2 files changed, 22 insertions, 4 deletions

diff --git a/src/include/microhttpd.h b/src/include/microhttpd.h
index a0b48506..c942efd4 100644
--- a/src/include/microhttpd.h
+++ b/src/include/microhttpd.h
@@ -96,7 +96,7 @@ extern "C"
  * they are parsed as decimal numbers.
  * Example: 0x01093001 = 1.9.30-1.
  */
-#define MHD_VERSION 0x00097520
+#define MHD_VERSION 0x00097521
 
 /* If generic headers don't work on your platform, include headers
    which define 'va_list', 'size_t', 'ssize_t', 'intptr_t', 'off_t',
@@ -4740,7 +4740,7 @@ enum MHD_DigestAuthAlgorithm
  *
  * All error values are zero or negative.
  *
- * @note Available since #MHD_VERSION 0x00097518
+ * @note Available since #MHD_VERSION 0x00097521
  */
 enum MHD_DigestAuthResult
 {
@@ -4780,6 +4780,11 @@ enum MHD_DigestAuthResult
   MHD_DAUTH_WRONG_QOP = -5,
 
   /**
+   * Wrong 'algorithm'.
+   */
+  MHD_DAUTH_WRONG_ALGO = -6,
+
+  /**
    * Too large (>64 KiB) Authorization parameter value.
    */
   MHD_DAUTH_TOO_LARGE = -15,
@@ -4817,7 +4822,7 @@ enum MHD_DigestAuthResult
  * @param algo the digest algorithms allowed for verification
  * @return #MHD_DAUTH_OK if authenticated,
  *         the error code otherwise
- * @note Available since #MHD_VERSION 0x00097518
+ * @note Available since #MHD_VERSION 0x00097521
  * @ingroup authentication
  */
 _MHD_EXTERN enum MHD_DigestAuthResult
@@ -4843,7 +4848,7 @@ MHD_digest_auth_check3 (struct MHD_Connection *connection,
  * @param algo digest algorithms allowed for verification
  * @return #MHD_DAUTH_OK if authenticated,
  *         the error code otherwise
- * @note Available since #MHD_VERSION 0x00097513
+ * @note Available since #MHD_VERSION 0x00097521
  * @ingroup authentication
  */
 _MHD_EXTERN enum MHD_DigestAuthResult
diff --git a/src/microhttpd/digestauth.c b/src/microhttpd/digestauth.c
index 35dd0264..71561332 100644
--- a/src/microhttpd/digestauth.c
+++ b/src/microhttpd/digestauth.c
@@ -2034,6 +2034,19 @@ digest_auth_check_all_inner (struct MHD_Connection *connection,
     return MHD_DAUTH_WRONG_QOP;
   /* 'qop' valid */
 
+  /* Check 'algorithm' */
+  if (1)
+  {
+    const enum MHD_DigestAuthAlgo3 r_algo = get_rq_algo (params);
+    const enum MHD_DigestBaseAlgo p_algo = da->algo;
+    if ( (! ((MHD_DIGEST_AUTH_ALGO3_MD5 == r_algo) &&
+             (MHD_DIGEST_BASE_ALGO_MD5 == p_algo))) &&
+         (! ((MHD_DIGEST_AUTH_ALGO3_SHA256 == r_algo) &&
+             (MHD_DIGEST_BASE_ALGO_SHA256 == p_algo))) )
+      return MHD_DAUTH_WRONG_ALGO;
+  }
+  /* 'algorithm' valid */
+
   /* ** Do basic nonce and nonce-counter checks (size, timestamp) ** */
   /* Get 'nc' digital value */
   unq_res = get_unquoted_param (&params->nc, tmp1, ptmp2, &tmp2_size,