projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Verify that the sig algs extension has been sent for TLSv1.3
[openssl.git]
/
ssl
/
statem
/
extensions.c
diff --git
a/ssl/statem/extensions.c
b/ssl/statem/extensions.c
index a68dd4883514cf5c18ce4b561c628a13afdf00d6..4f54c3f7716eff62d000036941576d77ba13f934 100644
(file)
--- a/
ssl/statem/extensions.c
+++ b/
ssl/statem/extensions.c
@@
-38,6
+38,7
@@
static int final_ems(SSL *s, unsigned int context, int sent, int *al);
#ifndef OPENSSL_NO_SRTP
static int init_srtp(SSL *s, unsigned int context);
#endif
#ifndef OPENSSL_NO_SRTP
static int init_srtp(SSL *s, unsigned int context);
#endif
+static int final_sig_algs(SSL *s, unsigned int context, int sent, int *al);
/* Structure to define a built-in extension */
typedef struct extensions_definition_st {
/* Structure to define a built-in extension */
typedef struct extensions_definition_st {
@@
-152,7
+153,7
@@
static const EXTENSION_DEFINITION ext_defs[] = {
TLSEXT_TYPE_signature_algorithms,
EXT_CLIENT_HELLO,
init_sig_algs, tls_parse_ctos_sig_algs, NULL, NULL,
TLSEXT_TYPE_signature_algorithms,
EXT_CLIENT_HELLO,
init_sig_algs, tls_parse_ctos_sig_algs, NULL, NULL,
- tls_construct_ctos_sig_algs,
NULL
+ tls_construct_ctos_sig_algs,
final_sig_algs
},
#ifndef OPENSSL_NO_OCSP
{
},
#ifndef OPENSSL_NO_OCSP
{
@@
-926,3
+927,14
@@
static int init_srtp(SSL *s, unsigned int context)
return 1;
}
#endif
return 1;
}
#endif
+
+static int final_sig_algs(SSL *s, unsigned int context, int sent, int *al)
+{
+ if (!sent && SSL_IS_TLS13(s)) {
+ *al = TLS13_AD_MISSING_EXTENSION;
+ SSLerr(SSL_F_FINAL_SIG_ALGS, SSL_R_MISSING_SIGALGS_EXTENSION);
+ return 0;
+ }
+
+ return 1;
+}