ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

proposal: Strip redundant integrity algos for ESP proposals only

This commit is contained in:
Martin Willi 2013-06-20 16:10:55 +02:00
parent 0576412989
commit f0c59e1cf8
1 changed files with 21 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/libcharon/config/proposal.c
View File

@ -429,30 +429,33 @@ static void check_proposal(private_proposal_t *this)
e->destroy(e);
}
e = create_enumerator(this, ENCRYPTION_ALGORITHM);
while (e->enumerate(e, &alg, &ks))
if (this->protocol == PROTO_ESP)
{
if (!encryption_algorithm_is_aead(alg))
e = create_enumerator(this, ENCRYPTION_ALGORITHM);
while (e->enumerate(e, &alg, &ks))
{
all_aead = FALSE;
break;
}
}
e->destroy(e);
if (all_aead)
{
/* if all encryption algorithms in the proposal are AEADs,
* we MUST NOT propose any integrity algorithms */
e = array_create_enumerator(this->transforms);
while (e->enumerate(e, &entry))
{
if (entry->type == INTEGRITY_ALGORITHM)
if (!encryption_algorithm_is_aead(alg))
{
array_remove_at(this->transforms, e);
all_aead = FALSE;
break;
}
}
e->destroy(e);
if (all_aead)
{
/* if all encryption algorithms in the proposal are AEADs,
* we MUST NOT propose any integrity algorithms */
e = array_create_enumerator(this->transforms);
while (e->enumerate(e, &entry))
{
if (entry->type == INTEGRITY_ALGORITHM)
{
array_remove_at(this->transforms, e);
}
}
e->destroy(e);
}
}
if (this->protocol == PROTO_AH || this->protocol == PROTO_ESP)