From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 2 Oct 2024 08:33:05 +0000 (+0200)
Subject: vici-config: Same order for default ESP proposals if unset or set to "default"
X-Git-Tag: 6.0.0rc1~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e020bc9e31ecd7e08bdf6116e110d189ce26c90;p=thirdparty%2Fstrongswan.git

vici-config: Same order for default ESP proposals if unset or set to "default"

The order was different when not setting `esp_proposals` or explicitly
configuring `default`.

Fixes: 33412158f58c ("ike: Send AEAD ESP default proposal first")
---

diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c
index 1bb925417f..cb3c547ab3 100644
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@@ -601,6 +601,34 @@ static void free_child_data(child_data_t *data)
 	free(data->cfg.interface);
 }
 
+/**
+ * Add the default proposals for the given protocol.  We currently prefer AEAD
+ * for ESP but not for IKE.
+ */
+static void add_default_proposals(linked_list_t *list, protocol_id_t proto)
+{
+	proposal_t *first, *second;
+
+	if (proto == PROTO_IKE)
+	{
+		first = proposal_create_default(proto);
+		second = proposal_create_default_aead(proto);
+	}
+	else
+	{
+		first = proposal_create_default_aead(proto);
+		second = proposal_create_default(proto);
+	}
+	if (first)
+	{
+		list->insert_last(list, first);
+	}
+	if (second)
+	{
+		list->insert_last(list, second);
+	}
+}
+
 /**
  * Common proposal parsing
  */
@@ -615,16 +643,7 @@ static bool parse_proposal(linked_list_t *list, protocol_id_t proto, chunk_t v)
 	}
 	if (strcaseeq("default", buf))
 	{
-		proposal = proposal_create_default(proto);
-		if (proposal)
-		{
-			list->insert_last(list, proposal);
-		}
-		proposal = proposal_create_default_aead(proto);
-		if (proposal)
-		{
-			list->insert_last(list, proposal);
-		}
+		add_default_proposals(list, proto);
 		return TRUE;
 	}
 	proposal = proposal_create_from_string(proto, buf);
@@ -2134,16 +2153,7 @@ CALLBACK(children_sn, bool,
 	}
 	if (child.proposals->get_count(child.proposals) == 0)
 	{
-		proposal = proposal_create_default_aead(PROTO_ESP);
-		if (proposal)
-		{
-			child.proposals->insert_last(child.proposals, proposal);
-		}
-		proposal = proposal_create_default(PROTO_ESP);
-		if (proposal)
-		{
-			child.proposals->insert_last(child.proposals, proposal);
-		}
+		add_default_proposals(child.proposals, PROTO_ESP);
 	}
 
 	check_lifetimes(&child.cfg.lifetime);
@@ -2740,16 +2750,7 @@ CALLBACK(config_sn, bool,
 	}
 	if (peer.proposals->get_count(peer.proposals) == 0)
 	{
-		proposal = proposal_create_default(PROTO_IKE);
-		if (proposal)
-		{
-			peer.proposals->insert_last(peer.proposals, proposal);
-		}
-		proposal = proposal_create_default_aead(PROTO_IKE);
-		if (proposal)
-		{
-			peer.proposals->insert_last(peer.proposals, proposal);
-		}
+		add_default_proposals(peer.proposals, PROTO_IKE);
 	}
 	if (!peer.local_addrs)
 	{