1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *g
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *g
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *g
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) fromg
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *g
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *g
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.]
56 */
57 /* ====================================================================
58 * Copyright (c) 1998-2007 The OpenSSL Project. All rights reserved.
59 *
60 * Redistribution and use in source and binary forms, with or without
61 * modification, are permitted provided that the following conditions
62 * are met:
63 *
64 * 1. Redistributions of source code must retain the above copyright
65 * notice, this list of conditions and the following disclaimer.g
66 *
67 * 2. Redistributions in binary form must reproduce the above copyright
68 * notice, this list of conditions and the following disclaimer in
69 * the documentation and/or other materials provided with the
70 * distribution.
71 *
72 * 3. All advertising materials mentioning features or use of this
73 * software must display the following acknowledgment:
74 * "This product includes software developed by the OpenSSL Project
75 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
76 *
77 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
78 * endorse or promote products derived from this software without
79 * prior written permission. For written permission, please contact
80 * openssl-core@openssl.org.
81 *
82 * 5. Products derived from this software may not be called "OpenSSL"
83 * nor may "OpenSSL" appear in their names without prior written
84 * permission of the OpenSSL Project.
85 *
86 * 6. Redistributions of any form whatsoever must retain the following
87 * acknowledgment:
88 * "This product includes software developed by the OpenSSL Project
89 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
90 *
91 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
92 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
93 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
94 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
95 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
96 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
97 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
98 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
99 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
100 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
101 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
102 * OF THE POSSIBILITY OF SUCH DAMAGE.
103 * ====================================================================
104 *
105 * This product includes cryptographic software written by Eric Young
106 * (eay@cryptsoft.com). This product includes software written by Tim
107 * Hudson (tjh@cryptsoft.com).
108 *
109 */
110 /* ====================================================================
111 * Copyright 2005 Nokia. All rights reserved.
112 *
113 * The portions of the attached software ("Contribution") is developed by
114 * Nokia Corporation and is licensed pursuant to the OpenSSL open source
115 * license.
116 *
117 * The Contribution, originally written by Mika Kousa and Pasi Eronen of
118 * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
119 * support (see RFC 4279) to OpenSSL.
120 *
121 * No patent licenses or other rights except those expressly stated in
122 * the OpenSSL open source license shall be deemed granted or received
123 * expressly, by implication, estoppel, or otherwise.
124 *
125 * No assurances are provided by Nokia that the Contribution does not
126 * infringe the patent or other intellectual property rights of any third
127 * party or that the license provides you with all the necessary rights
128 * to make use of the Contribution.
129 *
130 * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
131 * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
132 * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
133 * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
134 * OTHERWISE. */
135
136 #include <assert.h>
137 #include <stdio.h>
138 #include <string.h>
139
140 #include <openssl/err.h>
141 #include <openssl/evp.h>
142 #include <openssl/mem.h>
143 #include <openssl/md5.h>
144 #include <openssl/obj.h>
145
146 #include "internal.h"
147
148
149 static const uint8_t ssl3_pad_1[48] = {
150 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
151 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
152 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
153 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
154 };
155
156 static const uint8_t ssl3_pad_2[48] = {
157 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
158 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
159 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
160 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
161 };
162
163 static int ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len,
164 uint8_t *p);
165
ssl3_prf(SSL * s,uint8_t * out,size_t out_len,const uint8_t * secret,size_t secret_len,const char * label,size_t label_len,const uint8_t * seed1,size_t seed1_len,const uint8_t * seed2,size_t seed2_len)166 int ssl3_prf(SSL *s, uint8_t *out, size_t out_len, const uint8_t *secret,
167 size_t secret_len, const char *label, size_t label_len,
168 const uint8_t *seed1, size_t seed1_len,
169 const uint8_t *seed2, size_t seed2_len) {
170 EVP_MD_CTX md5;
171 EVP_MD_CTX sha1;
172 uint8_t buf[16], smd[SHA_DIGEST_LENGTH];
173 uint8_t c = 'A';
174 size_t i, j, k;
175
176 k = 0;
177 EVP_MD_CTX_init(&md5);
178 EVP_MD_CTX_init(&sha1);
179 for (i = 0; i < out_len; i += MD5_DIGEST_LENGTH) {
180 k++;
181 if (k > sizeof(buf)) {
182 /* bug: 'buf' is too small for this ciphersuite */
183 OPENSSL_PUT_ERROR(SSL, ssl3_prf, ERR_R_INTERNAL_ERROR);
184 return 0;
185 }
186
187 for (j = 0; j < k; j++) {
188 buf[j] = c;
189 }
190 c++;
191 if (!EVP_DigestInit_ex(&sha1, EVP_sha1(), NULL)) {
192 OPENSSL_PUT_ERROR(SSL, ssl3_prf, ERR_LIB_EVP);
193 return 0;
194 }
195 EVP_DigestUpdate(&sha1, buf, k);
196 EVP_DigestUpdate(&sha1, secret, secret_len);
197 /* |label| is ignored for SSLv3. */
198 if (seed1_len) {
199 EVP_DigestUpdate(&sha1, seed1, seed1_len);
200 }
201 if (seed2_len) {
202 EVP_DigestUpdate(&sha1, seed2, seed2_len);
203 }
204 EVP_DigestFinal_ex(&sha1, smd, NULL);
205
206 if (!EVP_DigestInit_ex(&md5, EVP_md5(), NULL)) {
207 OPENSSL_PUT_ERROR(SSL, ssl3_prf, ERR_LIB_EVP);
208 return 0;
209 }
210 EVP_DigestUpdate(&md5, secret, secret_len);
211 EVP_DigestUpdate(&md5, smd, SHA_DIGEST_LENGTH);
212 if (i + MD5_DIGEST_LENGTH > out_len) {
213 EVP_DigestFinal_ex(&md5, smd, NULL);
214 memcpy(out, smd, out_len - i);
215 } else {
216 EVP_DigestFinal_ex(&md5, out, NULL);
217 }
218
219 out += MD5_DIGEST_LENGTH;
220 }
221
222 OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH);
223 EVP_MD_CTX_cleanup(&md5);
224 EVP_MD_CTX_cleanup(&sha1);
225
226 return 1;
227 }
228
ssl3_cleanup_key_block(SSL * s)229 void ssl3_cleanup_key_block(SSL *s) {
230 if (s->s3->tmp.key_block != NULL) {
231 OPENSSL_cleanse(s->s3->tmp.key_block, s->s3->tmp.key_block_length);
232 OPENSSL_free(s->s3->tmp.key_block);
233 s->s3->tmp.key_block = NULL;
234 }
235 s->s3->tmp.key_block_length = 0;
236 }
237
ssl3_init_finished_mac(SSL * s)238 int ssl3_init_finished_mac(SSL *s) {
239 BIO_free(s->s3->handshake_buffer);
240 ssl3_free_digest_list(s);
241 s->s3->handshake_buffer = BIO_new(BIO_s_mem());
242 if (s->s3->handshake_buffer == NULL) {
243 return 0;
244 }
245 BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);
246
247 return 1;
248 }
249
ssl3_free_digest_list(SSL * s)250 void ssl3_free_digest_list(SSL *s) {
251 int i;
252 if (!s->s3->handshake_dgst) {
253 return;
254 }
255 for (i = 0; i < SSL_MAX_DIGEST; i++) {
256 if (s->s3->handshake_dgst[i]) {
257 EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);
258 }
259 }
260 OPENSSL_free(s->s3->handshake_dgst);
261 s->s3->handshake_dgst = NULL;
262 }
263
ssl3_finish_mac(SSL * s,const uint8_t * buf,int len)264 int ssl3_finish_mac(SSL *s, const uint8_t *buf, int len) {
265 int i;
266
267 if (s->s3->handshake_buffer) {
268 return BIO_write(s->s3->handshake_buffer, (void *)buf, len) >= 0;
269 }
270
271 for (i = 0; i < SSL_MAX_DIGEST; i++) {
272 if (s->s3->handshake_dgst[i] != NULL) {
273 EVP_DigestUpdate(s->s3->handshake_dgst[i], buf, len);
274 }
275 }
276 return 1;
277 }
278
ssl3_digest_cached_records(SSL * s,enum should_free_handshake_buffer_t should_free_handshake_buffer)279 int ssl3_digest_cached_records(
280 SSL *s, enum should_free_handshake_buffer_t should_free_handshake_buffer) {
281 int i;
282 uint32_t mask;
283 const EVP_MD *md;
284 const uint8_t *hdata;
285 size_t hdatalen;
286
287 /* Allocate handshake_dgst array */
288 ssl3_free_digest_list(s);
289 s->s3->handshake_dgst = OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
290 if (s->s3->handshake_dgst == NULL) {
291 OPENSSL_PUT_ERROR(SSL, ssl3_digest_cached_records, ERR_R_MALLOC_FAILURE);
292 return 0;
293 }
294
295 memset(s->s3->handshake_dgst, 0, SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
296 if (!BIO_mem_contents(s->s3->handshake_buffer, &hdata, &hdatalen)) {
297 OPENSSL_PUT_ERROR(SSL, ssl3_digest_cached_records,
298 SSL_R_BAD_HANDSHAKE_LENGTH);
299 return 0;
300 }
301
302 /* Loop through bits of algorithm2 field and create MD_CTX-es */
303 for (i = 0; ssl_get_handshake_digest(&mask, &md, i); i++) {
304 if ((mask & ssl_get_algorithm2(s)) && md) {
305 s->s3->handshake_dgst[i] = EVP_MD_CTX_create();
306 if (s->s3->handshake_dgst[i] == NULL) {
307 OPENSSL_PUT_ERROR(SSL, ssl3_digest_cached_records, ERR_LIB_EVP);
308 return 0;
309 }
310 if (!EVP_DigestInit_ex(s->s3->handshake_dgst[i], md, NULL)) {
311 EVP_MD_CTX_destroy(s->s3->handshake_dgst[i]);
312 s->s3->handshake_dgst[i] = NULL;
313 OPENSSL_PUT_ERROR(SSL, ssl3_digest_cached_records, ERR_LIB_EVP);
314 return 0;
315 }
316 EVP_DigestUpdate(s->s3->handshake_dgst[i], hdata, hdatalen);
317 } else {
318 s->s3->handshake_dgst[i] = NULL;
319 }
320 }
321
322 if (should_free_handshake_buffer == free_handshake_buffer) {
323 /* Free handshake_buffer BIO */
324 BIO_free(s->s3->handshake_buffer);
325 s->s3->handshake_buffer = NULL;
326 }
327
328 return 1;
329 }
330
ssl3_cert_verify_mac(SSL * s,int md_nid,uint8_t * p)331 int ssl3_cert_verify_mac(SSL *s, int md_nid, uint8_t *p) {
332 return ssl3_handshake_mac(s, md_nid, NULL, 0, p);
333 }
334
ssl3_final_finish_mac(SSL * s,const char * sender,int len,uint8_t * p)335 int ssl3_final_finish_mac(SSL *s, const char *sender, int len, uint8_t *p) {
336 int ret, sha1len;
337 ret = ssl3_handshake_mac(s, NID_md5, sender, len, p);
338 if (ret == 0) {
339 return 0;
340 }
341
342 p += ret;
343
344 sha1len = ssl3_handshake_mac(s, NID_sha1, sender, len, p);
345 if (sha1len == 0) {
346 return 0;
347 }
348
349 ret += sha1len;
350 return ret;
351 }
352
ssl3_handshake_mac(SSL * s,int md_nid,const char * sender,int len,uint8_t * p)353 static int ssl3_handshake_mac(SSL *s, int md_nid, const char *sender, int len,
354 uint8_t *p) {
355 unsigned int ret;
356 int npad, n;
357 unsigned int i;
358 uint8_t md_buf[EVP_MAX_MD_SIZE];
359 EVP_MD_CTX ctx, *d = NULL;
360
361 if (s->s3->handshake_buffer &&
362 !ssl3_digest_cached_records(s, free_handshake_buffer)) {
363 return 0;
364 }
365
366 /* Search for digest of specified type in the handshake_dgst array. */
367 for (i = 0; i < SSL_MAX_DIGEST; i++) {
368 if (s->s3->handshake_dgst[i] &&
369 EVP_MD_CTX_type(s->s3->handshake_dgst[i]) == md_nid) {
370 d = s->s3->handshake_dgst[i];
371 break;
372 }
373 }
374
375 if (!d) {
376 OPENSSL_PUT_ERROR(SSL, ssl3_handshake_mac, SSL_R_NO_REQUIRED_DIGEST);
377 return 0;
378 }
379
380 EVP_MD_CTX_init(&ctx);
381 if (!EVP_MD_CTX_copy_ex(&ctx, d)) {
382 EVP_MD_CTX_cleanup(&ctx);
383 OPENSSL_PUT_ERROR(SSL, ssl3_handshake_mac, ERR_LIB_EVP);
384 return 0;
385 }
386
387 n = EVP_MD_CTX_size(&ctx);
388 if (n < 0) {
389 return 0;
390 }
391
392 npad = (48 / n) * n;
393 if (sender != NULL) {
394 EVP_DigestUpdate(&ctx, sender, len);
395 }
396 EVP_DigestUpdate(&ctx, s->session->master_key, s->session->master_key_length);
397 EVP_DigestUpdate(&ctx, ssl3_pad_1, npad);
398 EVP_DigestFinal_ex(&ctx, md_buf, &i);
399
400 if (!EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL)) {
401 EVP_MD_CTX_cleanup(&ctx);
402 OPENSSL_PUT_ERROR(SSL, ssl3_handshake_mac, ERR_LIB_EVP);
403 return 0;
404 }
405 EVP_DigestUpdate(&ctx, s->session->master_key, s->session->master_key_length);
406 EVP_DigestUpdate(&ctx, ssl3_pad_2, npad);
407 EVP_DigestUpdate(&ctx, md_buf, i);
408 EVP_DigestFinal_ex(&ctx, p, &ret);
409
410 EVP_MD_CTX_cleanup(&ctx);
411
412 return ret;
413 }
414
ssl3_record_sequence_update(uint8_t * seq,size_t seq_len)415 int ssl3_record_sequence_update(uint8_t *seq, size_t seq_len) {
416 size_t i;
417 for (i = seq_len - 1; i < seq_len; i--) {
418 ++seq[i];
419 if (seq[i] != 0) {
420 return 1;
421 }
422 }
423 OPENSSL_PUT_ERROR(SSL, ssl3_record_sequence_update, ERR_R_OVERFLOW);
424 return 0;
425 }
426
ssl3_alert_code(int code)427 int ssl3_alert_code(int code) {
428 switch (code) {
429 case SSL_AD_CLOSE_NOTIFY:
430 return SSL3_AD_CLOSE_NOTIFY;
431
432 case SSL_AD_UNEXPECTED_MESSAGE:
433 return SSL3_AD_UNEXPECTED_MESSAGE;
434
435 case SSL_AD_BAD_RECORD_MAC:
436 return SSL3_AD_BAD_RECORD_MAC;
437
438 case SSL_AD_DECRYPTION_FAILED:
439 return SSL3_AD_BAD_RECORD_MAC;
440
441 case SSL_AD_RECORD_OVERFLOW:
442 return SSL3_AD_BAD_RECORD_MAC;
443
444 case SSL_AD_DECOMPRESSION_FAILURE:
445 return SSL3_AD_DECOMPRESSION_FAILURE;
446
447 case SSL_AD_HANDSHAKE_FAILURE:
448 return SSL3_AD_HANDSHAKE_FAILURE;
449
450 case SSL_AD_NO_CERTIFICATE:
451 return SSL3_AD_NO_CERTIFICATE;
452
453 case SSL_AD_BAD_CERTIFICATE:
454 return SSL3_AD_BAD_CERTIFICATE;
455
456 case SSL_AD_UNSUPPORTED_CERTIFICATE:
457 return SSL3_AD_UNSUPPORTED_CERTIFICATE;
458
459 case SSL_AD_CERTIFICATE_REVOKED:
460 return SSL3_AD_CERTIFICATE_REVOKED;
461
462 case SSL_AD_CERTIFICATE_EXPIRED:
463 return SSL3_AD_CERTIFICATE_EXPIRED;
464
465 case SSL_AD_CERTIFICATE_UNKNOWN:
466 return SSL3_AD_CERTIFICATE_UNKNOWN;
467
468 case SSL_AD_ILLEGAL_PARAMETER:
469 return SSL3_AD_ILLEGAL_PARAMETER;
470
471 case SSL_AD_UNKNOWN_CA:
472 return SSL3_AD_BAD_CERTIFICATE;
473
474 case SSL_AD_ACCESS_DENIED:
475 return SSL3_AD_HANDSHAKE_FAILURE;
476
477 case SSL_AD_DECODE_ERROR:
478 return SSL3_AD_HANDSHAKE_FAILURE;
479
480 case SSL_AD_DECRYPT_ERROR:
481 return SSL3_AD_HANDSHAKE_FAILURE;
482
483 case SSL_AD_EXPORT_RESTRICTION:
484 return SSL3_AD_HANDSHAKE_FAILURE;
485
486 case SSL_AD_PROTOCOL_VERSION:
487 return SSL3_AD_HANDSHAKE_FAILURE;
488
489 case SSL_AD_INSUFFICIENT_SECURITY:
490 return SSL3_AD_HANDSHAKE_FAILURE;
491
492 case SSL_AD_INTERNAL_ERROR:
493 return SSL3_AD_HANDSHAKE_FAILURE;
494
495 case SSL_AD_USER_CANCELLED:
496 return SSL3_AD_HANDSHAKE_FAILURE;
497
498 case SSL_AD_NO_RENEGOTIATION:
499 return -1; /* Don't send it. */
500
501 case SSL_AD_UNSUPPORTED_EXTENSION:
502 return SSL3_AD_HANDSHAKE_FAILURE;
503
504 case SSL_AD_CERTIFICATE_UNOBTAINABLE:
505 return SSL3_AD_HANDSHAKE_FAILURE;
506
507 case SSL_AD_UNRECOGNIZED_NAME:
508 return SSL3_AD_HANDSHAKE_FAILURE;
509
510 case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
511 return SSL3_AD_HANDSHAKE_FAILURE;
512
513 case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
514 return SSL3_AD_HANDSHAKE_FAILURE;
515
516 case SSL_AD_UNKNOWN_PSK_IDENTITY:
517 return TLS1_AD_UNKNOWN_PSK_IDENTITY;
518
519 case SSL_AD_INAPPROPRIATE_FALLBACK:
520 return SSL3_AD_INAPPROPRIATE_FALLBACK;
521
522 default:
523 return -1;
524 }
525 }
526