Error messages for client ECC cert verification.

static const SSL_METHOD *ssl3_get_client_method(int ver);

static const SSL_METHOD *ssl3_get_client_method(int ver);

static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);

static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b);

#ifndef OPENSSL_NO_ECDH

int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs);

#endif

static const SSL_METHOD *ssl3_get_client_method(int ver)

static const SSL_METHOD *ssl3_get_client_method(int ver)

	{

	{

	if (ver == SSL3_VERSION)

	if (ver == SSL3_VERSION)

#ifndef OPENSSL_NO_ECDH

#ifndef OPENSSL_NO_ECDH

	if (idx == SSL_PKEY_ECC)

	if (idx == SSL_PKEY_ECC)

		{

		{

		if (check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,

		if (ssl_check_srvr_ecc_cert_and_alg(sc->peer_pkeys[idx].x509,

		    s->s3->tmp.new_cipher) == 0) 

		    s->s3->tmp.new_cipher) == 0) 

			{ /* check failed */

			{ /* check failed */

			SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);

			SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_BAD_ECC_CERT);

/* The following cipher list is used by default.

/* The following cipher list is used by default.

 * It also is substituted when an application-defined cipher list string

 * It also is substituted when an application-defined cipher list string

 * starts with 'DEFAULT'. */

 * starts with 'DEFAULT'. */

#define SSL_DEFAULT_CIPHER_LIST	"AES:CAMELLIA:ALL:!ADH:!AECDH:+RC4:@STRENGTH" /* low priority for RC4 */

#define SSL_DEFAULT_CIPHER_LIST	"AES:CAMELLIA:ALL:!ADH:!AECDH:+aECDH:+kRSA:+RC4:@STRENGTH"

/* low priority for ciphersuites w/o forwared secrecy (fixed ECDH, RSA key exchange), and for RC4 */

/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */

/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */

#define SSL_SENT_SHUTDOWN	1

#define SSL_SENT_SHUTDOWN	1

#define SSL_F_SSL_CERT_INSTANTIATE			 214

#define SSL_F_SSL_CERT_INSTANTIATE			 214

#define SSL_F_SSL_CERT_NEW				 162

#define SSL_F_SSL_CERT_NEW				 162

#define SSL_F_SSL_CHECK_PRIVATE_KEY			 163

#define SSL_F_SSL_CHECK_PRIVATE_KEY			 163

#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG		 279

#define SSL_F_SSL_CIPHER_PROCESS_RULESTR		 230

#define SSL_F_SSL_CIPHER_PROCESS_RULESTR		 230

#define SSL_F_SSL_CIPHER_STRENGTH_SORT			 231

#define SSL_F_SSL_CIPHER_STRENGTH_SORT			 231

#define SSL_F_SSL_CLEAR					 164

#define SSL_F_SSL_CLEAR					 164

#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148

#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148

#define SSL_R_DIGEST_CHECK_FAILED			 149

#define SSL_R_DIGEST_CHECK_FAILED			 149

#define SSL_R_DUPLICATE_COMPRESSION_ID			 309

#define SSL_R_DUPLICATE_COMPRESSION_ID			 309

#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT		 317

#define SSL_R_ECC_CERT_NOT_FOR_SIGNING			 318

#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE	 322

#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE	 323

#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER		 310

#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER		 310

#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150

#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150

#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 282

#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY		 282

	} CIPHER_ORDER;

	} CIPHER_ORDER;

static const SSL_CIPHER cipher_aliases[]={

static const SSL_CIPHER cipher_aliases[]={

	/* "ALL" must be first; it doesn't include eNULL (must be specifically enabled) */

	/* "ALL" doesn't include eNULL (must be specifically enabled) */

	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL},

	{0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL},

	/* "COMPLEMENTOFALL" */

	/* "COMPLEMENTOFALL" */

	{0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},

	{0,SSL_TXT_CMPALL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0},

{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE),	"SSL_CERT_INSTANTIATE"},

{ERR_FUNC(SSL_F_SSL_CERT_INSTANTIATE),	"SSL_CERT_INSTANTIATE"},

{ERR_FUNC(SSL_F_SSL_CERT_NEW),	"SSL_CERT_NEW"},

{ERR_FUNC(SSL_F_SSL_CERT_NEW),	"SSL_CERT_NEW"},

{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY),	"SSL_check_private_key"},

{ERR_FUNC(SSL_F_SSL_CHECK_PRIVATE_KEY),	"SSL_check_private_key"},

{ERR_FUNC(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG),	"SSL_CHECK_SRVR_ECC_CERT_AND_ALG"},

{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),	"SSL_CIPHER_PROCESS_RULESTR"},

{ERR_FUNC(SSL_F_SSL_CIPHER_PROCESS_RULESTR),	"SSL_CIPHER_PROCESS_RULESTR"},

{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT),	"SSL_CIPHER_STRENGTH_SORT"},

{ERR_FUNC(SSL_F_SSL_CIPHER_STRENGTH_SORT),	"SSL_CIPHER_STRENGTH_SORT"},

{ERR_FUNC(SSL_F_SSL_CLEAR),	"SSL_clear"},

{ERR_FUNC(SSL_F_SSL_CLEAR),	"SSL_clear"},

{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},

{ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),"dh public value length is wrong"},

{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED)   ,"digest check failed"},

{ERR_REASON(SSL_R_DIGEST_CHECK_FAILED)   ,"digest check failed"},

{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"},

{ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID),"duplicate compression id"},

{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT),"ecc cert not for key agreement"},

{ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING),"ecc cert not for signing"},

{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE),"ecc cert should have rsa signature"},

{ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE),"ecc cert should have sha1 signature"},

{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},

{ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER),"ecgroup too large for cipher"},

{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},

{ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG),"encrypted length too long"},

{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},

{ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY),"error generating tmp rsa key"},

#define ku_reject(x, usage) \

#define ku_reject(x, usage) \

	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))

	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))

int check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)

int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL_CIPHER *cs)

	{

	{

	unsigned long alg = cs->algorithms;

	unsigned long alg = cs->algorithms;

	EVP_PKEY *pkey = NULL;

	EVP_PKEY *pkey = NULL;

		/* key usage, if present, must allow key agreement */

		/* key usage, if present, must allow key agreement */

		if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))

		if (ku_reject(x, X509v3_KU_KEY_AGREEMENT))

			{

			{

			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT);

			return 0;

			return 0;

			}

			}

		if (alg & SSL_kECDHe)

		if (alg & SSL_kECDHe)

			/* signature alg must be ECDSA */

			/* signature alg must be ECDSA */

			if (signature_nid != NID_ecdsa_with_SHA1)

			if (signature_nid != NID_ecdsa_with_SHA1)

				{

				{

				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE);

				return 0;

				return 0;

				}

				}

			}

			}

				sig = "unknown";

				sig = "unknown";

				}

				}

			if (strstr(sig, "WithRSA") == NULL)

			if (strstr(sig, "WithRSA") == NULL)

				{

				SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE);

				return 0;

				return 0;

				}

				}

			}

			}

		} 

	if (alg & SSL_aECDSA)

	if (alg & SSL_aECDSA)

		{

		{

		/* key usage, if present, must allow signing */

		/* key usage, if present, must allow signing */

		if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))

		if (ku_reject(x, X509v3_KU_DIGITAL_SIGNATURE))

			{

			{

			SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, SSL_R_ECC_CERT_NOT_FOR_SIGNING);

			return 0;

			return 0;

			}

			}

		}

		}