Pass parameters to tls1_process_sigalgs as a CBS.
Slightly cleaner; it means we can use CBS_stow.
Change-Id: I074aa2d73a79648013dea025ee531beeea2af4a2
Reviewed-on: https://boringssl-review.googlesource.com/1287
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 2d67376..66add63 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1986,9 +1986,7 @@
return 0;
}
- if (!tls1_process_sigalgs(s,
- CBS_data(&supported_signature_algorithms),
- CBS_len(&supported_signature_algorithms)))
+ if (!tls1_process_sigalgs(s, &supported_signature_algorithms))
{
*out_alert = SSL_AD_DECODE_ERROR;
return 0;
@@ -3177,30 +3175,26 @@
/* Set preferred digest for each key type */
-int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
+int tls1_process_sigalgs(SSL *s, const CBS *sigalgs)
{
int idx;
size_t i;
const EVP_MD *md;
CERT *c = s->cert;
TLS_SIGALGS *sigptr;
+
/* Extension ignored for inappropriate versions */
if (!SSL_USE_SIGALGS(s))
return 1;
/* Length must be even */
- if (dsize % 2 != 0)
+ if (CBS_len(sigalgs) % 2 != 0)
return 0;
/* Should never happen */
if (!c)
return 0;
- if (c->peer_sigalgs)
- OPENSSL_free(c->peer_sigalgs);
- c->peer_sigalgs = OPENSSL_malloc(dsize);
- if (!c->peer_sigalgs)
+ if (!CBS_stow(sigalgs, &c->peer_sigalgs, &c->peer_sigalgslen))
return 0;
- c->peer_sigalgslen = dsize;
- memcpy(c->peer_sigalgs, data, dsize);
tls1_set_shared_sigalgs(s);