Fixed encryption of IKEv2 messages.
authorTobias Brunner <tobias@strongswan.org>
Wed, 23 Nov 2011 14:23:20 +0000 (15:23 +0100)
committerTobias Brunner <tobias@strongswan.org>
Tue, 20 Mar 2012 16:30:50 +0000 (17:30 +0100)
src/libcharon/encoding/message.c

index 440b014..aa774e0 100644 (file)
@@ -1505,7 +1505,8 @@ METHOD(message_t, generate, status_t,
        ike_header->destroy(ike_header);
 
        if (encryption)
-       {
+       {       /* set_transform() has to be called before get_length() */
+               encryption->set_transform(encryption, aead);
                if (this->is_encrypted)
                {       /* for IKEv1 instead of associated data we provide the IV */
                        chunk = keymat_v1->get_iv(keymat_v1, this->message_id);
@@ -1516,7 +1517,6 @@ METHOD(message_t, generate, status_t,
                        /* fill in length, including encryption payload */
                        htoun32(lenpos, chunk.len + encryption->get_length(encryption));
                }
-               encryption->set_transform(encryption, aead);
                this->payloads->insert_last(this->payloads, encryption);
                if (!encryption->encrypt(encryption, chunk))
                {