Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE

author: Martin Willi <martin@revosec.ch> 2012-04-16 16:55:14 +0200
committer: Martin Willi <martin@revosec.ch> 2012-04-17 10:02:21 +0200
commit: a59a03670bd49bc3f43175b496f6d2be7e338094 (patch)
tree: 3217032d1b115899c4b0e95824a98a3a87579a1a /src
parent: 7fd6c078b67ee4e5061379599b6a814bba22b8c6 (diff)
download: strongswan-a59a03670bd49bc3f43175b496f6d2be7e338094.tar.bz2
strongswan-a59a03670bd49bc3f43175b496f6d2be7e338094.tar.xz
1 files changed, 5 insertions, 2 deletions
diff --git a/src/libcharon/sa/tasks/ike_init.c b/src/libcharon/sa/tasks/ike_init.c
index b8e66c7e6..dd8a4b086 100644
--- a/src/libcharon/sa/tasks/ike_init.c
+++ b/src/libcharon/sa/tasks/ike_init.c
@@ -517,8 +517,11 @@ METHOD(task_t, migrate, void,
 	this->ike_sa = ike_sa;
 	this->keymat = ike_sa->get_keymat(ike_sa);
 	this->proposal = NULL;
-	DESTROY_IF(this->dh);
-	this->dh = this->keymat->create_dh(this->keymat, this->dh_group);
+	if (this->dh && this->dh->get_dh_group(this->dh) != this->dh_group)
+	{	/* reset DH value only if group changed (INVALID_KE_PAYLOAD) */
+		this->dh->destroy(this->dh);
+		this->dh = this->keymat->create_dh(this->keymat, this->dh_group);
+	}
 }
 
 METHOD(task_t, destroy, void,
author	Martin Willi <martin@revosec.ch>	2012-04-16 16:55:14 +0200
committer	Martin Willi <martin@revosec.ch>	2012-04-17 10:02:21 +0200
commit	a59a03670bd49bc3f43175b496f6d2be7e338094 (patch)
tree	3217032d1b115899c4b0e95824a98a3a87579a1a /src
parent	7fd6c078b67ee4e5061379599b6a814bba22b8c6 (diff)
download	strongswan-a59a03670bd49bc3f43175b496f6d2be7e338094.tar.bz2 strongswan-a59a03670bd49bc3f43175b496f6d2be7e338094.tar.xz