vpnmain.cgi: Use integrity functions as PRF for AEAD
authorMichael Tremer <michael.tremer@ipfire.org>
Wed, 22 Apr 2015 12:44:16 +0000 (14:44 +0200)
committerMichael Tremer <michael.tremer@ipfire.org>
Wed, 22 Apr 2015 12:44:16 +0000 (14:44 +0200)
html/cgi-bin/vpnmain.cgi

index 55566d7..5c6fd72 100644 (file)
@@ -3014,20 +3014,22 @@ sub make_algos($$$$$) {
                        foreach my $grp (@$grps) {
                                my @algo = ($enc);
 
-                               my $is_aead = ($enc =~ m/[cg]cm/);
-                               if (!$is_aead) {
+                               if ($mode eq "ike") {
                                        push(@algo, $int);
-                               }
 
-                               if ($mode eq "ike") {
                                        if ($grp =~ m/^e(\d+)/) {
                                                push(@algo, "ecp$1");
                                        } else {
                                                push(@algo, "modp$grp");
                                        }
-                               }
 
-                               if ($mode eq "esp" && $pfs) {
+                               } elsif ($mode eq "esp" && $pfs) {
+                                       my $is_aead = ($enc =~ m/[cg]cm/);
+
+                                       if (!$is_aead) {
+                                               push(@algo, $int);
+                                       }
+
                                        if ($grp =~ m/^e\d+/) {
                                                push(@algo, $grp);
                                        } else {