diff --git a/programs/pluto/ikev1.c b/programs/pluto/ikev1.c
index 6c14ca8..56d466f 100644
--- a/programs/pluto/ikev1.c
+++ b/programs/pluto/ikev1.c
@@ -2249,6 +2249,32 @@ void process_packet_tail(struct msg_digest **mdp)
 		}
 	}
 
+	if (md->hdr.isa_xchg == ISAKMP_XCHG_INFO &&
+	    md->hdr.isa_np == ISAKMP_NEXT_HASH) {
+		pb_stream *const hash_pbs = &(md)->chain[ISAKMP_NEXT_HASH]->pbs;
+		u_char hash_val[MAX_DIGEST_LEN];
+		size_t hash_len = quick_mode_hash12(hash_val, hash_pbs->roof,
+						    md->message_pbs.roof,
+						    st, &md->hdr.isa_msgid, FALSE);
+		if (pbs_left(hash_pbs) != hash_len) {
+			loglog(RC_LOG_SERIOUS,
+			       "received 'informational' message HASH(1) data is the wrong length (received %zu bytes but expected %zu)",
+			       pbs_left(hash_pbs), hash_len);
+			return;
+		}
+		if (!memeq(hash_pbs->cur, hash_val, hash_len)) {
+			if (DBGP(DBG_CRYPT)) {
+				DBG_dump("received 'informational':",
+					 hash_pbs->cur, pbs_left(hash_pbs));
+			}
+			loglog(RC_LOG_SERIOUS,
+			       "received 'informational' message HASH(1) data does not match computed value");
+			return;
+		} else {
+			DBG(DBG_CRYPT, DBG_log("received 'informational' message HASH(1) data ok"));
+		}
+	}
+
 	/* more sanity checking: enforce most ordering constraints */
 
 	if (IS_PHASE1(from_state) || IS_PHASE15(from_state)) {
diff --git a/programs/pluto/ikev1_quick.c b/programs/pluto/ikev1_quick.c
index 7ec48ca..d63cd61 100644
--- a/programs/pluto/ikev1_quick.c
+++ b/programs/pluto/ikev1_quick.c
@@ -666,10 +666,10 @@ static bool check_net_id(struct isakmp_ipsec_id *id,
  * Used by: quick_outI1, quick_inI1_outR1 (twice), quick_inR1_outI2
  * (see RFC 2409 "IKE" 5.5, pg. 18 or draft-ietf-ipsec-ike-01.txt 6.2 pg 25)
  */
-static size_t quick_mode_hash12(u_char *dest, const u_char *start,
-				const u_char *roof,
-				const struct state *st, const msgid_t *msgid,
-				bool hash2)
+size_t quick_mode_hash12(u_char *dest, const u_char *start,
+			 const u_char *roof,
+			 const struct state *st, const msgid_t *msgid,
+			 bool hash2)
 {
 	struct hmac_ctx ctx;
 
diff --git a/programs/pluto/ipsec_doi.h b/programs/pluto/ipsec_doi.h
index f8bf9b2..31d0867 100644
--- a/programs/pluto/ipsec_doi.h
+++ b/programs/pluto/ipsec_doi.h
@@ -127,6 +127,11 @@ extern bool accept_KE(chunk_t *dest, const char *val_name,
 		dbg("received '"msg_name"' message "hash_name" data ok"); \
 	}
 
+size_t quick_mode_hash12(u_char *dest, const u_char *start,
+			 const u_char *roof,
+			 const struct state *st, const msgid_t *msgid,
+			 bool hash2);
+
 extern stf_status send_isakmp_notification(struct state *st,
 					   uint16_t type, const void *data,
 					   size_t len);