Put SCTs and OCSP responses in CRYPTO_BUFFERs. They both can be moderately large. This should hopefully relieve a little memory pressure from both connections to hosts which serve SCTs and TLS 1.3's single-use tickets. Change-Id: I034bbf057fe5a064015a0f554b3ae9ea7797cd4e Reviewed-on: https://boringssl-review.googlesource.com/19584 Commit-Queue: Steven Valdez <svaldez@google.com> Reviewed-by: Steven Valdez <svaldez@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

commit: 8fc2dc07d868efafe0f4db5a5df238e2576deb13 [log] [tgz]
author: David Benjamin <davidben@google.com> Tue Aug 22 15:07:51 2017 -0700
committer: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org> Wed Aug 23 15:58:52 2017 +0000
tree: 3a412d0b87b78349d79deec6bec9c482c3bcc88d
parent: e7848220a241e5bbb6b98a6f1f65e4d4f1cef308 [diff] [blame]
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 096dbdc..016c83c 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -4136,12 +4136,10 @@
   uint8_t *tlsext_tick;               // Session ticket
   size_t tlsext_ticklen;              // Session ticket length
 
-  size_t tlsext_signed_cert_timestamp_list_length;
-  uint8_t *tlsext_signed_cert_timestamp_list;  // Server's list.
+  CRYPTO_BUFFER *signed_cert_timestamp_list;
 
   // The OCSP response that came with the session.
-  size_t ocsp_response_length;
-  uint8_t *ocsp_response;
+  CRYPTO_BUFFER *ocsp_response;
 
   // peer_sha256 contains the SHA-256 hash of the peer's certificate if
   // |peer_sha256_valid| is true.
commit	8fc2dc07d868efafe0f4db5a5df238e2576deb13	[log] [tgz]
author	David Benjamin <davidben@google.com>	Tue Aug 22 15:07:51 2017 -0700
committer	CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	Wed Aug 23 15:58:52 2017 +0000
tree	3a412d0b87b78349d79deec6bec9c482c3bcc88d
parent	e7848220a241e5bbb6b98a6f1f65e4d4f1cef308 [diff] [blame]