1: /* ssl/s3_both.c */
    2: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
    3:  * All rights reserved.
    4:  *
    5:  * This package is an SSL implementation written
    6:  * by Eric Young (eay@cryptsoft.com).
    7:  * The implementation was written so as to conform with Netscapes SSL.
    8:  * 
    9:  * This library is free for commercial and non-commercial use as long as
   10:  * the following conditions are aheared to.  The following conditions
   11:  * apply to all code found in this distribution, be it the RC4, RSA,
   12:  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
   13:  * included with this distribution is covered by the same copyright terms
   14:  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
   15:  * 
   16:  * Copyright remains Eric Young's, and as such any Copyright notices in
   17:  * the code are not to be removed.
   18:  * If this package is used in a product, Eric Young should be given attribution
   19:  * as the author of the parts of the library used.
   20:  * This can be in the form of a textual message at program startup or
   21:  * in documentation (online or textual) provided with the package.
   22:  * 
   23:  * Redistribution and use in source and binary forms, with or without
   24:  * modification, are permitted provided that the following conditions
   25:  * are met:
   26:  * 1. Redistributions of source code must retain the copyright
   27:  *    notice, this list of conditions and the following disclaimer.
   28:  * 2. Redistributions in binary form must reproduce the above copyright
   29:  *    notice, this list of conditions and the following disclaimer in the
   30:  *    documentation and/or other materials provided with the distribution.
   31:  * 3. All advertising materials mentioning features or use of this software
   32:  *    must display the following acknowledgement:
   33:  *    "This product includes cryptographic software written by
   34:  *     Eric Young (eay@cryptsoft.com)"
   35:  *    The word 'cryptographic' can be left out if the rouines from the library
   36:  *    being used are not cryptographic related :-).
   37:  * 4. If you include any Windows specific code (or a derivative thereof) from 
   38:  *    the apps directory (application code) you must include an acknowledgement:
   39:  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
   40:  * 
   41:  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
   42:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   43:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
   44:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
   45:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
   46:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
   47:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
   48:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
   49:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
   50:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   51:  * SUCH DAMAGE.
   52:  * 
   53:  * The licence and distribution terms for any publically available version or
   54:  * derivative of this code cannot be changed.  i.e. this code cannot simply be
   55:  * copied and put under another distribution licence
   56:  * [including the GNU Public Licence.]
   57:  */
   58: /* ====================================================================
   59:  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
   60:  *
   61:  * Redistribution and use in source and binary forms, with or without
   62:  * modification, are permitted provided that the following conditions
   63:  * are met:
   64:  *
   65:  * 1. Redistributions of source code must retain the above copyright
   66:  *    notice, this list of conditions and the following disclaimer. 
   67:  *
   68:  * 2. Redistributions in binary form must reproduce the above copyright
   69:  *    notice, this list of conditions and the following disclaimer in
   70:  *    the documentation and/or other materials provided with the
   71:  *    distribution.
   72:  *
   73:  * 3. All advertising materials mentioning features or use of this
   74:  *    software must display the following acknowledgment:
   75:  *    "This product includes software developed by the OpenSSL Project
   76:  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
   77:  *
   78:  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
   79:  *    endorse or promote products derived from this software without
   80:  *    prior written permission. For written permission, please contact
   81:  *    openssl-core@openssl.org.
   82:  *
   83:  * 5. Products derived from this software may not be called "OpenSSL"
   84:  *    nor may "OpenSSL" appear in their names without prior written
   85:  *    permission of the OpenSSL Project.
   86:  *
   87:  * 6. Redistributions of any form whatsoever must retain the following
   88:  *    acknowledgment:
   89:  *    "This product includes software developed by the OpenSSL Project
   90:  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
   91:  *
   92:  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
   93:  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
   94:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
   95:  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
   96:  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   97:  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   98:  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
   99:  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  100:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  101:  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  102:  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  103:  * OF THE POSSIBILITY OF SUCH DAMAGE.
  104:  * ====================================================================
  105:  *
  106:  * This product includes cryptographic software written by Eric Young
  107:  * (eay@cryptsoft.com).  This product includes software written by Tim
  108:  * Hudson (tjh@cryptsoft.com).
  109:  *
  110:  */
  111: /* ====================================================================
  112:  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  113:  * ECC cipher suite support in OpenSSL originally developed by 
  114:  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  115:  */
  116: 
  117: #include <limits.h>
  118: #include <string.h>
  119: #include <stdio.h>
  120: #include "ssl_locl.h"
  121: #include <openssl/buffer.h>
  122: #include <openssl/rand.h>
  123: #include <openssl/objects.h>
  124: #include <openssl/evp.h>
  125: #include <openssl/x509.h>
  126: 
  127: /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
  128: int ssl3_do_write(SSL *s, int type)
  129:         {
  130:         int ret;
  131: 
  132:         ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off],
  133:                              s->init_num);
  134:         if (ret < 0) return(-1);
  135:         if (type == SSL3_RT_HANDSHAKE)
  136:                 /* should not be done for 'Hello Request's, but in that case
  137:                  * we'll ignore the result anyway */
  138:                 ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret);
  139:         
  140:         if (ret == s->init_num)
  141:                 {
  142:                 if (s->msg_callback)
  143:                         s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg);
  144:                 return(1);
  145:                 }
  146:         s->init_off+=ret;
  147:         s->init_num-=ret;
  148:         return(0);
  149:         }
  150: 
  151: int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen)
  152:         {
  153:         unsigned char *p,*d;
  154:         int i;
  155:         unsigned long l;
  156: 
  157:         if (s->state == a)
  158:                 {
  159:                 d=(unsigned char *)s->init_buf->data;
  160:                 p= &(d[4]);
  161: 
  162:                 i=s->method->ssl3_enc->final_finish_mac(s,
  163:                         &(s->s3->finish_dgst1),
  164:                         &(s->s3->finish_dgst2),
  165:                         sender,slen,s->s3->tmp.finish_md);
  166:                 s->s3->tmp.finish_md_len = i;
  167:                 memcpy(p, s->s3->tmp.finish_md, i);
  168:                 p+=i;
  169:                 l=i;
  170: 
  171: #ifdef OPENSSL_SYS_WIN16
  172:                 /* MSVC 1.5 does not clear the top bytes of the word unless
  173:                  * I do this.
  174:                  */
  175:                 l&=0xffff;
  176: #endif
  177: 
  178:                 *(d++)=SSL3_MT_FINISHED;
  179:                 l2n3(l,d);
  180:                 s->init_num=(int)l+4;
  181:                 s->init_off=0;
  182: 
  183:                 s->state=b;
  184:                 }
  185: 
  186:         /* SSL3_ST_SEND_xxxxxx_HELLO_B */
  187:         return(ssl3_do_write(s,SSL3_RT_HANDSHAKE));
  188:         }
  189: 
  190: int ssl3_get_finished(SSL *s, int a, int b)
  191:         {
  192:         int al,i,ok;
  193:         long n;
  194:         unsigned char *p;
  195: 
  196:         /* the mac has already been generated when we received the
  197:          * change cipher spec message and is in s->s3->tmp.peer_finish_md
  198:          */ 
  199: 
  200:         n=s->method->ssl_get_message(s,
  201:                 a,
  202:                 b,
  203:                 SSL3_MT_FINISHED,
  204:                 64, /* should actually be 36+4 :-) */
  205:                 &ok);
  206: 
  207:         if (!ok) return((int)n);
  208: 
  209:         /* If this occurs, we have missed a message */
  210:         if (!s->s3->change_cipher_spec)
  211:                 {
  212:                 al=SSL_AD_UNEXPECTED_MESSAGE;
  213:                 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_GOT_A_FIN_BEFORE_A_CCS);
  214:                 goto f_err;
  215:                 }
  216:         s->s3->change_cipher_spec=0;
  217: 
  218:         p = (unsigned char *)s->init_msg;
  219:         i = s->s3->tmp.peer_finish_md_len;
  220: 
  221:         if (i != n)
  222:                 {
  223:                 al=SSL_AD_DECODE_ERROR;
  224:                 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_BAD_DIGEST_LENGTH);
  225:                 goto f_err;
  226:                 }
  227: 
  228:         if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0)
  229:                 {
  230:                 al=SSL_AD_DECRYPT_ERROR;
  231:                 SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED);
  232:                 goto f_err;
  233:                 }
  234: 
  235:         return(1);
  236: f_err:
  237:         ssl3_send_alert(s,SSL3_AL_FATAL,al);
  238:         return(0);
  239:         }
  240: 
  241: /* for these 2 messages, we need to
  242:  * ssl->enc_read_ctx                    re-init
  243:  * ssl->s3->read_sequence               zero
  244:  * ssl->s3->read_mac_secret             re-init
  245:  * ssl->session->read_sym_enc           assign
  246:  * ssl->session->read_compression       assign
  247:  * ssl->session->read_hash              assign
  248:  */
  249: int ssl3_send_change_cipher_spec(SSL *s, int a, int b)
  250:         { 
  251:         unsigned char *p;
  252: 
  253:         if (s->state == a)
  254:                 {
  255:                 p=(unsigned char *)s->init_buf->data;
  256:                 *p=SSL3_MT_CCS;
  257:                 s->init_num=1;
  258:                 s->init_off=0;
  259: 
  260:                 s->state=b;
  261:                 }
  262: 
  263:         /* SSL3_ST_CW_CHANGE_B */
  264:         return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC));
  265:         }
  266: 
  267: unsigned long ssl3_output_cert_chain(SSL *s, X509 *x)
  268:         {
  269:         unsigned char *p;
  270:         int n,i;
  271:         unsigned long l=7;
  272:         BUF_MEM *buf;
  273:         X509_STORE_CTX xs_ctx;
  274:         X509_OBJECT obj;
  275: 
  276:         int no_chain;
  277: 
  278:         if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
  279:                 no_chain = 1;
  280:         else
  281:                 no_chain = 0;
  282: 
  283:         /* TLSv1 sends a chain with nothing in it, instead of an alert */
  284:         buf=s->init_buf;
  285:         if (!BUF_MEM_grow_clean(buf,10))
  286:                 {
  287:                 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
  288:                 return(0);
  289:                 }
  290:         if (x != NULL)
  291:                 {
  292:                 if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
  293:                         {
  294:                         SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
  295:                         return(0);
  296:                         }
  297: 
  298:                 for (;;)
  299:                         {
  300:                         n=i2d_X509(x,NULL);
  301:                         if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
  302:                                 {
  303:                                 SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
  304:                                 return(0);
  305:                                 }
  306:                         p=(unsigned char *)&(buf->data[l]);
  307:                         l2n3(n,p);
  308:                         i2d_X509(x,&p);
  309:                         l+=n+3;
  310: 
  311:                         if (no_chain)
  312:                                 break;
  313: 
  314:                         if (X509_NAME_cmp(X509_get_subject_name(x),
  315:                                 X509_get_issuer_name(x)) == 0) break;
  316: 
  317:                         i=X509_STORE_get_by_subject(&xs_ctx,X509_LU_X509,
  318:                                 X509_get_issuer_name(x),&obj);
  319:                         if (i <= 0) break;
  320:                         x=obj.data.x509;
  321:                         /* Count is one too high since the X509_STORE_get uped the
  322:                          * ref count */
  323:                         X509_free(x);
  324:                         }
  325:                 if (!no_chain)
  326:                         X509_STORE_CTX_cleanup(&xs_ctx);
  327:                 }
  328: 
  329:         /* Thawte special :-) */
  330:         if (s->ctx->extra_certs != NULL)
  331:         for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++)
  332:                 {
  333:                 x=sk_X509_value(s->ctx->extra_certs,i);
  334:                 n=i2d_X509(x,NULL);
  335:                 if (!BUF_MEM_grow_clean(buf,(int)(n+l+3)))
  336:                         {
  337:                         SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB);
  338:                         return(0);
  339:                         }
  340:                 p=(unsigned char *)&(buf->data[l]);
  341:                 l2n3(n,p);
  342:                 i2d_X509(x,&p);
  343:                 l+=n+3;
  344:                 }
  345: 
  346:         l-=7;
  347:         p=(unsigned char *)&(buf->data[4]);
  348:         l2n3(l,p);
  349:         l+=3;
  350:         p=(unsigned char *)&(buf->data[0]);
  351:         *(p++)=SSL3_MT_CERTIFICATE;
  352:         l2n3(l,p);
  353:         l+=4;
  354:         return(l);
  355:         }
  356: 
  357: /* Obtain handshake message of message type 'mt' (any if mt == -1),
  358:  * maximum acceptable body length 'max'.
  359:  * The first four bytes (msg_type and length) are read in state 'st1',
  360:  * the body is read in state 'stn'.
  361:  */
  362: long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok)
  363:         {
  364:         unsigned char *p;
  365:         unsigned long l;
  366:         long n;
  367:         int i,al;
  368: 
  369:         if (s->s3->tmp.reuse_message)
  370:                 {
  371:                 s->s3->tmp.reuse_message=0;
  372:                 if ((mt >= 0) && (s->s3->tmp.message_type != mt))
  373:                         {
  374:                         al=SSL_AD_UNEXPECTED_MESSAGE;
  375:                         SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
  376:                         goto f_err;
  377:                         }
  378:                 *ok=1;
  379:                 s->init_msg = s->init_buf->data + 4;
  380:                 s->init_num = (int)s->s3->tmp.message_size;
  381:                 return s->init_num;
  382:                 }
  383: 
  384:         p=(unsigned char *)s->init_buf->data;
  385: 
  386:         if (s->state == st1) /* s->init_num < 4 */
  387:                 {
  388:                 int skip_message;
  389: 
  390:                 do
  391:                         {
  392:                         while (s->init_num < 4)
  393:                                 {
  394:                                 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
  395:                                         &p[s->init_num],4 - s->init_num, 0);
  396:                                 if (i <= 0)
  397:                                         {
  398:                                         s->rwstate=SSL_READING;
  399:                                         *ok = 0;
  400:                                         return i;
  401:                                         }
  402:                                 s->init_num+=i;
  403:                                 }
  404:                         
  405:                         skip_message = 0;
  406:                         if (!s->server)
  407:                                 if (p[0] == SSL3_MT_HELLO_REQUEST)
  408:                                         /* The server may always send 'Hello Request' messages --
  409:                                          * we are doing a handshake anyway now, so ignore them
  410:                                          * if their format is correct. Does not count for
  411:                                          * 'Finished' MAC. */
  412:                                         if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
  413:                                                 {
  414:                                                 s->init_num = 0;
  415:                                                 skip_message = 1;
  416: 
  417:                                                 if (s->msg_callback)
  418:                                                         s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg);
  419:                                                 }
  420:                         }
  421:                 while (skip_message);
  422: 
  423:                 /* s->init_num == 4 */
  424: 
  425:                 if ((mt >= 0) && (*p != mt))
  426:                         {
  427:                         al=SSL_AD_UNEXPECTED_MESSAGE;
  428:                         SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE);
  429:                         goto f_err;
  430:                         }
  431:                 if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) &&
  432:                                         (st1 == SSL3_ST_SR_CERT_A) &&
  433:                                         (stn == SSL3_ST_SR_CERT_B))
  434:                         {
  435:                         /* At this point we have got an MS SGC second client
  436:                          * hello (maybe we should always allow the client to
  437:                          * start a new handshake?). We need to restart the mac.
  438:                          * Don't increment {num,total}_renegotiations because
  439:                          * we have not completed the handshake. */
  440:                         ssl3_init_finished_mac(s);
  441:                         }
  442: 
  443:                 s->s3->tmp.message_type= *(p++);
  444: 
  445:                 n2l3(p,l);
  446:                 if (l > (unsigned long)max)
  447:                         {
  448:                         al=SSL_AD_ILLEGAL_PARAMETER;
  449:                         SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
  450:                         goto f_err;
  451:                         }
  452:                 if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */
  453:                         {
  454:                         al=SSL_AD_ILLEGAL_PARAMETER;
  455:                         SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE);
  456:                         goto f_err;
  457:                         }
  458:                 if (l && !BUF_MEM_grow_clean(s->init_buf,(int)l+4))
  459:                         {
  460:                         SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB);
  461:                         goto err;
  462:                         }
  463:                 s->s3->tmp.message_size=l;
  464:                 s->state=stn;
  465: 
  466:                 s->init_msg = s->init_buf->data + 4;
  467:                 s->init_num = 0;
  468:                 }
  469: 
  470:         /* next state (stn) */
  471:         p = s->init_msg;
  472:         n = s->s3->tmp.message_size - s->init_num;
  473:         while (n > 0)
  474:                 {
  475:                 i=s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
  476:                 if (i <= 0)
  477:                         {
  478:                         s->rwstate=SSL_READING;
  479:                         *ok = 0;
  480:                         return i;
  481:                         }
  482:                 s->init_num += i;
  483:                 n -= i;
  484:                 }
  485:         ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4);
  486:         if (s->msg_callback)
  487:                 s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg);
  488:         *ok=1;
  489:         return s->init_num;
  490: f_err:
  491:         ssl3_send_alert(s,SSL3_AL_FATAL,al);
  492: err:
  493:         *ok=0;
  494:         return(-1);
  495:         }
  496: 
  497: int ssl_cert_type(X509 *x, EVP_PKEY *pkey)
  498:         {
  499:         EVP_PKEY *pk;
  500:         int ret= -1,i;
  501: 
  502:         if (pkey == NULL)
  503:                 pk=X509_get_pubkey(x);
  504:         else
  505:                 pk=pkey;
  506:         if (pk == NULL) goto err;
  507: 
  508:         i=pk->type;
  509:         if (i == EVP_PKEY_RSA)
  510:                 {
  511:                 ret=SSL_PKEY_RSA_ENC;
  512:                 }
  513:         else if (i == EVP_PKEY_DSA)
  514:                 {
  515:                 ret=SSL_PKEY_DSA_SIGN;
  516:                 }
  517: #ifndef OPENSSL_NO_EC
  518:         else if (i == EVP_PKEY_EC)
  519:                 {
  520:                 ret = SSL_PKEY_ECC;
  521:                 }
  522: #endif
  523: 
  524: err:
  525:         if(!pkey) EVP_PKEY_free(pk);
  526:         return(ret);
  527:         }
  528: 
  529: int ssl_verify_alarm_type(long type)
  530:         {
  531:         int al;
  532: 
  533:         switch(type)
  534:                 {
  535:         case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
  536:         case X509_V_ERR_UNABLE_TO_GET_CRL:
  537:         case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
  538:                 al=SSL_AD_UNKNOWN_CA;
  539:                 break;
  540:         case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
  541:         case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
  542:         case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
  543:         case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
  544:         case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
  545:         case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
  546:         case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
  547:         case X509_V_ERR_CERT_NOT_YET_VALID:
  548:         case X509_V_ERR_CRL_NOT_YET_VALID:
  549:         case X509_V_ERR_CERT_UNTRUSTED:
  550:         case X509_V_ERR_CERT_REJECTED:
  551:                 al=SSL_AD_BAD_CERTIFICATE;
  552:                 break;
  553:         case X509_V_ERR_CERT_SIGNATURE_FAILURE:
  554:         case X509_V_ERR_CRL_SIGNATURE_FAILURE:
  555:                 al=SSL_AD_DECRYPT_ERROR;
  556:                 break;
  557:         case X509_V_ERR_CERT_HAS_EXPIRED:
  558:         case X509_V_ERR_CRL_HAS_EXPIRED:
  559:                 al=SSL_AD_CERTIFICATE_EXPIRED;
  560:                 break;
  561:         case X509_V_ERR_CERT_REVOKED:
  562:                 al=SSL_AD_CERTIFICATE_REVOKED;
  563:                 break;
  564:         case X509_V_ERR_OUT_OF_M