diff --git a/libfreerdp-core/security.c b/libfreerdp-core/security.c
index 0b17d7dc2..223173281 100644
--- a/libfreerdp-core/security.c
+++ b/libfreerdp-core/security.c
@@ -118,7 +118,7 @@ static void security_salted_hash(uint8* salt, uint8* input, int length, uint8* s
 {
 	CryptoMd5 md5;
 	CryptoSha1 sha1;
-	uint8 sha1_digest[20];
+	uint8 sha1_digest[CRYPTO_SHA1_DIGEST_LENGTH];
 
 	/* SaltedHash(Salt, Input, Salt1, Salt2) = MD5(S + SHA1(Input + Salt + Salt1 + Salt2)) */
 
@@ -133,7 +133,7 @@ static void security_salted_hash(uint8* salt, uint8* input, int length, uint8* s
 	/* SaltedHash(Salt, Input, Salt1, Salt2) = MD5(S + SHA1_Digest) */
 	md5 = crypto_md5_init();
 	crypto_md5_update(md5, salt, 48); /* Salt (48 bytes) */
-	crypto_md5_update(md5, sha1_digest, 20); /* SHA1_Digest */
+	crypto_md5_update(md5, sha1_digest, sizeof(sha1_digest)); /* SHA1_Digest */
 	crypto_md5_final(md5, output);
 }
 
@@ -201,7 +201,7 @@ void security_mac_data(uint8* mac_salt_key, uint8* data, uint32 length, uint8* o
 	CryptoMd5 md5;
 	CryptoSha1 sha1;
 	uint8 length_le[4];
-	uint8 sha1_digest[20];
+	uint8 sha1_digest[CRYPTO_SHA1_DIGEST_LENGTH];
 
 	/* MacData = MD5(MacSaltKey + pad2 + SHA1(MacSaltKey + pad1 + length + data)) */
 
@@ -219,7 +219,7 @@ void security_mac_data(uint8* mac_salt_key, uint8* data, uint32 length, uint8* o
 	md5 = crypto_md5_init();
 	crypto_md5_update(md5, mac_salt_key, 16); /* MacSaltKey */
 	crypto_md5_update(md5, pad2, sizeof(pad2)); /* pad2 */
-	crypto_md5_update(md5, sha1_digest, 20); /* SHA1_Digest */
+	crypto_md5_update(md5, sha1_digest, sizeof(sha1_digest)); /* SHA1_Digest */
 	crypto_md5_final(md5, output);
 }
 
@@ -228,8 +228,8 @@ void security_mac_signature(uint8* mac_key, int mac_key_length, uint8* data, uin
 	CryptoMd5 md5;
 	CryptoSha1 sha1;
 	uint8 length_le[4];
-	uint8 md5_digest[16];
-	uint8 sha1_digest[20];
+	uint8 md5_digest[CRYPTO_MD5_DIGEST_LENGTH];
+	uint8 sha1_digest[CRYPTO_SHA1_DIGEST_LENGTH];
 
 	security_uint32_le(length_le, length); /* length must be little-endian */
 
@@ -245,7 +245,7 @@ void security_mac_signature(uint8* mac_key, int mac_key_length, uint8* data, uin
 	md5 = crypto_md5_init();
 	crypto_md5_update(md5, mac_key, mac_key_length); /* MacKeyN */
 	crypto_md5_update(md5, pad2, sizeof(pad2)); /* pad2 */
-	crypto_md5_update(md5, sha1_digest, 20); /* SHA1_Digest */
+	crypto_md5_update(md5, sha1_digest, sizeof(sha1_digest)); /* SHA1_Digest */
 	crypto_md5_final(md5, md5_digest);
 
 	memcpy(output, md5_digest, 8);
@@ -313,7 +313,8 @@ boolean security_establish_keys(uint8* client_random, rdpRdp* rdp)
 	if (settings->encryption_method == ENCRYPTION_METHOD_FIPS)
 	{
 		CryptoSha1 sha1;
-		uint8 client_encrypt_key_t[21], client_decrypt_key_t[21];
+		uint8 client_encrypt_key_t[CRYPTO_SHA1_DIGEST_LENGTH + 1];
+		uint8 client_decrypt_key_t[CRYPTO_SHA1_DIGEST_LENGTH + 1];
 
 		printf("FIPS Compliant encryption level.\n");
 
@@ -379,7 +380,7 @@ boolean security_establish_keys(uint8* client_random, rdpRdp* rdp)
 
 boolean security_key_update(uint8* key, uint8* update_key, int key_len)
 {
-	uint8 sha1h[20];
+	uint8 sha1h[CRYPTO_SHA1_DIGEST_LENGTH];
 	CryptoMd5 md5;
 	CryptoSha1 sha1;
 	CryptoRc4 rc4;
@@ -394,7 +395,7 @@ boolean security_key_update(uint8* key, uint8* update_key, int key_len)
 	md5 = crypto_md5_init();
 	crypto_md5_update(md5, update_key, key_len);
 	crypto_md5_update(md5, pad2, sizeof(pad2));
-	crypto_md5_update(md5, sha1h, 20);
+	crypto_md5_update(md5, sha1h, sizeof(sha1h));
 	crypto_md5_final(md5, key);
 
 	rc4 = crypto_rc4_init(key, key_len);