | |
51 | if (!EVP_DigestInit_ex(s1, sha1, NULL) | |
52 | || !EVP_DigestUpdate(s1, buf, k) | |
53 | || !EVP_DigestUpdate(s1, s->session->master_key, | |
54 | s->session->master_key_length) | |
55 | || !EVP_DigestUpdate(s1, s->s3.server_random, SSL3_RANDOM_SIZE) | |
56 | || !EVP_DigestUpdate(s1, s->s3.client_random, SSL3_RANDOM_SIZE) | |
57 | || !EVP_DigestFinal_ex(s1, smd, NULL) | |
58 | || !EVP_DigestInit_ex(m5, md5, NULL) | |
59 | || !EVP_DigestUpdate(m5, s->session->master_key, | |
60 | s->session->master_key_length) | |
61 | || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) { | |
62 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
63 | goto err; | |
64 | } | |
65 | if ((int)(i + MD5_DIGEST_LENGTH) > num) { | |
66 | if (!EVP_DigestFinal_ex(m5, smd, NULL)) { | |
67 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
68 | goto err; | |
69 | } | |
70 | memcpy(km, smd, (num - i)); | |
71 | } else { | |
72 | if (!EVP_DigestFinal_ex(m5, km, NULL)) { | |
73 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
74 | goto err; | |
75 | } | |
76 | } | |
77 | ||
78 | km += MD5_DIGEST_LENGTH; | |
79 | } | |
80 | OPENSSL_cleanse(smd, sizeof(smd)); | |
81 | ret = 1; | |
82 | err: | |
83 | EVP_MD_CTX_free(m5); | |
84 | EVP_MD_CTX_free(s1); | |
85 | ssl_evp_md_free(md5); | |
86 | ssl_evp_md_free(sha1); | |
87 | return ret; | |
88 | } | |
89 | ||
90 | int ssl3_change_cipher_state(SSL_CONNECTION *s, int which) | |
91 | { | |
92 | unsigned char *p, *mac_secret; | |
93 | size_t md_len; | |
94 | unsigned char *key, *iv; | |
95 | const EVP_CIPHER *ciph; | |
96 | const SSL_COMP *comp = NULL; | |
97 | const EVP_MD *md; | |
98 | int mdi; | |
99 | size_t n, iv_len, key_len; | |
100 | int direction = (which & SSL3_CC_READ) != 0 ? OSSL_RECORD_DIRECTION_READ | |
101 | : OSSL_RECORD_DIRECTION_WRITE; | |
102 | ||
103 | ciph = s->s3.tmp.new_sym_enc; | |
104 | md = s->s3.tmp.new_hash; | |
105 | /* m == NULL will lead to a crash later */ | |
106 | if (!ossl_assert(md != NULL)) { | |
107 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
108 | goto err; | |
109 | } | |
110 | #ifndef OPENSSL_NO_COMP | |
111 | comp = s->s3.tmp.new_compression; | |
112 | #endif | |
113 | ||
114 | p = s->s3.tmp.key_block; | |
115 | mdi = EVP_MD_get_size(md); | |
116 | if (mdi < 0) { | |
117 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
118 | goto err; | |
119 | } | |
120 | md_len = (size_t)mdi; | |
121 | key_len = EVP_CIPHER_get_key_length(ciph); | |
122 | iv_len = EVP_CIPHER_get_iv_length(ciph); | |
123 | ||
124 | if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) || | |
125 | (which == SSL3_CHANGE_CIPHER_SERVER_READ)) { | |
126 | mac_secret = &(p[0]); | |
127 | n = md_len + md_len; | |
128 | key = &(p[n]); | |
129 | n += key_len + key_len; | |
130 | iv = &(p[n]); | |
131 | n += iv_len + iv_len; | |
132 | } else { | |
133 | n = md_len; | |
134 | mac_secret = &(p[n]); | |
135 | n += md_len + key_len; | |
136 | key = &(p[n]); | |
137 | n += key_len + iv_len; | |
138 | iv = &(p[n]); | |
139 | n += iv_len; | |
140 | } | |
141 | ||
142 | if (n > s->s3.tmp.key_block_length) { | |
143 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
144 | goto err; | |
145 | } | |
146 | ||
147 | if (!ssl_set_new_record_layer(s, SSL3_VERSION, | |
148 | direction, | |
149 | OSSL_RECORD_PROTECTION_LEVEL_APPLICATION, | |
150 | NULL, 0, key, key_len, iv, iv_len, mac_secret, | |
151 | md_len, ciph, 0, NID_undef, md, comp, NULL)) { | |
152 | /* SSLfatal already called */ | |
153 | goto err; | |
154 | } | |
155 | ||
156 | return 1; | |
157 | err: | |
158 | return 0; | |
159 | } | |
160 | ||
161 | int ssl3_setup_key_block(SSL_CONNECTION *s) | |
162 | { | |
163 | unsigned char *p; | |
164 | const EVP_CIPHER *c; | |
165 | const EVP_MD *hash; | |
166 | int num; | |
167 | int ret = 0; | |
168 | SSL_COMP *comp; | |
169 | ||
170 | if (s->s3.tmp.key_block_length != 0) | |
171 | return 1; | |
172 | ||
173 | if (!ssl_cipher_get_evp(SSL_CONNECTION_GET_CTX(s), s->session, &c, &hash, | |
174 | NULL, NULL, &comp, 0)) { | |
175 | /* Error is already recorded */ | |
176 | SSLfatal_alert(s, SSL_AD_INTERNAL_ERROR); | |
177 | return 0; | |
178 | } | |
179 | ||
180 | ssl_evp_cipher_free(s->s3.tmp.new_sym_enc); | |
181 | s->s3.tmp.new_sym_enc = c; | |
182 | ssl_evp_md_free(s->s3.tmp.new_hash); | |
183 | s->s3.tmp.new_hash = hash; | |
184 | #ifdef OPENSSL_NO_COMP | |
185 | s->s3.tmp.new_compression = NULL; | |
186 | #else | |
187 | s->s3.tmp.new_compression = comp; | |
188 | #endif | |
189 | ||
190 | num = EVP_MD_get_size(hash); | |
191 | if (num < 0) | |
192 | return 0; | |
193 | ||
194 | num = EVP_CIPHER_get_key_length(c) + num + EVP_CIPHER_get_iv_length(c); | |
195 | num *= 2; | |
196 | ||
197 | ssl3_cleanup_key_block(s); | |
198 | ||
199 | if ((p = OPENSSL_malloc(num)) == NULL) { | |
200 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_CRYPTO_LIB); | |
201 | return 0; | |
202 | } | |
203 | ||
204 | s->s3.tmp.key_block_length = num; | |
205 | s->s3.tmp.key_block = p; | |
206 | ||
207 | /* Calls SSLfatal() as required */ | |
208 | ret = ssl3_generate_key_block(s, p, num); | |
209 | ||
210 | return ret; | |
211 | } | |
212 | ||
213 | void ssl3_cleanup_key_block(SSL_CONNECTION *s) | |
214 | { | |
215 | OPENSSL_clear_free(s->s3.tmp.key_block, s->s3.tmp.key_block_length); | |
216 | s->s3.tmp.key_block = NULL; | |
217 | s->s3.tmp.key_block_length = 0; | |
218 | } | |
219 | ||
220 | int ssl3_init_finished_mac(SSL_CONNECTION *s) | |
221 | { | |
222 | BIO *buf = BIO_new(BIO_s_mem()); | |
223 | ||
224 | if (buf == NULL) { | |
225 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_BIO_LIB); | |
226 | return 0; | |
227 | } | |
228 | ssl3_free_digest_list(s); | |
229 | s->s3.handshake_buffer = buf; | |
230 | (void)BIO_set_close(s->s3.handshake_buffer, BIO_CLOSE); | |
231 | return 1; | |
232 | } | |
233 | ||
234 | /* | |
235 | * Free digest list. Also frees handshake buffer since they are always freed | |
236 | * together. | |
237 | */ | |
238 | ||
239 | void ssl3_free_digest_list(SSL_CONNECTION *s) | |
240 | { | |
241 | BIO_free(s->s3.handshake_buffer); | |
242 | s->s3.handshake_buffer = NULL; | |
243 | EVP_MD_CTX_free(s->s3.handshake_dgst); | |
244 | s->s3.handshake_dgst = NULL; | |
245 | } | |
246 | ||
247 | int ssl3_finish_mac(SSL_CONNECTION *s, const unsigned char *buf, size_t len) | |
248 | { | |
249 | int ret; | |
250 | ||
251 | if (s->s3.handshake_dgst == NULL) { | |
252 | /* Note: this writes to a memory BIO so a failure is a fatal error */ | |
253 | if (len > INT_MAX) { | |
254 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_OVERFLOW_ERROR); | |
255 | return 0; | |
256 | } | |
257 | ret = BIO_write(s->s3.handshake_buffer, (void *)buf, (int)len); | |
258 | if (ret <= 0 || ret != (int)len) { | |
259 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
260 | return 0; | |
261 | } | |
262 | } else { | |
263 | ret = EVP_DigestUpdate(s->s3.handshake_dgst, buf, len); | |
264 | if (!ret) { | |
265 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
266 | return 0; | |
267 | } | |
268 | } | |
269 | return 1; | |
270 | } | |
271 | ||
272 | int ssl3_digest_cached_records(SSL_CONNECTION *s, int keep) | |
273 | { | |
274 | const EVP_MD *md; | |
275 | long hdatalen; | |
276 | void *hdata; | |
277 | ||
278 | if (s->s3.handshake_dgst == NULL) { | |
279 | hdatalen = BIO_get_mem_data(s->s3.handshake_buffer, &hdata); | |
280 | if (hdatalen <= 0) { | |
281 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_HANDSHAKE_LENGTH); | |
282 | return 0; | |
283 | } | |
284 | ||
285 | s->s3.handshake_dgst = EVP_MD_CTX_new(); | |
286 | if (s->s3.handshake_dgst == NULL) { | |
287 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); | |
288 | return 0; | |
289 | } | |
290 | ||
291 | md = ssl_handshake_md(s); | |
292 | if (md == NULL) { | |
293 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, | |
294 | SSL_R_NO_SUITABLE_DIGEST_ALGORITHM); | |
295 | return 0; | |
296 | } | |
297 | if (!EVP_DigestInit_ex(s->s3.handshake_dgst, md, NULL) | |
298 | || !EVP_DigestUpdate(s->s3.handshake_dgst, hdata, hdatalen)) { | |
299 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
300 | return 0; | |
301 | } | |
302 | } | |
303 | if (keep == 0) { | |
304 | BIO_free(s->s3.handshake_buffer); | |
305 | s->s3.handshake_buffer = NULL; | |
306 | } | |
307 | ||
308 | return 1; | |
309 | } | |
310 | ||
311 | void ssl3_digest_master_key_set_params(const SSL_SESSION *session, | |
312 | OSSL_PARAM params[]) | |
313 | { | |
314 | int n = 0; | |
315 | params[n++] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, | |
316 | (void *)session->master_key, | |
317 | session->master_key_length); | |
318 | params[n++] = OSSL_PARAM_construct_end(); | |
319 | } | |
320 | ||
321 | size_t ssl3_final_finish_mac(SSL_CONNECTION *s, const char *sender, size_t len, | |
322 | unsigned char *p) | |
323 | { | |
324 | int ret; | |
325 | EVP_MD_CTX *ctx = NULL; | |
326 | ||
327 | if (!ssl3_digest_cached_records(s, 0)) { | |
328 | /* SSLfatal() already called */ | |
329 | return 0; | |
330 | } | |
331 | ||
332 | if (EVP_MD_CTX_get_type(s->s3.handshake_dgst) != NID_md5_sha1) { | |
333 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_NO_REQUIRED_DIGEST); | |
334 | return 0; | |
335 | } | |
336 | ||
337 | ctx = EVP_MD_CTX_new(); | |
338 | if (ctx == NULL) { | |
339 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); | |
340 | return 0; | |
341 | } | |
342 | if (!EVP_MD_CTX_copy_ex(ctx, s->s3.handshake_dgst)) { | |
343 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
344 | ret = 0; | |
345 | goto err; | |
346 | } | |
347 | ||
348 | ret = EVP_MD_CTX_get_size(ctx); | |
349 | if (ret < 0) { | |
350 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
351 | ret = 0; | |
352 | goto err; | |
353 | } | |
354 | ||
355 | if (sender != NULL) { | |
356 | OSSL_PARAM digest_cmd_params[3]; | |
357 | ||
358 | ssl3_digest_master_key_set_params(s->session, digest_cmd_params); | |
359 | ||
360 | if (EVP_DigestUpdate(ctx, sender, len) <= 0 | |
361 | || EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= 0 | |
362 | || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) { | |
363 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
364 | ret = 0; | |
365 | } | |
366 | } | |
367 | ||
368 | err: | |
369 | EVP_MD_CTX_free(ctx); | |
370 | ||
371 | return ret; | |
372 | } | |
373 | ||
374 | int ssl3_generate_master_secret(SSL_CONNECTION *s, unsigned char *out, | |
375 | unsigned char *p, | |
376 | size_t len, size_t *secret_size) | |
377 | { | |
378 | static const unsigned char *const salt[3] = { | |
379 | #ifndef CHARSET_EBCDIC | |
380 | (const unsigned char *)"A", | |
381 | (const unsigned char *)"BB", | |
382 | (const unsigned char *)"CCC", | |
383 | #else | |
384 | (const unsigned char *)"\x41", | |
385 | (const unsigned char *)"\x42\x42", | |
386 | (const unsigned char *)"\x43\x43\x43", | |
387 | #endif | |
388 | }; | |
389 | unsigned char buf[EVP_MAX_MD_SIZE]; | |
390 | EVP_MD_CTX *ctx = EVP_MD_CTX_new(); | |
391 | int i, ret = 1; | |
392 | unsigned int n; | |
393 | size_t ret_secret_size = 0; | |
394 | ||
395 | if (ctx == NULL) { | |
396 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_EVP_LIB); | |
397 | return 0; | |
398 | } | |
399 | for (i = 0; i < 3; i++) { | |
400 | if (EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->sha1, NULL) <= 0 | |
401 | || EVP_DigestUpdate(ctx, salt[i], | |
402 | strlen((const char *)salt[i])) <= 0 | |
403 | || EVP_DigestUpdate(ctx, p, len) <= 0 | |
404 | || EVP_DigestUpdate(ctx, &(s->s3.client_random[0]), | |
405 | SSL3_RANDOM_SIZE) <= 0 | |
406 | || EVP_DigestUpdate(ctx, &(s->s3.server_random[0]), | |
407 | SSL3_RANDOM_SIZE) <= 0 | |
408 | || EVP_DigestFinal_ex(ctx, buf, &n) <= 0 | |
409 | || EVP_DigestInit_ex(ctx, SSL_CONNECTION_GET_CTX(s)->md5, NULL) <= 0 | |
410 | || EVP_DigestUpdate(ctx, p, len) <= 0 | |
411 | || EVP_DigestUpdate(ctx, buf, n) <= 0 | |
412 | || EVP_DigestFinal_ex(ctx, out, &n) <= 0) { | |
413 | SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); | |
414 | ret = 0; | |
415 | break; | |
416 | } | |
417 | out += n; | |
418 | ret_secret_size += n; | |
419 | } | |
420 | EVP_MD_CTX_free(ctx); | |
421 | ||
422 | OPENSSL_cleanse(buf, sizeof(buf)); | |
423 | if (ret) | |
424 | *secret_size = ret_secret_size; | |
425 | return ret; | |
426 | } | |
427 | ||
428 | int ssl3_alert_code(int code) | |
429 | { | |
430 | switch (code) { | |
431 | case SSL_AD_CLOSE_NOTIFY: | |
432 | return SSL3_AD_CLOSE_NOTIFY; | |
433 | case SSL_AD_UNEXPECTED_MESSAGE: | |
434 | return SSL3_AD_UNEXPECTED_MESSAGE; | |
435 | case SSL_AD_BAD_RECORD_MAC: | |
436 | return SSL3_AD_BAD_RECORD_MAC; | |
437 | case SSL_AD_DECRYPTION_FAILED: | |
438 | return SSL3_AD_BAD_RECORD_MAC; | |
439 | case SSL_AD_RECORD_OVERFLOW: | |
440 | return SSL3_AD_BAD_RECORD_MAC; | |
441 | case SSL_AD_DECOMPRESSION_FAILURE: | |
442 | return SSL3_AD_DECOMPRESSION_FAILURE; | |
443 | case SSL_AD_HANDSHAKE_FAILURE: | |
444 | return SSL3_AD_HANDSHAKE_FAILURE; | |
445 | case SSL_AD_NO_CERTIFICATE: | |
446 | return SSL3_AD_NO_CERTIFICATE; | |
447 | case SSL_AD_BAD_CERTIFICATE: | |
448 | return SSL3_AD_BAD_CERTIFICATE; | |
449 | case SSL_AD_UNSUPPORTED_CERTIFICATE: | |
450 | return SSL3_AD_UNSUPPORTED_CERTIFICATE; | |
451 | case SSL_AD_CERTIFICATE_REVOKED: | |
452 | return SSL3_AD_CERTIFICATE_REVOKED; | |
453 | case SSL_AD_CERTIFICATE_EXPIRED: | |
454 | return SSL3_AD_CERTIFICATE_EXPIRED; | |
455 | case SSL_AD_CERTIFICATE_UNKNOWN: | |
456 | return SSL3_AD_CERTIFICATE_UNKNOWN; | |
457 | case SSL_AD_ILLEGAL_PARAMETER: | |
458 | return SSL3_AD_ILLEGAL_PARAMETER; | |
459 | case SSL_AD_UNKNOWN_CA: | |
460 | return SSL3_AD_BAD_CERTIFICATE; | |
461 | case SSL_AD_ACCESS_DENIED: | |
462 | return SSL3_AD_HANDSHAKE_FAILURE; | |
463 | case SSL_AD_DECODE_ERROR: | |
464 | return SSL3_AD_HANDSHAKE_FAILURE; | |
465 | case SSL_AD_DECRYPT_ERROR: | |
466 | return SSL3_AD_HANDSHAKE_FAILURE; | |
467 | case SSL_AD_EXPORT_RESTRICTION: | |
468 | return SSL3_AD_HANDSHAKE_FAILURE; | |
469 | case SSL_AD_PROTOCOL_VERSION: | |
470 | return SSL3_AD_HANDSHAKE_FAILURE; | |
471 | case SSL_AD_INSUFFICIENT_SECURITY: | |
472 | return SSL3_AD_HANDSHAKE_FAILURE; | |
473 | case SSL_AD_INTERNAL_ERROR: | |
474 | return SSL3_AD_HANDSHAKE_FAILURE; | |
475 | case SSL_AD_USER_CANCELLED: | |
476 | return SSL3_AD_HANDSHAKE_FAILURE; | |
477 | case SSL_AD_NO_RENEGOTIATION: | |
478 | return -1; /* Don't send it :-) */ | |
479 | case SSL_AD_UNSUPPORTED_EXTENSION: | |
480 | return SSL3_AD_HANDSHAKE_FAILURE; | |
481 | case SSL_AD_CERTIFICATE_UNOBTAINABLE: | |
482 | return SSL3_AD_HANDSHAKE_FAILURE; | |
483 | case SSL_AD_UNRECOGNIZED_NAME: | |
484 | return SSL3_AD_HANDSHAKE_FAILURE; | |
485 | case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE: | |
486 | return SSL3_AD_HANDSHAKE_FAILURE; | |
487 | case SSL_AD_BAD_CERTIFICATE_HASH_VALUE: | |
488 | return SSL3_AD_HANDSHAKE_FAILURE; | |
489 | case SSL_AD_UNKNOWN_PSK_IDENTITY: | |
490 | return TLS1_AD_UNKNOWN_PSK_IDENTITY; | |
491 | case SSL_AD_INAPPROPRIATE_FALLBACK: | |
492 | return TLS1_AD_INAPPROPRIATE_FALLBACK; | |
493 | case SSL_AD_NO_APPLICATION_PROTOCOL: | |
494 | return TLS1_AD_NO_APPLICATION_PROTOCOL; | |
495 | case SSL_AD_CERTIFICATE_REQUIRED: | |
496 | return SSL_AD_HANDSHAKE_FAILURE; | |
497 | case TLS13_AD_MISSING_EXTENSION: | |
498 | return SSL_AD_HANDSHAKE_FAILURE; | |
499 | default: | |
500 | return -1; | |
501 | } | |
502 | } |