Use SHA256 for ticket HMAC if possible.

author: Dr. Stephen Henson <steve@openssl.org> 2007-08-20 12:35:20 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2007-08-20 12:35:20 +0000
commit: 956006b741f9e5dbeaf98356317e51ef7110746b (patch)
tree: cd6e28704ceeccedcd0768ea7a3d5677ff88d7e4 /ssl/t1_lib.c
parent: 167066fed4700d68b2776cbece464658fb30ac92 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 232ab4ea57..b5eab2cb68 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -985,7 +985,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
 	/* Attempt to process session ticket, first conduct sanity and
  	 * integrity checks on ticket.
  	 */
-	mlen = EVP_MD_size(EVP_sha1());
+	mlen = EVP_MD_size(tlsext_tick_md());
 	eticklen -= mlen;
 	/* Need at least keyname + iv + some encrypted data */
 	if (eticklen < 48)
@@ -996,7 +996,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
 	/* Check HMAC of encrypted ticket */
 	HMAC_CTX_init(&hctx);
 	HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
-				EVP_sha1(), NULL);
+				tlsext_tick_md(), NULL);
 	HMAC_Update(&hctx, etick, eticklen);
 	HMAC_Final(&hctx, tick_hmac, NULL);
 	HMAC_CTX_cleanup(&hctx);
author	Dr. Stephen Henson <steve@openssl.org>	2007-08-20 12:35:20 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2007-08-20 12:35:20 +0000
commit	956006b741f9e5dbeaf98356317e51ef7110746b (patch)
tree	cd6e28704ceeccedcd0768ea7a3d5677ff88d7e4 /ssl/t1_lib.c
parent	167066fed4700d68b2776cbece464658fb30ac92 (diff)