diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 5ad25897..dda2ef79 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1764,9 +1764,7 @@ int ssl3_get_certificate_request(SSL *s)
 			s->cert->pkeys[i].digest = NULL;
 			s->cert->pkeys[i].valid_flags = 0;
 			}
-		if (!tls1_process_sigalgs(s,
-				CBS_data(&supported_signature_algorithms),
-				CBS_len(&supported_signature_algorithms)))
+		if (!tls1_process_sigalgs(s, &supported_signature_algorithms))
 			{
 			ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
 			OPENSSL_PUT_ERROR(SSL, ssl3_get_certificate_request, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index 7244790b..2024a6b6 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -1188,7 +1188,7 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
 					int maxlen);
 int ssl_parse_clienthello_renegotiate_ext(SSL *s, CBS *cbs, int *out_alert);
 long ssl_get_algorithm2(SSL *s);
-int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
+int tls1_process_sigalgs(SSL *s, const CBS *sigalgs);
 size_t tls12_get_psigalgs(SSL *s, const unsigned char **psigs);
 int tls12_check_peer_sigalg(const EVP_MD **out_md, int *out_alert, SSL *s,
 	CBS *cbs, EVP_PKEY *pkey);
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 2d673764..66add632 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1986,9 +1986,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CBS *cbs, int *out_alert)
 				return 0;
 				}
 
-			if (!tls1_process_sigalgs(s,
-					CBS_data(&supported_signature_algorithms),
-					CBS_len(&supported_signature_algorithms)))
+			if (!tls1_process_sigalgs(s, &supported_signature_algorithms))
 				{
 				*out_alert = SSL_AD_DECODE_ERROR;
 				return 0;
@@ -3177,30 +3175,26 @@ static int tls1_set_shared_sigalgs(SSL *s)
 
 /* Set preferred digest for each key type */
 
-int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize)
+int tls1_process_sigalgs(SSL *s, const CBS *sigalgs)
 	{
 	int idx;
 	size_t i;
 	const EVP_MD *md;
 	CERT *c = s->cert;
 	TLS_SIGALGS *sigptr;
+
 	/* Extension ignored for inappropriate versions */
 	if (!SSL_USE_SIGALGS(s))
 		return 1;
 	/* Length must be even */
-	if (dsize % 2 != 0)
+	if (CBS_len(sigalgs) % 2 != 0)
 		return 0;
 	/* Should never happen */
 	if (!c)
 		return 0;
 
-	if (c->peer_sigalgs)
-		OPENSSL_free(c->peer_sigalgs);
-	c->peer_sigalgs = OPENSSL_malloc(dsize);
-	if (!c->peer_sigalgs)
+	if (!CBS_stow(sigalgs, &c->peer_sigalgs, &c->peer_sigalgslen))
 		return 0;
-	c->peer_sigalgslen = dsize;
-	memcpy(c->peer_sigalgs, data, dsize);
 
 	tls1_set_shared_sigalgs(s);