Pack an SSL* a little better.
On 64-bit systems the SSL structure is 1/16th padding. This change
reorders some fields and changes one to a bitfield in order to reduce
the memory usage a little.
Change-Id: Id7626a44d22652254717d544bdc2e08f1b0d705f
Reviewed-on: https://boringssl-review.googlesource.com/11140
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 0969dce..8602ec6 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -4010,9 +4010,16 @@
};
struct ssl_st {
+ /* method is the method table corresponding to the current protocol (DTLS or
+ * TLS). */
+ const SSL_PROTOCOL_METHOD *method;
+
/* version is the protocol version. */
int version;
+ /* state contains one of the SSL3_ST_* values. */
+ int state;
+
/* max_version is the maximum acceptable protocol version. Note this version
* is normalized in DTLS. */
uint16_t max_version;
@@ -4026,9 +4033,7 @@
* normalized in DTLS. */
uint16_t fallback_version;
- /* method is the method table corresponding to the current protocol (DTLS or
- * TLS). */
- const SSL_PROTOCOL_METHOD *method;
+ uint16_t max_send_fragment;
/* There are 2 BIO's even though they are normally both the same. This is so
* data can be read and written to different handlers */
@@ -4049,14 +4054,6 @@
int (*handshake_func)(SSL *);
- /* Imagine that here's a boolean member "init" that is switched as soon as
- * SSL_set_{accept/connect}_state is called for the first time, so that
- * "state" and "handshake_func" are properly initialized. But as
- * handshake_func is == 0 until then, we use this test instead of an "init"
- * member. */
-
- int state; /* where we are */
-
BUF_MEM *init_buf; /* buffer used during init */
/* init_msg is a pointer to the current handshake message body. */
@@ -4071,10 +4068,6 @@
struct ssl3_state_st *s3; /* SSLv3 variables */
struct dtls1_state_st *d1; /* DTLSv1 variables */
- /* initial_timeout_duration_ms is the default DTLS timeout duration in
- * milliseconds. It's used to initialize the timer any time it's restarted. */
- unsigned initial_timeout_duration_ms;
-
/* callback that allows applications to peek at protocol messages */
void (*msg_callback)(int write_p, int version, int content_type,
const void *buf, size_t len, SSL *ssl, void *arg);
@@ -4097,6 +4090,10 @@
* needs re-doing when in SSL_accept or SSL_connect */
int rwstate;
+ /* initial_timeout_duration_ms is the default DTLS timeout duration in
+ * milliseconds. It's used to initialize the timer any time it's restarted. */
+ unsigned initial_timeout_duration_ms;
+
/* the session_id_context is used to ensure sessions are only reused
* in the appropriate context */
unsigned int sid_ctx_length;
@@ -4135,10 +4132,7 @@
uint32_t max_cert_list;
int client_version; /* what was passed, used for
* SSLv3/TLS rollback check */
- uint16_t max_send_fragment;
char *tlsext_hostname;
- /* RFC4507 session ticket expected to be received or sent */
- int tlsext_ticket_expected;
size_t supported_group_list_len;
uint16_t *supported_group_list; /* our list */
@@ -4193,6 +4187,9 @@
* we'll advertise support. */
unsigned tlsext_channel_id_enabled:1;
+ /* RFC4507 session ticket expected to be received or sent */
+ unsigned tlsext_ticket_expected:1;
+
/* TODO(agl): remove once node.js not longer references this. */
int tlsext_status_type;
};
