Update from HEAD.

3 files changed, 8 insertions, 3 deletions

diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
index 99221a0690..8332c65be8 100644
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -2714,7 +2714,7 @@ int ssl3_send_newsession_ticket(SSL *s)
 
 		HMAC_CTX_init(&hctx);
 		HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
-				EVP_sha1(), NULL);
+				tlsext_tick_md(), NULL);
 		HMAC_Update(&hctx, macstart, p - macstart);
 		HMAC_Final(&hctx, p, &hlen);
 		HMAC_CTX_cleanup(&hctx);
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
index e92dd66271..fe064cc98a 100644
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -958,6 +958,11 @@ int ssl_prepare_clienthello_tlsext(SSL *s);
 int ssl_prepare_serverhello_tlsext(SSL *s);
 int ssl_check_clienthello_tlsext(SSL *s);
 int ssl_check_serverhello_tlsext(SSL *s);
+#ifdef OPENSSL_NO_SHA256
+#define tlsext_tick_md	EVP_sha1
+#else
+#define tlsext_tick_md	EVP_sha256
+#endif
 int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
 				const unsigned char *limit, SSL_SESSION **ret);
 EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index cc5e80fefd..1c4e151fe1 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -565,7 +565,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
 	/* Attempt to process session ticket, first conduct sanity and
  	 * integrity checks on ticket.
  	 */
-	mlen = EVP_MD_size(EVP_sha1());
+	mlen = EVP_MD_size(tlsext_tick_md());
 	eticklen -= mlen;
 	/* Need at least keyname + iv + some encrypted data */
 	if (eticklen < 48)
@@ -576,7 +576,7 @@ static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen,
 	/* Check HMAC of encrypted ticket */
 	HMAC_CTX_init(&hctx);
 	HMAC_Init_ex(&hctx, s->ctx->tlsext_tick_hmac_key, 16,
-				EVP_sha1(), NULL);
+				tlsext_tick_md(), NULL);
 	HMAC_Update(&hctx, etick, eticklen);
 	HMAC_Final(&hctx, tick_hmac, NULL);
 	HMAC_CTX_cleanup(&hctx);