Style issues and commentary

6 files changed, 88 insertions, 80 deletions

diff --git a/sbin/isakmpd/cert.c b/sbin/isakmpd/cert.c
index f11149158e1..4751abb644b 100644
--- a/sbin/isakmpd/cert.c
+++ b/sbin/isakmpd/cert.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cert.c,v 1.17 2001/05/31 20:21:25 angelos Exp $	*/
+/*	$OpenBSD: cert.c,v 1.18 2001/06/05 05:59:42 niklas Exp $	*/
 /*	$EOM: cert.c,v 1.18 2000/09/28 12:53:27 niklas Exp $	*/
 
 /*
@@ -108,7 +108,11 @@ cert_get (u_int16_t id)
   return 0;
 }
 
-/* Decode a CERTREQ and return a parsed structure.  */
+/*
+ * Decode the certificate request of type TYPE contained in DATA extending
+ * DATALEN bytes.  Return a certreq_aca structure which the caller is
+ * responsible for deallocating.
+ */
 struct certreq_aca *
 certreq_decode (u_int16_t type, u_int8_t *data, u_int32_t datalen)
 {
diff --git a/sbin/isakmpd/cert.h b/sbin/isakmpd/cert.h
index accb03db0e3..387432c1e66 100644
--- a/sbin/isakmpd/cert.h
+++ b/sbin/isakmpd/cert.h
@@ -1,9 +1,9 @@
-/*	$OpenBSD: cert.h,v 1.7 2001/05/31 20:20:26 angelos Exp $	*/
+/*	$OpenBSD: cert.h,v 1.8 2001/06/05 05:59:42 niklas Exp $	*/
 /*	$EOM: cert.h,v 1.8 2000/09/28 12:53:27 niklas Exp $	*/
 
 /*
  * Copyright (c) 1998, 1999 Niels Provos.  All rights reserved.
- * Copyright (c) 2000 Niklas Hallqvist.  All rights reserved.
+ * Copyright (c) 2000, 2001 Niklas Hallqvist.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -45,8 +45,8 @@
 /* 
  * CERT handler for each kind of certificate:
  *
- * cert_init - Initialize CERT handler - called only once
- * cert_get  - Get a certificate in internal representation from raw data
+ * cert_init - Initialize CERT handler - called only once.
+ * cert_get  - Get a certificate in internal representation from raw data.
  * cert_validate - validated a certificate, if it returns != 0 we can use it.
  * cert_insert - inserts cert into memory storage, we can retrieve with
  *               cert_obtain.
@@ -77,14 +77,13 @@ struct cert_handler {
   void *(*cert_from_printable) (char *);
 };
 
-/* the acceptable authority of cert request */
-
+/* The acceptable authority of cert request.  */
 struct certreq_aca {
   TAILQ_ENTRY (certreq_aca) link;
 
   u_int16_t id;
   struct cert_handler *handler;
-  void *data;			/* if NULL everything is acceptable */
+  void *data;			/* if NULL everything is acceptable.  */
 };
 
 struct certreq_aca *certreq_decode (u_int16_t, u_int8_t *, u_int32_t);
diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c
index 63cd1e9d19f..cbf6351aa1c 100644
--- a/sbin/isakmpd/exchange.c
+++ b/sbin/isakmpd/exchange.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: exchange.c,v 1.48 2001/06/05 01:29:05 angelos Exp $	*/
+/*	$OpenBSD: exchange.c,v 1.49 2001/06/05 05:59:43 niklas Exp $	*/
 /*	$EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $	*/
 
 /*
@@ -202,7 +202,7 @@ exchange_validate (struct message *msg)
 
   while (*pc != EXCHANGE_SCRIPT_END && *pc != EXCHANGE_SCRIPT_SWITCH)
     {
-      LOG_DBG ((LOG_EXCHANGE, 90, 
+      LOG_DBG ((LOG_EXCHANGE, 90,
 		"exchange_validate: checking for required %s",
 		*pc >= ISAKMP_PAYLOAD_NONE
 		? constant_name (isakmp_payload_cst, *pc)
@@ -317,7 +317,7 @@ exchange_run (struct message *msg)
 	      message_free (msg);
 	      return;
 	    }
-	}      
+	}
       else
 	{
 	  done = exchange_validate (msg);
@@ -348,7 +348,7 @@ exchange_run (struct message *msg)
 		    if ((payload->flags & PL_MARK) == 0)
 		      if (!doi->handle_leftover_payload
 			  || doi->handle_leftover_payload (msg, i, payload))
-			LOG_DBG ((LOG_EXCHANGE, 10, 
+			LOG_DBG ((LOG_EXCHANGE, 10,
 				  "exchange_run: unexpected payload %s",
 				  constant_name (isakmp_payload_cst, i)));
 
@@ -378,7 +378,7 @@ exchange_run (struct message *msg)
 	    }
 	}
 
-      LOG_DBG ((LOG_EXCHANGE, 40, 
+      LOG_DBG ((LOG_EXCHANGE, 40,
 		"exchange_run: exchange %p finished step %d, advancing...",
 		exchange, exchange->step));
       exchange->step++;
@@ -402,7 +402,7 @@ exchange_init ()
     {
       LIST_INIT (&exchange_tab[i]);
     }
- 
+
 }
 
 void
@@ -460,7 +460,7 @@ exchange_lookup_by_name (char *name, int phase)
 		  exchange->name ? exchange->name : "<unnamed>", phase,
 		  exchange->phase));
 
-	/* 
+	/*
 	 * Match by name, but don't select finished exchanges, i.e
 	 * where MSG_LAST are set in last_sent msg.
 	 */
@@ -499,7 +499,7 @@ exchange_lookup_active (char *name, int phase)
 	    if (exchange->step > 1)
 	      return exchange;
 	    else
-	      LOG_DBG ((LOG_EXCHANGE, 80, 
+	      LOG_DBG ((LOG_EXCHANGE, 80,
 			"exchange_lookup_active: avoided early (pre-step 1) "
 			"exchange %p", exchange));
 	  }
@@ -864,7 +864,7 @@ exchange_establish_p2 (struct sa *isakmp_sa, u_int8_t type, char *name,
 	  log_print ("exchange_establish_p2: DOI \"%s\" unsupported", str);
 	  return;
 	}
-      
+
       /* What exchange type do we want?  */
       if (!type)
 	{
@@ -913,9 +913,9 @@ exchange_establish_p2 (struct sa *isakmp_sa, u_int8_t type, char *name,
   exchange_enter (exchange);
   exchange_dump ("exchange_establish_p2", exchange);
 
-  /* 
-   * Do not create SA's for informational exchanges. 
-   * XXX How to handle new group mode? 
+  /*
+   * Do not create SA's for informational exchanges.
+   * XXX How to handle new group mode?
    */
   if (exchange->type != ISAKMP_EXCH_INFO)
     {
@@ -931,7 +931,7 @@ exchange_establish_p2 (struct sa *isakmp_sa, u_int8_t type, char *name,
   msg = message_alloc (isakmp_sa->transport, 0, ISAKMP_HDR_SZ);
   msg->isakmp_sa = isakmp_sa;
   sa_reference (isakmp_sa);
-  
+
   msg->extra = args;
 
   /* This needs to be done late or else get_keystate won't work right.  */
@@ -1087,16 +1087,16 @@ exchange_dump_real (char *header, struct exchange *exchange, int class,
 {
   char buf[LOG_SIZE];
   /* Don't risk overflowing the final log buffer.  */
-  int bufsize_max = LOG_SIZE - strlen (header) - 32; 
+  int bufsize_max = LOG_SIZE - strlen (header) - 32;
   struct sa *sa;
 
-  LOG_DBG ((class, level, 
+  LOG_DBG ((class, level,
 	    "%s: %p %s %s policy %s phase %d doi %d exchange %d step %d",
 	    header, exchange, exchange->name ? exchange->name : "<unnamed>",
 	    exchange->policy ? exchange->policy : "<no policy>",
 	    exchange->initiator ? "initiator" : "responder", exchange->phase,
 	    exchange->doi->id, exchange->type, exchange->step));
-  LOG_DBG ((class, level, 
+  LOG_DBG ((class, level,
 	    "%s: icookie %08x%08x rcookie %08x%08x", header,
 	    decode_32 (exchange->cookies), decode_32 (exchange->cookies + 4),
 	    decode_32 (exchange->cookies + 8),
@@ -1106,7 +1106,7 @@ exchange_dump_real (char *header, struct exchange *exchange, int class,
   if (exchange->phase == 2)
     {
       sprintf (buf, "sa_list ");
-      for (sa = TAILQ_FIRST (&exchange->sa_list); 
+      for (sa = TAILQ_FIRST (&exchange->sa_list);
 	   sa && strlen (buf) < bufsize_max; sa = TAILQ_NEXT (sa, next))
 	sprintf (buf + strlen (buf), "%p ", sa);
       if (sa)
@@ -1115,7 +1115,7 @@ exchange_dump_real (char *header, struct exchange *exchange, int class,
   else
     buf[0] = '\0';
 
-  LOG_DBG ((class, level, "%s: msgid %08x %s", header, 
+  LOG_DBG ((class, level, "%s: msgid %08x %s", header,
 	    decode_32 (exchange->message_id), buf));
 }
 
@@ -1149,7 +1149,7 @@ exchange_free_aux (void *v_exch)
   struct sa *sa, *next_sa;
   struct cert_handler *handler;
 
-  LOG_DBG ((LOG_EXCHANGE, 80, "exchange_free_aux: freeing exchange %p", 
+  LOG_DBG ((LOG_EXCHANGE, 80, "exchange_free_aux: freeing exchange %p",
 	    exchange));
 
   if (exchange->last_received)
@@ -1248,12 +1248,12 @@ exchange_check_old_sa (struct sa *sa, void *v_arg)
   struct sa *new_sa = v_arg;
   char res1[1024];
 
-  if (sa == new_sa || !sa->name || !(sa->flags & SA_FLAG_READY) || 
-      (sa->flags & SA_FLAG_REPLACED))
+  if (sa == new_sa || !sa->name || !(sa->flags & SA_FLAG_READY)
+      || (sa->flags & SA_FLAG_REPLACED))
     return 0;
 
-  if (sa->phase != new_sa->phase || new_sa->name == NULL ||
-      strcasecmp (sa->name, new_sa->name))
+  if (sa->phase != new_sa->phase || new_sa->name == NULL
+      || strcasecmp (sa->name, new_sa->name))
     return 0;
 
   if (sa->initiator)
@@ -1264,18 +1264,15 @@ exchange_check_old_sa (struct sa *sa, void *v_arg)
 				     sa->id_i_len, 0), sizeof res1);
 
   LOG_DBG ((LOG_EXCHANGE, 30,
-	    "checking whether new SA replaces existing SA with IDs %s",
-	    res1));
+	    "checking whether new SA replaces existing SA with IDs %s", res1));
 
   if (new_sa->initiator)
     return strcasecmp (res1, ipsec_decode_ids ("%s %s", new_sa->id_i,
-					       new_sa->id_i_len,
-					       new_sa->id_r,
+					       new_sa->id_i_len, new_sa->id_r,
 					       new_sa->id_r_len, 0)) == 0;
   else
     return strcasecmp (res1, ipsec_decode_ids ("%s %s", new_sa->id_r,
-					       new_sa->id_r_len,
-					       new_sa->id_i,
+					       new_sa->id_r_len, new_sa->id_i,
 					       new_sa->id_i_len, 0)) == 0;
 }
 
@@ -1396,7 +1393,8 @@ exchange_finalize (struct message *msg)
 					   0),
 		msg->isakmp_sa == NULL || msg->isakmp_sa->transport == NULL
 		? "<no transport>"
-		: msg->isakmp_sa->transport->vtbl->decode_ids (msg->isakmp_sa->transport)));
+		: msg->isakmp_sa->transport->vtbl->decode_ids (msg->isakmp_sa
+							       ->transport)));
     }
 
   exchange->doi->finalize_exchange (msg);
@@ -1404,10 +1402,10 @@ exchange_finalize (struct message *msg)
     exchange->finalize (exchange, exchange->finalize_arg, 0);
   exchange->finalize = 0;
 
-  /* copy the ID from phase 1 to exchange or phase 2 SA */
-  if (msg->isakmp_sa) 
+  /* Copy the ID from phase 1 to exchange or phase 2 SA.  */
+  if (msg->isakmp_sa)
     {
-      if (exchange->id_i && exchange->id_r) 
+      if (exchange->id_i && exchange->id_r)
 	{
 	  ipsec_clone_id (&msg->isakmp_sa->id_i, &msg->isakmp_sa->id_i_len,
 			  exchange->id_i, exchange->id_i_len);
@@ -1520,25 +1518,23 @@ exchange_save_certreq (struct message *msg)
 {
   struct payload *cp = TAILQ_FIRST (&msg->payload[ISAKMP_PAYLOAD_CERT_REQ]);
   struct exchange *exchange = msg->exchange;
-  struct certreq_aca *tmp;
+  struct certreq_aca *aca;
 
   for ( ; cp; cp = TAILQ_NEXT (cp, link))
     {
       cp->flags |= PL_MARK;
-      tmp = certreq_decode (GET_ISAKMP_CERTREQ_TYPE (cp->p),
+      aca = certreq_decode (GET_ISAKMP_CERTREQ_TYPE (cp->p),
 			    cp->p + ISAKMP_CERTREQ_AUTHORITY_OFF,
-			    GET_ISAKMP_GEN_LENGTH (cp->p) - 
+			    GET_ISAKMP_GEN_LENGTH (cp->p) -
 			    ISAKMP_CERTREQ_AUTHORITY_OFF);
-      if (!tmp)
-	continue;
-      TAILQ_INSERT_TAIL (&exchange->aca_list, tmp, link);
+      if (aca)
+	TAILQ_INSERT_TAIL (&exchange->aca_list, aca, link);
     }
 
   return 0;
 }
 
-/* Free the list of pending CERTREQ */
-
+/* Free the list of pending CERTREQ.  */
 void
 exchange_free_aca_list (struct exchange *exchange)
 {
@@ -1572,10 +1568,10 @@ exchange_add_certs (struct message *msg)
   id = exchange->initiator ? exchange->id_r : exchange->id_i;
   id_len = exchange->initiator ? exchange->id_r_len : exchange->id_i_len;
 
-  for (aca = TAILQ_FIRST (&exchange->aca_list); aca; 
+  for (aca = TAILQ_FIRST (&exchange->aca_list); aca;
        aca = TAILQ_NEXT (aca, link))
     {
-      /* XXX? If we can not satisfy a CERTREQ we drop the message */
+      /* XXX? If we can not satisfy a CERTREQ we drop the message.  */
       if (!aca->handler->cert_obtain (id, id_len, aca->data, &cert, &certlen))
 	{
 	  log_print ("exchange_add_certs: could not obtain cert for a type %d "
@@ -1599,7 +1595,7 @@ exchange_add_certs (struct message *msg)
 	}
     }
 
-  /* We dont need the CERT REQs any more, they are anwsered */
+  /* We dont need the CERT REQs any more, they are answered.  */
   exchange_free_aca_list (exchange);
 
   return 0;
diff --git a/sbin/isakmpd/exchange.h b/sbin/isakmpd/exchange.h
index 6c3efe9ddf3..faae678c901 100644
--- a/sbin/isakmpd/exchange.h
+++ b/sbin/isakmpd/exchange.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: exchange.h,v 1.19 2001/05/31 20:23:52 angelos Exp $	*/
+/*	$OpenBSD: exchange.h,v 1.20 2001/06/05 05:59:43 niklas Exp $	*/
 /*	$EOM: exchange.h,v 1.28 2000/09/28 12:54:28 niklas Exp $	*/
 
 /*
@@ -145,7 +145,7 @@ struct exchange {
   u_int8_t *id_r;
   size_t id_r_len;
 
-  /* Policy session identifier, where applicable */
+  /* Policy session identifier, where applicable.  */
   int policy_id;
 
   /* Crypto info needed to encrypt/decrypt packets in this exchange.  */
@@ -191,12 +191,12 @@ struct exchange {
   void *sent_cert; /* Certificate (to be) sent to peer, native format */
   void *sent_key; /* Key we'll use to authenticate to peer, native format */
 
-  /* ACQUIRE sequence number */
+  /* ACQUIRE sequence number.  */
   u_int32_t seq;
 
   /* XXX This is no longer necessary, it is covered by policy.  */
 
-  /* Acceptable authorities for cert requests */
+  /* Acceptable authorities for cert requests.  */
   TAILQ_HEAD (aca_head, certreq_aca) aca_list;
 
   /* DOI-specific opaque data.  */
diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c
index 6dea4606ba2..04ea1a1957b 100644
--- a/sbin/isakmpd/ike_auth.c
+++ b/sbin/isakmpd/ike_auth.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ike_auth.c,v 1.42 2001/06/05 05:08:26 angelos Exp $	*/
+/*	$OpenBSD: ike_auth.c,v 1.43 2001/06/05 05:59:42 niklas Exp $	*/
 /*	$EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $	*/
 
 /*
@@ -386,8 +386,8 @@ pre_shared_gen_skeyid (struct exchange *exchange, size_t *sz)
   if (buf)
     free (buf);
 
-  /* Fail if no key could be found */
-  if (key == NULL) 
+  /* Fail if no key could be found.  */
+  if (!key)
     return 0;
 
   /* Store the secret key for later policy processing.  */
@@ -611,7 +611,7 @@ rsa_sig_decode_hash (struct message *msg)
     }
 #endif /* USE_POLICY || USE_KEYNOTE */
 
-  /* Obtain a certificate from our certificate storage */
+  /* Obtain a certificate from our certificate storage.  */
   if (handler->cert_obtain (id, id_len, 0, &rawcert, &rawcertlen))
     {
       if (handler->id == ISAKMP_CERTENC_X509_SIG)
@@ -667,7 +667,7 @@ rsa_sig_decode_hash (struct message *msg)
 				     GET_ISAKMP_CERT_ENCODING (p->p))));
 	  continue;
 	}
-  
+
       cert = handler->cert_get (p->p + ISAKMP_CERT_DATA_OFF,
 				GET_ISAKMP_GEN_LENGTH (p->p)
 				- ISAKMP_CERT_DATA_OFF);
@@ -764,15 +764,15 @@ rsa_sig_decode_hash (struct message *msg)
       found++;
     }
 
-  /* If no certificate provided a key, try to find a validated DNSSEC KEY. */
 #if defined(USE_DNSSEC)
+  /* If no certificate provided a key, try to find a validated DNSSEC KEY.  */
   if (!found)
     {
       rawkey = dns_get_key (IKE_AUTH_RSA_SIG, msg, &rawkeylen);
       if (rawkey)
 	found++;
-      
-      /* We need to convert 'void *rawkey' into 'RSA *key'. */
+
+      /* We need to convert 'void *rawkey' into 'RSA *key'.  */
       if (dns_RSA_dns_to_x509 (rawkey, rawkeylen, &key) == -1)
 	{
 	  log_print ("rsa_sig_decode_hash: KEY to RSA key conversion failed");
@@ -858,10 +858,10 @@ pre_shared_encode_hash (struct message *msg)
   buf = ipsec_add_hash_payload (msg, hashsize);
   if (!buf)
     return -1;
-    
+
   if (ike_auth_hash (exchange, buf + ISAKMP_HASH_DATA_OFF) == -1)
     return -1;
-    
+
   snprintf (header, 80, "pre_shared_encode_hash: HASH_%c",
 	    initiator ? 'I' : 'R');
   LOG_DBG_BUF ((LOG_MISC, 80, header, buf + ISAKMP_HASH_DATA_OFF, hashsize));
@@ -1019,7 +1019,7 @@ rsa_sig_encode_hash (struct message *msg)
 	      id_len - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ);
       break;
 
-      /* XXX Support more ID types ? */
+      /* XXX Support more ID types?  */
     default:
       buf2 = NULL;
       break;
@@ -1076,7 +1076,7 @@ rsa_sig_encode_hash (struct message *msg)
       free (buf);
       return -1;
     }
-    
+
   snprintf (header, 80, "rsa_sig_encode_hash: HASH_%c", initiator ? 'I' : 'R');
   LOG_DBG_BUF ((LOG_MISC, 80, header, buf, hashsize));
 
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index b953df6295d..43a66cfe533 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509.c,v 1.51 2001/05/31 20:20:59 angelos Exp $	*/
+/*	$OpenBSD: x509.c,v 1.52 2001/06/05 05:59:43 niklas Exp $	*/
 /*	$EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $	*/
 
 /*
@@ -1029,7 +1029,7 @@ x509_certreq_decode (u_int8_t *asn, u_int32_t len)
   if (!asn_template_clone (&aca, 1)
       || (asn = asn_decode_sequence (asn, len, &aca)) == 0)
     {
-      log_print ("x509_certreq_validate: can not decode 'acceptable CA' info");
+      log_print ("x509_certreq_decode: can not decode 'acceptable CA' info");
       goto fail;
     }
   memset (&naca, 0, sizeof (naca));
@@ -1138,8 +1138,17 @@ x509_cert_obtain (u_int8_t *id, size_t id_len, void *data, u_int8_t **cert,
   if (!scert)
     return 0;
 
+  *certlen = LC (i2d_X509, (scert, NULL));
+  p = *cert = malloc (*certlen);
+  if (!p)
+    {
+      log_error ("x509_cert_obtain: malloc (%d) failed", *certlen);
+      return 0;
+    }
+  *certlen = LC (i2d_X509, (scert, &p));
+
   x509_serialize (scert, cert, certlen);
-  if (*cert == NULL)
+  if (!*cert)
     return 0;
   return 1;
 }
@@ -1373,15 +1382,15 @@ x509_printable (void *cert)
   int i;
 
   x509_serialize (cert, &data, &datalen);
-  if (data == NULL)
-    return NULL;
+  if (!data)
+    return 0;
 
   s = malloc (datalen * 2);
-  if (s == NULL)
+  if (!s)
     {
       free (data);
       log_error ("x509_printable: malloc (%d) failed", datalen * 2);
-      return NULL;
+      return 0;
     }
 
   for (i = 0; i < datalen; i++)
@@ -1400,10 +1409,10 @@ x509_from_printable (char *cert)
 
   plen = (strlen (cert) + 1) / 2;
   buf = malloc (plen);
-  if (buf == NULL)
+  if (!buf)
     {
       log_error ("x509_from_printable: malloc (%d) failed", plen);
-      return NULL;
+      return 0;
     }
 
   ret = hex2raw (cert, buf, plen);
@@ -1411,12 +1420,12 @@ x509_from_printable (char *cert)
     {
       free (buf);
       log_error ("x509_from_printable: badly formatted cert");
-      return NULL;
+      return 0;
     }
 
   foo = x509_cert_get (buf, plen);
   free (buf);
-  if (foo == NULL)
+  if (!foo)
     log_error ("x509_from_printable: could not retrieve certificate");
   return foo;
 }