From: Martin Willi <martin@revosec.ch>
Date: Tue, 7 Feb 2012 08:37:51 +0000 (+0100)
Subject: Filter TLS suite MAC by HMAC algorithm, as the hash is not necessarily the same
X-Git-Tag: 4.6.2~14
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1dabf5bfc7ad87ec83c115852ebac221d524deee;p=thirdparty%2Fstrongswan.git

Filter TLS suite MAC by HMAC algorithm, as the hash is not necessarily the same
---

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index 7487da96d3..2eb0a9b767 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -839,25 +839,25 @@ static void filter_mac_config_suites(private_tls_crypto_t *this,
 			while (enumerator->enumerate(enumerator, &token))
 			{
 				if (strcaseeq(token, "md5") &&
-					suites[i].hash == HASH_MD5)
+					suites[i].mac == AUTH_HMAC_MD5_128)
 				{
 					suites[remaining++] = suites[i];
 					break;
 				}
 				if (strcaseeq(token, "sha1") &&
-					suites[i].hash == HASH_SHA1)
+					suites[i].mac == AUTH_HMAC_SHA1_160)
 				{
 					suites[remaining++] = suites[i];
 					break;
 				}
 				if (strcaseeq(token, "sha256") &&
-					suites[i].hash == HASH_SHA256)
+					suites[i].mac == AUTH_HMAC_SHA2_256_256)
 				{
 					suites[remaining++] = suites[i];
 					break;
 				}
 				if (strcaseeq(token, "sha384") &&
-					suites[i].hash == HASH_SHA384)
+					suites[i].mac == AUTH_HMAC_SHA2_384_384)
 				{
 					suites[remaining++] = suites[i];
 					break;