diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2017-05-30 18:23:12 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2017-07-05 10:08:20 +0200 |
| commit | 5d580ae0639e3be6245a377abf642725721e1f41 (patch) | |
| tree | 816ed413f1ac40b1178207a22c2541ebbe08ec7d | |
| parent | 1aba82bfd736cbbfc78408e7bab588c25e49d12a (diff) | |
| download | strongswan-5d580ae0639e3be6245a377abf642725721e1f41.tar.bz2 strongswan-5d580ae0639e3be6245a377abf642725721e1f41.tar.xz | |
ikev1: Determine transform ID before mapping integrity algorithm ID
Due to the lookup based on the mapped algorithm ID the resulting AH
proposals were invalid.
Fixes #2347.
Fixes: 8456d6f5a8e9 ("ikev1: Don't require AH mapping for integrity algorithm when generating proposal")
| -rw-r--r-- | src/libcharon/encoding/payloads/proposal_substructure.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c index 55641e145..c3f06391a 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.c +++ b/src/libcharon/encoding/payloads/proposal_substructure.c @@ -1360,10 +1360,10 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this, enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM); if (enumerator->enumerate(enumerator, &alg, &key_size)) { + transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg); alg = get_ikev1_auth_from_alg(alg); if (alg) { - transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg); if (!transform && transid) { transform = transform_substructure_create_type( |