Shave an easy 16 bytes off SSL_SESSION

original_handshake_hash will only ever be as large as SHA-384, so we don't need to size it up to SHA-512. (We could save even more off if we could remove the Channel ID code...) Change-Id: Iacba4af49cc0251b216094afccb0512346312eec Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/76428 Reviewed-by: Adam Langley <[email protected]> Commit-Queue: David Benjamin <[email protected]>
google · Feb 18, 2025 · 2b619cc · 2b619cc
1 parent a3de8ea
commit 2b619cc
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/ssl/internal.h b/ssl/internal.h
@@ -4531,7 +4531,7 @@ struct ssl_session_st : public bssl::RefCounted<ssl_session_st> {
   // original_handshake_hash contains the handshake hash (either SHA-1+MD5 or
   // SHA-2, depending on TLS version) for the original, full handshake that
   // created a session. This is used by Channel IDs during resumption.
-  bssl::InplaceVector<uint8_t, EVP_MAX_MD_SIZE> original_handshake_hash;
+  bssl::InplaceVector<uint8_t, SSL_MAX_MD_SIZE> original_handshake_hash;
 
   uint32_t ticket_lifetime_hint = 0;  // Session lifetime hint in seconds