s3_enc.c source code [ClickHouse/contrib/openssl/ssl/s3_enc.c]

1	/*
2	* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
3	* Copyright 2005 Nokia. All rights reserved.
4	*
5	* Licensed under the Apache License 2.0 (the "License"). You may not use
6	* this file except in compliance with the License. You can obtain a copy
7	* in the file LICENSE in the source distribution or at
8	* https://www.openssl.org/source/license.html
9	*/
10
11	#include <stdio.h>
12	#include "ssl_local.h"
13	#include <openssl/evp.h>
14	#include <openssl/md5.h>
15	#include <openssl/core_names.h>
16	#include "internal/cryptlib.h"
17
18	static int ssl3_generate_key_block(SSL s, unsigned* char km, int* num)
19	{
20	EVP_MD *md5;
21	EVP_MD_CTX *m5;
22	EVP_MD_CTX *s1;
23	unsigned char buf[`16`], smd[SHA_DIGEST_LENGTH];
24	unsigned char c = `'A'`;
25	unsigned int i, j, k;
26	int ret = `0`;
27
28	#ifdef CHARSET_EBCDIC
29	c = os_toascii[c]; / 'A' in ASCII /
30	#endif
31	k = `0`;
32	md5 = EVP_MD_fetch(NULL, OSSL_DIGEST_NAME_MD5, "-fips");
33	m5 = EVP_MD_CTX_new();
34	s1 = EVP_MD_CTX_new();
35	if (md5 == NULL \|\| m5 == NULL \|\| s1 == NULL) {
36	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
37	ERR_R_MALLOC_FAILURE);
38	goto err;
39	}
40	for (i = `0`; (int)i < num; i += MD5_DIGEST_LENGTH) {
41	k++;
42	if (k > sizeof(buf)) {
43	/ bug: 'buf' is too small for this ciphersuite /
44	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
45	ERR_R_INTERNAL_ERROR);
46	goto err;
47	}
48
49	for (j = `0`; j < k; j++)
50	buf[j] = c;
51	c++;
52	if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL)
53	\|\| !EVP_DigestUpdate(s1, buf, k)
54	\|\| !EVP_DigestUpdate(s1, s->session->master_key,
55	s->session->master_key_length)
56	\|\| !EVP_DigestUpdate(s1, s->s3.server_random, SSL3_RANDOM_SIZE)
57	\|\| !EVP_DigestUpdate(s1, s->s3.client_random, SSL3_RANDOM_SIZE)
58	\|\| !EVP_DigestFinal_ex(s1, smd, NULL)
59	\|\| !EVP_DigestInit_ex(m5, md5, NULL)
60	\|\| !EVP_DigestUpdate(m5, s->session->master_key,
61	s->session->master_key_length)
62	\|\| !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) {
63	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
64	ERR_R_INTERNAL_ERROR);
65	goto err;
66	}
67	if ((int)(i + MD5_DIGEST_LENGTH) > num) {
68	if (!EVP_DigestFinal_ex(m5, smd, NULL)) {
69	SSLfatal(s, SSL_AD_INTERNAL_ERROR,
70	SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
71	goto err;
72	}
73	memcpy(km, smd, (num - i));
74	} else {
75	if (!EVP_DigestFinal_ex(m5, km, NULL)) {
76	SSLfatal(s, SSL_AD_INTERNAL_ERROR,
77	SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
78	goto err;
79	}
80	}
81
82	km += MD5_DIGEST_LENGTH;
83	}
84	OPENSSL_cleanse(smd, sizeof(smd));
85	ret = `1`;
86	err:
87	EVP_MD_CTX_free(m5);
88	EVP_MD_CTX_free(s1);
89	EVP_MD_free(md5);
90	return ret;
91	}
92
93	int ssl3_change_cipher_state(SSL s, int* which)
94	{
95	unsigned char p, mac_secret;
96	unsigned char ms, key, *iv;
97	EVP_CIPHER_CTX *dd;
98	const EVP_CIPHER *c;
99	#ifndef OPENSSL_NO_COMP
100	COMP_METHOD *comp;
101	#endif
102	const EVP_MD *m;
103	int mdi;
104	size_t n, i, j, k, cl;
105	int reuse_dd = `0`;
106
107	c = s->s3.tmp.new_sym_enc;
108	m = s->s3.tmp.new_hash;
109	/ m == NULL will lead to a crash later /
110	if (!ossl_assert(m != NULL)) {
111	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
112	ERR_R_INTERNAL_ERROR);
113	goto err;
114	}
115	#ifndef OPENSSL_NO_COMP
116	if (s->s3.tmp.new_compression == NULL)
117	comp = NULL;
118	else
119	comp = s->s3.tmp.new_compression->method;
120	#endif
121
122	if (which & SSL3_CC_READ) {
123	if (s->enc_read_ctx != NULL) {
124	reuse_dd = `1`;
125	} else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
126	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
127	ERR_R_MALLOC_FAILURE);
128	goto err;
129	} else {
130	/*
131	* make sure it's initialised in case we exit later with an error
132	*/
133	EVP_CIPHER_CTX_reset(s->enc_read_ctx);
134	}
135	dd = s->enc_read_ctx;
136
137	if (ssl_replace_hash(&s->read_hash, m) == NULL) {
138	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
139	ERR_R_INTERNAL_ERROR);
140	goto err;
141	}
142	#ifndef OPENSSL_NO_COMP
143	/ COMPRESS /
144	COMP_CTX_free(s->expand);
145	s->expand = NULL;
146	if (comp != NULL) {
147	s->expand = COMP_CTX_new(comp);
148	if (s->expand == NULL) {
149	SSLfatal(s, SSL_AD_INTERNAL_ERROR,
150	SSL_F_SSL3_CHANGE_CIPHER_STATE,
151	SSL_R_COMPRESSION_LIBRARY_ERROR);
152	goto err;
153	}
154	}
155	#endif
156	RECORD_LAYER_reset_read_sequence(&s->rlayer);
157	mac_secret = &(s->s3.read_mac_secret[`0`]);
158	} else {
159	s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
160	if (s->enc_write_ctx != NULL) {
161	reuse_dd = `1`;
162	} else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
163	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
164	ERR_R_MALLOC_FAILURE);
165	goto err;
166	} else {
167	/*
168	* make sure it's initialised in case we exit later with an error
169	*/
170	EVP_CIPHER_CTX_reset(s->enc_write_ctx);
171	}
172	dd = s->enc_write_ctx;
173	if (ssl_replace_hash(&s->write_hash, m) == NULL) {
174	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
175	ERR_R_MALLOC_FAILURE);
176	goto err;
177	}
178	#ifndef OPENSSL_NO_COMP
179	/ COMPRESS /
180	COMP_CTX_free(s->compress);
181	s->compress = NULL;
182	if (comp != NULL) {
183	s->compress = COMP_CTX_new(comp);
184	if (s->compress == NULL) {
185	SSLfatal(s, SSL_AD_INTERNAL_ERROR,
186	SSL_F_SSL3_CHANGE_CIPHER_STATE,
187	SSL_R_COMPRESSION_LIBRARY_ERROR);
188	goto err;
189	}
190	}
191	#endif
192	RECORD_LAYER_reset_write_sequence(&s->rlayer);
193	mac_secret = &(s->s3.write_mac_secret[`0`]);
194	}
195
196	if (reuse_dd)
197	EVP_CIPHER_CTX_reset(dd);
198
199	p = s->s3.tmp.key_block;
200	mdi = EVP_MD_size(m);
201	if (mdi < `0`) {
202	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
203	ERR_R_INTERNAL_ERROR);
204	goto err;
205	}
206	i = mdi;
207	cl = EVP_CIPHER_key_length(c);
208	j = cl;
209	k = EVP_CIPHER_iv_length(c);
210	if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) \|\|
211	(which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
212	ms = &(p[`0`]);
213	n = i + i;
214	key = &(p[n]);
215	n += j + j;
216	iv = &(p[n]);
217	n += k + k;
218	} else {
219	n = i;
220	ms = &(p[n]);
221	n += i + j;
222	key = &(p[n]);
223	n += j + k;
224	iv = &(p[n]);
225	n += k;
226	}
227
228	if (n > s->s3.tmp.key_block_length) {
229	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
230	ERR_R_INTERNAL_ERROR);
231	goto err;
232	}
233
234	memcpy(mac_secret, ms, i);
235
236	if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
237	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
238	ERR_R_INTERNAL_ERROR);
239	goto err;
240	}
241
242	s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
243	return `1`;
244	err:
245	return `0`;
246	}
247
248	int ssl3_setup_key_block(SSL *s)
249	{
250	unsigned char *p;
251	const EVP_CIPHER *c;
252	const EVP_MD *hash;
253	int num;
254	int ret = `0`;
255	SSL_COMP *comp;
256
257	if (s->s3.tmp.key_block_length != `0`)
258	return `1`;
259
260	if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, `0`)) {
261	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
262	SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
263	return `0`;
264	}
265
266	s->s3.tmp.new_sym_enc = c;
267	s->s3.tmp.new_hash = hash;
268	#ifdef OPENSSL_NO_COMP
269	s->s3.tmp.new_compression = NULL;
270	#else
271	s->s3.tmp.new_compression = comp;
272	#endif
273
274	num = EVP_MD_size(hash);
275	if (num < `0`)
276	return `0`;
277
278	num = EVP_CIPHER_key_length(c) + num + EVP_CIPHER_iv_length(c);
279	num *= `2`;
280
281	ssl3_cleanup_key_block(s);
282
283	if ((p = OPENSSL_malloc(num)) == NULL) {
284	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
285	ERR_R_MALLOC_FAILURE);
286	return `0`;
287	}
288
289	s->s3.tmp.key_block_length = num;
290	s->s3.tmp.key_block = p;
291
292	/ Calls SSLfatal() as required /
293	ret = ssl3_generate_key_block(s, p, num);
294
295	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) {
296	/*
297	* enable vulnerability countermeasure for CBC ciphers with known-IV
298	* problem (http://www.openssl.org/~bodo/tls-cbc.txt)
299	*/
300	s->s3.need_empty_fragments = `1`;
301
302	if (s->session->cipher != NULL) {
303	if (s->session->cipher->algorithm_enc == SSL_eNULL)
304	s->s3.need_empty_fragments = `0`;
305
306	#ifndef OPENSSL_NO_RC4
307	if (s->session->cipher->algorithm_enc == SSL_RC4)
308	s->s3.need_empty_fragments = `0`;
309	#endif
310	}
311	}
312
313	return ret;
314	}
315
316	void ssl3_cleanup_key_block(SSL *s)
317	{
318	OPENSSL_clear_free(s->s3.tmp.key_block, s->s3.tmp.key_block_length);
319	s->s3.tmp.key_block = NULL;
320	s->s3.tmp.key_block_length = `0`;
321	}
322
323	int ssl3_init_finished_mac(SSL *s)
324	{
325	BIO *buf = BIO_new(BIO_s_mem());
326
327	if (buf == NULL) {
328	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_INIT_FINISHED_MAC,
329	ERR_R_MALLOC_FAILURE);
330	return `0`;
331	}
332	ssl3_free_digest_list(s);
333	s->s3.handshake_buffer = buf;
334	(void)BIO_set_close(s->s3.handshake_buffer, BIO_CLOSE);
335	return `1`;
336	}
337
338	/*
339	* Free digest list. Also frees handshake buffer since they are always freed
340	* together.
341	*/
342
343	void ssl3_free_digest_list(SSL *s)
344	{
345	BIO_free(s->s3.handshake_buffer);
346	s->s3.handshake_buffer = NULL;
347	EVP_MD_CTX_free(s->s3.handshake_dgst);
348	s->s3.handshake_dgst = NULL;
349	}
350
351	int ssl3_finish_mac(SSL s, const* unsigned char *buf, size_t len)
352	{
353	int ret;
354
355	if (s->s3.handshake_dgst == NULL) {
356	/ Note: this writes to a memory BIO so a failure is a fatal error /
357	if (len > INT_MAX) {
358	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
359	SSL_R_OVERFLOW_ERROR);
360	return `0`;
361	}
362	ret = BIO_write(s->s3.handshake_buffer, (void )buf, (int*)len);
363	if (ret <= `0` \|\| ret != (int)len) {
364	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
365	ERR_R_INTERNAL_ERROR);
366	return `0`;
367	}
368	} else {
369	ret = EVP_DigestUpdate(s->s3.handshake_dgst, buf, len);
370	if (!ret) {
371	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
372	ERR_R_INTERNAL_ERROR);
373	return `0`;
374	}
375	}
376	return `1`;
377	}
378
379	int ssl3_digest_cached_records(SSL s, int* keep)
380	{
381	const EVP_MD *md;
382	long hdatalen;
383	void *hdata;
384
385	if (s->s3.handshake_dgst == NULL) {
386	hdatalen = BIO_get_mem_data(s->s3.handshake_buffer, &hdata);
387	if (hdatalen <= `0`) {
388	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
389	SSL_R_BAD_HANDSHAKE_LENGTH);
390	return `0`;
391	}
392
393	s->s3.handshake_dgst = EVP_MD_CTX_new();
394	if (s->s3.handshake_dgst == NULL) {
395	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
396	ERR_R_MALLOC_FAILURE);
397	return `0`;
398	}
399
400	md = ssl_handshake_md(s);
401	if (md == NULL \|\| !EVP_DigestInit_ex(s->s3.handshake_dgst, md, NULL)
402	\|\| !EVP_DigestUpdate(s->s3.handshake_dgst, hdata, hdatalen)) {
403	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
404	ERR_R_INTERNAL_ERROR);
405	return `0`;
406	}
407	}
408	if (keep == `0`) {
409	BIO_free(s->s3.handshake_buffer);
410	s->s3.handshake_buffer = NULL;
411	}
412
413	return `1`;
414	}
415
416	void ssl3_digest_master_key_set_params(const SSL_SESSION *session,
417	OSSL_PARAM params[])
418	{
419	int n = `0`;
420	params[n++] = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
421	(void *)session->master_key,
422	session->master_key_length);
423	params[n++] = OSSL_PARAM_construct_end();
424	}
425
426	size_t ssl3_final_finish_mac(SSL s, const* char *sender, size_t len,
427	unsigned char *p)
428	{
429	int ret;
430	EVP_MD_CTX *ctx = NULL;
431
432	if (!ssl3_digest_cached_records(s, `0`)) {
433	/ SSLfatal() already called /
434	return `0`;
435	}
436
437	if (EVP_MD_CTX_type(s->s3.handshake_dgst) != NID_md5_sha1) {
438	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
439	SSL_R_NO_REQUIRED_DIGEST);
440	return `0`;
441	}
442
443	ctx = EVP_MD_CTX_new();
444	if (ctx == NULL) {
445	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
446	ERR_R_MALLOC_FAILURE);
447	return `0`;
448	}
449	if (!EVP_MD_CTX_copy_ex(ctx, s->s3.handshake_dgst)) {
450	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
451	ERR_R_INTERNAL_ERROR);
452	ret = `0`;
453	goto err;
454	}
455
456	ret = EVP_MD_CTX_size(ctx);
457	if (ret < `0`) {
458	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
459	ERR_R_INTERNAL_ERROR);
460	ret = `0`;
461	goto err;
462	}
463
464	if (sender != NULL) {
465	OSSL_PARAM digest_cmd_params[`3`];
466
467	ssl3_digest_master_key_set_params(s->session, digest_cmd_params);
468
469	if (EVP_DigestUpdate(ctx, sender, len) <= `0`
470	\|\| EVP_MD_CTX_set_params(ctx, digest_cmd_params) <= `0`
471	\|\| EVP_DigestFinal_ex(ctx, p, NULL) <= `0`) {
472	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
473	ERR_R_INTERNAL_ERROR);
474	ret = `0`;
475	}
476	}
477
478	err:
479	EVP_MD_CTX_free(ctx);
480
481	return ret;
482	}
483
484	int ssl3_generate_master_secret(SSL s, unsigned* char out, unsigned* char *p,
485	size_t len, size_t *secret_size)
486	{
487	static const unsigned char *salt[`3`] = {
488	#ifndef CHARSET_EBCDIC
489	(const unsigned char *)"A",
490	(const unsigned char *)"BB",
491	(const unsigned char *)"CCC",
492	#else
493	(const unsigned char *)"\x41",
494	(const unsigned char *)"\x42\x42",
495	(const unsigned char *)"\x43\x43\x43",
496	#endif
497	};
498	unsigned char buf[EVP_MAX_MD_SIZE];
499	EVP_MD_CTX *ctx = EVP_MD_CTX_new();
500	int i, ret = `1`;
501	unsigned int n;
502	size_t ret_secret_size = `0`;
503
504	if (ctx == NULL) {
505	SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_MASTER_SECRET,
506	ERR_R_MALLOC_FAILURE);
507	return `0`;
508	}
509	for (i = `0`; i < `3`; i++) {
510	if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= `0`
511	\|\| EVP_DigestUpdate(ctx, salt[i],
512	strlen((const char *)salt[i])) <= `0`
513	\|\| EVP_DigestUpdate(ctx, p, len) <= `0`
514	\|\| EVP_DigestUpdate(ctx, &(s->s3.client_random[`0`]),
515	SSL3_RANDOM_SIZE) <= `0`
516	\|\| EVP_DigestUpdate(ctx, &(s->s3.server_random[`0`]),
517	SSL3_RANDOM_SIZE) <= `0`
518	/ TODO(size_t) : convert me /
519	\|\| EVP_DigestFinal_ex(ctx, buf, &n) <= `0`
520	\|\| EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= `0`
521	\|\| EVP_DigestUpdate(ctx, p, len) <= `0`
522	\|\| EVP_DigestUpdate(ctx, buf, n) <= `0`
523	\|\| EVP_DigestFinal_ex(ctx, out, &n) <= `0`) {
524	SSLfatal(s, SSL_AD_INTERNAL_ERROR,
525	SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
526	ret = `0`;
527	break;
528	}
529	out += n;
530	ret_secret_size += n;
531	}
532	EVP_MD_CTX_free(ctx);
533
534	OPENSSL_cleanse(buf, sizeof(buf));
535	if (ret)
536	*secret_size = ret_secret_size;
537	return ret;
538	}
539
540	int ssl3_alert_code(int code)
541	{
542	switch (code) {
543	case SSL_AD_CLOSE_NOTIFY:
544	return SSL3_AD_CLOSE_NOTIFY;
545	case SSL_AD_UNEXPECTED_MESSAGE:
546	return SSL3_AD_UNEXPECTED_MESSAGE;
547	case SSL_AD_BAD_RECORD_MAC:
548	return SSL3_AD_BAD_RECORD_MAC;
549	case SSL_AD_DECRYPTION_FAILED:
550	return SSL3_AD_BAD_RECORD_MAC;
551	case SSL_AD_RECORD_OVERFLOW:
552	return SSL3_AD_BAD_RECORD_MAC;
553	case SSL_AD_DECOMPRESSION_FAILURE:
554	return SSL3_AD_DECOMPRESSION_FAILURE;
555	case SSL_AD_HANDSHAKE_FAILURE:
556	return SSL3_AD_HANDSHAKE_FAILURE;
557	case SSL_AD_NO_CERTIFICATE:
558	return SSL3_AD_NO_CERTIFICATE;
559	case SSL_AD_BAD_CERTIFICATE:
560	return SSL3_AD_BAD_CERTIFICATE;
561	case SSL_AD_UNSUPPORTED_CERTIFICATE:
562	return SSL3_AD_UNSUPPORTED_CERTIFICATE;
563	case SSL_AD_CERTIFICATE_REVOKED:
564	return SSL3_AD_CERTIFICATE_REVOKED;
565	case SSL_AD_CERTIFICATE_EXPIRED:
566	return SSL3_AD_CERTIFICATE_EXPIRED;
567	case SSL_AD_CERTIFICATE_UNKNOWN:
568	return SSL3_AD_CERTIFICATE_UNKNOWN;
569	case SSL_AD_ILLEGAL_PARAMETER:
570	return SSL3_AD_ILLEGAL_PARAMETER;
571	case SSL_AD_UNKNOWN_CA:
572	return SSL3_AD_BAD_CERTIFICATE;
573	case SSL_AD_ACCESS_DENIED:
574	return SSL3_AD_HANDSHAKE_FAILURE;
575	case SSL_AD_DECODE_ERROR:
576	return SSL3_AD_HANDSHAKE_FAILURE;
577	case SSL_AD_DECRYPT_ERROR:
578	return SSL3_AD_HANDSHAKE_FAILURE;
579	case SSL_AD_EXPORT_RESTRICTION:
580	return SSL3_AD_HANDSHAKE_FAILURE;
581	case SSL_AD_PROTOCOL_VERSION:
582	return SSL3_AD_HANDSHAKE_FAILURE;
583	case SSL_AD_INSUFFICIENT_SECURITY:
584	return SSL3_AD_HANDSHAKE_FAILURE;
585	case SSL_AD_INTERNAL_ERROR:
586	return SSL3_AD_HANDSHAKE_FAILURE;
587	case SSL_AD_USER_CANCELLED:
588	return SSL3_AD_HANDSHAKE_FAILURE;
589	case SSL_AD_NO_RENEGOTIATION:
590	return -`1`; / Don't send it :-) /
591	case SSL_AD_UNSUPPORTED_EXTENSION:
592	return SSL3_AD_HANDSHAKE_FAILURE;
593	case SSL_AD_CERTIFICATE_UNOBTAINABLE:
594	return SSL3_AD_HANDSHAKE_FAILURE;
595	case SSL_AD_UNRECOGNIZED_NAME:
596	return SSL3_AD_HANDSHAKE_FAILURE;
597	case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
598	return SSL3_AD_HANDSHAKE_FAILURE;
599	case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
600	return SSL3_AD_HANDSHAKE_FAILURE;
601	case SSL_AD_UNKNOWN_PSK_IDENTITY:
602	return TLS1_AD_UNKNOWN_PSK_IDENTITY;
603	case SSL_AD_INAPPROPRIATE_FALLBACK:
604	return TLS1_AD_INAPPROPRIATE_FALLBACK;
605	case SSL_AD_NO_APPLICATION_PROTOCOL:
606	return TLS1_AD_NO_APPLICATION_PROTOCOL;
607	case SSL_AD_CERTIFICATE_REQUIRED:
608	return SSL_AD_HANDSHAKE_FAILURE;
609	default:
610	return -`1`;
611	}
612	}
613

Browse the source code of ClickHouse/contrib/openssl/ssl/s3_enc.c