Abort handshake if signature algorithm used not supported by peer.

 Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]

  *) If an attempt is made to use a signature algorithm not in the peer

     preference list abort the handshake. If client has no suitable

     signature algorithms in response to a certificate request do not

     use the certificate.

     [Steve Henson]

  *) If server EC tmp key is not in client preference list abort handshake.

     [Steve Henson]

		{

		if (TLS1_get_version(s) >= TLS1_2_VERSION)

			{

			int sigalg = tls12_get_sigid(pkey);

			/* Should never happen */

			if (sigalg == -1)

				{

				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR);

			int rv = tls12_check_peer_sigalg(&md, s, p, pkey);

			if (rv == -1)

				goto err;

				}

			/* Check key type is consistent with signature */

			if (sigalg != (int)p[1])

				{

				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_TYPE);

				al=SSL_AD_DECODE_ERROR;

				goto f_err;

				}

			md = tls12_get_hash(p[0]);

			if (md == NULL)

			else if (rv == 0)

				{

				SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_UNKNOWN_DIGEST);

				al = SSL_AD_DECODE_ERROR;

				goto f_err;

				}

	}

/* Check a certificate can be used for client authentication. Currently

 * just check cert exists and if static DH client certificates can be used.

 * check cert exists, if we have a suitable digest for TLS 1.2  and if

 * static DH client certificates can be used.

 */

static int ssl3_check_client_certificate(SSL *s)

	{

	unsigned long alg_k;

	if (!s->cert || !s->cert->key->x509 || !s->cert->key->privatekey)

		return 0;

	/* If no suitable signature algorithm can't use certificate */

	if (TLS1_get_version(s) >= TLS1_2_VERSION && !s->cert->key->digest)

		return 0;

	alg_k=s->s3->tmp.new_cipher->algorithm_mkey;

	/* See if we can use client certificate for fixed DH */

	if (alg_k & (SSL_kDHr|SSL_kDHd))

		{	

		if (TLS1_get_version(s) >= TLS1_2_VERSION)

			{

			int sigalg = tls12_get_sigid(pkey);

			/* Should never happen */

			if (sigalg == -1)

			int rv = tls12_check_peer_sigalg(&md, s, p, pkey);

			if (rv == -1)

				{

				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR);

				al = SSL_AD_INTERNAL_ERROR;

				goto f_err;

				}

			/* Check key type is consistent with signature */

			if (sigalg != (int)p[1])

				{

				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_WRONG_SIGNATURE_TYPE);

				al=SSL_AD_DECODE_ERROR;

				goto f_err;

				}

			md = tls12_get_hash(p[0]);

			if (md == NULL)

			else if (rv == 0)

				{

				SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_UNKNOWN_DIGEST);

				al = SSL_AD_DECODE_ERROR;

				goto f_err;

				}

#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE		 206

#define SSL_F_SSL_VERIFY_CERT_CHAIN			 207

#define SSL_F_SSL_WRITE					 208

#define SSL_F_TLS12_CHECK_PEER_SIGALG			 333

#define SSL_F_TLS1_CERT_VERIFY_MAC			 286

#define SSL_F_TLS1_CHANGE_CIPHER_STATE			 209

#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT		 274

{ERR_FUNC(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE),	"SSL_use_RSAPrivateKey_file"},

{ERR_FUNC(SSL_F_SSL_VERIFY_CERT_CHAIN),	"ssl_verify_cert_chain"},

{ERR_FUNC(SSL_F_SSL_WRITE),	"SSL_write"},

{ERR_FUNC(SSL_F_TLS12_CHECK_PEER_SIGALG),	"tls12_check_peer_sigalg"},

{ERR_FUNC(SSL_F_TLS1_CERT_VERIFY_MAC),	"tls1_cert_verify_mac"},

{ERR_FUNC(SSL_F_TLS1_CHANGE_CIPHER_STATE),	"tls1_change_cipher_state"},

{ERR_FUNC(SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT),	"TLS1_CHECK_SERVERHELLO_TLSEXT"},