X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=ssl%2Fstatem%2Fextensions.c;h=4f54c3f7716eff62d000036941576d77ba13f934;hp=a68dd4883514cf5c18ce4b561c628a13afdf00d6;hb=049043127209a4a1846a1c0fcc56eff601c41be2;hpb=ace081c1ed98346328e251884c3bea4b41cb50ad

diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index a68dd48835..4f54c3f771 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -38,6 +38,7 @@ static int final_ems(SSL *s, unsigned int context, int sent, int *al);
 #ifndef OPENSSL_NO_SRTP
 static int init_srtp(SSL *s, unsigned int context);
 #endif
+static int final_sig_algs(SSL *s, unsigned int context, int sent, int *al);
 
 /* Structure to define a built-in extension */
 typedef struct extensions_definition_st {
@@ -152,7 +153,7 @@ static const EXTENSION_DEFINITION ext_defs[] = {
         TLSEXT_TYPE_signature_algorithms,
         EXT_CLIENT_HELLO,
         init_sig_algs, tls_parse_ctos_sig_algs, NULL, NULL,
-        tls_construct_ctos_sig_algs, NULL
+        tls_construct_ctos_sig_algs, final_sig_algs
     },
 #ifndef OPENSSL_NO_OCSP
     {
@@ -926,3 +927,14 @@ static int init_srtp(SSL *s, unsigned int context)
     return 1;
 }
 #endif
+
+static int final_sig_algs(SSL *s, unsigned int context, int sent, int *al)
+{
+    if (!sent && SSL_IS_TLS13(s)) {
+        *al = TLS13_AD_MISSING_EXTENSION;
+        SSLerr(SSL_F_FINAL_SIG_ALGS, SSL_R_MISSING_SIGALGS_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}