Only reserve EVP_MAX_MD_SIZE for the Finished, not twice of it. EVP_MAX_MD_SIZE is large enough to fit a MD5/SHA1 concatenation, and necessarily is because EVP_md5_sha1 exists. This shaves 128 bytes of per-connection state. Change-Id: I848a8563dfcbac14735bb7b302263a638528f98e Reviewed-on: https://boringssl-review.googlesource.com/6804 Reviewed-by: Adam Langley <agl@google.com>

commit: fe5f7c7b56e1d54478d2983c26153ead80e0322a [log] [tgz]
author: David Benjamin <davidben@chromium.org> Sat Dec 19 20:54:07 2015 -0500
committer: Adam Langley <agl@google.com> Tue Dec 22 23:29:21 2015 +0000
tree: c68a3e72c32890e81a74e55a6dcd88fbd2d2e2ba
parent: 0d56f888c3f748f276249e0733acfc31851a9443 [diff] [blame]
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index af48419..dcfee91 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -3986,10 +3986,9 @@
    * pending handshake state here so it can be managed separately from
    * established connection state in case of renegotiations. */
   struct {
-    /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
-    uint8_t finish_md[EVP_MAX_MD_SIZE * 2];
+    uint8_t finish_md[EVP_MAX_MD_SIZE];
     int finish_md_len;
-    uint8_t peer_finish_md[EVP_MAX_MD_SIZE * 2];
+    uint8_t peer_finish_md[EVP_MAX_MD_SIZE];
     int peer_finish_md_len;
 
     unsigned long message_size;
commit	fe5f7c7b56e1d54478d2983c26153ead80e0322a	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Sat Dec 19 20:54:07 2015 -0500
committer	Adam Langley <agl@google.com>	Tue Dec 22 23:29:21 2015 +0000
tree	c68a3e72c32890e81a74e55a6dcd88fbd2d2e2ba
parent	0d56f888c3f748f276249e0733acfc31851a9443 [diff] [blame]