Changes from review
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 0e7aa3a..75854fc 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -1578,10 +1578,10 @@
const unsigned char *buf,
const unsigned char *end)
{
- const ptrdiff_t extension_data_len = end - buf;
- if (extension_data_len != 2) {
+ const size_t extension_data_len = end - buf;
+ if (extension_data_len != MBEDTLS_SSL_RECORD_SIZE_LIMIT_EXTENSION_DATA_LENGTH) {
MBEDTLS_SSL_DEBUG_MSG(2,
- ("record_size_limit extension has invalid length: %td Bytes",
+ ("record_size_limit extension has invalid length: %zu Bytes",
extension_data_len));
MBEDTLS_SSL_PEND_FATAL_ALERT(
@@ -1604,7 +1604,7 @@
* smaller than 64. An endpoint MUST treat receipt of a smaller value
* as a fatal error and generate an "illegal_parameter" alert.
*/
- if (record_size_limit < 64) {
+ if (record_size_limit < MBEDTLS_SSL_RECORD_SIZE_LIMIT_MIN) {
MBEDTLS_SSL_PEND_FATAL_ALERT(
MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);