commit ca9e8f52f1631fa4906a0d44abdeb55f80fe026d
author David Benjamin <davidben@google.com> Wed Aug 09 15:02:34 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Aug 09 19:13:15 2017 +0000
tree 3894fc051a920b4586ba621dadcd8330b4df71c3
parent 74115c93f1fd9a9ef1d51e26c80858284e1dcf6f

Tidy up handshake digest logic.

Use SSL_SESSION_get_digest instead of the lower level function where
applicable. Also, remove the failure case (Ivan Maidanski points out in
https://android-review.googlesource.com/c/337852/1/src/ssl/t1_enc.c that
this unreachable codepath is a memory leak) by passing in an SSL_CIPHER
to make it more locally obvious that other values are impossible.

Change-Id: Ie624049d47ab0d24f32b405390d6251c7343d7d6
Reviewed-on: https://boringssl-review.googlesource.com/19024
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/ssl_cipher.cc

diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc
index f1a215f..fbcabd5 100644
--- a/ssl/ssl_cipher.cc
+++ b/ssl/ssl_cipher.cc
@@ -742,9 +742,9 @@
   return 1;
 }
 
-const EVP_MD *ssl_get_handshake_digest(uint32_t algorithm_prf,
-                                       uint16_t version) {
-  switch (algorithm_prf) {
+const EVP_MD *ssl_get_handshake_digest(uint16_t version,
+                                       const SSL_CIPHER *cipher) {
+  switch (cipher->algorithm_prf) {
     case SSL_HANDSHAKE_MAC_DEFAULT:
       return version >= TLS1_2_VERSION ? EVP_sha256() : EVP_md5_sha1();
     case SSL_HANDSHAKE_MAC_SHA256:
@@ -752,6 +752,7 @@
     case SSL_HANDSHAKE_MAC_SHA384:
       return EVP_sha384();
     default:
+      assert(0);
       return NULL;
   }
 }