tls: fix a potential (currently "disabled" by a macro) SHA1-related bug

author Denys Vlasenko <vda.linux@googlemail.com>

Mon, 10 Dec 2018 17:49:29 +0000 (18:49 +0100)

committer Denys Vlasenko <vda.linux@googlemail.com>

Mon, 10 Dec 2018 17:49:29 +0000 (18:49 +0100)
author Denys Vlasenko <vda.linux@googlemail.com>
Mon, 10 Dec 2018 17:49:29 +0000 (18:49 +0100)
committer Denys Vlasenko <vda.linux@googlemail.com>
Mon, 10 Dec 2018 17:49:29 +0000 (18:49 +0100)
diff --git a/networking/tls.c b/networking/tls.c

index be13c6d5e9983d22e84a644501f05e28fceaab12..253d687b459cb03f499b5de9b1a0cbaa63137128 100644 (file)
--- a/networking/tls.c
+++ b/networking/tls.c
@@ -525,7 +525,7 @@ static unsigned hmac(tls_state_t *tls, uint8_t *out, uint8_t *key, unsigned key_
         va_start(va, key_size);
  
         hmac_begin(&pre, key, key_size,
-                       (ENABLE_FEATURE_TLS_SHA1 || tls->MAC_size == SHA256_OUTSIZE)
+                       (!ENABLE_FEATURE_TLS_SHA1 || tls->MAC_size == SHA256_OUTSIZE)
                                 ? sha256_begin
                                 : sha1_begin
         );
author	Denys Vlasenko <vda.linux@googlemail.com>
	Mon, 10 Dec 2018 17:49:29 +0000 (18:49 +0100)
committer	Denys Vlasenko <vda.linux@googlemail.com>
	Mon, 10 Dec 2018 17:49:29 +0000 (18:49 +0100)