Update from HEAD.
authorDr. Stephen Henson <steve@openssl.org>
Mon, 20 Aug 2007 12:44:22 +0000 (12:44 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 20 Aug 2007 12:44:22 +0000 (12:44 +0000)
ssl/s3_srvr.c
ssl/ssl_locl.h
ssl/t1_lib.c

index 99221a06905ed0428560ee426de9234ec601cd25..8332c65be809465e36edb1f5ef0e92c48185c186 100644 (file)
@@ -2714,7 +2714,7 @@ int ssl3_send_newsession_ticket(SSL *s)
 
                HMAC_CTX_init(&hctx);
                HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
-                               EVP_sha1(), NULL);
+                               tlsext_tick_md(), NULL);
                HMAC_Update(&hctx, macstart, p - macstart);
                HMAC_Final(&hctx, p, &hlen);
                HMAC_CTX_cleanup(&hctx);
index e92dd66271030f3a3a57a65e2f81408486c1b514..fe064cc98a8c20f76e0669cfd42145b675a36d33 100644 (file)
@@ -958,6 +958,11 @@ int ssl_prepare_clienthello_tlsext(SSL *s);
 int ssl_prepare_serverhello_tlsext(SSL *s);
 int ssl_check_clienthello_tlsext(SSL *s);
 int ssl_check_serverhello_tlsext(SSL *s);
+#ifdef OPENSSL_NO_SHA256
+#define tlsext_tick_md EVP_sha1
+#else
+#define tlsext_tick_md EVP_sha256
+#endif
 int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
                                const unsigned char *limit, SSL_SESSION **ret);
 EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
index cc5e80fefd3a2220eaa6f9667b8a6529b4a87d50..1c4e151fe184ebc9d5594c1e8915b8b83e719662 100644 (file)
@@ -565,7 +565,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
        /* Attempt to process session ticket, first conduct sanity and
         * integrity checks on ticket.
         */
-       mlen = EVP_MD_size(EVP_sha1());
+       mlen = EVP_MD_size(tlsext_tick_md());
        eticklen -= mlen;
        /* Need at least keyname + iv + some encrypted data */
        if (eticklen < 48)
@@ -576,7 +576,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
        /* Check HMAC of encrypted ticket */
        HMAC_CTX_init(&hctx);
        HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
-                               EVP_sha1(), NULL);
+                               tlsext_tick_md(), NULL);
        HMAC_Update(&hctx, etick, eticklen);
        HMAC_Final(&hctx, tick_hmac, NULL);
        HMAC_CTX_cleanup(&hctx);