4 files changed, 20 insertions, 15 deletions

diff --git a/Source/charon/sa/ike_sa.c b/Source/charon/sa/ike_sa.c
index 113c0e94b..12ae0cc24 100644
--- a/Source/charon/sa/ike_sa.c
+++ b/Source/charon/sa/ike_sa.c
@@ -398,11 +398,6 @@ static void compute_secrets(private_ike_sa_t *this,chunk_t dh_shared_secret,chun
 	chunk_t prf_plus_seed;
 	prf_plus_t *prf_plus;
 
-	
-	/**
-	 * TODO check length fo specific prfs
-	 */
-
 	/* first is initiator */
 	memcpy(concatenated_nonces.ptr,initiator_nonce.ptr,initiator_nonce.len);
 	/* second is responder */
diff --git a/Source/charon/sa/ike_sa.h b/Source/charon/sa/ike_sa.h
index af3be504f..5aecb216d 100644
--- a/Source/charon/sa/ike_sa.h
+++ b/Source/charon/sa/ike_sa.h
@@ -46,7 +46,12 @@ typedef struct ike_sa_t ike_sa_t;
 
 /**
  * @brief Class ike_sa_t. An object of this type is managed by an
- * ike_sa_manager_t object and represents an IKE_SA.
+ * ike_sa_manager_t object and represents an IKE_SA. Message processing
+ * is split up in different states. They will handle all related things
+ * for their state.
+ * 
+ * @b Constructors:
+ * - ike_sa_create()
  * 
  * @ingroup sa
  */
@@ -66,7 +71,10 @@ struct ike_sa_t {
 	 * 
 	 * @param this 			calling object
 	 * @param name 			name of the configuration
-	 * @return				TODO
+	 * @return				
+	 * 						- SUCCESS if initialization started
+	 * 						- FAILED if in wrong state
+	 * 						- DELETE_ME if initialization faild and SA should be deleted
 	 */
 	status_t (*initialize_connection) (ike_sa_t *this, char *name);
 	
@@ -105,9 +113,8 @@ struct ike_sa_t {
 	void (*destroy) (ike_sa_t *this);
 };
 
-typedef struct protected_ike_sa_t protected_ike_sa_t;
-
 
+typedef struct protected_ike_sa_t protected_ike_sa_t;
 
 /**
  * @brief Protected data of an ike_sa_t object.
@@ -356,7 +363,6 @@ struct protected_ike_sa_t {
 	 */
 	message_t *(*get_last_requested_message) (protected_ike_sa_t *this);
 
-
 	/**
 	 * Gets the Shared key SK_pr.
 	 * 
@@ -407,7 +413,7 @@ struct protected_ike_sa_t {
  * @warning the Content of internal ike_sa_id_t object can change over time
  * 			e.g. when a IKE_SA_INIT has been finished.
  *
- * @return 					created ike_sa_t object
+ * @return 					ike_sa_t object
  * 
  * @ingroup sa
  */
diff --git a/Source/charon/sa/ike_sa_manager.h b/Source/charon/sa/ike_sa_manager.h
index c001afb14..0d991554e 100644
--- a/Source/charon/sa/ike_sa_manager.h
+++ b/Source/charon/sa/ike_sa_manager.h
@@ -37,7 +37,10 @@ typedef struct ike_sa_manager_t ike_sa_manager_t;
  * The manager also handles deletion of SAs.
  *
  * @todo checking of double-checkouts from the same threads would be nice.
- * This could be by comparing thread-ids via pthread_self()...
+ * This could be done by comparing thread-ids via pthread_self()...
+ * 
+ * @b Constructors:
+ * - ike_sa_manager_create()
  * 
  * @ingroup sa
  */
@@ -129,7 +132,7 @@ struct ike_sa_manager_t {
 /**
  * @brief Create a manager
  * 
- * @returns 	the created manager
+ * @returns ike_sa_manager_t object
  * 
  * @ingroup sa
  */
diff --git a/Source/charon/sa/states/ike_sa_init_requested.c b/Source/charon/sa/states/ike_sa_init_requested.c
index b4b0ce530..9e65e9664 100644
--- a/Source/charon/sa/states/ike_sa_init_requested.c
+++ b/Source/charon/sa/states/ike_sa_init_requested.c
@@ -238,13 +238,14 @@ static status_t process_message(private_ike_sa_init_requested_t *this, message_t
 		return status;	
 	}
 	
+	/* because I am original initiator i have to update the responder SPI to the new one */	
+	responder_spi = ike_sa_init_reply->get_responder_spi(ike_sa_init_reply);
+	
 	if (responder_spi == 0)
 	{
 		this->logger->log(this->logger, ERROR | MORE, "Responder SPI still zero");
 		return FAILED;
 	}
-	/* because I am original initiator i have to update the responder SPI to the new one */	
-	responder_spi = ike_sa_init_reply->get_responder_spi(ike_sa_init_reply);
 	ike_sa_id = this->ike_sa->public.get_id(&(this->ike_sa->public));
 	ike_sa_id->set_responder_spi(ike_sa_id,responder_spi);