diff options
author | David Benjamin <davidben@chromium.org> | 2015-12-20 04:54:07 +0300 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2015-12-23 02:29:21 +0300 |
commit | fe5f7c7b56e1d54478d2983c26153ead80e0322a (patch) | |
tree | c68a3e72c32890e81a74e55a6dcd88fbd2d2e2ba /include | |
parent | 0d56f888c3f748f276249e0733acfc31851a9443 (diff) |
Only reserve EVP_MAX_MD_SIZE for the Finished, not twice of it.
EVP_MAX_MD_SIZE is large enough to fit a MD5/SHA1 concatenation, and
necessarily is because EVP_md5_sha1 exists. This shaves 128 bytes of
per-connection state.
Change-Id: I848a8563dfcbac14735bb7b302263a638528f98e
Reviewed-on: https://boringssl-review.googlesource.com/6804
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'include')
-rw-r--r-- | include/openssl/ssl.h | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index af484195..dcfee915 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -3986,10 +3986,9 @@ typedef struct ssl3_state_st { * pending handshake state here so it can be managed separately from * established connection state in case of renegotiations. */ struct { - /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ - uint8_t finish_md[EVP_MAX_MD_SIZE * 2]; + uint8_t finish_md[EVP_MAX_MD_SIZE]; int finish_md_len; - uint8_t peer_finish_md[EVP_MAX_MD_SIZE * 2]; + uint8_t peer_finish_md[EVP_MAX_MD_SIZE]; int peer_finish_md_len; unsigned long message_size; |