From: Martin Willi <martin@revosec.ch>
Date: Thu, 20 Jun 2013 14:10:55 +0000 (+0200)
Subject: proposal: Strip redundant integrity algos for ESP proposals only
X-Git-Tag: 5.1.1rc1~48^2~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f0c59e1cf8abc1ca6cde344b558b85cbeac21271;p=thirdparty%2Fstrongswan.git

proposal: Strip redundant integrity algos for ESP proposals only
---

diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index 0b702e0141..0acc425d6e 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -429,30 +429,33 @@ static void check_proposal(private_proposal_t *this)
 		e->destroy(e);
 	}
 
-	e = create_enumerator(this, ENCRYPTION_ALGORITHM);
-	while (e->enumerate(e, &alg, &ks))
+	if (this->protocol == PROTO_ESP)
 	{
-		if (!encryption_algorithm_is_aead(alg))
+		e = create_enumerator(this, ENCRYPTION_ALGORITHM);
+		while (e->enumerate(e, &alg, &ks))
 		{
-			all_aead = FALSE;
-			break;
+			if (!encryption_algorithm_is_aead(alg))
+			{
+				all_aead = FALSE;
+				break;
+			}
 		}
-	}
-	e->destroy(e);
+		e->destroy(e);
 
-	if (all_aead)
-	{
-		/* if all encryption algorithms in the proposal are AEADs,
-		 * we MUST NOT propose any integrity algorithms */
-		e = array_create_enumerator(this->transforms);
-		while (e->enumerate(e, &entry))
+		if (all_aead)
 		{
-			if (entry->type == INTEGRITY_ALGORITHM)
+			/* if all encryption algorithms in the proposal are AEADs,
+			 * we MUST NOT propose any integrity algorithms */
+			e = array_create_enumerator(this->transforms);
+			while (e->enumerate(e, &entry))
 			{
-				array_remove_at(this->transforms, e);
+				if (entry->type == INTEGRITY_ALGORITHM)
+				{
+					array_remove_at(this->transforms, e);
+				}
 			}
+			e->destroy(e);
 		}
-		e->destroy(e);
 	}
 
 	if (this->protocol == PROTO_AH || this->protocol == PROTO_ESP)