OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Dr.
Stephen Henson
Root: /v/openssl/cvs Email: steve openssl.org
Module: openssl Date:
20-Aug-2007 14:35:21
Branch: HEAD Handle:
2007082013352000
Modified files:
openssl/ssl s3_srvr.c ssl_locl.h t1_lib.c
Log:
Use SHA256 for ticket HMAC if possible.
Summary:
Revision Changes Path
1.154 +1 -1 openssl/ssl/s3_srvr.c
1.84 +5 -0 openssl/ssl/ssl_locl.h
1.45 +2 -2 openssl/ssl/t1_lib.c
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/ssl/s3_srvr.c
============================================================
================
$ cvs diff -u -r1.153 -r1.154 s3_srvr.c
--- openssl/ssl/s3_srvr.c 12 Aug 2007 17:06:23
-0000 1.153
+++ openssl/ssl/s3_srvr.c 20 Aug 2007 12:35:20
-0000 1.154
-2792,7 +2792,7
HMAC_CTX_init(&hctx);
HMAC_Init_ex(&hctx,
s->ctx->tlsext_tick_hmac_key, 16,
- EVP_sha1(), NULL);
+ tlsext_tick_md(), NULL);
HMAC_Update(&hctx, macstart, p - macstart);
HMAC_Final(&hctx, p, &hlen);
HMAC_CTX_cleanup(&hctx);
.
patch -p0 <<' .'
Index: openssl/ssl/ssl_locl.h
============================================================
================
$ cvs diff -u -r1.83 -r1.84 ssl_locl.h
--- openssl/ssl/ssl_locl.h 12 Aug 2007 18:56:14
-0000 1.83
+++ openssl/ssl/ssl_locl.h 20 Aug 2007 12:35:20
-0000 1.84
-987,6 +987,11
int ssl_prepare_serverhello_tlsext(SSL *s);
int ssl_check_clienthello_tlsext(SSL *s);
int ssl_check_serverhello_tlsext(SSL *s);
+#ifdef OPENSSL_NO_SHA256
+#define tlsext_tick_md EVP_sha1
+#else
+#define tlsext_tick_md EVP_sha256
+#endif
int tls1_process_ticket(SSL *s, unsigned char
*session_id, int len,
const unsigned char *limit, SSL_SESSION **ret);
#endif
.
patch -p0 <<' .'
Index: openssl/ssl/t1_lib.c
============================================================
================
$ cvs diff -u -r1.44 -r1.45 t1_lib.c
--- openssl/ssl/t1_lib.c 12 Aug 2007 23:59:03 -0000 1.44
+++ openssl/ssl/t1_lib.c 20 Aug 2007 12:35:20 -0000 1.45
-985,7 +985,7
/* Attempt to process session ticket, first conduct
sanity and
* integrity checks on ticket.
*/
- mlen = EVP_MD_size(EVP_sha1());
+ mlen = EVP_MD_size(tlsext_tick_md());
eticklen -= mlen;
/* Need at least keyname + iv + some encrypted data */
if (eticklen < 48)
-996,7 +996,7
/* Check HMAC of encrypted ticket */
HMAC_CTX_init(&hctx);
HMAC_Init_ex(&hctx,
s->ctx->tlsext_tick_hmac_key, 16,
- EVP_sha1(), NULL);
+ tlsext_tick_md(), NULL);
HMAC_Update(&hctx, etick, eticklen);
HMAC_Final(&hctx, tick_hmac, NULL);
HMAC_CTX_cleanup(&hctx);
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
