From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 22 Apr 2015 12:44:16 +0000 (+0200)
Subject: vpnmain.cgi: Use integrity functions as PRF for AEAD
X-Git-Tag: v2.17-core91~114^2~2
X-Git-Url: http://git.ipfire.org/?p=ipfire-2.x.git;a=commitdiff_plain;h=78039c1585df96ae932d3b9c50168c052186ec16

vpnmain.cgi: Use integrity functions as PRF for AEAD
---

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index 55566d7cfb..5c6fd72d7f 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -3014,20 +3014,22 @@ sub make_algos($$$$$) {
 			foreach my $grp (@$grps) {
 				my @algo = ($enc);
 
-				my $is_aead = ($enc =~ m/[cg]cm/);
-				if (!$is_aead) {
+				if ($mode eq "ike") {
 					push(@algo, $int);
-				}
 
-				if ($mode eq "ike") {
 					if ($grp =~ m/^e(\d+)/) {
 						push(@algo, "ecp$1");
 					} else {
 						push(@algo, "modp$grp");
 					}
-				}
 
-				if ($mode eq "esp" && $pfs) {
+				} elsif ($mode eq "esp" && $pfs) {
+					my $is_aead = ($enc =~ m/[cg]cm/);
+
+					if (!$is_aead) {
+						push(@algo, $int);
+					}
+
 					if ($grp =~ m/^e\d+/) {
 						push(@algo, $grp);
 					} else {