Moving transcript and PRF functions to SSL_TRANSCRIPT. Change-Id: I98903df561bbf8c5739f892d2ad5e89ac0eb8e6f Reviewed-on: https://boringssl-review.googlesource.com/13369 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 908ac19e8e674c70a5bf05a415c62bfb55cff5c8 [log] [tgz]
author: Steven Valdez <svaldez@google.com> Thu Jan 12 13:17:07 2017 -0500
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Fri Feb 10 16:33:42 2017 +0000
tree: a39dd9d8b7c52c65b6742c9b1bd5ec499b108b46
parent: d4c349b56ca380c0578f4917fb5abaddf13b9747 [diff] [blame]
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index 480304f..8f1ad73 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c

@@ -787,10 +787,11 @@
   return 1;
 }
 
-const EVP_MD *ssl_get_handshake_digest(uint32_t algorithm_prf) {
+const EVP_MD *ssl_get_handshake_digest(uint32_t algorithm_prf,
+                                       uint16_t version) {
   switch (algorithm_prf) {
     case SSL_HANDSHAKE_MAC_DEFAULT:
-      return EVP_sha1();
+      return version >= TLS1_2_VERSION ? EVP_sha256() : EVP_md5_sha1();
     case SSL_HANDSHAKE_MAC_SHA256:
       return EVP_sha256();
     case SSL_HANDSHAKE_MAC_SHA384:
commit	908ac19e8e674c70a5bf05a415c62bfb55cff5c8	[log] [tgz]
author	Steven Valdez <svaldez@google.com>	Thu Jan 12 13:17:07 2017 -0500
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Fri Feb 10 16:33:42 2017 +0000
tree	a39dd9d8b7c52c65b6742c9b1bd5ec499b108b46
parent	d4c349b56ca380c0578f4917fb5abaddf13b9747 [diff] [blame]