diff options
| author | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2004-05-14 08:42:57 +0000 |
|---|---|---|
| committer | Hans-Joerg Hoexer <hshoexer@cvs.openbsd.org> | 2004-05-14 08:42:57 +0000 |
| commit | 9ebd50fd1a5b0b38ce6d40aaa65ad328f655e9af (patch) | |
| tree | a3ae649e989a6b8165141e3969fc1388a3c14ff0 /sbin/isakmpd | |
| parent | a1364e6eb548a466cdbf649b747244c5ba58a466 (diff) | |
Some more KNF, no binary change.
ok ho@
Diffstat (limited to 'sbin/isakmpd')
| -rw-r--r-- | sbin/isakmpd/attribute.c | 35 | ||||
| -rw-r--r-- | sbin/isakmpd/attribute.h | 18 | ||||
| -rw-r--r-- | sbin/isakmpd/cert.c | 20 | ||||
| -rw-r--r-- | sbin/isakmpd/cert.h | 32 | ||||
| -rw-r--r-- | sbin/isakmpd/conf.c | 264 | ||||
| -rw-r--r-- | sbin/isakmpd/conf.h | 10 | ||||
| -rw-r--r-- | sbin/isakmpd/connection.c | 41 | ||||
| -rw-r--r-- | sbin/isakmpd/cookie.c | 14 | ||||
| -rw-r--r-- | sbin/isakmpd/cookie.h | 7 | ||||
| -rw-r--r-- | sbin/isakmpd/crypto.c | 81 | ||||
| -rw-r--r-- | sbin/isakmpd/crypto.h | 13 | ||||
| -rw-r--r-- | sbin/isakmpd/dh.h | 8 | ||||
| -rw-r--r-- | sbin/isakmpd/dnssec.c | 43 | ||||
| -rw-r--r-- | sbin/isakmpd/dnssec.h | 6 | ||||
| -rw-r--r-- | sbin/isakmpd/doi.c | 12 | ||||
| -rw-r--r-- | sbin/isakmpd/doi.h | 68 |
16 files changed, 344 insertions, 328 deletions
diff --git a/sbin/isakmpd/attribute.c b/sbin/isakmpd/attribute.c index e1959290162..362805b7a43 100644 --- a/sbin/isakmpd/attribute.c +++ b/sbin/isakmpd/attribute.c @@ -1,4 +1,4 @@ -/* $OpenBSD: attribute.c,v 1.10 2004/04/15 18:39:25 deraadt Exp $ */ +/* $OpenBSD: attribute.c,v 1.11 2004/05/14 08:42:56 hshoexer Exp $ */ /* $EOM: attribute.c,v 1.10 2000/02/20 19:58:36 niklas Exp $ */ /* @@ -40,17 +40,17 @@ #include "isakmp.h" #include "util.h" -u_int8_t * -attribute_set_basic(u_int8_t * buf, u_int16_t type, u_int16_t value) +u_int8_t * +attribute_set_basic(u_int8_t *buf, u_int16_t type, u_int16_t value) { SET_ISAKMP_ATTR_TYPE(buf, ISAKMP_ATTR_MAKE(1, type)); SET_ISAKMP_ATTR_LENGTH_VALUE(buf, value); return buf + ISAKMP_ATTR_VALUE_OFF; } -u_int8_t * -attribute_set_var(u_int8_t * buf, u_int16_t type, u_int8_t * value, - u_int16_t len) +u_int8_t * +attribute_set_var(u_int8_t *buf, u_int16_t type, u_int8_t *value, + u_int16_t len) { SET_ISAKMP_ATTR_TYPE(buf, ISAKMP_ATTR_MAKE(0, type)); SET_ISAKMP_ATTR_LENGTH_VALUE(buf, len); @@ -65,9 +65,8 @@ attribute_set_var(u_int8_t * buf, u_int16_t type, u_int8_t * value, * -1 return value. If all goes well return zero. */ int -attribute_map(u_int8_t * buf, size_t sz, - int (*func) (u_int16_t, u_int8_t *, u_int16_t, void *), - void *arg) +attribute_map(u_int8_t *buf, size_t sz, int (*func)(u_int16_t, u_int8_t *, + u_int16_t, void *), void *arg) { u_int8_t *attr; int fmt; @@ -81,10 +80,10 @@ attribute_map(u_int8_t * buf, size_t sz, type = GET_ISAKMP_ATTR_TYPE(attr); fmt = ISAKMP_ATTR_FORMAT(type); type = ISAKMP_ATTR_TYPE(type); - value - = attr + (fmt ? ISAKMP_ATTR_LENGTH_VALUE_OFF : ISAKMP_ATTR_VALUE_OFF); + value = attr + (fmt ? ISAKMP_ATTR_LENGTH_VALUE_OFF + : ISAKMP_ATTR_VALUE_OFF); len = (fmt ? ISAKMP_ATTR_LENGTH_VALUE_LEN - : GET_ISAKMP_ATTR_LENGTH_VALUE(attr)); + : GET_ISAKMP_ATTR_LENGTH_VALUE(attr)); if (value + len > buf + sz) return -1; if (func(type, value, len, arg)) @@ -94,17 +93,17 @@ attribute_map(u_int8_t * buf, size_t sz, } int -attribute_set_constant(char *section, char *tag, struct constant_map * map, - int attr_class, u_int8_t ** attr) +attribute_set_constant(char *section, char *tag, struct constant_map *map, + int attr_class, u_int8_t **attr) { - char *name; - int value; + char *name; + int value; name = conf_get_str(section, tag); if (!name) { LOG_DBG((LOG_MISC, 70, - "attribute_set_constant: no %s in the %s section", tag, - section)); + "attribute_set_constant: no %s in the %s section", tag, + section)); return -1; } value = constant_value(map, name); diff --git a/sbin/isakmpd/attribute.h b/sbin/isakmpd/attribute.h index 29de52fb769..aa835cf1499 100644 --- a/sbin/isakmpd/attribute.h +++ b/sbin/isakmpd/attribute.h @@ -1,4 +1,4 @@ -/* $OpenBSD: attribute.h,v 1.5 2004/04/15 18:39:25 deraadt Exp $ */ +/* $OpenBSD: attribute.h,v 1.6 2004/05/14 08:42:56 hshoexer Exp $ */ /* $EOM: attribute.h,v 1.2 1998/09/29 21:51:07 niklas Exp $ */ /* @@ -36,14 +36,12 @@ struct constant_map; -extern int -attribute_map(u_int8_t *, size_t, - int (*) (u_int16_t, u_int8_t *, u_int16_t, void *), - void *); - extern u_int8_t *attribute_set_basic(u_int8_t *, u_int16_t, u_int16_t); - extern int attribute_set_constant(char *, char *, struct constant_map *, - int, u_int8_t **); - extern u_int8_t *attribute_set_var(u_int8_t *, u_int16_t, u_int8_t *, - u_int16_t); +extern int attribute_map(u_int8_t *, size_t, int (*)(u_int16_t, + u_int8_t *, u_int16_t, void *), void *); +extern u_int8_t *attribute_set_basic(u_int8_t *, u_int16_t, u_int16_t); +extern int attribute_set_constant(char *, char *, struct constant_map *, + int, u_int8_t **); +extern u_int8_t *attribute_set_var(u_int8_t *, u_int16_t, u_int8_t *, + u_int16_t); #endif /* _ATTRIBUTE_H_ */ diff --git a/sbin/isakmpd/cert.c b/sbin/isakmpd/cert.c index 13124ecd8a7..044ed87758a 100644 --- a/sbin/isakmpd/cert.c +++ b/sbin/isakmpd/cert.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.c,v 1.26 2004/04/15 18:39:25 deraadt Exp $ */ +/* $OpenBSD: cert.c,v 1.27 2004/05/14 08:42:56 hshoexer Exp $ */ /* $EOM: cert.c,v 1.18 2000/09/28 12:53:27 niklas Exp $ */ /* @@ -77,11 +77,11 @@ struct cert_handler cert_handler[] = { int cert_init(void) { - size_t i; - int err = 1; + size_t i; + int err = 1; for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++) - if (cert_handler[i].cert_init && !(*cert_handler[i].cert_init) ()) + if (cert_handler[i].cert_init && !(*cert_handler[i].cert_init)()) err = 0; return err; @@ -90,11 +90,11 @@ cert_init(void) int crl_init(void) { - size_t i; - int err = 1; + size_t i; + int err = 1; for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++) - if (cert_handler[i].crl_init && !(*cert_handler[i].crl_init) ()) + if (cert_handler[i].crl_init && !(*cert_handler[i].crl_init)()) err = 0; return err; @@ -103,7 +103,7 @@ crl_init(void) struct cert_handler * cert_get(u_int16_t id) { - size_t i; + size_t i; for (i = 0; i < sizeof cert_handler / sizeof cert_handler[0]; i++) if (id == cert_handler[i].id) @@ -139,7 +139,7 @@ certreq_decode(u_int16_t type, u_int8_t *data, u_int32_t datalen) ret = malloc(sizeof aca); if (!ret) { log_error("certreq_decode: malloc (%lu) failed", - (unsigned long) sizeof aca); + (unsigned long)sizeof aca); handler->free_aca(aca.data); return 0; } @@ -150,7 +150,7 @@ certreq_decode(u_int16_t type, u_int8_t *data, u_int32_t datalen) void cert_free_subjects(int n, u_int8_t **id, u_int32_t *len) { - int i; + int i; for (i = 0; i < n; i++) free(id[i]); diff --git a/sbin/isakmpd/cert.h b/sbin/isakmpd/cert.h index ea9da823eb2..151b2f941e1 100644 --- a/sbin/isakmpd/cert.h +++ b/sbin/isakmpd/cert.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cert.h,v 1.13 2004/04/15 18:39:25 deraadt Exp $ */ +/* $OpenBSD: cert.h,v 1.14 2004/05/14 08:42:56 hshoexer Exp $ */ /* $EOM: cert.h,v 1.8 2000/09/28 12:53:27 niklas Exp $ */ /* @@ -56,22 +56,22 @@ struct cert_handler { u_int16_t id; /* ISAKMP Cert Encoding ID */ - int (*cert_init) (void); - int (*crl_init) (void); - void *(*cert_get) (u_int8_t *, u_int32_t); - int (*cert_validate) (void *); - int (*cert_insert) (int, void *); - void (*cert_free) (void *); - int (*certreq_validate) (u_int8_t *, u_int32_t); - void *(*certreq_decode) (u_int8_t *, u_int32_t); - void (*free_aca) (void *); - int (*cert_obtain) (u_int8_t *, size_t, void *, - u_int8_t **, u_int32_t *); - int (*cert_get_key) (void *, void *); - int (*cert_get_subjects) (void *, int *, u_int8_t ***, - u_int32_t **); + int (*cert_init)(void); + int (*crl_init)(void); + void *(*cert_get)(u_int8_t *, u_int32_t); + int (*cert_validate)(void *); + int (*cert_insert)(int, void *); + void (*cert_free)(void *); + int (*certreq_validate)(u_int8_t *, u_int32_t); + void *(*certreq_decode)(u_int8_t *, u_int32_t); + void (*free_aca)(void *); + int (*cert_obtain)(u_int8_t *, size_t, void *, u_int8_t **, + u_int32_t *); + int (*cert_get_key) (void *, void *); + int (*cert_get_subjects) (void *, int *, u_int8_t ***, + u_int32_t **); void *(*cert_dup) (void *); - void (*cert_serialize) (void *, u_int8_t **, u_int32_t *); + void (*cert_serialize) (void *, u_int8_t **, u_int32_t *); char *(*cert_printable) (void *); void *(*cert_from_printable) (char *); }; diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c index 6e6e66e87bc..e1a72f54052 100644 --- a/sbin/isakmpd/conf.c +++ b/sbin/isakmpd/conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.c,v 1.66 2004/04/23 14:15:55 ho Exp $ */ +/* $OpenBSD: conf.c,v 1.67 2004/05/14 08:42:56 hshoexer Exp $ */ /* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */ /* @@ -61,15 +61,15 @@ static int conf_find_trans_xf(int, char *); struct conf_trans { TAILQ_ENTRY(conf_trans) link; - int trans; + int trans; enum conf_op { CONF_SET, CONF_REMOVE, CONF_REMOVE_SECTION - } op; - char *section; - char *tag; - char *value; - int override; - int is_default; + } op; + char *section; + char *tag; + char *value; + int override; + int is_default; }; #define CONF_SECT_MAX 256 @@ -104,20 +104,20 @@ const u_int8_t asc2bin[] = struct conf_binding { LIST_ENTRY(conf_binding) link; - char *section; - char *tag; - char *value; - int is_default; + char *section; + char *tag; + char *value; + int is_default; }; -char *conf_path = CONFIG_FILE; +char *conf_path = CONFIG_FILE; LIST_HEAD(conf_bindings, conf_binding) conf_bindings[256]; -static char *conf_addr; +static char *conf_addr; static __inline__ u_int8_t conf_hash(char *s) { - u_int8_t hash = 0; + u_int8_t hash = 0; while (*s) { hash = ((hash << 1) | (hash >> 7)) ^ tolower(*s); @@ -134,13 +134,14 @@ conf_remove_now(char *section, char *tag) { struct conf_binding *cb, *next; - for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb; cb = next) { + for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb; + cb = next) { next = LIST_NEXT(cb, link); if (strcasecmp(cb->section, section) == 0 && strcasecmp(cb->tag, tag) == 0) { LIST_REMOVE(cb, link); - LOG_DBG((LOG_MISC, 95, "[%s]:%s->%s removed", section, tag, - cb->value)); + LOG_DBG((LOG_MISC, 95, "[%s]:%s->%s removed", section, + tag, cb->value)); free(cb->section); free(cb->tag); free(cb->value); @@ -155,15 +156,16 @@ static int conf_remove_section_now(char *section) { struct conf_binding *cb, *next; - int unseen = 1; + int unseen = 1; - for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb; cb = next) { + for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb; + cb = next) { next = LIST_NEXT(cb, link); if (strcasecmp(cb->section, section) == 0) { unseen = 0; LIST_REMOVE(cb, link); - LOG_DBG((LOG_MISC, 95, "[%s]:%s->%s removed", section, cb->tag, - cb->value)); + LOG_DBG((LOG_MISC, 95, "[%s]:%s->%s removed", section, + cb->tag, cb->value)); free(cb->section); free(cb->tag); free(cb->value); @@ -179,7 +181,7 @@ conf_remove_section_now(char *section) */ static int conf_set_now(char *section, char *tag, char *value, int override, - int is_default) + int is_default) { struct conf_binding *node = 0; @@ -187,14 +189,14 @@ conf_set_now(char *section, char *tag, char *value, int override, conf_remove_now(section, tag); else if (conf_get_str(section, tag)) { if (!is_default) - log_print("conf_set_now: duplicate tag [%s]:%s, ignoring...\n", - section, tag); + log_print("conf_set_now: duplicate tag [%s]:%s, " + "ignoring...\n", section, tag); return 1; } node = calloc(1, sizeof *node); if (!node) { - log_error("conf_set_now: calloc (1, %lu) failed", (unsigned long) sizeof - *node); + log_error("conf_set_now: calloc (1, %lu) failed", + (unsigned long)sizeof *node); return 1; } node->section = strdup(section); @@ -203,8 +205,8 @@ conf_set_now(char *section, char *tag, char *value, int override, node->is_default = is_default; LIST_INSERT_HEAD(&conf_bindings[conf_hash(section)], node, link); - LOG_DBG((LOG_MISC, 95, "conf_set_now: [%s]:%s->%s", node->section, node->tag, - node->value)); + LOG_DBG((LOG_MISC, 95, "conf_set_now: [%s]:%s->%s", node->section, + node->tag, node->value)); return 0; } @@ -215,11 +217,11 @@ conf_set_now(char *section, char *tag, char *value, int override, static void conf_parse_line(int trans, char *line, size_t sz) { - char *val; - size_t i; - int j; - static char *section = 0; - static int ln = 0; + char *val; + size_t i; + int j; + static char *section = 0; + static int ln = 0; ln++; @@ -242,8 +244,8 @@ conf_parse_line(int trans, char *line, size_t sz) } section = malloc(i); if (!section) { - log_print("conf_parse_line: %d: malloc (%lu) failed", ln, - (unsigned long) i); + log_print("conf_parse_line: %d: malloc (%lu) failed", + ln, (unsigned long)i); return; } strlcpy(section, line + 1, i); @@ -261,7 +263,8 @@ conf_parse_line(int trans, char *line, size_t sz) line[strcspn(line, " \t=")] = '\0'; val = line + i + 1 + strspn(line + i + 1, " \t"); /* Skip trailing whitespace, if any */ - for (j = sz - (val - line) - 1; j > 0 && isspace(val[j]); j--) + for (j = sz - (val - line) - 1; j > 0 && + isspace(val[j]); j--) val[j] = '\0'; /* XXX Perhaps should we not ignore errors? */ conf_set(trans, section, line, val, 0, 0); @@ -277,9 +280,9 @@ conf_parse_line(int trans, char *line, size_t sz) static void conf_parse(int trans, char *buf, size_t sz) { - char *cp = buf; - char *bufend = buf + sz; - char *line; + char *cp = buf; + char *bufend = buf + sz; + char *line; line = cp; while (cp < bufend) { @@ -321,15 +324,15 @@ conf_parse(int trans, char *buf, size_t sz) */ /* Find the value for a section+tag in the transaction list. */ -static char * +static char * conf_get_trans_str(int trans, char *section, char *tag) { struct conf_trans *node, *nf = 0; for (node = TAILQ_FIRST(&conf_trans_queue); node; - node = TAILQ_NEXT(node, link)) - if (node->trans == trans && strcasecmp(section, node->section) == 0 - && strcasecmp(tag, node->tag) == 0) { + node = TAILQ_NEXT(node, link)) + if (node->trans == trans && strcasecmp(section, node->section) + == 0 && strcasecmp(tag, node->tag) == 0) { if (!nf) nf = node; else if (node->override) @@ -344,11 +347,11 @@ static int conf_find_trans_xf(int phase, char *xf) { struct conf_trans *node; - char *p; + char *p; /* Find the relevant transforms and suites, if any. */ for (node = TAILQ_FIRST(&conf_trans_queue); node; - node = TAILQ_NEXT(node, link)) + node = TAILQ_NEXT(node, link)) if ((phase == 1 && strcmp("Transforms", node->tag) == 0) || (phase == 2 && strcmp("Suites", node->tag) == 0)) { p = node->value; @@ -443,28 +446,25 @@ conf_load_defaults_qm(int tr, char *qme, char *qmh, char *dhg, char *qme_p, static void conf_load_defaults(int tr) { - int enc, auth, hash, group, proto, mode, pfs; - char *dflt; + int enc, auth, hash, group, proto, mode, pfs; + char *dflt; - char *mm_auth[] = {"PRE_SHARED", "DSS", "RSA_SIG", 0}; - char *mm_auth_p[] = {"", "-DSS", "-RSA_SIG", 0}; - char *mm_hash[] = {"MD5", "SHA", 0}; - char *mm_enc[] = {"DES_CBC", "BLOWFISH_CBC", "3DES_CBC", - "CAST_CBC", "AES_CBC", 0}; - char *mm_enc_p[] = {"DES", "BLF", "3DES", "CAST", "AES", 0}; - char *dhgroup[] = {"MODP_1024", "MODP_768", "MODP_1024", - "MODP_1536", "MODP_2048", 0}; - char *dhgroup_p[] = {"", "-GRP1", "-GRP2", "-GRP5", "-GRP14", - 0}; - char *qm_enc[] = {"DES", "3DES", "CAST", "BLOWFISH", "AES", - 0}; - char *qm_enc_p[] = {"-DES", "-3DES", "-CAST", "-BLF", - "-AES", 0}; - char *qm_hash[] = {"HMAC_MD5", "HMAC_SHA", "HMAC_RIPEMD", - "HMAC_SHA2_256", "HMAC_SHA2_384", - "HMAC_SHA2_512", "NONE", 0}; - char *qm_hash_p[] = {"-MD5", "-SHA", "-RIPEMD", "-SHA2-256", - "-SHA2-384", "-SHA2-512", "", 0}; + char *mm_auth[] = {"PRE_SHARED", "DSS", "RSA_SIG", 0}; + char *mm_auth_p[] = {"", "-DSS", "-RSA_SIG", 0}; + char *mm_hash[] = {"MD5", "SHA", 0}; + char *mm_enc[] = {"DES_CBC", "BLOWFISH_CBC", "3DES_CBC", "CAST_CBC", + "AES_CBC", 0}; + char *mm_enc_p[] = {"DES", "BLF", "3DES", "CAST", "AES", 0}; + char *dhgroup[] = {"MODP_1024", "MODP_768", "MODP_1024", + "MODP_1536", "MODP_2048", 0}; + char *dhgroup_p[] = {"", "-GRP1", "-GRP2", "-GRP5", "-GRP14", 0}; + char *qm_enc[] = {"DES", "3DES", "CAST", "BLOWFISH", "AES", 0}; + char *qm_enc_p[] = {"-DES", "-3DES", "-CAST", "-BLF", "-AES", 0}; + char *qm_hash[] = {"HMAC_MD5", "HMAC_SHA", "HMAC_RIPEMD", + "HMAC_SHA2_256", "HMAC_SHA2_384", "HMAC_SHA2_512", "NONE", + 0}; + char *qm_hash_p[] = {"-MD5", "-SHA", "-RIPEMD", "-SHA2-256", + "-SHA2-384", "-SHA2-512", "", 0}; /* General and X509 defaults */ conf_set(tr, "General", "Retransmits", CONF_DFLT_RETRANSMITS, 0, 1); @@ -486,28 +486,28 @@ conf_load_defaults(int tr) #endif #ifdef USE_KEYNOTE - conf_set(tr, "KeyNote", "Credential-directory", CONF_DFLT_KEYNOTE_CRED_DIR, - 0, 1); + conf_set(tr, "KeyNote", "Credential-directory", + CONF_DFLT_KEYNOTE_CRED_DIR, 0, 1); #endif /* Lifetimes. XXX p1/p2 vs main/quick mode may be unclear. */ dflt = conf_get_trans_str(tr, "General", "Default-phase-1-lifetime"); conf_set(tr, CONF_DFLT_TAG_LIFE_MAIN_MODE, "LIFE_TYPE", - CONF_DFLT_TYPE_LIFE_MAIN_MODE, 0, 1); + CONF_DFLT_TYPE_LIFE_MAIN_MODE, 0, 1); conf_set(tr, CONF_DFLT_TAG_LIFE_MAIN_MODE, "LIFE_DURATION", - (dflt ? dflt : CONF_DFLT_VAL_LIFE_MAIN_MODE), 0, 1); + (dflt ? dflt : CONF_DFLT_VAL_LIFE_MAIN_MODE), 0, 1); dflt = conf_get_trans_str(tr, "General", "Default-phase-2-lifetime"); conf_set(tr, CONF_DFLT_TAG_LIFE_QUICK_MODE, "LIFE_TYPE", - CONF_DFLT_TYPE_LIFE_QUICK_MODE, 0, 1); + CONF_DFLT_TYPE_LIFE_QUICK_MODE, 0, 1); conf_set(tr, CONF_DFLT_TAG_LIFE_QUICK_MODE, "LIFE_DURATION", - (dflt ? dflt : CONF_DFLT_VAL_LIFE_QUICK_MODE), 0, 1); + (dflt ? dflt : CONF_DFLT_VAL_LIFE_QUICK_MODE), 0, 1); /* Default Phase-1 Configuration section */ conf_set(tr, CONF_DFLT_TAG_PHASE1_CONFIG, "EXCHANGE_TYPE", - CONF_DFLT_PHASE1_EXCH_TYPE, 0, 1); + CONF_DFLT_PHASE1_EXCH_TYPE, 0, 1); conf_set(tr, CONF_DFLT_TAG_PHASE1_CONFIG, "Transforms", - CONF_DFLT_PHASE1_TRANSFORMS, 0, 1); + CONF_DFLT_PHASE1_TRANSFORMS, 0, 1); /* Main modes */ for (enc = 0; mm_enc[enc]; enc++) @@ -535,7 +535,7 @@ conf_load_defaults(int tr) for (pfs = 0; pfs < 2; pfs++) for (hash = 0; qm_hash[hash]; hash++) for (group = 0; - dhgroup_p[group]; group++) + dhgroup_p[group]; group++) conf_load_defaults_qm( tr, qm_enc[enc], qm_hash[hash], @@ -549,7 +549,7 @@ conf_load_defaults(int tr) void conf_init(void) { - unsigned int i; + unsigned int i; for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; i++) LIST_INIT(&conf_bindings[i]); @@ -562,11 +562,11 @@ void conf_reinit(void) { struct conf_binding *cb = 0; - int fd, trans; - unsigned int i; - size_t sz; - char *new_conf_addr = 0; - struct stat sb; + int fd, trans; + unsigned int i; + size_t sz; + char *new_conf_addr = 0; + struct stat sb; if ((monitor_stat(conf_path, &sb) == 0) || (errno != ENOENT)) { if (check_file_secrecy(conf_path, &sz)) @@ -574,18 +574,20 @@ conf_reinit(void) fd = monitor_open(conf_path, O_RDONLY, 0); if (fd == -1) { - log_error("conf_reinit: open (\"%s\", O_RDONLY) failed", conf_path); + log_error("conf_reinit: open (\"%s\", O_RDONLY) failed", + conf_path); return; } new_conf_addr = malloc(sz); if (!new_conf_addr) { - log_error("conf_reinit: malloc (%lu) failed", (unsigned long) sz); + log_error("conf_reinit: malloc (%lu) failed", + (unsigned long)sz); goto fail; } /* XXX I assume short reads won't happen here. */ - if (read(fd, new_conf_addr, sz) != (int) sz) { + if (read(fd, new_conf_addr, sz) != (int)sz) { log_error("conf_reinit: read (%d, %p, %lu) failed", - fd, new_conf_addr, (unsigned long) sz); + fd, new_conf_addr, (unsigned long)sz); goto fail; } close(fd); @@ -602,9 +604,10 @@ conf_reinit(void) /* Free potential existing configuration. */ if (conf_addr) { - for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; i++) + for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; + i++) for (cb = LIST_FIRST(&conf_bindings[i]); cb; - cb = LIST_FIRST(&conf_bindings[i])) + cb = LIST_FIRST(&conf_bindings[i])) conf_remove_now(cb->section, cb->tag); free(conf_addr); } @@ -625,7 +628,7 @@ fail: int conf_get_num(char *section, char *tag, int def) { - char *value = conf_get_str(section, tag); + char *value = conf_get_str(section, tag); if (value) return atoi(value); @@ -640,7 +643,7 @@ conf_get_num(char *section, char *tag, int def) struct sockaddr * conf_get_address(char *section, char *tag) { - char *value = conf_get_str(section, tag); + char *value = conf_get_str(section, tag); struct sockaddr *sa; if (!value) @@ -654,45 +657,45 @@ conf_get_address(char *section, char *tag) int conf_match_num(char *section, char *tag, int x) { - char *value = conf_get_str(section, tag); - int val, min, max, n; + char *value = conf_get_str(section, tag); + int val, min, max, n; if (!value) return 0; n = sscanf(value, "%d,%d:%d", &val, &min, &max); switch (n) { case 1: - LOG_DBG((LOG_MISC, 90, "conf_match_num: %s:%s %d==%d?", section, tag, - val, x)); + LOG_DBG((LOG_MISC, 90, "conf_match_num: %s:%s %d==%d?", + section, tag, val, x)); return x == val; case 3: - LOG_DBG((LOG_MISC, 90, "conf_match_num: %s:%s %d<=%d<=%d?", section, - tag, min, x, max)); + LOG_DBG((LOG_MISC, 90, "conf_match_num: %s:%s %d<=%d<=%d?", + section, tag, min, x, max)); return min <= x && max >= x; default: - log_error("conf_match_num: section %s tag %s: invalid number spec %s", - section, tag, value); + log_error("conf_match_num: section %s tag %s: invalid number " + "spec %s", section, tag, value); } return 0; } /* Return the string value denoted by TAG in section SECTION. */ -char * +char * conf_get_str(char *section, char *tag) { struct conf_binding *cb; for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb; - cb = LIST_NEXT(cb, link)) - if (strcasecmp(section, cb->section) == 0 - && strcasecmp(tag, cb->tag) == 0) { - LOG_DBG((LOG_MISC, 95, "conf_get_str: [%s]:%s->%s", section, - tag, cb->value)); + cb = LIST_NEXT(cb, link)) + if (strcasecmp(section, cb->section) == 0 && + strcasecmp(tag, cb->tag) == 0) { + LOG_DBG((LOG_MISC, 95, "conf_get_str: [%s]:%s->%s", + section, tag, cb->value)); return cb->value; } LOG_DBG((LOG_MISC, 95, "conf_get_str: configuration value not found [%s]:%s", section, - tag)); + tag)); return 0; } @@ -703,7 +706,7 @@ conf_get_str(char *section, char *tag) struct conf_list * conf_get_list(char *section, char *tag) { - char *liststr = 0, *p, *field, *t; + char *liststr = 0, *p, *field, *t; struct conf_list *list = 0; struct conf_list_node *node; @@ -764,7 +767,7 @@ conf_get_tag_list(char *section) TAILQ_INIT(&list->fields); list->cnt = 0; for (cb = LIST_FIRST(&conf_bindings[conf_hash(section)]); cb; - cb = LIST_NEXT(cb, link)) + cb = LIST_NEXT(cb, link)) if (strcasecmp(section, cb->section) == 0) { list->cnt++; node = calloc(1, sizeof *node); @@ -785,10 +788,10 @@ cleanup: /* Decode a PEM encoded buffer. */ int -conf_decode_base64(u_int8_t * out, u_int32_t * len, u_char * buf) +conf_decode_base64(u_int8_t *out, u_int32_t *len, u_char *buf) { - u_int32_t c = 0; - u_int8_t c1, c2, c3, c4; + u_int32_t c = 0; + u_int8_t c1, c2, c3, c4; while (*buf) { if (*buf > 127 || (c1 = asc2bin[*buf]) == 255) @@ -807,7 +810,7 @@ conf_decode_base64(u_int8_t * out, u_int32_t * len, u_char * buf) if (c2 & 0xF) return 0; - if (strcmp((char *) buf, "==") == 0) + if (strcmp((char *)buf, "==") == 0) buf++; else return 0; @@ -822,7 +825,7 @@ conf_decode_base64(u_int8_t * out, u_int32_t * len, u_char * buf) if (c3 & 3) return 0; - if (strcmp((char *) buf, "=")) + if (strcmp((char *)buf, "=")) return 0; } else if (*buf > 127 || (c4 = asc2bin[*buf]) == 255) @@ -843,7 +846,7 @@ conf_decode_base64(u_int8_t * out, u_int32_t * len, u_char * buf) } void -conf_free_list(struct conf_list * list) +conf_free_list(struct conf_list *list) { struct conf_list_node *node = TAILQ_FIRST(&list->fields); @@ -860,7 +863,7 @@ conf_free_list(struct conf_list * list) int conf_begin(void) { - static int seq = 0; + static int seq = 0; return ++seq; } @@ -873,7 +876,7 @@ conf_trans_node(int transaction, enum conf_op op) node = calloc(1, sizeof *node); if (!node) { log_error("conf_trans_node: calloc (1, %lu) failed", - (unsigned long) sizeof *node); + (unsigned long)sizeof *node); return 0; } node->trans = transaction; @@ -885,7 +888,7 @@ conf_trans_node(int transaction, enum conf_op op) /* Queue a set operation. */ int conf_set(int transaction, char *section, char *tag, char *value, int override, - int is_default) + int is_default) { struct conf_trans *node; @@ -961,7 +964,8 @@ conf_remove_section(int transaction, char *section) goto fail; node->section = strdup(section); if (!node->section) { - log_error("conf_remove_section: strdup (\"%s\") failed", section); + log_error("conf_remove_section: strdup (\"%s\") failed", + section); goto fail; } return 0; @@ -989,14 +993,15 @@ conf_end(int transaction, int commit) node->is_default); break; case CONF_REMOVE: - conf_remove_now(node->section, node->tag); + conf_remove_now(node->section, + node->tag); break; case CONF_REMOVE_SECTION: conf_remove_section_now(node->section); break; default: - log_print("conf_end: unknown operation: %d", - node->op); + log_print("conf_end: unknown " + "operation: %d", node->op); } TAILQ_REMOVE(&conf_trans_queue, node, link); if (node->section) @@ -1016,8 +1021,8 @@ conf_end(int transaction, int commit) * Configuration is "stored in reverse order", so reverse it again. */ struct dumper { - char *s, *v; - struct dumper *next; + char *s, *v; + struct dumper *next; }; static void @@ -1042,11 +1047,11 @@ void conf_report(void) { struct conf_binding *cb, *last = 0; - unsigned int i, len; - char *current_section = (char *) 0; + unsigned int i, len; + char *current_section = (char *)0; struct dumper *dumper, *dnode; - dumper = dnode = (struct dumper *) calloc(1, sizeof *dumper); + dumper = dnode = (struct dumper *)calloc(1, sizeof *dumper); if (!dumper) goto mem_fail; @@ -1054,13 +1059,14 @@ conf_report(void) for (i = 0; i < sizeof conf_bindings / sizeof conf_bindings[0]; i++) for (cb = LIST_FIRST(&conf_bindings[i]); cb; - cb = LIST_NEXT(cb, link)) { + cb = LIST_NEXT(cb, link)) { if (!cb->is_default) { /* Dump this entry. */ - if (!current_section || - strcmp(cb->section, current_section)) { + if (!current_section || strcmp(cb->section, + current_section)) { if (current_section) { - len = strlen(current_section) + 3; + len = strlen(current_section) + + 3; dnode->s = malloc(len); if (!dnode->s) goto mem_fail; diff --git a/sbin/isakmpd/conf.h b/sbin/isakmpd/conf.h index 2b3addbf8ca..96447d6c9a7 100644 --- a/sbin/isakmpd/conf.h +++ b/sbin/isakmpd/conf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: conf.h,v 1.28 2004/04/23 14:15:55 ho Exp $ */ +/* $OpenBSD: conf.h,v 1.29 2004/05/14 08:42:56 hshoexer Exp $ */ /* $EOM: conf.h,v 1.13 2000/09/18 00:01:47 ho Exp $ */ /* @@ -72,18 +72,18 @@ struct conf_list_node { TAILQ_ENTRY(conf_list_node) link; - char *field; + char *field; }; struct conf_list { - size_t cnt; - TAILQ_HEAD(conf_list_fields_head, conf_list_node) fields; + size_t cnt; + TAILQ_HEAD(conf_list_fields_head, conf_list_node) fields; }; extern char *conf_path; extern int conf_begin(void); -extern int conf_decode_base64(u_int8_t * out, u_int32_t * len, u_char * buf); +extern int conf_decode_base64(u_int8_t *, u_int32_t *, u_char *); extern int conf_end(int, int); extern void conf_free_list(struct conf_list *); extern struct sockaddr *conf_get_address(char *, char *); diff --git a/sbin/isakmpd/connection.c b/sbin/isakmpd/connection.c index 45c0c35429a..624eff8223b 100644 --- a/sbin/isakmpd/connection.c +++ b/sbin/isakmpd/connection.c @@ -1,4 +1,4 @@ -/* $OpenBSD: connection.c,v 1.27 2004/05/13 06:56:33 ho Exp $ */ +/* $OpenBSD: connection.c,v 1.28 2004/05/14 08:42:56 hshoexer Exp $ */ /* $EOM: connection.c,v 1.28 2000/11/23 12:21:18 niklas Exp $ */ /* @@ -101,26 +101,28 @@ connection_init(void) for (conn = TAILQ_FIRST(&conns->fields); conn; conn = TAILQ_NEXT(conn, link)) { if (connection_setup(conn->field)) - log_print("connection_init: could not setup \"%s\"", - conn->field); + log_print("connection_init: could not setup " + "\"%s\"", conn->field); /* XXX Break/abort here if connection_setup failed? */ /* - * XXX This code (i.e. the attribute lookup) seems like a - * likely candidate for factoring out into a function of its - * own. + * XXX This code (i.e. the attribute lookup) seems + * like a likely candidate for factoring out into a + * function of its own. */ attrs = conf_get_list(conn->field, "Flags"); if (attrs) for (attr = TAILQ_FIRST(&attrs->fields); attr; attr = TAILQ_NEXT(attr, link)) - if (strcasecmp("active-only", attr->field) == 0) + if (strcasecmp("active-only", + attr->field) == 0) break; if (!attrs || (attrs && !attr)) if (connection_record_passive(conn->field)) - log_print("connection_init: could not record " - "connection \"%s\"", conn->field); + log_print("connection_init: could not " + "record connection \"%s\"", + conn->field); if (attrs) conf_free_list(attrs); @@ -132,8 +134,8 @@ connection_init(void) for (conn = TAILQ_FIRST(&conns->fields); conn; conn = TAILQ_NEXT(conn, link)) if (connection_record_passive(conn->field)) - log_print("connection_init: could not record passive " - "connection \"%s\"", conn->field); + log_print("connection_init: could not record " + "passive connection \"%s\"", conn->field); conf_free_list(conns); } } @@ -160,7 +162,8 @@ connection_lookup(char *name) { struct connection *conn; - for (conn = TAILQ_FIRST(&connections); conn; conn = TAILQ_NEXT(conn, link)) + for (conn = TAILQ_FIRST(&connections); conn; + conn = TAILQ_NEXT(conn, link)) if (strcasecmp(conn->name, name) == 0) return conn; return 0; @@ -214,8 +217,8 @@ connection_passive_lookup_by_ids(u_int8_t *id1, u_int8_t *id2) continue; /* - * If both IDs match what we have saved, return the name. Don't bother - * in which order they are. + * If both IDs match what we have saved, return the name. + * Don't bother in which order they are. */ if ((compare_ids(id1, conn->local_id, conn->local_sz) == 0 && compare_ids(id2, conn->remote_id, conn->remote_sz) == 0) || @@ -270,7 +273,7 @@ connection_setup(char *name) conn = calloc(1, sizeof *conn); if (!conn) { log_error("connection_setup: calloc (1, %lu) failed", - (unsigned long) sizeof *conn); + (unsigned long)sizeof *conn); goto fail; } conn->name = strdup(name); @@ -279,8 +282,8 @@ connection_setup(char *name) goto fail; } gettimeofday(&now, 0); - conn->ev = timer_add_event("connection_checker", - connection_checker, conn, &now); + conn->ev = timer_add_event("connection_checker", connection_checker, + conn, &now); if (!conn->ev) { log_print("connection_setup: could not add timer event"); goto fail; @@ -321,7 +324,7 @@ connection_record_passive(char *name) conn = calloc(1, sizeof *conn); if (!conn) { log_error("connection_record_passive: calloc (1, %lu) failed", - (unsigned long) sizeof *conn); + (unsigned long)sizeof *conn); return -1; } conn->name = strdup(name); @@ -403,7 +406,7 @@ connection_report(void) gettimeofday(&now, 0); for (conn = TAILQ_FIRST(&connections); conn; - conn = TAILQ_NEXT(conn, link)) + conn = TAILQ_NEXT(conn, link)) LOG_DBG((LOG_REPORT, 0, "connection_report: connection %s next check %ld seconds", (conn->name ? conn->name : "<unnamed>"), diff --git a/sbin/isakmpd/cookie.c b/sbin/isakmpd/cookie.c index 56e6ae734b6..ec8f8265331 100644 --- a/sbin/isakmpd/cookie.c +++ b/sbin/isakmpd/cookie.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cookie.c,v 1.13 2004/04/15 18:39:25 deraadt Exp $ */ +/* $OpenBSD: cookie.c,v 1.14 2004/05/14 08:42:56 hshoexer Exp $ */ /* $EOM: cookie.c,v 1.21 1999/08/05 15:00:04 niklas Exp $ */ /* @@ -60,13 +60,13 @@ cookie_gen(struct transport *t, struct exchange *exchange, u_int8_t *buf, struct sockaddr *name; hash->Init(hash->ctx); - (*t->vtbl->get_dst) (t, &name); - hash->Update(hash->ctx, (u_int8_t *) name, sysdep_sa_len(name)); - (*t->vtbl->get_src) (t, &name); - hash->Update(hash->ctx, (u_int8_t *) name, sysdep_sa_len(name)); + (*t->vtbl->get_dst)(t, &name); + hash->Update(hash->ctx, (u_int8_t *)name, sysdep_sa_len(name)); + (*t->vtbl->get_src)(t, &name); + hash->Update(hash->ctx, (u_int8_t *)name, sysdep_sa_len(name)); if (exchange->initiator == 0) - hash->Update(hash->ctx, exchange->cookies + ISAKMP_HDR_ICOOKIE_OFF, - ISAKMP_HDR_ICOOKIE_LEN); + hash->Update(hash->ctx, exchange->cookies + + ISAKMP_HDR_ICOOKIE_OFF, ISAKMP_HDR_ICOOKIE_LEN); getrandom(tmpsecret, COOKIE_SECRET_SIZE); hash->Update(hash->ctx, tmpsecret, COOKIE_SECRET_SIZE); hash->Final(hash->digest, hash->ctx); diff --git a/sbin/isakmpd/cookie.h b/sbin/isakmpd/cookie.h index ed5a8ba9768..bfbcc017fbb 100644 --- a/sbin/isakmpd/cookie.h +++ b/sbin/isakmpd/cookie.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cookie.h,v 1.6 2004/04/15 18:39:25 deraadt Exp $ */ +/* $OpenBSD: cookie.h,v 1.7 2004/05/14 08:42:56 hshoexer Exp $ */ /* $EOM: cookie.h,v 1.5 1998/08/05 09:21:43 niklas Exp $ */ /* @@ -38,8 +38,7 @@ struct exchange; struct transport; -extern void -cookie_gen(struct transport *, struct exchange *, u_int8_t *, - size_t); +extern void cookie_gen(struct transport *, struct exchange *, u_int8_t *, + size_t); #endif /* _COOKIE_H_ */ diff --git a/sbin/isakmpd/crypto.c b/sbin/isakmpd/crypto.c index f53f9dfc194..189bfa7d4ee 100644 --- a/sbin/isakmpd/crypto.c +++ b/sbin/isakmpd/crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.c,v 1.20 2004/04/15 18:39:25 deraadt Exp $ */ +/* $OpenBSD: crypto.c,v 1.21 2004/05/14 08:42:56 hshoexer Exp $ */ /* $EOM: crypto.c,v 1.32 2000/03/07 20:08:51 niklas Exp $ */ /* @@ -101,7 +101,7 @@ struct crypto_xf transforms[] = { #endif enum cryptoerr -des1_init(struct keystate * ks, u_int8_t * key, u_int16_t len) +des1_init(struct keystate *ks, u_int8_t *key, u_int16_t len) { /* des_set_key returns -1 for parity problems, and -2 for weak keys */ des_set_odd_parity(DC key); @@ -114,20 +114,20 @@ des1_init(struct keystate * ks, u_int8_t * key, u_int16_t len) } void -des1_encrypt(struct keystate * ks, u_int8_t * d, u_int16_t len) +des1_encrypt(struct keystate *ks, u_int8_t *d, u_int16_t len) { des_cbc_encrypt(DC d, DC d, len, ks->ks_des[0], DC ks->riv, DES_ENCRYPT); } void -des1_decrypt(struct keystate * ks, u_int8_t * d, u_int16_t len) +des1_decrypt(struct keystate *ks, u_int8_t *d, u_int16_t len) { des_cbc_encrypt(DC d, DC d, len, ks->ks_des[0], DC ks->riv, DES_DECRYPT); } #ifdef USE_TRIPLEDES enum cryptoerr -des3_init(struct keystate * ks, u_int8_t * key, u_int16_t len) +des3_init(struct keystate *ks, u_int8_t *key, u_int16_t len) { des_set_odd_parity(DC key); des_set_odd_parity(DC(key + 8)); @@ -142,30 +142,30 @@ des3_init(struct keystate * ks, u_int8_t * key, u_int16_t len) } void -des3_encrypt(struct keystate * ks, u_int8_t * data, u_int16_t len) +des3_encrypt(struct keystate *ks, u_int8_t *data, u_int16_t len) { u_int8_t iv[MAXBLK]; memcpy(iv, ks->riv, ks->xf->blocksize); - des_ede3_cbc_encrypt(DC data, DC data, len, ks->ks_des[0], ks->ks_des[1], - ks->ks_des[2], DC iv, DES_ENCRYPT); + des_ede3_cbc_encrypt(DC data, DC data, len, ks->ks_des[0], + ks->ks_des[1], ks->ks_des[2], DC iv, DES_ENCRYPT); } void -des3_decrypt(struct keystate * ks, u_int8_t * data, u_int16_t len) +des3_decrypt(struct keystate *ks, u_int8_t *data, u_int16_t len) { u_int8_t iv[MAXBLK]; memcpy(iv, ks->riv, ks->xf->blocksize); - des_ede3_cbc_encrypt(DC data, DC data, len, ks->ks_des[0], ks->ks_des[1], - ks->ks_des[2], DC iv, DES_DECRYPT); + des_ede3_cbc_encrypt(DC data, DC data, len, ks->ks_des[0], + ks->ks_des[1], ks->ks_des[2], DC iv, DES_DECRYPT); } #undef DC #endif /* USE_TRIPLEDES */ #ifdef USE_BLOWFISH enum cryptoerr -blf_init(struct keystate * ks, u_int8_t * key, u_int16_t len) +blf_init(struct keystate *ks, u_int8_t *key, u_int16_t len) { blf_key(&ks->ks_blf, key, len); @@ -173,7 +173,7 @@ blf_init(struct keystate * ks, u_int8_t * key, u_int16_t len) } void -blf_encrypt(struct keystate * ks, u_int8_t * data, u_int16_t len) +blf_encrypt(struct keystate *ks, u_int8_t *data, u_int16_t len) { u_int16_t i, blocksize = ks->xf->blocksize; u_int8_t *iv = ks->liv; @@ -193,13 +193,14 @@ blf_encrypt(struct keystate * ks, u_int8_t * data, u_int16_t len) } void -blf_decrypt(struct keystate * ks, u_int8_t * data, u_int16_t len) +blf_decrypt(struct keystate *ks, u_int8_t *data, u_int16_t len) { u_int16_t i, blocksize = ks->xf->blocksize; u_int32_t xl, xr; data += len - blocksize; - for (i = len - blocksize; i >= blocksize; data -= blocksize, i -= blocksize) { + for (i = len - blocksize; i >= blocksize; data -= blocksize, + i -= blocksize) { xl = GET_32BIT_BIG(data); xr = GET_32BIT_BIG(data + 4); Blowfish_decipher(&ks->ks_blf, &xl, &xr); @@ -219,14 +220,14 @@ blf_decrypt(struct keystate * ks, u_int8_t * data, u_int16_t len) #ifdef USE_CAST enum cryptoerr -cast_init(struct keystate * ks, u_int8_t * key, u_int16_t len) +cast_init(struct keystate *ks, u_int8_t *key, u_int16_t len) { cast_setkey(&ks->ks_cast, key, len); return EOKAY; } void -cast1_encrypt(struct keystate * ks, u_int8_t * data, u_int16_t len) +cast1_encrypt(struct keystate *ks, u_int8_t *data, u_int16_t len) { u_int16_t i, blocksize = ks->xf->blocksize; u_int8_t *iv = ks->liv; @@ -241,12 +242,13 @@ cast1_encrypt(struct keystate * ks, u_int8_t * data, u_int16_t len) } void -cast1_decrypt(struct keystate * ks, u_int8_t * data, u_int16_t len) +cast1_decrypt(struct keystate *ks, u_int8_t *data, u_int16_t len) { u_int16_t i, blocksize = ks->xf->blocksize; data += len - blocksize; - for (i = len - blocksize; i >= blocksize; data -= blocksize, i -= blocksize) { + for (i = len - blocksize; i >= blocksize; data -= blocksize, + i -= blocksize) { cast_decrypt(&ks->ks_cast, data, data); XOR64(data, data - blocksize); } @@ -257,7 +259,7 @@ cast1_decrypt(struct keystate * ks, u_int8_t * data, u_int16_t len) #ifdef USE_AES enum cryptoerr -aes_init(struct keystate * ks, u_int8_t * key, u_int16_t len) +aes_init(struct keystate *ks, u_int8_t *key, u_int16_t len) { AES_set_encrypt_key(key, len << 3, &ks->ks_aes[0]); AES_set_decrypt_key(key, len << 3, &ks->ks_aes[1]); @@ -265,7 +267,7 @@ aes_init(struct keystate * ks, u_int8_t * key, u_int16_t len) } void -aes_encrypt(struct keystate * ks, u_int8_t * data, u_int16_t len) +aes_encrypt(struct keystate *ks, u_int8_t *data, u_int16_t len) { u_int8_t iv[MAXBLK]; @@ -274,7 +276,7 @@ aes_encrypt(struct keystate * ks, u_int8_t * data, u_int16_t len) } void -aes_decrypt(struct keystate * ks, u_int8_t * data, u_int16_t len) +aes_decrypt(struct keystate *ks, u_int8_t *data, u_int16_t len) { u_int8_t iv[MAXBLK]; @@ -296,20 +298,21 @@ crypto_get(enum transform id) } struct keystate * -crypto_init(struct crypto_xf * xf, u_int8_t * key, u_int16_t len, - enum cryptoerr * err) +crypto_init(struct crypto_xf *xf, u_int8_t *key, u_int16_t len, + enum cryptoerr *err) { struct keystate *ks; if (len < xf->keymin || len > xf->keymax) { - LOG_DBG((LOG_CRYPTO, 10, "crypto_init: invalid key length %d", len)); + LOG_DBG((LOG_CRYPTO, 10, "crypto_init: invalid key length %d", + len)); *err = EKEYLEN; return 0; } ks = calloc(1, sizeof *ks); if (!ks) { log_error("crypto_init: calloc (1, %lu) failed", - (unsigned long) sizeof *ks); + (unsigned long)sizeof *ks); *err = ENOCRYPTO; return 0; } @@ -324,7 +327,7 @@ crypto_init(struct crypto_xf * xf, u_int8_t * key, u_int16_t len, *err = xf->init(ks, key, len); if (*err != EOKAY) { LOG_DBG((LOG_CRYPTO, 30, "crypto_init: weak key found for %s", - xf->name)); + xf->name)); free(ks); return 0; } @@ -332,7 +335,7 @@ crypto_init(struct crypto_xf * xf, u_int8_t * key, u_int16_t len, } void -crypto_update_iv(struct keystate * ks) +crypto_update_iv(struct keystate *ks) { u_int8_t *tmp; @@ -341,34 +344,34 @@ crypto_update_iv(struct keystate * ks) ks->liv = tmp; LOG_DBG_BUF((LOG_CRYPTO, 50, "crypto_update_iv: updated IV", ks->riv, - ks->xf->blocksize)); + ks->xf->blocksize)); } void -crypto_init_iv(struct keystate * ks, u_int8_t * buf, size_t len) +crypto_init_iv(struct keystate *ks, u_int8_t *buf, size_t len) { memcpy(ks->riv, buf, len); LOG_DBG_BUF((LOG_CRYPTO, 50, "crypto_init_iv: initialized IV", ks->riv, - len)); + len)); } void -crypto_encrypt(struct keystate * ks, u_int8_t * buf, u_int16_t len) +crypto_encrypt(struct keystate *ks, u_int8_t *buf, u_int16_t len) { LOG_DBG_BUF((LOG_CRYPTO, 10, "crypto_encrypt: before encryption", buf, - len)); + len)); ks->xf->encrypt(ks, buf, len); memcpy(ks->liv, buf + len - ks->xf->blocksize, ks->xf->blocksize); LOG_DBG_BUF((LOG_CRYPTO, 30, "crypto_encrypt: after encryption", buf, - len)); + len)); } void -crypto_decrypt(struct keystate * ks, u_int8_t * buf, u_int16_t len) +crypto_decrypt(struct keystate *ks, u_int8_t *buf, u_int16_t len) { LOG_DBG_BUF((LOG_CRYPTO, 10, "crypto_decrypt: before decryption", buf, - len)); + len)); /* * XXX There is controversy about the correctness of updating the IV * like this. @@ -376,19 +379,19 @@ crypto_decrypt(struct keystate * ks, u_int8_t * buf, u_int16_t len) memcpy(ks->liv, buf + len - ks->xf->blocksize, ks->xf->blocksize); ks->xf->decrypt(ks, buf, len); LOG_DBG_BUF((LOG_CRYPTO, 30, "crypto_decrypt: after decryption", buf, - len)); + len)); } /* Make a copy of the keystate pointed to by OKS. */ struct keystate * -crypto_clone_keystate(struct keystate * oks) +crypto_clone_keystate(struct keystate *oks) { struct keystate *ks; ks = malloc(sizeof *ks); if (!ks) { log_error("crypto_clone_keystate: malloc (%lu) failed", - (unsigned long) sizeof *ks); + (unsigned long)sizeof *ks); return 0; } memcpy(ks, oks, sizeof *ks); diff --git a/sbin/isakmpd/crypto.h b/sbin/isakmpd/crypto.h index 7354e03ad2f..1095c7e48c7 100644 --- a/sbin/isakmpd/crypto.h +++ b/sbin/isakmpd/crypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.h,v 1.13 2004/04/15 18:39:25 deraadt Exp $ */ +/* $OpenBSD: crypto.h,v 1.14 2004/05/14 08:42:56 hshoexer Exp $ */ /* $EOM: crypto.h,v 1.12 2000/10/15 21:56:41 niklas Exp $ */ /* @@ -158,18 +158,17 @@ struct crypto_xf { u_int16_t keymin, keymax; /* Possible Keying Bytes */ u_int16_t blocksize; /* Need to keep IV in the state */ struct keystate *state; /* Key information, can also be passed sep. */ - enum cryptoerr (*init) (struct keystate *, u_int8_t *, u_int16_t); - void (*encrypt) (struct keystate *, u_int8_t *, u_int16_t); - void (*decrypt) (struct keystate *, u_int8_t *, u_int16_t); + enum cryptoerr (*init)(struct keystate *, u_int8_t *, u_int16_t); + void (*encrypt)(struct keystate *, u_int8_t *, u_int16_t); + void (*decrypt)(struct keystate *, u_int8_t *, u_int16_t); }; extern struct keystate *crypto_clone_keystate(struct keystate *); extern void crypto_decrypt(struct keystate *, u_int8_t *, u_int16_t); extern void crypto_encrypt(struct keystate *, u_int8_t *, u_int16_t); extern struct crypto_xf *crypto_get(enum transform); -extern struct keystate * -crypto_init(struct crypto_xf *, u_int8_t *, - u_int16_t, enum cryptoerr *); +extern struct keystate *crypto_init(struct crypto_xf *, u_int8_t *, u_int16_t, + enum cryptoerr *); extern void crypto_init_iv(struct keystate *, u_int8_t *, size_t); extern void crypto_update_iv(struct keystate *); diff --git a/sbin/isakmpd/dh.h b/sbin/isakmpd/dh.h index 96c30d2cfd5..afd00ad001d 100644 --- a/sbin/isakmpd/dh.h +++ b/sbin/isakmpd/dh.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dh.h,v 1.6 2004/04/15 18:39:25 deraadt Exp $ */ +/* $OpenBSD: dh.h,v 1.7 2004/05/14 08:42:56 hshoexer Exp $ */ /* $EOM: dh.h,v 1.4 1999/04/17 23:20:24 niklas Exp $ */ /* @@ -36,8 +36,8 @@ struct group; -int dh_getlen(struct group *); -int dh_create_exchange(struct group *, u_int8_t *); -int dh_create_shared(struct group *, u_int8_t *, u_int8_t *); +int dh_getlen(struct group *); +int dh_create_exchange(struct group *, u_int8_t *); +int dh_create_shared(struct group *, u_int8_t *, u_int8_t *); #endif /* _DH_H_ */ diff --git a/sbin/isakmpd/dnssec.c b/sbin/isakmpd/dnssec.c index 9fc4b0c6e09..aed01807af2 100644 --- a/sbin/isakmpd/dnssec.c +++ b/sbin/isakmpd/dnssec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dnssec.c,v 1.18 2004/04/15 18:39:25 deraadt Exp $ */ +/* $OpenBSD: dnssec.c,v 1.19 2004/05/14 08:42:56 hshoexer Exp $ */ /* * Copyright (c) 2001 Håkan Olsson. All rights reserved. @@ -63,8 +63,8 @@ struct dns_rdata_key { unsigned char *data; }; -void * -dns_get_key(int type, struct message * msg, int *keylen) +void * +dns_get_key(int type, struct message *msg, int *keylen) { struct exchange *exchange = msg->exchange; struct rrsetinfo *rr; @@ -114,8 +114,8 @@ dns_get_key(int type, struct message * msg, int *keylen) if (id_len < sizeof ip4) return 0; memcpy(&ip4, id + ISAKMP_ID_DATA_OFF, sizeof ip4); - snprintf(name, sizeof name, "%d.%d.%d.%d.in-addr.arpa.", ip4 >> 24, - (ip4 >> 16) & 0xFF, (ip4 >> 8) & 0xFF, ip4 & 0xFF); + snprintf(name, sizeof name, "%d.%d.%d.%d.in-addr.arpa.", ip4 + >> 24, (ip4 >> 16) & 0xFF, (ip4 >> 8) & 0xFF, ip4 & 0xFF); break; case IPSEC_ID_IPV6_ADDR: @@ -126,7 +126,7 @@ dns_get_key(int type, struct message * msg, int *keylen) case IPSEC_ID_FQDN: if ((id_len + 1) >= sizeof name) return 0; - /* ID is not NULL-terminated. Add trailing dot and terminate. */ + /* ID is not NULL-terminated. Add trailing dot and terminate. */ memcpy(name, id + ISAKMP_ID_DATA_OFF, id_len); *(name + id_len) = '.'; *(name + id_len + 1) = '\0'; @@ -140,7 +140,8 @@ dns_get_key(int type, struct message * msg, int *keylen) if ((id_len + sizeof(DNS_UFQDN_SEPARATOR)) >= sizeof name) return 0; /* Look for the '@' separator. */ - for (umark = id + ISAKMP_ID_DATA_OFF; (umark - id) < id_len; umark++) + for (umark = id + ISAKMP_ID_DATA_OFF; (umark - id) < id_len; + umark++) if (*umark == '@') break; if (*umark != '@') { @@ -164,8 +165,8 @@ dns_get_key(int type, struct message * msg, int *keylen) ret = getrrsetbyname(name, C_IN, T_KEY, 0, &rr); if (ret) { - LOG_DBG((LOG_MISC, 30, "dns_get_key: no DNS responses (error %d)", - ret)); + LOG_DBG((LOG_MISC, 30, "dns_get_key: no DNS responses " + "(error %d)", ret)); return 0; } LOG_DBG((LOG_MISC, 80, @@ -189,7 +190,8 @@ dns_get_key(int type, struct message * msg, int *keylen) /* * Find a key with the wanted algorithm, if any. - * XXX If there are several keys present, we currently only find the first. + * XXX If there are several keys present, we currently only find the + * first. */ for (i = 0; i < rr->rri_nrdatas && key_rr.datalen == 0; i++) { key_rr.flags = ntohs((u_int16_t) * rr->rri_rdatas[i].rdi_data); @@ -197,7 +199,8 @@ dns_get_key(int type, struct message * msg, int *keylen) key_rr.algorithm = *(rr->rri_rdatas[i].rdi_data + 3); if (key_rr.protocol != DNS_KEYPROTO_IPSEC) { - LOG_DBG((LOG_MISC, 50, "dns_get_key: ignored non-IPsec key")); + LOG_DBG((LOG_MISC, 50, "dns_get_key: ignored " + "non-IPsec key")); continue; } if (key_rr.algorithm != algorithm) { @@ -212,13 +215,15 @@ dns_get_key(int type, struct message * msg, int *keylen) continue; } /* This key seems to fit our requirements... */ - key_rr.data = (char *) malloc(key_rr.datalen); + key_rr.data = (char *)malloc(key_rr.datalen); if (!key_rr.data) { - log_error("dns_get_key: malloc (%d) failed", key_rr.datalen); + log_error("dns_get_key: malloc (%d) failed", + key_rr.datalen); freerrset(rr); return 0; } - memcpy(key_rr.data, rr->rri_rdatas[i].rdi_data + 4, key_rr.datalen); + memcpy(key_rr.data, rr->rri_rdatas[i].rdi_data + 4, + key_rr.datalen); *keylen = key_rr.datalen; } @@ -230,11 +235,11 @@ dns_get_key(int type, struct message * msg, int *keylen) } int -dns_RSA_dns_to_x509(u_int8_t * key, int keylen, RSA ** rsa_key) +dns_RSA_dns_to_x509(u_int8_t *key, int keylen, RSA **rsa_key) { - RSA *rsa; - int key_offset; - u_int8_t e_len; + RSA *rsa; + int key_offset; + u_int8_t e_len; if (!key || keylen <= 0) { log_print("dns_RSA_dns_to_x509: invalid public key"); @@ -278,7 +283,7 @@ dns_RSA_dns_to_x509(u_int8_t * key, int keylen, RSA ** rsa_key) #if notyet int -dns_RSA_x509_to_dns(RSA * rsa_key, u_int8_t * key, int *keylen) +dns_RSA_x509_to_dns(RSA *rsa_key, u_int8_t *key, int *keylen) { return 0; } diff --git a/sbin/isakmpd/dnssec.h b/sbin/isakmpd/dnssec.h index 8eb8d384e86..90a78df14a5 100644 --- a/sbin/isakmpd/dnssec.h +++ b/sbin/isakmpd/dnssec.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dnssec.h,v 1.6 2004/04/15 18:39:25 deraadt Exp $ */ +/* $OpenBSD: dnssec.h,v 1.7 2004/05/14 08:42:56 hshoexer Exp $ */ /* * Copyright (c) 2001 Håkan Olsson. All rights reserved. @@ -27,8 +27,8 @@ #include "libcrypto.h" #include "message.h" -void *dns_get_key(int, struct message *, int *); -int dns_RSA_dns_to_x509(u_int8_t *, int, RSA **); +void *dns_get_key(int, struct message *, int *); +int dns_RSA_dns_to_x509(u_int8_t *, int, RSA **); #ifndef DNS_KEYALG_RSA #define DNS_KEYALG_RSA 1 diff --git a/sbin/isakmpd/doi.c b/sbin/isakmpd/doi.c index 8185d9fada1..322173c3345 100644 --- a/sbin/isakmpd/doi.c +++ b/sbin/isakmpd/doi.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doi.c,v 1.7 2004/04/15 18:39:25 deraadt Exp $ */ +/* $OpenBSD: doi.c,v 1.8 2004/05/14 08:42:56 hshoexer Exp $ */ /* $EOM: doi.c,v 1.4 1999/04/02 00:57:36 niklas Exp $ */ /* @@ -38,24 +38,24 @@ static LIST_HEAD(doi_list, doi) doi_tab; - void - doi_init() +void +doi_init() { LIST_INIT(&doi_tab); } -struct doi * +struct doi * doi_lookup(u_int8_t doi_id) { struct doi *doi; for (doi = LIST_FIRST(&doi_tab); doi && doi->id != doi_id; - doi = LIST_NEXT(doi, link)); + doi = LIST_NEXT(doi, link)); return doi; } void -doi_register(struct doi * doi) +doi_register(struct doi *doi) { LIST_INSERT_HEAD(&doi_tab, doi, link); } diff --git a/sbin/isakmpd/doi.h b/sbin/isakmpd/doi.h index adf7ddeef58..f2bcc68b676 100644 --- a/sbin/isakmpd/doi.h +++ b/sbin/isakmpd/doi.h @@ -1,4 +1,4 @@ -/* $OpenBSD: doi.h,v 1.13 2004/04/15 18:39:25 deraadt Exp $ */ +/* $OpenBSD: doi.h,v 1.14 2004/05/14 08:42:56 hshoexer Exp $ */ /* $EOM: doi.h,v 1.29 2000/07/02 18:47:15 provos Exp $ */ /* @@ -57,40 +57,44 @@ struct doi { size_t proto_size; #ifdef USE_DEBUG - int (*debug_attribute) (u_int16_t, u_int8_t *, u_int16_t, void *); + int (*debug_attribute)(u_int16_t, u_int8_t *, u_int16_t, + void *); #endif - void (*delete_spi) (struct sa *, struct proto *, int); - int16_t *(*exchange_script) (u_int8_t); - void (*finalize_exchange) (struct message *); - void (*free_exchange_data) (void *); - void (*free_proto_data) (void *); - void (*free_sa_data) (void *); - struct keystate *(*get_keystate) (struct message *); - u_int8_t *(*get_spi) (size_t *, u_int8_t, struct message *); - int (*handle_leftover_payload) (struct message *, u_int8_t, - struct payload *); - int (*informational_post_hook) (struct message *); - int (*informational_pre_hook) (struct message *); - int (*is_attribute_incompatible) (u_int16_t, u_int8_t *, u_int16_t, void *); - void (*proto_init) (struct proto *, char *); - void (*setup_situation) (u_int8_t *); - size_t(*situation_size) (void); - u_int8_t(*spi_size) (u_int8_t); - int (*validate_attribute) (u_int16_t, u_int8_t *, u_int16_t, void *); - int (*validate_exchange) (u_int8_t); - int (*validate_id_information) (u_int8_t, u_int8_t *, u_int8_t *, size_t, - struct exchange *); - int (*validate_key_information) (u_int8_t *, size_t); - int (*validate_notification) (u_int16_t); - int (*validate_proto) (u_int8_t); - int (*validate_situation) (u_int8_t *, size_t *, size_t); - int (*validate_transform_id) (u_int8_t, u_int8_t); - int (*initiator) (struct message * msg); - int (*responder) (struct message * msg); - char *(*decode_ids) (char *, u_int8_t *, size_t, u_int8_t *, size_t, int); + void (*delete_spi)(struct sa *, struct proto *, int); + int16_t *(*exchange_script)(u_int8_t); + void (*finalize_exchange)(struct message *); + void (*free_exchange_data)(void *); + void (*free_proto_data)(void *); + void (*free_sa_data)(void *); + struct keystate *(*get_keystate)(struct message *); + u_int8_t *(*get_spi)(size_t *, u_int8_t, struct message *); + int (*handle_leftover_payload)(struct message *, u_int8_t, + struct payload *); + int (*informational_post_hook)(struct message *); + int (*informational_pre_hook)(struct message *); + int (*is_attribute_incompatible)(u_int16_t, u_int8_t *, + u_int16_t, void *); + void (*proto_init)(struct proto *, char *); + void (*setup_situation)(u_int8_t *); + size_t (*situation_size)(void); + u_int8_t (*spi_size)(u_int8_t); + int (*validate_attribute)(u_int16_t, u_int8_t *, + u_int16_t, void *); + int (*validate_exchange)(u_int8_t); + int (*validate_id_information)(u_int8_t, u_int8_t *, + u_int8_t *, size_t, struct exchange *); + int (*validate_key_information)(u_int8_t *, size_t); + int (*validate_notification)(u_int16_t); + int (*validate_proto)(u_int8_t); + int (*validate_situation)(u_int8_t *, size_t *, size_t); + int (*validate_transform_id)(u_int8_t, u_int8_t); + int (*initiator)(struct message * msg); + int (*responder)(struct message * msg); + char *(*decode_ids)(char *, u_int8_t *, size_t, u_int8_t *, + size_t, int); }; -extern void doi_init(void); +extern void doi_init(void); extern struct doi *doi_lookup(u_int8_t); extern void doi_register(struct doi *); |