Merge tag 'upstream/5.3.1'

Upstream version 5.3.1

Conflicts:
	src/libstrongswan/plugins/aesni/aesni_cbc.h

1 files changed, 5 insertions, 0 deletions

diff --git a/src/libcharon/encoding/payloads/encrypted_payload.c b/src/libcharon/encoding/payloads/encrypted_payload.c
index 04372fdf0..d1a267836 100644
--- a/src/libcharon/encoding/payloads/encrypted_payload.c
+++ b/src/libcharon/encoding/payloads/encrypted_payload.c
@@ -502,6 +502,8 @@ METHOD(encrypted_payload_t, encrypt, status_t,
 	generator = generator_create();
 	plain = generate(this, generator);
 	assoc = append_header(this, assoc);
+	/* lower 32-bits are for fragment number, if used */
+	mid <<= 32;
 	status = encrypt_content("encrypted payload", this->aead, mid, plain, assoc,
 							 &this->encrypted);
 	generator->destroy(generator);
@@ -932,6 +934,9 @@ METHOD(encrypted_payload_t, frag_encrypt, status_t,
 	}
 	free(this->encrypted.ptr);
 	assoc = append_header_frag(this, assoc);
+	/* IKEv2 message IDs are not unique if fragmentation is used, hence include
+	 * the fragment number to make it unique */
+	mid = mid << 32 | this->fragment_number;
 	status = encrypt_content("encrypted fragment payload", this->aead, mid,
 							 this->plain, assoc, &this->encrypted);
 	free(assoc.ptr);