ikev1: Determine transform ID before mapping integrity algorithm ID
authorTobias Brunner <tobias@strongswan.org>
Tue, 30 May 2017 16:23:12 +0000 (18:23 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 5 Jul 2017 08:08:20 +0000 (10:08 +0200)
Due to the lookup based on the mapped algorithm ID the resulting AH
proposals were invalid.

Fixes #2347.

Fixes: 8456d6f5a8e9 ("ikev1: Don't require AH mapping for integrity algorithm when generating proposal")

src/libcharon/encoding/payloads/proposal_substructure.c

index 55641e1..c3f0639 100644 (file)
@@ -1360,10 +1360,10 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this,
        enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM);
        if (enumerator->enumerate(enumerator, &alg, &key_size))
        {
+               transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg);
                alg = get_ikev1_auth_from_alg(alg);
                if (alg)
                {
-                       transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg);
                        if (!transform && transid)
                        {
                                transform = transform_substructure_create_type(