commit ca9e8f52f1631fa4906a0d44abdeb55f80fe026d
author David Benjamin <davidben@google.com> Wed Aug 09 15:02:34 2017 -0400
committer CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Aug 09 19:13:15 2017 +0000
tree 3894fc051a920b4586ba621dadcd8330b4df71c3
parent 74115c93f1fd9a9ef1d51e26c80858284e1dcf6f

Tidy up handshake digest logic.

Use SSL_SESSION_get_digest instead of the lower level function where
applicable. Also, remove the failure case (Ivan Maidanski points out in
https://android-review.googlesource.com/c/337852/1/src/ssl/t1_enc.c that
this unreachable codepath is a memory leak) by passing in an SSL_CIPHER
to make it more locally obvious that other values are impossible.

Change-Id: Ie624049d47ab0d24f32b405390d6251c7343d7d6
Reviewed-on: https://boringssl-review.googlesource.com/19024
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

ssl/ssl_transcript.cc

diff --git a/ssl/ssl_transcript.cc b/ssl/ssl_transcript.cc
index 4a00d0f..2dfaf76 100644
--- a/ssl/ssl_transcript.cc
+++ b/ssl/ssl_transcript.cc
@@ -178,8 +178,8 @@
   return true;
 }
 
-bool SSLTranscript::InitHash(uint16_t version, int algorithm_prf) {
-  const EVP_MD *md = ssl_get_handshake_digest(algorithm_prf, version);
+bool SSLTranscript::InitHash(uint16_t version, const SSL_CIPHER *cipher) {
+  const EVP_MD *md = ssl_get_handshake_digest(version, cipher);
 
   /* To support SSL 3.0's Finished and CertificateVerify constructions,
    * EVP_md5_sha1() is split into MD5 and SHA-1 halves. When SSL 3.0 is removed,