ip/xfrm: Do not allow redundant algorithm combinations to be specified AEAD algorithms perform both encryption and authentication; they are not combined with separate encryption or authentication algorithms. Signed-off-by: David Ward <david.ward@ll.mit.edu>

commit: ec839527f2647f365e84e6f571ce13d90b7c6adf [log] [tgz]
author: David Ward <david.ward@ll.mit.edu> Mon Mar 25 04:23:14 2013 +0000
committer: Stephen Hemminger <stephen@networkplumber.org> Thu Mar 28 14:40:45 2013 -0700
tree: a56d139b308ad734fb90903528ef430a40a1b867
parent: 1d26e1fefd379deffd76469deea8f1bb8c0fc2dd [diff]
diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
index 3c01ec5..85d3e35 100644
--- a/ip/xfrm_state.c
+++ b/ip/xfrm_state.c

@@ -379,18 +379,18 @@
 
 				switch (type) {
 				case XFRMA_ALG_AEAD:
-					if (aeadop)
+					if (ealgop || aalgop || aeadop)
 						duparg("ALGO-TYPE", *argv);
 					aeadop = *argv;
 					break;
 				case XFRMA_ALG_CRYPT:
-					if (ealgop)
+					if (ealgop || aeadop)
 						duparg("ALGO-TYPE", *argv);
 					ealgop = *argv;
 					break;
 				case XFRMA_ALG_AUTH:
 				case XFRMA_ALG_AUTH_TRUNC:
-					if (aalgop)
+					if (aalgop || aeadop)
 						duparg("ALGO-TYPE", *argv);
 					aalgop = *argv;
 					break;
commit	ec839527f2647f365e84e6f571ce13d90b7c6adf	[log] [tgz]
author	David Ward <david.ward@ll.mit.edu>	Mon Mar 25 04:23:14 2013 +0000
committer	Stephen Hemminger <stephen@networkplumber.org>	Thu Mar 28 14:40:45 2013 -0700
tree	a56d139b308ad734fb90903528ef430a40a1b867
parent	1d26e1fefd379deffd76469deea8f1bb8c0fc2dd [diff]