Handle INFORMATIONAL_V1 messages when no keys have been derived yet.

This allows to gracefully process the INFORMATIONAL_V1 message rules which
require the payloads to be encrypted and thus the exchange to be
authenticated with a HASH payload.  If such an exchange is now initiated
before the ISAKMP_SA is established, the message is simply sent unencrypted
and without HASH payload.

1 files changed, 3 insertions, 2 deletions

diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index aa774e0c3..17adc5eb9 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -1419,8 +1419,8 @@ METHOD(message_t, generate, status_t,
 			chunk_free(&hash);
 		}
 
-		/* if at least one payload requires encryption, encrypt the message */
-		/* TODO-IKEV1: set is_encrypted externally instead of this check? */
+		/* if at least one payload requires encryption, encrypt the message.
+		 * if we have no key material available, the flag will be reset below */
 		enumerator = this->payloads->create_enumerator(this->payloads);
 		while (enumerator->enumerate(enumerator, (void**)&payload))
 		{
@@ -1447,6 +1447,7 @@ METHOD(message_t, generate, status_t,
 	else
 	{
 		DBG2(DBG_ENC, "not encrypting payloads");
+		this->is_encrypted = FALSE;
 	}
 
 	ike_header = ike_header_create_version(this->major_version,