From: Martin Willi <martin@revosec.ch>
Date: Mon, 16 Apr 2012 14:55:14 +0000 (+0200)
Subject: Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE
X-Git-Tag: 4.6.3~28
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a59a03670bd49bc3f43175b496f6d2be7e338094;p=thirdparty%2Fstrongswan.git

Reuse existing DH value when retrying IKE_SA_INIT with a COOKIE
---

diff --git a/src/libcharon/sa/tasks/ike_init.c b/src/libcharon/sa/tasks/ike_init.c
index b8e66c7e6e..dd8a4b086c 100644
--- a/src/libcharon/sa/tasks/ike_init.c
+++ b/src/libcharon/sa/tasks/ike_init.c
@@ -517,8 +517,11 @@ METHOD(task_t, migrate, void,
 	this->ike_sa = ike_sa;
 	this->keymat = ike_sa->get_keymat(ike_sa);
 	this->proposal = NULL;
-	DESTROY_IF(this->dh);
-	this->dh = this->keymat->create_dh(this->keymat, this->dh_group);
+	if (this->dh && this->dh->get_dh_group(this->dh) != this->dh_group)
+	{	/* reset DH value only if group changed (INVALID_KE_PAYLOAD) */
+		this->dh->destroy(this->dh);
+		this->dh = this->keymat->create_dh(this->keymat, this->dh_group);
+	}
 }
 
 METHOD(task_t, destroy, void,