Home | History | Annotate | Download | only in ssl
      1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      2  * All rights reserved.
      3  *
      4  * This package is an SSL implementation written
      5  * by Eric Young (eay (at) cryptsoft.com).
      6  * The implementation was written so as to conform with Netscapes SSL.
      7  *
      8  * This library is free for commercial and non-commercial use as long as
      9  * the following conditions are aheared to.  The following conditions
     10  * apply to all code found in this distribution, be it the RC4, RSA,
     11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     12  * included with this distribution is covered by the same copyright terms
     13  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     14  *
     15  * Copyright remains Eric Young's, and as such any Copyright notices in
     16  * the code are not to be removed.
     17  * If this package is used in a product, Eric Young should be given attribution
     18  * as the author of the parts of the library used.
     19  * This can be in the form of a textual message at program startup or
     20  * in documentation (online or textual) provided with the package.
     21  *
     22  * Redistribution and use in source and binary forms, with or without
     23  * modification, are permitted provided that the following conditions
     24  * are met:
     25  * 1. Redistributions of source code must retain the copyright
     26  *    notice, this list of conditions and the following disclaimer.
     27  * 2. Redistributions in binary form must reproduce the above copyright
     28  *    notice, this list of conditions and the following disclaimer in the
     29  *    documentation and/or other materials provided with the distribution.
     30  * 3. All advertising materials mentioning features or use of this software
     31  *    must display the following acknowledgement:
     32  *    "This product includes cryptographic software written by
     33  *     Eric Young (eay (at) cryptsoft.com)"
     34  *    The word 'cryptographic' can be left out if the rouines from the library
     35  *    being used are not cryptographic related :-).
     36  * 4. If you include any Windows specific code (or a derivative thereof) from
     37  *    the apps directory (application code) you must include an acknowledgement:
     38  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     39  *
     40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     50  * SUCH DAMAGE.
     51  *
     52  * The licence and distribution terms for any publically available version or
     53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     54  * copied and put under another distribution licence
     55  * [including the GNU Public Licence.]
     56  */
     57 /* ====================================================================
     58  * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
     59  *
     60  * Redistribution and use in source and binary forms, with or without
     61  * modification, are permitted provided that the following conditions
     62  * are met:
     63  *
     64  * 1. Redistributions of source code must retain the above copyright
     65  *    notice, this list of conditions and the following disclaimer.
     66  *
     67  * 2. Redistributions in binary form must reproduce the above copyright
     68  *    notice, this list of conditions and the following disclaimer in
     69  *    the documentation and/or other materials provided with the
     70  *    distribution.
     71  *
     72  * 3. All advertising materials mentioning features or use of this
     73  *    software must display the following acknowledgment:
     74  *    "This product includes software developed by the OpenSSL Project
     75  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
     76  *
     77  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     78  *    endorse or promote products derived from this software without
     79  *    prior written permission. For written permission, please contact
     80  *    openssl-core (at) openssl.org.
     81  *
     82  * 5. Products derived from this software may not be called "OpenSSL"
     83  *    nor may "OpenSSL" appear in their names without prior written
     84  *    permission of the OpenSSL Project.
     85  *
     86  * 6. Redistributions of any form whatsoever must retain the following
     87  *    acknowledgment:
     88  *    "This product includes software developed by the OpenSSL Project
     89  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
     90  *
     91  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     92  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     93  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     94  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     95  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     96  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     97  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     98  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     99  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
    100  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    101  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
    102  * OF THE POSSIBILITY OF SUCH DAMAGE.
    103  * ====================================================================
    104  *
    105  * This product includes cryptographic software written by Eric Young
    106  * (eay (at) cryptsoft.com).  This product includes software written by Tim
    107  * Hudson (tjh (at) cryptsoft.com).
    108  *
    109  */
    110 /* ====================================================================
    111  * Copyright 2005 Nokia. All rights reserved.
    112  *
    113  * The portions of the attached software ("Contribution") is developed by
    114  * Nokia Corporation and is licensed pursuant to the OpenSSL open source
    115  * license.
    116  *
    117  * The Contribution, originally written by Mika Kousa and Pasi Eronen of
    118  * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
    119  * support (see RFC 4279) to OpenSSL.
    120  *
    121  * No patent licenses or other rights except those expressly stated in
    122  * the OpenSSL open source license shall be deemed granted or received
    123  * expressly, by implication, estoppel, or otherwise.
    124  *
    125  * No assurances are provided by Nokia that the Contribution does not
    126  * infringe the patent or other intellectual property rights of any third
    127  * party or that the license provides you with all the necessary rights
    128  * to make use of the Contribution.
    129  *
    130  * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
    131  * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
    132  * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
    133  * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
    134  * OTHERWISE. */
    135 
    136 #include <openssl/ssl.h>
    137 
    138 #include <assert.h>
    139 #include <stdio.h>
    140 #include <string.h>
    141 
    142 #include <openssl/err.h>
    143 #include <openssl/evp.h>
    144 #include <openssl/mem.h>
    145 #include <openssl/md5.h>
    146 #include <openssl/obj.h>
    147 
    148 #include "internal.h"
    149 
    150 
    151 static const uint8_t ssl3_pad_1[48] = {
    152     0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
    153     0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
    154     0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
    155     0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
    156 };
    157 
    158 static const uint8_t ssl3_pad_2[48] = {
    159     0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
    160     0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
    161     0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
    162     0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
    163 };
    164 
    165 static int ssl3_handshake_mac(SSL *ssl, int md_nid, const char *sender, int len,
    166                               uint8_t *p);
    167 
    168 int ssl3_prf(SSL *ssl, uint8_t *out, size_t out_len, const uint8_t *secret,
    169              size_t secret_len, const char *label, size_t label_len,
    170              const uint8_t *seed1, size_t seed1_len,
    171              const uint8_t *seed2, size_t seed2_len) {
    172   EVP_MD_CTX md5;
    173   EVP_MD_CTX sha1;
    174   uint8_t buf[16], smd[SHA_DIGEST_LENGTH];
    175   uint8_t c = 'A';
    176   size_t i, j, k;
    177 
    178   k = 0;
    179   EVP_MD_CTX_init(&md5);
    180   EVP_MD_CTX_init(&sha1);
    181   for (i = 0; i < out_len; i += MD5_DIGEST_LENGTH) {
    182     k++;
    183     if (k > sizeof(buf)) {
    184       /* bug: 'buf' is too small for this ciphersuite */
    185       OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
    186       return 0;
    187     }
    188 
    189     for (j = 0; j < k; j++) {
    190       buf[j] = c;
    191     }
    192     c++;
    193     if (!EVP_DigestInit_ex(&sha1, EVP_sha1(), NULL)) {
    194       OPENSSL_PUT_ERROR(SSL, ERR_LIB_EVP);
    195       return 0;
    196     }
    197     EVP_DigestUpdate(&sha1, buf, k);
    198     EVP_DigestUpdate(&sha1, secret, secret_len);
    199     /* |label| is ignored for SSLv3. */
    200     if (seed1_len) {
    201       EVP_DigestUpdate(&sha1, seed1, seed1_len);
    202     }
    203     if (seed2_len) {
    204       EVP_DigestUpdate(&sha1, seed2, seed2_len);
    205     }
    206     EVP_DigestFinal_ex(&sha1, smd, NULL);
    207 
    208     if (!EVP_DigestInit_ex(&md5, EVP_md5(), NULL)) {
    209       OPENSSL_PUT_ERROR(SSL, ERR_LIB_EVP);
    210       return 0;
    211     }
    212     EVP_DigestUpdate(&md5, secret, secret_len);
    213     EVP_DigestUpdate(&md5, smd, SHA_DIGEST_LENGTH);
    214     if (i + MD5_DIGEST_LENGTH > out_len) {
    215       EVP_DigestFinal_ex(&md5, smd, NULL);
    216       memcpy(out, smd, out_len - i);
    217     } else {
    218       EVP_DigestFinal_ex(&md5, out, NULL);
    219     }
    220 
    221     out += MD5_DIGEST_LENGTH;
    222   }
    223 
    224   OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH);
    225   EVP_MD_CTX_cleanup(&md5);
    226   EVP_MD_CTX_cleanup(&sha1);
    227 
    228   return 1;
    229 }
    230 
    231 void ssl3_cleanup_key_block(SSL *ssl) {
    232   if (ssl->s3->tmp.key_block != NULL) {
    233     OPENSSL_cleanse(ssl->s3->tmp.key_block, ssl->s3->tmp.key_block_length);
    234     OPENSSL_free(ssl->s3->tmp.key_block);
    235     ssl->s3->tmp.key_block = NULL;
    236   }
    237   ssl->s3->tmp.key_block_length = 0;
    238 }
    239 
    240 int ssl3_init_handshake_buffer(SSL *ssl) {
    241   ssl3_free_handshake_buffer(ssl);
    242   ssl3_free_handshake_hash(ssl);
    243   ssl->s3->handshake_buffer = BUF_MEM_new();
    244   return ssl->s3->handshake_buffer != NULL;
    245 }
    246 
    247 /* init_digest_with_data calls |EVP_DigestInit_ex| on |ctx| with |md| and then
    248  * writes the data in |buf| to it. */
    249 static int init_digest_with_data(EVP_MD_CTX *ctx, const EVP_MD *md,
    250                                  const BUF_MEM *buf) {
    251   if (!EVP_DigestInit_ex(ctx, md, NULL)) {
    252     return 0;
    253   }
    254   EVP_DigestUpdate(ctx, buf->data, buf->length);
    255   return 1;
    256 }
    257 
    258 int ssl3_init_handshake_hash(SSL *ssl) {
    259   ssl3_free_handshake_hash(ssl);
    260 
    261   uint32_t algorithm_prf = ssl_get_algorithm_prf(ssl);
    262   if (!init_digest_with_data(&ssl->s3->handshake_hash,
    263                              ssl_get_handshake_digest(algorithm_prf),
    264                              ssl->s3->handshake_buffer)) {
    265     return 0;
    266   }
    267 
    268   if (algorithm_prf == SSL_HANDSHAKE_MAC_DEFAULT &&
    269       !init_digest_with_data(&ssl->s3->handshake_md5, EVP_md5(),
    270                              ssl->s3->handshake_buffer)) {
    271     return 0;
    272   }
    273 
    274   return 1;
    275 }
    276 
    277 void ssl3_free_handshake_hash(SSL *ssl) {
    278   EVP_MD_CTX_cleanup(&ssl->s3->handshake_hash);
    279   EVP_MD_CTX_cleanup(&ssl->s3->handshake_md5);
    280 }
    281 
    282 void ssl3_free_handshake_buffer(SSL *ssl) {
    283   BUF_MEM_free(ssl->s3->handshake_buffer);
    284   ssl->s3->handshake_buffer = NULL;
    285 }
    286 
    287 int ssl3_update_handshake_hash(SSL *ssl, const uint8_t *in, size_t in_len) {
    288   /* Depending on the state of the handshake, either the handshake buffer may be
    289    * active, the rolling hash, or both. */
    290 
    291   if (ssl->s3->handshake_buffer != NULL) {
    292     size_t new_len = ssl->s3->handshake_buffer->length + in_len;
    293     if (new_len < in_len) {
    294       OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
    295       return 0;
    296     }
    297     if (!BUF_MEM_grow(ssl->s3->handshake_buffer, new_len)) {
    298       return 0;
    299     }
    300     memcpy(ssl->s3->handshake_buffer->data + new_len - in_len, in, in_len);
    301   }
    302 
    303   if (EVP_MD_CTX_md(&ssl->s3->handshake_hash) != NULL) {
    304     EVP_DigestUpdate(&ssl->s3->handshake_hash, in, in_len);
    305   }
    306   if (EVP_MD_CTX_md(&ssl->s3->handshake_md5) != NULL) {
    307     EVP_DigestUpdate(&ssl->s3->handshake_md5, in, in_len);
    308   }
    309   return 1;
    310 }
    311 
    312 int ssl3_cert_verify_mac(SSL *ssl, int md_nid, uint8_t *p) {
    313   return ssl3_handshake_mac(ssl, md_nid, NULL, 0, p);
    314 }
    315 
    316 int ssl3_final_finish_mac(SSL *ssl, const char *sender, int len, uint8_t *p) {
    317   int ret, sha1len;
    318   ret = ssl3_handshake_mac(ssl, NID_md5, sender, len, p);
    319   if (ret == 0) {
    320     return 0;
    321   }
    322 
    323   p += ret;
    324 
    325   sha1len = ssl3_handshake_mac(ssl, NID_sha1, sender, len, p);
    326   if (sha1len == 0) {
    327     return 0;
    328   }
    329 
    330   ret += sha1len;
    331   return ret;
    332 }
    333 
    334 static int ssl3_handshake_mac(SSL *ssl, int md_nid, const char *sender, int len,
    335                               uint8_t *p) {
    336   unsigned int ret;
    337   size_t npad, n;
    338   unsigned int i;
    339   uint8_t md_buf[EVP_MAX_MD_SIZE];
    340   EVP_MD_CTX ctx;
    341   const EVP_MD_CTX *ctx_template;
    342 
    343   if (md_nid == NID_md5) {
    344     ctx_template = &ssl->s3->handshake_md5;
    345   } else if (md_nid == EVP_MD_CTX_type(&ssl->s3->handshake_hash)) {
    346     ctx_template = &ssl->s3->handshake_hash;
    347   } else {
    348     OPENSSL_PUT_ERROR(SSL, SSL_R_NO_REQUIRED_DIGEST);
    349     return 0;
    350   }
    351 
    352   EVP_MD_CTX_init(&ctx);
    353   if (!EVP_MD_CTX_copy_ex(&ctx, ctx_template)) {
    354     EVP_MD_CTX_cleanup(&ctx);
    355     OPENSSL_PUT_ERROR(SSL, ERR_LIB_EVP);
    356     return 0;
    357   }
    358 
    359   n = EVP_MD_CTX_size(&ctx);
    360 
    361   npad = (48 / n) * n;
    362   if (sender != NULL) {
    363     EVP_DigestUpdate(&ctx, sender, len);
    364   }
    365   EVP_DigestUpdate(&ctx, ssl->session->master_key,
    366                    ssl->session->master_key_length);
    367   EVP_DigestUpdate(&ctx, ssl3_pad_1, npad);
    368   EVP_DigestFinal_ex(&ctx, md_buf, &i);
    369 
    370   if (!EVP_DigestInit_ex(&ctx, EVP_MD_CTX_md(&ctx), NULL)) {
    371     EVP_MD_CTX_cleanup(&ctx);
    372     OPENSSL_PUT_ERROR(SSL, ERR_LIB_EVP);
    373     return 0;
    374   }
    375   EVP_DigestUpdate(&ctx, ssl->session->master_key,
    376                    ssl->session->master_key_length);
    377   EVP_DigestUpdate(&ctx, ssl3_pad_2, npad);
    378   EVP_DigestUpdate(&ctx, md_buf, i);
    379   EVP_DigestFinal_ex(&ctx, p, &ret);
    380 
    381   EVP_MD_CTX_cleanup(&ctx);
    382 
    383   return ret;
    384 }
    385 
    386 int ssl3_record_sequence_update(uint8_t *seq, size_t seq_len) {
    387   size_t i;
    388   for (i = seq_len - 1; i < seq_len; i--) {
    389     ++seq[i];
    390     if (seq[i] != 0) {
    391       return 1;
    392     }
    393   }
    394   OPENSSL_PUT_ERROR(SSL, ERR_R_OVERFLOW);
    395   return 0;
    396 }
    397 
    398 int ssl3_alert_code(int code) {
    399   switch (code) {
    400     case SSL_AD_CLOSE_NOTIFY:
    401       return SSL3_AD_CLOSE_NOTIFY;
    402 
    403     case SSL_AD_UNEXPECTED_MESSAGE:
    404       return SSL3_AD_UNEXPECTED_MESSAGE;
    405 
    406     case SSL_AD_BAD_RECORD_MAC:
    407       return SSL3_AD_BAD_RECORD_MAC;
    408 
    409     case SSL_AD_DECRYPTION_FAILED:
    410       return SSL3_AD_BAD_RECORD_MAC;
    411 
    412     case SSL_AD_RECORD_OVERFLOW:
    413       return SSL3_AD_BAD_RECORD_MAC;
    414 
    415     case SSL_AD_DECOMPRESSION_FAILURE:
    416       return SSL3_AD_DECOMPRESSION_FAILURE;
    417 
    418     case SSL_AD_HANDSHAKE_FAILURE:
    419       return SSL3_AD_HANDSHAKE_FAILURE;
    420 
    421     case SSL_AD_NO_CERTIFICATE:
    422       return SSL3_AD_NO_CERTIFICATE;
    423 
    424     case SSL_AD_BAD_CERTIFICATE:
    425       return SSL3_AD_BAD_CERTIFICATE;
    426 
    427     case SSL_AD_UNSUPPORTED_CERTIFICATE:
    428       return SSL3_AD_UNSUPPORTED_CERTIFICATE;
    429 
    430     case SSL_AD_CERTIFICATE_REVOKED:
    431       return SSL3_AD_CERTIFICATE_REVOKED;
    432 
    433     case SSL_AD_CERTIFICATE_EXPIRED:
    434       return SSL3_AD_CERTIFICATE_EXPIRED;
    435 
    436     case SSL_AD_CERTIFICATE_UNKNOWN:
    437       return SSL3_AD_CERTIFICATE_UNKNOWN;
    438 
    439     case SSL_AD_ILLEGAL_PARAMETER:
    440       return SSL3_AD_ILLEGAL_PARAMETER;
    441 
    442     case SSL_AD_UNKNOWN_CA:
    443       return SSL3_AD_BAD_CERTIFICATE;
    444 
    445     case SSL_AD_ACCESS_DENIED:
    446       return SSL3_AD_HANDSHAKE_FAILURE;
    447 
    448     case SSL_AD_DECODE_ERROR:
    449       return SSL3_AD_HANDSHAKE_FAILURE;
    450 
    451     case SSL_AD_DECRYPT_ERROR:
    452       return SSL3_AD_HANDSHAKE_FAILURE;
    453 
    454     case SSL_AD_EXPORT_RESTRICTION:
    455       return SSL3_AD_HANDSHAKE_FAILURE;
    456 
    457     case SSL_AD_PROTOCOL_VERSION:
    458       return SSL3_AD_HANDSHAKE_FAILURE;
    459 
    460     case SSL_AD_INSUFFICIENT_SECURITY:
    461       return SSL3_AD_HANDSHAKE_FAILURE;
    462 
    463     case SSL_AD_INTERNAL_ERROR:
    464       return SSL3_AD_HANDSHAKE_FAILURE;
    465 
    466     case SSL_AD_USER_CANCELLED:
    467       return SSL3_AD_HANDSHAKE_FAILURE;
    468 
    469     case SSL_AD_NO_RENEGOTIATION:
    470       return -1; /* Don't send it. */
    471 
    472     case SSL_AD_UNSUPPORTED_EXTENSION:
    473       return SSL3_AD_HANDSHAKE_FAILURE;
    474 
    475     case SSL_AD_CERTIFICATE_UNOBTAINABLE:
    476       return SSL3_AD_HANDSHAKE_FAILURE;
    477 
    478     case SSL_AD_UNRECOGNIZED_NAME:
    479       return SSL3_AD_HANDSHAKE_FAILURE;
    480 
    481     case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
    482       return SSL3_AD_HANDSHAKE_FAILURE;
    483 
    484     case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
    485       return SSL3_AD_HANDSHAKE_FAILURE;
    486 
    487     case SSL_AD_UNKNOWN_PSK_IDENTITY:
    488       return TLS1_AD_UNKNOWN_PSK_IDENTITY;
    489 
    490     case SSL_AD_INAPPROPRIATE_FALLBACK:
    491       return SSL3_AD_INAPPROPRIATE_FALLBACK;
    492 
    493     default:
    494       return -1;
    495   }
    496 }
    497