From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 18 Oct 2012 15:15:32 +0000 (+0200)
Subject: proposal_t.strip_dh() takes a DH group to keep, using MODP_NONE will remove all
X-Git-Tag: 5.0.2dr4~266
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4eba7269b830a2f2841dc11f5b688d409091cceb;p=thirdparty%2Fstrongswan.git

proposal_t.strip_dh() takes a DH group to keep, using MODP_NONE will remove all
---

diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c
index b675c908ff..33d47a41ef 100644
--- a/src/libcharon/config/child_cfg.c
+++ b/src/libcharon/config/child_cfg.c
@@ -165,7 +165,7 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*,
 		current = current->clone(current);
 		if (strip_dh)
 		{
-			current->strip_dh(current);
+			current->strip_dh(current, MODP_NONE);
 		}
 		proposals->insert_last(proposals, current);
 	}
@@ -194,7 +194,7 @@ METHOD(child_cfg_t, select_proposal, proposal_t*,
 		{
 			if (strip_dh)
 			{
-				stored->strip_dh(stored);
+				stored->strip_dh(stored, MODP_NONE);
 			}
 			selected = stored->select(stored, supplied, private);
 			if (selected)
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index e12fed7baa..4803c7be27 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -232,14 +232,21 @@ METHOD(proposal_t, has_dh_group, bool,
 }
 
 METHOD(proposal_t, strip_dh, void,
-	private_proposal_t *this)
+	private_proposal_t *this, diffie_hellman_group_t keep)
 {
+	enumerator_t *enumerator;
 	algorithm_t *alg;
 
-	while (this->dh_groups->remove_last(this->dh_groups, (void**)&alg) == SUCCESS)
+	enumerator = this->dh_groups->create_enumerator(this->dh_groups);
+	while (enumerator->enumerate(enumerator, (void**)&alg))
 	{
-		free(alg);
+		if (alg->algorithm != keep)
+		{
+			this->dh_groups->remove_at(this->dh_groups, enumerator);
+			free(alg);
+		}
 	}
+	enumerator->destroy(enumerator);
 }
 
 /**
diff --git a/src/libcharon/config/proposal.h b/src/libcharon/config/proposal.h
index 77e200acc9..7733143a88 100644
--- a/src/libcharon/config/proposal.h
+++ b/src/libcharon/config/proposal.h
@@ -111,8 +111,10 @@ struct proposal_t {
 
 	/**
 	 * Strip DH groups from proposal to use it without PFS.
+	 *
+	 * @param keep			group to keep (MODP_NONE to remove all)
 	 */
-	void (*strip_dh)(proposal_t *this);
+	void (*strip_dh)(proposal_t *this, diffie_hellman_group_t keep);
 
 	/**
 	 * Compare two proposal, and select a matching subset.