commit cd9969434c2b2c347f1fb12623ee240ae01ac942
author David Benjamin <davidben@chromium.org> Sun Jul 20 16:23:51 2014 -0400
committer Adam Langley <agl@google.com> Thu Jul 24 21:18:38 2014 +0000
tree af49bff13b6f72b2ec7547513d1073c4f8db27c0
parent 060d9d2c563b3fbe00eff93e5033591504516e6c

Pass parameters to tls1_process_sigalgs as a CBS.

Slightly cleaner; it means we can use CBS_stow.

Change-Id: I074aa2d73a79648013dea025ee531beeea2af4a2
Reviewed-on: https://boringssl-review.googlesource.com/1287
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_clnt.c

diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 5ad2589..dda2ef7 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1764,9 +1764,7 @@
 			s->cert->pkeys[i].digest = NULL;
 			s->cert->pkeys[i].valid_flags = 0;
 			}
-		if (!tls1_process_sigalgs(s,
-				CBS_data(&supported_signature_algorithms),
-				CBS_len(&supported_signature_algorithms)))
+		if (!tls1_process_sigalgs(s, &supported_signature_algorithms))
 			{
 			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
 			OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, SSL_R_SIGNATURE_ALGORITHMS_ERROR);

ssl/ssl_locl.h

diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 7244790..2024a6b 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1188,7 +1188,7 @@
 					int maxlen);
 int ssl_parse_clienthello_renegotiate_ext(SSL *s, CBS *cbs, int *out_alert);
 long ssl_get_algorithm2(SSL *s);
-int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
+int tls1_process_sigalgs(SSL *s, const CBS *sigalgs);
 size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
 int tls12_check_peer_sigalg(const EVP_MD **out_md, int *out_alert, SSL *s,
 	CBS *cbs, EVP_PKEY *pkey);

ssl/t1_lib.c

diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 2d67376..66add63 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1986,9 +1986,7 @@
 				return 0;
 				}
 
-			if (!tls1_process_sigalgs(s,
-					CBS_data(&supported_signature_algorithms),
-					CBS_len(&supported_signature_algorithms)))
+			if (!tls1_process_sigalgs(s, &supported_signature_algorithms))
 				{
 				*out_alert = SSL_AD_DECODE_ERROR;
 				return 0;
@@ -3177,30 +3175,26 @@
 
 /* Set preferred digest for each key type */
 
-int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
+int tls1_process_sigalgs(SSL *s, const CBS *sigalgs)
 	{
 	int idx;
 	size_t i;
 	const EVP_MD *md;
 	CERT *c = s->cert;
 	TLS_SIGALGS *sigptr;
+
 	/* Extension ignored for inappropriate versions */
 	if (!SSL_USE_SIGALGS(s))
 		return 1;
 	/* Length must be even */
-	if (dsize % 2 != 0)
+	if (CBS_len(sigalgs) % 2 != 0)
 		return 0;
 	/* Should never happen */
 	if (!c)
 		return 0;
 
-	if (c->peer_sigalgs)
-		OPENSSL_free(c->peer_sigalgs);
-	c->peer_sigalgs = OPENSSL_malloc(dsize);
-	if (!c->peer_sigalgs)
+	if (!CBS_stow(sigalgs, &c->peer_sigalgs, &c->peer_sigalgslen))
 		return 0;
-	c->peer_sigalgslen = dsize;
-	memcpy(c->peer_sigalgs, data, dsize);
 
 	tls1_set_shared_sigalgs(s);