Save 48 bytes if SSLv3 is not defined

include/polarssl/ssl.h

@@ -304,6 +304,15 @@
                         + SSL_PADDING_ADD                   \
                         )
 
+/*
+ * Length of the verify data for secure renegotiation
+ */
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+#define SSL_VERIFY_DATA_MAX_LEN 36
+#else
+#define SSL_VERIFY_DATA_MAX_LEN 12
+#endif
+
 /*
  * Signaling ciphersuite values (SCSV)
  */
@@ -867,8 +876,8 @@ struct _ssl_context
                                               secure renegotiation           */
 #if defined(POLARSSL_SSL_RENEGOTIATION)
     size_t verify_data_len;             /*!<  length of verify data stored   */
-    char own_verify_data[36];           /*!<  previous handshake verify data */
-    char peer_verify_data[36];          /*!<  previous handshake verify data */
+    char own_verify_data[SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
+    char peer_verify_data[SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
 #endif
 };
 

library/ssl_tls.c

@@ -3476,8 +3476,8 @@ int ssl_session_reset( ssl_context *ssl )
     ssl->renego_records_seen = 0;
 
     ssl->verify_data_len = 0;
-    memset( ssl->own_verify_data, 0, 36 );
-    memset( ssl->peer_verify_data, 0, 36 );
+    memset( ssl->own_verify_data, 0, SSL_VERIFY_DATA_MAX_LEN );
+    memset( ssl->peer_verify_data, 0, SSL_VERIFY_DATA_MAX_LEN );
 #endif
     ssl->secure_renegotiation = SSL_LEGACY_RENEGOTIATION;