Tidy up handshake digest logic.
Use SSL_SESSION_get_digest instead of the lower level function where
applicable. Also, remove the failure case (Ivan Maidanski points out in
https://android-review.googlesource.com/c/337852/1/src/ssl/t1_enc.c that
this unreachable codepath is a memory leak) by passing in an SSL_CIPHER
to make it more locally obvious that other values are impossible.
Change-Id: Ie624049d47ab0d24f32b405390d6251c7343d7d6
Reviewed-on: https://boringssl-review.googlesource.com/19024
Commit-Queue: David Benjamin <davidben@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/ssl/internal.h b/ssl/internal.h
index e323049..931ac82 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -338,10 +338,10 @@
size_t *out_fixed_iv_len, const SSL_CIPHER *cipher,
uint16_t version, int is_dtls);
-/* ssl_get_handshake_digest returns the |EVP_MD| corresponding to
- * |algorithm_prf| and the |version|. */
-const EVP_MD *ssl_get_handshake_digest(uint32_t algorithm_prf,
- uint16_t version);
+/* ssl_get_handshake_digest returns the |EVP_MD| corresponding to |version| and
+ * |cipher|. */
+const EVP_MD *ssl_get_handshake_digest(uint16_t version,
+ const SSL_CIPHER *cipher);
/* ssl_create_cipher_list evaluates |rule_str| according to the ciphers in
* |ssl_method|. It sets |*out_cipher_list| to a newly-allocated
@@ -397,7 +397,7 @@
* the handshake transcript. Subsequent calls to |Update| will update the
* rolling hash. It returns one on success and zero on failure. It is an error
* to call this function after the handshake buffer is released. */
- bool InitHash(uint16_t version, int algorithm_prf);
+ bool InitHash(uint16_t version, const SSL_CIPHER *cipher);
const uint8_t *buffer_data() const {
return reinterpret_cast<const uint8_t *>(buffer_->data);
