From 2f893f278d5fe2bf43081bf5c341f9feaf3aedcb Mon Sep 17 00:00:00 2001
From: Martin Willi <martin@revosec.ch>
Date: Fri, 16 May 2014 16:18:16 +0200
Subject: [PATCH] proposal: Don't return a default IKE proposal without
 encryption/AEAD algs

---
 src/libcharon/config/proposal.c | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
index 48313b753a..4d881cd2f6 100644
--- a/src/libcharon/config/proposal.c
+++ b/src/libcharon/config/proposal.c
@@ -627,7 +627,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number)
 /**
  * Add supported IKE algorithms to proposal
  */
-static void proposal_add_supported_ike(private_proposal_t *this, bool aead)
+static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
 {
 	enumerator_t *enumerator;
 	encryption_algorithm_t encryption;
@@ -662,6 +662,11 @@ static void proposal_add_supported_ike(private_proposal_t *this, bool aead)
 			}
 		}
 		enumerator->destroy(enumerator);
+
+		if (!array_count(this->transforms))
+		{
+			return FALSE;
+		}
 	}
 	else
 	{
@@ -691,6 +696,11 @@ static void proposal_add_supported_ike(private_proposal_t *this, bool aead)
 		}
 		enumerator->destroy(enumerator);
 
+		if (!array_count(this->transforms))
+		{
+			return FALSE;
+		}
+
 		enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
 		while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
 		{
@@ -772,6 +782,8 @@ static void proposal_add_supported_ike(private_proposal_t *this, bool aead)
 		}
 	}
 	enumerator->destroy(enumerator);
+
+	return TRUE;
 }
 
 /*
@@ -784,7 +796,11 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
 	switch (protocol)
 	{
 		case PROTO_IKE:
-			proposal_add_supported_ike(this, FALSE);
+			if (!proposal_add_supported_ike(this, FALSE))
+			{
+				destroy(this);
+				return NULL;
+			}
 			break;
 		case PROTO_ESP:
 			add_algorithm(this, ENCRYPTION_ALGORITHM,   ENCR_AES_CBC,         128);
@@ -820,7 +836,11 @@ proposal_t *proposal_create_default_aead(protocol_id_t protocol)
 	{
 		case PROTO_IKE:
 			this = (private_proposal_t*)proposal_create(protocol, 0);
-			proposal_add_supported_ike(this, TRUE);
+			if (!proposal_add_supported_ike(this, TRUE))
+			{
+				destroy(this);
+				return NULL;
+			}
 			return &this->public;
 		case PROTO_ESP:
 			/* we currently don't include any AEAD proposal for ESP, as we
-- 
2.47.2