Remove peer_md and use peer_sigalg instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from #2324)

ssl/ssl_locl.h

@@ -1300,8 +1300,6 @@ typedef struct ssl3_state_st {
         size_t peer_sigalgslen;
         /* Sigalg peer actualy uses */
         const SIGALG_LOOKUP *peer_sigalg;
-        /* Digest peer uses for signing */
-        const EVP_MD *peer_md;
         /* Array of digests used for signing */
         const EVP_MD *md[SSL_PKEY_NUM];
         /*

ssl/statem/statem_clnt.c

@@ -1981,7 +1981,7 @@ MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
                 al = SSL_AD_DECODE_ERROR;
                 goto err;
             }
-            md = s->s3->tmp.peer_md;
+            md = ssl_md(s->s3->tmp.peer_sigalg->hash_idx);
 #ifdef SSL_DEBUG
             fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 #endif

ssl/statem/statem_lib.c

@@ -340,7 +340,7 @@ MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
                 al = SSL_AD_DECODE_ERROR;
                 goto f_err;
             }
-            md = s->s3->tmp.peer_md;
+            md = ssl_md(s->s3->tmp.peer_sigalg->hash_idx);
 #ifdef SSL_DEBUG
             fprintf(stderr, "USING TLSv1.2 HASH %s\n", EVP_MD_name(md));
 #endif

ssl/t1_lib.c

@@ -937,10 +937,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
         SSLerr(SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_SIGNATURE_TYPE);
         return 0;
     }
-    /*
-     * Store the digest used so applications can retrieve it if they wish.
-     */
-    s->s3->tmp.peer_md = md;
+    /* Store the sigalg the peer uses */
     s->s3->tmp.peer_sigalg = lu;
     return 1;
 }