From: Thomas Egerer Date: Tue, 3 Sep 2019 11:24:08 +0000 (+0200) Subject: proposal: Use flags to select/match proposals X-Git-Tag: 5.8.2dr2~19^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f930b732c4bc59a2785761d4da0c56d1235fee23;p=thirdparty%2Fstrongswan.git proposal: Use flags to select/match proposals During proposal selection with ike/child_cfgs a couple of boolean variables can be set (e.g. private, prefer_self, strip_dh). To simplify the addition of new parameters, these functions now use a set of flags instead of indiviual boolean values. Signed-off-by: Thomas Egerer --- diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 73cb02bd9a..02a65b6435 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -234,13 +234,13 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*, } METHOD(child_cfg_t, select_proposal, proposal_t*, - private_child_cfg_t*this, linked_list_t *proposals, bool strip_dh, - bool private, bool prefer_self) + private_child_cfg_t*this, linked_list_t *proposals, + proposal_selection_flag_t flags) { enumerator_t *prefer_enum, *match_enum; proposal_t *proposal, *match, *selected = NULL; - if (prefer_self) + if (flags & PROPOSAL_PREFER_CONFIGURED) { prefer_enum = this->proposals->create_enumerator(this->proposals); match_enum = proposals->create_enumerator(proposals); @@ -254,11 +254,11 @@ METHOD(child_cfg_t, select_proposal, proposal_t*, while (prefer_enum->enumerate(prefer_enum, &proposal)) { proposal = proposal->clone(proposal); - if (strip_dh) + if (flags & PROPOSAL_STRIP_DH) { proposal->strip_dh(proposal, MODP_NONE); } - if (prefer_self) + if (flags & PROPOSAL_PREFER_CONFIGURED) { proposals->reset_enumerator(proposals, match_enum); } @@ -269,11 +269,11 @@ METHOD(child_cfg_t, select_proposal, proposal_t*, while (match_enum->enumerate(match_enum, &match)) { match = match->clone(match); - if (strip_dh) + if (flags & PROPOSAL_STRIP_DH) { match->strip_dh(match, MODP_NONE); } - selected = proposal->select(proposal, match, prefer_self, private); + selected = proposal->select(proposal, match, flags); match->destroy(match); if (selected) { diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index b80268513c..13ec6d87b5 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -99,14 +99,11 @@ struct child_cfg_t { * Returned propsal is newly created and must be destroyed after usage. * * @param proposals list from which proposals are selected - * @param strip_dh TRUE strip out diffie hellman groups - * @param private accept algorithms from a private range - * @param prefer_self whether to prefer configured or supplied proposals + * @param flags flags to consider during proposal selection * @return selected proposal, or NULL if nothing matches */ proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals, - bool strip_dh, bool private, - bool prefer_self); + proposal_selection_flag_t flags); /** * Add a traffic selector to the config. diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c index d99abbced6..e6fd7e6ae3 100644 --- a/src/libcharon/config/ike_cfg.c +++ b/src/libcharon/config/ike_cfg.c @@ -329,7 +329,8 @@ METHOD(ike_cfg_t, has_proposal, bool, enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &proposal)) { - if (proposal->matches(proposal, match, private)) + if (proposal->matches(proposal, match, + private ? PROPOSAL_ALLOW_PRIVATE : 0)) { enumerator->destroy(enumerator); return TRUE; @@ -340,13 +341,13 @@ METHOD(ike_cfg_t, has_proposal, bool, } METHOD(ike_cfg_t, select_proposal, proposal_t*, - private_ike_cfg_t *this, linked_list_t *proposals, bool private, - bool prefer_self) + private_ike_cfg_t *this, linked_list_t *proposals, + proposal_selection_flag_t flags) { enumerator_t *prefer_enum, *match_enum; proposal_t *proposal, *match, *selected = NULL; - if (prefer_self) + if (flags & PROPOSAL_PREFER_CONFIGURED) { prefer_enum = this->proposals->create_enumerator(this->proposals); match_enum = proposals->create_enumerator(proposals); @@ -359,7 +360,7 @@ METHOD(ike_cfg_t, select_proposal, proposal_t*, while (prefer_enum->enumerate(prefer_enum, (void**)&proposal)) { - if (prefer_self) + if (flags & PROPOSAL_PREFER_CONFIGURED) { proposals->reset_enumerator(proposals, match_enum); } @@ -369,7 +370,7 @@ METHOD(ike_cfg_t, select_proposal, proposal_t*, } while (match_enum->enumerate(match_enum, (void**)&match)) { - selected = proposal->select(proposal, match, prefer_self, private); + selected = proposal->select(proposal, match, flags); if (selected) { DBG2(DBG_CFG, "received proposals: %#P", proposals); diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h index 9c697dadca..1e11a1e569 100644 --- a/src/libcharon/config/ike_cfg.h +++ b/src/libcharon/config/ike_cfg.h @@ -186,12 +186,11 @@ struct ike_cfg_t { * Returned proposal must be destroyed after use. * * @param proposals list of proposals to select from - * @param private accept algorithms from a private range - * @param prefer_self whether to prefer configured or supplied proposals + * @param flags flags to consider during proposal selection * @return selected proposal, or NULL if none matches. */ proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals, - bool private, bool prefer_self); + proposal_selection_flag_t flags); /** * Check if the config has a matching proposal. diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 023119dd4c..8a10416554 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -374,8 +374,8 @@ METHOD(task_t, process_r, status_t, id_payload_t *id_payload; identification_t *id; linked_list_t *list; + proposal_selection_flag_t flags = 0; uint16_t group; - bool prefer_configured; this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); DBG0(DBG_IKE, "%H is initiating a Aggressive Mode IKE_SA", @@ -399,10 +399,13 @@ METHOD(task_t, process_r, status_t, } list = sa_payload->get_proposals(sa_payload); - prefer_configured = lib->settings->get_bool(lib->settings, - "%s.prefer_configured_proposals", TRUE, lib->ns); - this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, FALSE, prefer_configured); + if (lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns)) + { + flags = PROPOSAL_PREFER_CONFIGURED; + } + this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, list, + flags); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { @@ -641,8 +644,8 @@ METHOD(task_t, process_i, status_t, return send_notify(this, INVALID_PAYLOAD_TYPE); } list = sa_payload->get_proposals(sa_payload); - this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, FALSE, TRUE); + this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, list, + PROPOSAL_PREFER_CONFIGURED); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index b60c84992e..b1b9334a84 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -362,7 +362,7 @@ METHOD(task_t, process_r, status_t, { linked_list_t *list; sa_payload_t *sa_payload; - bool private, prefer_configured; + proposal_selection_flag_t flags = 0; this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); DBG0(DBG_IKE, "%H is initiating a Main Mode IKE_SA", @@ -386,12 +386,17 @@ METHOD(task_t, process_r, status_t, } list = sa_payload->get_proposals(sa_payload); - private = this->ike_sa->supports_extension(this->ike_sa, - EXT_STRONGSWAN); - prefer_configured = lib->settings->get_bool(lib->settings, - "%s.prefer_configured_proposals", TRUE, lib->ns); + if (this->ike_sa->supports_extension(this->ike_sa , EXT_STRONGSWAN)) + { + flags |= PROPOSAL_ALLOW_PRIVATE; + } + if (lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns)) + { + flags |= PROPOSAL_PREFER_CONFIGURED; + } this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, private, prefer_configured); + list, flags); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { @@ -624,8 +629,8 @@ METHOD(task_t, process_i, status_t, linked_list_t *list; sa_payload_t *sa_payload; auth_method_t method; + proposal_selection_flag_t flags = PROPOSAL_PREFER_CONFIGURED; uint32_t lifetime; - bool private; sa_payload = (sa_payload_t*)message->get_payload(message, PLV1_SECURITY_ASSOCIATION); @@ -635,10 +640,12 @@ METHOD(task_t, process_i, status_t, return send_notify(this, INVALID_PAYLOAD_TYPE); } list = sa_payload->get_proposals(sa_payload); - private = this->ike_sa->supports_extension(this->ike_sa, - EXT_STRONGSWAN); + if (this->ike_sa->supports_extension(this->ike_sa , EXT_STRONGSWAN)) + { + flags |= PROPOSAL_ALLOW_PRIVATE; + } this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, private, TRUE); + list, flags); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index 128f027c86..6a104a7e03 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -852,7 +852,7 @@ METHOD(task_t, build_i, status_t, } } - list = this->config->get_proposals(this->config, MODP_NONE); + list = this->config->get_proposals(this->config, FALSE); if (list->get_first(list, (void**)&proposal) == SUCCESS) { this->proto = proposal->get_protocol(proposal); @@ -1072,7 +1072,7 @@ METHOD(task_t, process_r, status_t, linked_list_t *tsi, *tsr, *hostsi, *hostsr, *list = NULL; peer_cfg_t *peer_cfg; uint16_t group; - bool private, prefer_configured; + proposal_selection_flag_t flags = 0; sa_payload = (sa_payload_t*)message->get_payload(message, PLV1_SECURITY_ASSOCIATION); @@ -1132,12 +1132,17 @@ METHOD(task_t, process_r, status_t, DESTROY_IF(list); list = sa_payload->get_proposals(sa_payload); } - private = this->ike_sa->supports_extension(this->ike_sa, - EXT_STRONGSWAN); - prefer_configured = lib->settings->get_bool(lib->settings, - "%s.prefer_configured_proposals", TRUE, lib->ns); + if (this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN)) + { + flags |= PROPOSAL_ALLOW_PRIVATE; + } + if (lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns)) + { + flags |= PROPOSAL_PREFER_CONFIGURED; + } this->proposal = this->config->select_proposal(this->config, list, - FALSE, private, prefer_configured); + flags); list->destroy_offset(list, offsetof(proposal_t, destroy)); get_lifetimes(this); @@ -1340,7 +1345,7 @@ METHOD(task_t, process_i, status_t, { sa_payload_t *sa_payload; linked_list_t *list = NULL; - bool private; + proposal_selection_flag_t flags = PROPOSAL_PREFER_CONFIGURED; sa_payload = (sa_payload_t*)message->get_payload(message, PLV1_SECURITY_ASSOCIATION); @@ -1365,10 +1370,12 @@ METHOD(task_t, process_i, status_t, DESTROY_IF(list); list = sa_payload->get_proposals(sa_payload); } - private = this->ike_sa->supports_extension(this->ike_sa, - EXT_STRONGSWAN); + if (this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN)) + { + flags |= PROPOSAL_ALLOW_PRIVATE; + } this->proposal = this->config->select_proposal(this->config, list, - FALSE, private, TRUE); + flags); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index ac1f9994ad..a90e29237b 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -544,7 +544,7 @@ static status_t select_and_install(private_child_create_t *this, chunk_t integ_i = chunk_empty, integ_r = chunk_empty; linked_list_t *my_ts, *other_ts; host_t *me, *other; - bool private, prefer_configured; + proposal_selection_flag_t flags = 0; if (this->proposals == NULL) { @@ -560,11 +560,21 @@ static status_t select_and_install(private_child_create_t *this, me = this->ike_sa->get_my_host(this->ike_sa); other = this->ike_sa->get_other_host(this->ike_sa); - private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); - prefer_configured = lib->settings->get_bool(lib->settings, - "%s.prefer_configured_proposals", TRUE, lib->ns); + if (no_dh) + { + flags |= PROPOSAL_STRIP_DH; + } + if (this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN)) + { + flags |= PROPOSAL_ALLOW_PRIVATE; + } + if (lib->settings->get_bool(lib->settings, "%s.prefer_configured_proposals", + TRUE, lib->ns)) + { + flags |= PROPOSAL_PREFER_CONFIGURED; + } this->proposal = this->config->select_proposal(this->config, - this->proposals, no_dh, private, prefer_configured); + this->proposals, flags); if (this->proposal == NULL) { DBG1(DBG_IKE, "no acceptable proposal found"); diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index 04ce5045e7..bcf757bce6 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -453,17 +453,21 @@ static void process_sa_payload(private_ike_init_t *this, message_t *message, enumerator_t *enumerator; linked_list_t *proposal_list; host_t *me, *other; - bool private, prefer_configured; + proposal_selection_flag_t flags = 0; ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); proposal_list = sa_payload->get_proposals(sa_payload); - private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); - prefer_configured = lib->settings->get_bool(lib->settings, - "%s.prefer_configured_proposals", TRUE, lib->ns); - - this->proposal = ike_cfg->select_proposal(ike_cfg, proposal_list, private, - prefer_configured); + if (this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN)) + { + flags |= PROPOSAL_ALLOW_PRIVATE; + } + if (lib->settings->get_bool(lib->settings, "%s.prefer_configured_proposals", + TRUE, lib->ns)) + { + flags |= PROPOSAL_PREFER_CONFIGURED; + } + this->proposal = ike_cfg->select_proposal(ike_cfg, proposal_list, flags); if (!this->proposal) { if (!this->initiator && !this->old_sa) @@ -481,7 +485,7 @@ static void process_sa_payload(private_ike_init_t *this, message_t *message, DBG1(DBG_IKE, "no matching proposal found, trying alternative " "config"); this->proposal = cfg->select_proposal(cfg, proposal_list, - private, prefer_configured); + flags); if (this->proposal) { alt_cfg = cfg->get_ref(cfg); diff --git a/src/libstrongswan/crypto/proposal/proposal.c b/src/libstrongswan/crypto/proposal/proposal.c index 9526089974..4772078b84 100644 --- a/src/libstrongswan/crypto/proposal/proposal.c +++ b/src/libstrongswan/crypto/proposal/proposal.c @@ -338,8 +338,8 @@ METHOD(proposal_t, strip_dh, void, * Select a matching proposal from this and other. */ static bool select_algo(private_proposal_t *this, proposal_t *other, - transform_type_t type, bool priv, bool log, - uint16_t *alg, uint16_t *ks) + transform_type_t type, proposal_selection_flag_t flags, + bool log, uint16_t *alg, uint16_t *ks) { enumerator_t *e1, *e2; uint16_t alg1, alg2, ks1, ks2; @@ -390,7 +390,7 @@ static bool select_algo(private_proposal_t *this, proposal_t *other, { if (alg1 == alg2 && ks1 == ks2) { - if (!priv && alg1 >= 1024) + if (!(flags & PROPOSAL_ALLOW_PRIVATE) && alg1 >= 1024) { if (log) { @@ -417,7 +417,7 @@ static bool select_algo(private_proposal_t *this, proposal_t *other, * is stored there and errors are logged. */ static bool select_algos(private_proposal_t *this, proposal_t *other, - proposal_t *selected, bool private) + proposal_t *selected, proposal_selection_flag_t flags) { transform_type_t type; array_t *types; @@ -434,7 +434,7 @@ static bool select_algos(private_proposal_t *this, proposal_t *other, { continue; } - if (select_algo(this, other, type, private, selected != NULL, &alg, &ks)) + if (select_algo(this, other, type, flags, selected != NULL, &alg, &ks)) { if (alg == 0 && type != EXTENDED_SEQUENCE_NUMBERS) { /* 0 is "valid" for extended sequence numbers, for other @@ -468,8 +468,8 @@ static bool select_algos(private_proposal_t *this, proposal_t *other, } METHOD(proposal_t, select_proposal, proposal_t*, - private_proposal_t *this, proposal_t *other, bool other_remote, - bool private) + private_proposal_t *this, proposal_t *other, + proposal_selection_flag_t flags) { proposal_t *selected; @@ -481,7 +481,7 @@ METHOD(proposal_t, select_proposal, proposal_t*, return NULL; } - if (other_remote) + if (flags & PROPOSAL_PREFER_CONFIGURED) { selected = proposal_create(this->protocol, other->get_number(other)); selected->set_spi(selected, other->get_spi(other)); @@ -492,7 +492,7 @@ METHOD(proposal_t, select_proposal, proposal_t*, selected->set_spi(selected, this->spi); } - if (!select_algos(this, other, selected, private)) + if (!select_algos(this, other, selected, flags)) { selected->destroy(selected); return NULL; @@ -502,13 +502,14 @@ METHOD(proposal_t, select_proposal, proposal_t*, } METHOD(proposal_t, matches, bool, - private_proposal_t *this, proposal_t *other, bool private) + private_proposal_t *this, proposal_t *other, + proposal_selection_flag_t flags) { if (this->protocol != other->get_protocol(other)) { return FALSE; } - return select_algos(this, other, NULL, private); + return select_algos(this, other, NULL, flags); } METHOD(proposal_t, get_protocol, protocol_id_t, diff --git a/src/libstrongswan/crypto/proposal/proposal.h b/src/libstrongswan/crypto/proposal/proposal.h index 3383243264..a951dd1362 100644 --- a/src/libstrongswan/crypto/proposal/proposal.h +++ b/src/libstrongswan/crypto/proposal/proposal.h @@ -23,6 +23,7 @@ #define PROPOSAL_H_ typedef enum protocol_id_t protocol_id_t; +typedef enum proposal_selection_flag_t proposal_selection_flag_t; typedef enum extended_sequence_numbers_t extended_sequence_numbers_t; typedef struct proposal_t proposal_t; @@ -51,6 +52,18 @@ enum protocol_id_t { */ extern enum_name_t *protocol_id_names; +/** + * Flags for selecting proposals + */ +enum proposal_selection_flag_t { + /** Accept algorithms from a private range. */ + PROPOSAL_ALLOW_PRIVATE = (1<<0), + /** Whether to prefer configured or supplied proposals. */ + PROPOSAL_PREFER_CONFIGURED = (1<<1), + /** Whether to strip out diffie hellman groups */ + PROPOSAL_STRIP_DH = (1<<2), +}; + /** * Stores a set of algorithms used for an SA. * @@ -132,15 +145,16 @@ struct proposal_t { * compared. If they have at least one algorithm of each type * in common, a resulting proposal of this kind is created. * + * If the flag PROPOSAL_PREFER_CONFIGURED is set, other is expected to be + * the remote proposal from which to copy SPI and proposal number to the + * result, otherwise copy from this proposal. + * * @param other proposal to compare against - * @param other_remote whether other is the remote proposal from which to - * copy SPI and proposal number to the result, - * otherwise copy from this proposal - * @param private accepts algorithms allocated in a private range + * @param flags flags to consider during proposal selection * @return selected proposal, NULL if proposals don't match */ proposal_t *(*select)(proposal_t *this, proposal_t *other, - bool other_remote, bool private); + proposal_selection_flag_t flags); /** * Check if the given proposal matches this proposal. @@ -148,10 +162,11 @@ struct proposal_t { * This is similar to select, but no resulting proposal is selected. * * @param other proposal to compare against - * @param private accepts algorithms allocated in a private range + * @param flags flags to consider during proposal selection * @return TRUE if the proposals match */ - bool (*matches)(proposal_t *this, proposal_t *other, bool private); + bool (*matches)(proposal_t *this, proposal_t *other, + proposal_selection_flag_t flags); /** * Get the protocol ID of the proposal. diff --git a/src/libstrongswan/tests/suites/test_proposal.c b/src/libstrongswan/tests/suites/test_proposal.c index 099cd19c7f..788b51e31d 100644 --- a/src/libstrongswan/tests/suites/test_proposal.c +++ b/src/libstrongswan/tests/suites/test_proposal.c @@ -121,7 +121,7 @@ START_TEST(test_select) select_data[_i].self); other = proposal_create_from_string(select_data[_i].proto, select_data[_i].other); - selected = self->select(self, other, TRUE, FALSE); + selected = self->select(self, other, PROPOSAL_PREFER_CONFIGURED); if (select_data[_i].expected) { expected = proposal_create_from_string(select_data[_i].proto, @@ -149,12 +149,12 @@ START_TEST(test_select_spi) other = proposal_create_from_string(PROTO_ESP, "aes128-sha256-modp3072"); other->set_spi(other, 0x12345678); - selected = self->select(self, other, TRUE, FALSE); + selected = self->select(self, other, PROPOSAL_PREFER_CONFIGURED); ck_assert(selected); ck_assert_int_eq(selected->get_spi(selected), other->get_spi(other)); selected->destroy(selected); - selected = self->select(self, other, FALSE, FALSE); + selected = self->select(self, other, 0); ck_assert(selected); ck_assert_int_eq(selected->get_spi(selected), self->get_spi(self)); selected->destroy(selected); @@ -267,7 +267,7 @@ START_TEST(test_unknown_transform_types_select_fail) other = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256"); other->add_algorithm(other, 242, 42, 0); - selected = self->select(self, other, TRUE, FALSE); + selected = self->select(self, other, PROPOSAL_PREFER_CONFIGURED); ck_assert(!selected); other->destroy(other); self->destroy(self); @@ -283,7 +283,7 @@ START_TEST(test_unknown_transform_types_select_fail_subtype) other = proposal_create_from_string(PROTO_IKE, "aes128-sha256-ecp256"); other->add_algorithm(other, 242, 42, 0); - selected = self->select(self, other, TRUE, FALSE); + selected = self->select(self, other, PROPOSAL_PREFER_CONFIGURED); ck_assert(!selected); other->destroy(other); self->destroy(self); @@ -300,7 +300,7 @@ START_TEST(test_unknown_transform_types_select_success) other->add_algorithm(other, 242, 42, 128); other->add_algorithm(other, 242, 1, 0); - selected = self->select(self, other, TRUE, FALSE); + selected = self->select(self, other, PROPOSAL_PREFER_CONFIGURED); ck_assert(selected); assert_proposal_eq(selected, "IKE:AES_CBC_128/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/ECP_256/UNKNOWN_242_42_128"); selected->destroy(selected);