From 5d580ae0639e3be6245a377abf642725721e1f41 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Tue, 30 May 2017 18:23:12 +0200
Subject: [PATCH] ikev1: Determine transform ID before mapping integrity
 algorithm ID

Due to the lookup based on the mapped algorithm ID the resulting AH
proposals were invalid.

Fixes #2347.

Fixes: 8456d6f5a8e9 ("ikev1: Don't require AH mapping for integrity algorithm when generating proposal")
---
 src/libcharon/encoding/payloads/proposal_substructure.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index 55641e145b..c3f06391a1 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -1360,10 +1360,10 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this,
 	enumerator = proposal->create_enumerator(proposal, INTEGRITY_ALGORITHM);
 	if (enumerator->enumerate(enumerator, &alg, &key_size))
 	{
+		transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg);
 		alg = get_ikev1_auth_from_alg(alg);
 		if (alg)
 		{
-			transid = get_ikev1_transid_from_alg(INTEGRITY_ALGORITHM, alg);
 			if (!transform && transid)
 			{
 				transform = transform_substructure_create_type(