Switch verify sigalg pref functions to SSL_HANDSHAKE.
Functions that take SSL* do not necessarily have an ssl->config
available because it is released post-handshake, whereas hs->config can
be accessed without a null check.
Change-Id: I3d9f3838c1f2d79f92beac363a90fb6046671053
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/39844
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/ssl/tls13_both.cc b/ssl/tls13_both.cc
index 18bdef2..93e2f6a 100644
--- a/ssl/tls13_both.cc
+++ b/ssl/tls13_both.cc
@@ -356,7 +356,7 @@
}
uint8_t alert = SSL_AD_DECODE_ERROR;
- if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) {
+ if (!tls12_check_peer_sigalg(hs, &alert, signature_algorithm)) {
ssl_send_alert(ssl, SSL3_AL_FATAL, alert);
return false;
}
