vici-config: Same order for default ESP proposals if unset or set to "default"

The order was different when not setting `esp_proposals` or explicitly configuring `default`. Fixes: 33412158f58c ("ike: Send AEAD ESP default proposal first")
2025-10-04 00:00:14 -04:00 · 2024-10-02 10:33:05 +02:00 · 2024-10-02 10:33:05 +02:00 · 8e020bc9e3
commit 8e020bc9e3
parent 089977b69d
1 changed files with 31 additions and 30 deletions
--- a/src/libcharon/plugins/vici/vici_config.c
+++ b/src/libcharon/plugins/vici/vici_config.c
@ -601,6 +601,34 @@ static void free_child_data(child_data_t *data)
 	free(data->cfg.interface);
 }

+/**
+ * Add the default proposals for the given protocol.  We currently prefer AEAD
+ * for ESP but not for IKE.
+ */
+static void add_default_proposals(linked_list_t *list, protocol_id_t proto)
+{
+	proposal_t *first, *second;
+
+	if (proto == PROTO_IKE)
+	{
+		first = proposal_create_default(proto);
+		second = proposal_create_default_aead(proto);
+	}
+	else
+	{
+		first = proposal_create_default_aead(proto);
+		second = proposal_create_default(proto);
+	}
+	if (first)
+	{
+		list->insert_last(list, first);
+	}
+	if (second)
+	{
+		list->insert_last(list, second);
+	}
+}
+
 /**
 * Common proposal parsing
 */
@ -615,16 +643,7 @@ static bool parse_proposal(linked_list_t *list, protocol_id_t proto, chunk_t v)
 	}
 	if (strcaseeq("default", buf))
 	{
-		proposal = proposal_create_default(proto);
-		if (proposal)
-		{
-			list->insert_last(list, proposal);
-		}
-		proposal = proposal_create_default_aead(proto);
-		if (proposal)
-		{
-			list->insert_last(list, proposal);
-		}
+		add_default_proposals(list, proto);
 		return TRUE;
 	}
 	proposal = proposal_create_from_string(proto, buf);
@ -2134,16 +2153,7 @@ CALLBACK(children_sn, bool,
 	}
 	if (child.proposals->get_count(child.proposals) == 0)
 	{
-		proposal = proposal_create_default_aead(PROTO_ESP);
-		if (proposal)
-		{
-			child.proposals->insert_last(child.proposals, proposal);
-		}
-		proposal = proposal_create_default(PROTO_ESP);
-		if (proposal)
-		{
-			child.proposals->insert_last(child.proposals, proposal);
-		}
+		add_default_proposals(child.proposals, PROTO_ESP);
 	}

 	check_lifetimes(&child.cfg.lifetime);
@ -2740,16 +2750,7 @@ CALLBACK(config_sn, bool,
 	}
 	if (peer.proposals->get_count(peer.proposals) == 0)
 	{
-		proposal = proposal_create_default(PROTO_IKE);
-		if (proposal)
-		{
-			peer.proposals->insert_last(peer.proposals, proposal);
-		}
-		proposal = proposal_create_default_aead(PROTO_IKE);
-		if (proposal)
-		{
-			peer.proposals->insert_last(peer.proposals, proposal);
-		}
+		add_default_proposals(peer.proposals, PROTO_IKE);
 	}
 	if (!peer.local_addrs)
 	{