From 78039c1585df96ae932d3b9c50168c052186ec16 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 22 Apr 2015 14:44:16 +0200
Subject: [PATCH] vpnmain.cgi: Use integrity functions as PRF for AEAD

---
 html/cgi-bin/vpnmain.cgi | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 55566d7cfb..5c6fd72d7f 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -3014,20 +3014,22 @@ sub make_algos($$$$$) {
 			foreach my $grp (@$grps) {
 				my @algo = ($enc);
 
-				my $is_aead = ($enc =~ m/[cg]cm/);
-				if (!$is_aead) {
+				if ($mode eq "ike") {
 					push(@algo, $int);
-				}
 
-				if ($mode eq "ike") {
 					if ($grp =~ m/^e(\d+)/) {
 						push(@algo, "ecp$1");
 					} else {
 						push(@algo, "modp$grp");
 					}
-				}
 
-				if ($mode eq "esp" && $pfs) {
+				} elsif ($mode eq "esp" && $pfs) {
+					my $is_aead = ($enc =~ m/[cg]cm/);
+
+					if (!$is_aead) {
+						push(@algo, $int);
+					}
+
 					if ($grp =~ m/^e\d+/) {
 						push(@algo, $grp);
 					} else {
-- 
2.39.2