Release the handshake buffer on the client for abbreviated handshakes. Another missing case. BUG=492371 Change-Id: Iaabe43517b8581969431a20f7ba7094787b954aa Reviewed-on: https://boringssl-review.googlesource.com/4886 Reviewed-by: Adam Langley <agl@google.com>

commit: 5f04b6521ded3f7acf279834d46cb488d870667e [log] [tgz]
author: David Benjamin <davidben@chromium.org> Tue May 26 17:30:10 2015 -0400
committer: Adam Langley <agl@google.com> Wed May 27 21:53:52 2015 +0000
tree: 655d2c01b318531b93d23ffd44af483bf5c5436a
parent: 5c1ce2925db17c0255964022c8899d2cd350b64c [diff]
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 789abbd..2e272b2 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c

@@ -865,9 +865,10 @@
   }
   s->s3->tmp.new_cipher = c;
 
-  /* Don't digest cached records if no sigalgs: we may need them for client
-   * authentication. */
-  if (!SSL_USE_SIGALGS(s) &&
+  /* If doing a full handshake with TLS 1.2, the server may request a client
+   * certificate which requires hashing the handshake transcript under a
+   * different hash. Otherwise, release the handshake buffer. */
+  if ((!SSL_USE_SIGALGS(s) || s->hit) &&
       !ssl3_digest_cached_records(s, free_handshake_buffer)) {
     goto f_err;
   }
commit	5f04b6521ded3f7acf279834d46cb488d870667e	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Tue May 26 17:30:10 2015 -0400
committer	Adam Langley <agl@google.com>	Wed May 27 21:53:52 2015 +0000
tree	655d2c01b318531b93d23ffd44af483bf5c5436a
parent	5c1ce2925db17c0255964022c8899d2cd350b64c [diff]