diff options
author | David Benjamin <davidben@google.com> | 2020-02-03 19:32:19 -0500 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2020-02-05 23:21:08 +0000 |
commit | ebad508ef111ef13106019f6e9b22bdae7bf57ef (patch) | |
tree | 920c62e26ff69ed2a5a34946f19e4fa0e1b07929 /ssl/handshake_server.cc | |
parent | 10165d82c16a9cab4a61569eaea9f0fadb36346c (diff) | |
download | boringssl-ebad508ef111ef13106019f6e9b22bdae7bf57ef.zip boringssl-ebad508ef111ef13106019f6e9b22bdae7bf57ef.tar.gz boringssl-ebad508ef111ef13106019f6e9b22bdae7bf57ef.tar.bz2 |
Switch verify sigalg pref functions to SSL_HANDSHAKE.
Functions that take SSL* do not necessarily have an ssl->config
available because it is released post-handshake, whereas hs->config can
be accessed without a null check.
Change-Id: I3d9f3838c1f2d79f92beac363a90fb6046671053
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/39844
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'ssl/handshake_server.cc')
-rw-r--r-- | ssl/handshake_server.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc index dfe14bf..ec9e6ea 100644 --- a/ssl/handshake_server.cc +++ b/ssl/handshake_server.cc @@ -1094,7 +1094,7 @@ static enum ssl_hs_wait_t do_send_server_hello_done(SSL_HANDSHAKE *hs) { !CBB_add_u8(&cert_types, TLS_CT_ECDSA_SIGN) || (ssl_protocol_version(ssl) >= TLS1_2_VERSION && (!CBB_add_u16_length_prefixed(&body, &sigalgs_cbb) || - !tls12_add_verify_sigalgs(ssl, &sigalgs_cbb))) || + !tls12_add_verify_sigalgs(hs, &sigalgs_cbb))) || !ssl_add_client_CA_list(hs, &body) || !ssl_add_message_cbb(ssl, cbb.get())) { OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); @@ -1439,7 +1439,7 @@ static enum ssl_hs_wait_t do_read_client_certificate_verify(SSL_HANDSHAKE *hs) { return ssl_hs_error; } uint8_t alert = SSL_AD_DECODE_ERROR; - if (!tls12_check_peer_sigalg(ssl, &alert, signature_algorithm)) { + if (!tls12_check_peer_sigalg(hs, &alert, signature_algorithm)) { ssl_send_alert(ssl, SSL3_AL_FATAL, alert); return ssl_hs_error; } |