diff --git a/src/internal.c b/src/internal.c index 3dfbfbdf8..fdd0e0f65 100644 --- a/src/internal.c +++ b/src/internal.c @@ -14723,7 +14723,7 @@ int DoSessionTicket(WOLFSSL* ssl, ato16(&input[idx], &clSuites.suiteSz); idx += 2; - if (clSuites.suiteSz > MAX_SUITE_SZ) + if (clSuites.suiteSz > WOLFSSL_MAX_SUITE_SZ) return BUFFER_ERROR; clSuites.hashSigAlgoSz = 0; @@ -15005,7 +15005,7 @@ int DoSessionTicket(WOLFSSL* ssl, if ((i - begin) + clSuites.suiteSz + OPAQUE8_LEN > helloSz) return BUFFER_ERROR; - if (clSuites.suiteSz > MAX_SUITE_SZ) + if (clSuites.suiteSz > WOLFSSL_MAX_SUITE_SZ) return BUFFER_ERROR; XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 2f5d329ee..dea006f80 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -852,7 +852,6 @@ enum Misc { MAX_DH_SIZE = 513, /* 4096 bit plus possible leading 0 */ SESSION_HINT_SZ = 4, /* session timeout hint */ - MAX_SUITE_SZ = 200, /* 100 suites for now! */ RAN_LEN = 32, /* random length */ SEED_LEN = RAN_LEN * 2, /* tls prf seed length */ ID_LEN = 32, /* session id length */ @@ -988,6 +987,12 @@ enum Misc { }; +#ifndef WOLFSSL_MAX_SUITE_SZ + #define WOLFSSL_MAX_SUITE_SZ 300 + /* 150 suites for now! */ +#endif + + #ifndef WOLFSSL_MIN_DHKEY_BITS #ifdef WOLFSSL_MAX_STRENGTH #define WOLFSSL_MIN_DHKEY_BITS 2048 @@ -1221,7 +1226,7 @@ typedef struct { typedef struct Suites { word16 suiteSz; /* suite length in bytes */ word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */ - byte suites[MAX_SUITE_SZ]; + byte suites[WOLFSSL_MAX_SUITE_SZ]; byte hashSigAlgo[HELLO_EXT_SIGALGO_MAX]; /* sig/algo to offer */ byte setSuites; /* user set suites from default */ byte hashAlgo; /* selected hash algorithm */