diff --git a/include/polarssl/ssl.h b/include/polarssl/ssl.h index 37123c799..b1df1382a 100644 --- a/include/polarssl/ssl.h +++ b/include/polarssl/ssl.h @@ -304,6 +304,15 @@ + SSL_PADDING_ADD \ ) +/* + * Length of the verify data for secure renegotiation + */ +#if defined(POLARSSL_SSL_PROTO_SSL3) +#define SSL_VERIFY_DATA_MAX_LEN 36 +#else +#define SSL_VERIFY_DATA_MAX_LEN 12 +#endif + /* * Signaling ciphersuite values (SCSV) */ @@ -867,8 +876,8 @@ struct _ssl_context secure renegotiation */ #if defined(POLARSSL_SSL_RENEGOTIATION) size_t verify_data_len; /*!< length of verify data stored */ - char own_verify_data[36]; /*!< previous handshake verify data */ - char peer_verify_data[36]; /*!< previous handshake verify data */ + char own_verify_data[SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ + char peer_verify_data[SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ #endif }; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 898182c9b..df57bb1dc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3476,8 +3476,8 @@ int ssl_session_reset( ssl_context *ssl ) ssl->renego_records_seen = 0; ssl->verify_data_len = 0; - memset( ssl->own_verify_data, 0, 36 ); - memset( ssl->peer_verify_data, 0, 36 ); + memset( ssl->own_verify_data, 0, SSL_VERIFY_DATA_MAX_LEN ); + memset( ssl->peer_verify_data, 0, SSL_VERIFY_DATA_MAX_LEN ); #endif ssl->secure_renegotiation = SSL_LEGACY_RENEGOTIATION;