From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 23 Feb 2018 08:59:38 +0000 (+0100)
Subject: proposal: Compare algorithms of all transform types for equality
X-Git-Tag: 5.6.3dr1~35^2
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=6b8749ab18ac53eba2db81d7938e07dfcd9af4e0;p=thirdparty%2Fstrongswan.git

proposal: Compare algorithms of all transform types for equality
---

diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c
index 1fb6ee6d91..c18915fd75 100644
--- a/src/libstrongswan/crypto/proposal/proposal.c
+++ b/src/libstrongswan/crypto/proposal/proposal.c
@@ -527,16 +527,27 @@ METHOD(proposal_t, get_number, u_int,
 METHOD(proposal_t, equals, bool,
 	private_proposal_t *this, proposal_t *other)
 {
+	transform_type_t type;
+	array_t *types;
+	int i;
+
 	if (&this->public == other)
 	{
 		return TRUE;
 	}
-	return (
-		algo_list_equals(this, other, ENCRYPTION_ALGORITHM) &&
-		algo_list_equals(this, other, INTEGRITY_ALGORITHM) &&
-		algo_list_equals(this, other, PSEUDO_RANDOM_FUNCTION) &&
-		algo_list_equals(this, other, DIFFIE_HELLMAN_GROUP) &&
-		algo_list_equals(this, other, EXTENDED_SEQUENCE_NUMBERS));
+
+	types = merge_types(this, (private_proposal_t*)other);
+	for (i = 0; i < array_count(types); i++)
+	{
+		array_get(types, i, &type);
+		if (!algo_list_equals(this, other, type))
+		{
+			array_destroy(types);
+			return FALSE;
+		}
+	}
+	array_destroy(types);
+	return TRUE;
 }
 
 METHOD(proposal_t, clone_, proposal_t*,
diff --git a/src/libstrongswan/tests/suites/test_proposal.c b/src/libstrongswan/tests/suites/test_proposal.c
index 9f8cc7e1f6..4e235861c0 100644
--- a/src/libstrongswan/tests/suites/test_proposal.c
+++ b/src/libstrongswan/tests/suites/test_proposal.c
@@ -212,6 +212,23 @@ START_TEST(test_unknown_transform_types_print)
 }
 END_TEST
 
+START_TEST(test_unknown_transform_types_equals)
+{
+	proposal_t *self, *other;
+
+	self = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
+	other = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256");
+	other->add_algorithm(other, 242, 42, 0);
+	ck_assert(!self->equals(self, other));
+	ck_assert(!other->equals(other, self));
+	self->add_algorithm(self, 242, 42, 0);
+	ck_assert(self->equals(self, other));
+	ck_assert(other->equals(other, self));
+	other->destroy(other);
+	self->destroy(self);
+}
+END_TEST
+
 START_TEST(test_unknown_transform_types_select_fail)
 {
 	proposal_t *self, *other, *selected;
@@ -288,6 +305,7 @@ Suite *proposal_suite_create()
 
 	tc = tcase_create("unknown transform types");
 	tcase_add_test(tc, test_unknown_transform_types_print);
+	tcase_add_test(tc, test_unknown_transform_types_equals);
 	tcase_add_test(tc, test_unknown_transform_types_select_fail);
 	tcase_add_test(tc, test_unknown_transform_types_select_fail_subtype);
 	tcase_add_test(tc, test_unknown_transform_types_select_success);