From fe5f7c7b56e1d54478d2983c26153ead80e0322a Mon Sep 17 00:00:00 2001
From: David Benjamin <davidben@chromium.org>
Date: Sat, 19 Dec 2015 20:54:07 -0500
Subject: [PATCH] Only reserve EVP_MAX_MD_SIZE for the Finished, not twice of
 it.

EVP_MAX_MD_SIZE is large enough to fit a MD5/SHA1 concatenation, and
necessarily is because EVP_md5_sha1 exists. This shaves 128 bytes of
per-connection state.

Change-Id: I848a8563dfcbac14735bb7b302263a638528f98e
Reviewed-on: https://boringssl-review.googlesource.com/6804
Reviewed-by: Adam Langley <agl@google.com>
---
 include/openssl/ssl.h | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index af484195..dcfee915 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -3986,10 +3986,9 @@ typedef struct ssl3_state_st {
    * pending handshake state here so it can be managed separately from
    * established connection state in case of renegotiations. */
   struct {
-    /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
-    uint8_t finish_md[EVP_MAX_MD_SIZE * 2];
+    uint8_t finish_md[EVP_MAX_MD_SIZE];
     int finish_md_len;
-    uint8_t peer_finish_md[EVP_MAX_MD_SIZE * 2];
+    uint8_t peer_finish_md[EVP_MAX_MD_SIZE];
     int peer_finish_md_len;
 
     unsigned long message_size;