From f0c59e1cf8abc1ca6cde344b558b85cbeac21271 Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Thu, 20 Jun 2013 16:10:55 +0200
Subject: [PATCH] proposal: Strip redundant integrity algos for ESP proposals
 only

---
 src/libcharon/config/proposal.c | 35 ++++++++++++++++++---------------
 1 file changed, 19 insertions(+), 16 deletions(-)

diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index 0b702e0141..0acc425d6e 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -429,30 +429,33 @@ static void check_proposal(private_proposal_t *this)
 		e->destroy(e);
 	}
 
-	e = create_enumerator(this, ENCRYPTION_ALGORITHM);
-	while (e->enumerate(e, &alg, &ks))
+	if (this->protocol == PROTO_ESP)
 	{
-		if (!encryption_algorithm_is_aead(alg))
+		e = create_enumerator(this, ENCRYPTION_ALGORITHM);
+		while (e->enumerate(e, &alg, &ks))
 		{
-			all_aead = FALSE;
-			break;
+			if (!encryption_algorithm_is_aead(alg))
+			{
+				all_aead = FALSE;
+				break;
+			}
 		}
-	}
-	e->destroy(e);
+		e->destroy(e);
 
-	if (all_aead)
-	{
-		/* if all encryption algorithms in the proposal are AEADs,
-		 * we MUST NOT propose any integrity algorithms */
-		e = array_create_enumerator(this->transforms);
-		while (e->enumerate(e, &entry))
+		if (all_aead)
 		{
-			if (entry->type == INTEGRITY_ALGORITHM)
+			/* if all encryption algorithms in the proposal are AEADs,
+			 * we MUST NOT propose any integrity algorithms */
+			e = array_create_enumerator(this->transforms);
+			while (e->enumerate(e, &entry))
 			{
-				array_remove_at(this->transforms, e);
+				if (entry->type == INTEGRITY_ALGORITHM)
+				{
+					array_remove_at(this->transforms, e);
+				}
 			}
+			e->destroy(e);
 		}
-		e->destroy(e);
 	}
 
 	if (this->protocol == PROTO_AH || this->protocol == PROTO_ESP)
-- 
2.47.2