Release handshake buffer when sending no certificate.

See also upstream's dab18ab596acb35eff2545643e25757e4f9cd777. This allows us to
add an assertion to the finished computation that the handshake buffer has
already been released.

BUG=492371

Change-Id: I8f15c618c8b2c70bfe583c81644d9dbea95519d4
Reviewed-on: https://boringssl-review.googlesource.com/4887
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_clnt.c

@@ -2118,6 +2118,13 @@ int ssl3_send_client_certificate(SSL *s) {
         return 1;
       } else {
         s->s3->tmp.cert_req = 2;
+        /* There is no client certificate, so the handshake buffer may be
+         * released. */
+        if (s->s3->handshake_buffer &&
+            !ssl3_digest_cached_records(s, free_handshake_buffer)) {
+          ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_INTERNAL_ERROR);
+          return -1;
+        }
       }
     }
 

ssl/t1_enc.c

@@ -554,6 +554,11 @@ int tls1_final_finish_mac(SSL *s, const char *str, int slen, uint8_t *out) {
   int err = 0;
   int digests_len;
 
+  /* At this point, the handshake should have released the handshake buffer on
+   * its own.
+   * TODO(davidben): Apart from initialization, the handshake buffer should be
+   * orthogonal to the handshake digest. https://crbug.com/492371 */
+  assert(s->s3->handshake_buffer == NULL);
   if (s->s3->handshake_buffer &&
       !ssl3_digest_cached_records(s, free_handshake_buffer)) {
     return 0;