diff options
| author | Martin Willi <martin@revosec.ch> | 2014-05-16 16:18:16 +0200 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2014-05-16 16:51:19 +0200 |
| commit | 2f893f278d5fe2bf43081bf5c341f9feaf3aedcb (patch) | |
| tree | 075ee9108f9531f8431fa376262a5b29de46f277 /src/libcharon/config | |
| parent | 8d74ec9e803805f259a2388d8f8e0d636a7d72f3 (diff) | |
| download | strongswan-2f893f278d5fe2bf43081bf5c341f9feaf3aedcb.tar.bz2 strongswan-2f893f278d5fe2bf43081bf5c341f9feaf3aedcb.tar.xz | |
proposal: Don't return a default IKE proposal without encryption/AEAD algs
Diffstat (limited to 'src/libcharon/config')
| -rw-r--r-- | src/libcharon/config/proposal.c | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index 48313b753..4d881cd2f 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -627,7 +627,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number) /** * Add supported IKE algorithms to proposal */ -static void proposal_add_supported_ike(private_proposal_t *this, bool aead) +static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) { enumerator_t *enumerator; encryption_algorithm_t encryption; @@ -662,6 +662,11 @@ static void proposal_add_supported_ike(private_proposal_t *this, bool aead) } } enumerator->destroy(enumerator); + + if (!array_count(this->transforms)) + { + return FALSE; + } } else { @@ -691,6 +696,11 @@ static void proposal_add_supported_ike(private_proposal_t *this, bool aead) } enumerator->destroy(enumerator); + if (!array_count(this->transforms)) + { + return FALSE; + } + enumerator = lib->crypto->create_signer_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &integrity, &plugin_name)) { @@ -772,6 +782,8 @@ static void proposal_add_supported_ike(private_proposal_t *this, bool aead) } } enumerator->destroy(enumerator); + + return TRUE; } /* @@ -784,7 +796,11 @@ proposal_t *proposal_create_default(protocol_id_t protocol) switch (protocol) { case PROTO_IKE: - proposal_add_supported_ike(this, FALSE); + if (!proposal_add_supported_ike(this, FALSE)) + { + destroy(this); + return NULL; + } break; case PROTO_ESP: add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128); @@ -820,7 +836,11 @@ proposal_t *proposal_create_default_aead(protocol_id_t protocol) { case PROTO_IKE: this = (private_proposal_t*)proposal_create(protocol, 0); - proposal_add_supported_ike(this, TRUE); + if (!proposal_add_supported_ike(this, TRUE)) + { + destroy(this); + return NULL; + } return &this->public; case PROTO_ESP: /* we currently don't include any AEAD proposal for ESP, as we |