summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
diff options
context:
space:
mode:
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r--sbin/isakmpd/cert.h6
-rw-r--r--sbin/isakmpd/conf.c40
-rw-r--r--sbin/isakmpd/connection.c10
-rw-r--r--sbin/isakmpd/exchange.c19
-rw-r--r--sbin/isakmpd/ike_auth.c98
-rw-r--r--sbin/isakmpd/key.c25
-rw-r--r--sbin/isakmpd/pf_key_v2.c163
-rw-r--r--sbin/isakmpd/policy.c10
-rw-r--r--sbin/isakmpd/sa.c37
-rw-r--r--sbin/isakmpd/x509.c4
10 files changed, 206 insertions, 206 deletions
diff --git a/sbin/isakmpd/cert.h b/sbin/isakmpd/cert.h
index 387432c1e66..df4db49cb19 100644
--- a/sbin/isakmpd/cert.h
+++ b/sbin/isakmpd/cert.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: cert.h,v 1.8 2001/06/05 05:59:42 niklas Exp $ */
+/* $OpenBSD: cert.h,v 1.9 2001/07/01 19:48:42 niklas Exp $ */
/* $EOM: cert.h,v 1.8 2000/09/28 12:53:27 niklas Exp $ */
/*
@@ -83,7 +83,9 @@ struct certreq_aca {
u_int16_t id;
struct cert_handler *handler;
- void *data; /* if NULL everything is acceptable. */
+
+ /* If data is a null pointer, everything is acceptable. */
+ void *data;
};
struct certreq_aca *certreq_decode (u_int16_t, u_int8_t *, u_int32_t);
diff --git a/sbin/isakmpd/conf.c b/sbin/isakmpd/conf.c
index 840afa2286d..5fb00e3424b 100644
--- a/sbin/isakmpd/conf.c
+++ b/sbin/isakmpd/conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf.c,v 1.31 2001/06/29 19:42:16 niklas Exp $ */
+/* $OpenBSD: conf.c,v 1.32 2001/07/01 19:48:43 niklas Exp $ */
/* $EOM: conf.c,v 1.48 2000/12/04 02:04:29 angelos Exp $ */
/*
@@ -319,23 +319,23 @@ conf_parse (int trans, char *buf, size_t sz)
* XXX No EC2N DH support here yet.
*/
-/* Find the value for a section+tag in the transaction list */
+/* Find the value for a section+tag in the transaction list. */
char *
conf_get_trans_str (int trans, char *section, char *tag)
{
struct conf_trans *node, *nf = 0;
-
+
for (node = TAILQ_FIRST (&conf_trans_queue); node;
node = TAILQ_NEXT (node, link))
- if (node->trans == trans && strcmp (section, node->section) == 0 &&
- strcmp (tag, node->tag) == 0)
+ if (node->trans == trans && strcmp (section, node->section) == 0
+ && strcmp (tag, node->tag) == 0)
{
if (!nf)
nf = node;
else if (node->override)
nf = node;
}
- return nf ? nf->value : NULL;
+ return nf ? nf->value : 0;
}
int
@@ -366,19 +366,19 @@ conf_load_defaults (int tr)
int enc, auth, hash, proto, mode, pfs;
char sect[256], *dflt;
- char *mm_auth[] = { "PRE_SHARED", "DSS", "RSA_SIG", NULL };
- char *mm_hash[] = { "MD5", "SHA", NULL };
+ char *mm_auth[] = { "PRE_SHARED", "DSS", "RSA_SIG", 0 };
+ char *mm_hash[] = { "MD5", "SHA", 0 };
char *mm_enc[] = { "DES_CBC", "BLOWFISH_CBC", "3DES_CBC",
- "CAST_CBC", NULL };
- char *dh_group[] = { "MODP_768", "MODP_1024", "MODP_1536", NULL };
- char *qm_enc[] = { "DES", "3DES", "CAST", "BLOWFISH", "AES", NULL };
- char *qm_hash[] = { "HMAC_MD5", "HMAC_SHA", "HMAC_RIPEMD", "NONE", NULL };
+ "CAST_CBC", 0 };
+ char *dh_group[] = { "MODP_768", "MODP_1024", "MODP_1536", 0 };
+ char *qm_enc[] = { "DES", "3DES", "CAST", "BLOWFISH", "AES", 0 };
+ char *qm_hash[] = { "HMAC_MD5", "HMAC_SHA", "HMAC_RIPEMD", "NONE", 0 };
/* Abbreviations to make section names a bit shorter. */
- char *mm_auth_p[] = { "", "-DSS", "-RSA_SIG", NULL };
- char *mm_enc_p[] = { "DES", "BLF", "3DES", "CAST", NULL };
- char *qm_enc_p[] = { "-DES", "-3DES", "-CAST", "-BLF", "-AES", NULL };
- char *qm_hash_p[] = { "-MD5", "-SHA", "-RIPEMD", "", NULL };
+ char *mm_auth_p[] = { "", "-DSS", "-RSA_SIG", 0 };
+ char *mm_enc_p[] = { "DES", "BLF", "3DES", "CAST", 0 };
+ char *qm_enc_p[] = { "-DES", "-3DES", "-CAST", "-BLF", "-AES", 0 };
+ char *qm_hash_p[] = { "-MD5", "-SHA", "-RIPEMD", "", 0 };
/* Helper #defines, incl abbreviations. */
#define PROTO(x) ((x) ? "AH" : "ESP")
@@ -1065,7 +1065,7 @@ conf_report_dump (struct dumper *node)
void
conf_report (void)
{
- struct conf_binding *cb, *last = NULL;
+ struct conf_binding *cb, *last = 0;
int i;
char *current_section = (char *)0;
struct dumper *dumper, *dnode;
@@ -1082,7 +1082,7 @@ conf_report (void)
{
if (!cb->is_default)
{
- /* Dump this entry */
+ /* Dump this entry. */
if (!current_section || strcmp (cb->section, current_section))
{
if (current_section)
@@ -1130,8 +1130,8 @@ conf_report (void)
return;
mem_fail:
- LOG_DBG ((LOG_REPORT, 0, "conf_report: memory allocation failure."));
- while ((dnode = dumper) != NULL)
+ log_error ("conf_report: malloc/calloc failed");
+ while ((dnode = dumper) != 0)
{
dumper = dumper->next;
if (dnode->s)
diff --git a/sbin/isakmpd/connection.c b/sbin/isakmpd/connection.c
index 26cb5127ce3..bee8aa03a54 100644
--- a/sbin/isakmpd/connection.c
+++ b/sbin/isakmpd/connection.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: connection.c,v 1.18 2001/06/27 03:31:40 angelos Exp $ */
+/* $OpenBSD: connection.c,v 1.19 2001/07/01 19:48:43 niklas Exp $ */
/* $EOM: connection.c,v 1.28 2000/11/23 12:21:18 niklas Exp $ */
/*
@@ -179,7 +179,7 @@ connection_lookup (char *name)
int
connection_exist (char *name)
{
- return (connection_lookup (name) != NULL);
+ return (connection_lookup (name) != 0);
}
/* Find the passive connection named NAME. */
@@ -221,7 +221,7 @@ connection_passive_lookup_by_ids (u_int8_t *id1, u_int8_t *id2)
for (conn = TAILQ_FIRST (&connections_passive); conn;
conn = TAILQ_NEXT (conn, link))
{
- if (conn->remote_id == NULL)
+ if (!conn->remote_id)
continue;
/*
@@ -246,7 +246,7 @@ connection_passive_lookup_by_ids (u_int8_t *id1, u_int8_t *id2)
for (conn = TAILQ_FIRST (&connections_passive); conn;
conn = TAILQ_NEXT (conn, link))
{
- if (conn->remote_id != NULL)
+ if (!conn->remote_id)
continue;
if (compare_ids (id1, conn->local_id, conn->local_sz) == 0
@@ -371,7 +371,7 @@ connection_record_passive (char *name)
goto fail;
}
else
- conn->remote_id = NULL;
+ conn->remote_id = 0;
TAILQ_INSERT_TAIL (&connections_passive, conn, link);
diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c
index da51c9a1833..b9ec5470f44 100644
--- a/sbin/isakmpd/exchange.c
+++ b/sbin/isakmpd/exchange.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: exchange.c,v 1.55 2001/07/01 06:03:34 angelos Exp $ */
+/* $OpenBSD: exchange.c,v 1.56 2001/07/01 19:48:43 niklas Exp $ */
/* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */
/*
@@ -794,7 +794,7 @@ exchange_establish_p1 (struct transport *t, u_int8_t type, u_int32_t doi,
}
exchange->policy = name ? conf_get_str (name, "Configuration") : 0;
- if ((exchange->policy == NULL) && name)
+ if (!exchange->policy && name)
exchange->policy = conf_get_str ("Phase 1", "Default");
exchange->finalize = finalize;
@@ -1258,7 +1258,7 @@ exchange_check_old_sa (struct sa *sa, void *v_arg)
|| (sa->flags & SA_FLAG_REPLACED))
return 0;
- if (sa->phase != new_sa->phase || new_sa->name == NULL
+ if (sa->phase != new_sa->phase || new_sa->name == 0
|| strcasecmp (sa->name, new_sa->name))
return 0;
@@ -1366,11 +1366,12 @@ exchange_finalize (struct message *msg)
msg->isakmp_sa->recv_key = exchange->recv_key;
msg->isakmp_sa->sent_key = exchange->sent_key;
msg->isakmp_sa->keynote_key = exchange->keynote_key;
- exchange->recv_key = NULL; /* Reset */
- exchange->sent_key = NULL; /* Reset */
- exchange->keynote_key = NULL; /* Reset */
+ /* Reset. */
+ exchange->recv_key = 0;
+ exchange->sent_key = 0;
+ exchange->keynote_key = 0;
+ exchange->policy_id = -1;
msg->isakmp_sa->policy_id = exchange->policy_id;
- exchange->policy_id = -1; /* Reset */
msg->isakmp_sa->id_i_len = exchange->id_i_len;
msg->isakmp_sa->id_r_len = exchange->id_r_len;
msg->isakmp_sa->initiator = exchange->initiator;
@@ -1393,12 +1394,12 @@ exchange_finalize (struct message *msg)
LOG_DBG ((LOG_EXCHANGE, 10,
"exchange_finalize: phase 1 done: %s, %s",
- exchange->doi == NULL ? "<no doi>" :
+ !exchange->doi ? "<no doi>" :
exchange->doi->decode_ids ("initiator id %s, responder id %s",
exchange->id_i, exchange->id_i_len,
exchange->id_r, exchange->id_r_len,
0),
- msg->isakmp_sa == NULL || msg->isakmp_sa->transport == NULL
+ !msg->isakmp_sa || !msg->isakmp_sa->transport
? "<no transport>"
: msg->isakmp_sa->transport->vtbl->decode_ids (msg->isakmp_sa
->transport)));
diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c
index c8a5913959c..3f8a45737e3 100644
--- a/sbin/isakmpd/ike_auth.c
+++ b/sbin/isakmpd/ike_auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_auth.c,v 1.51 2001/06/29 19:55:36 angelos Exp $ */
+/* $OpenBSD: ike_auth.c,v 1.52 2001/07/01 19:48:43 niklas Exp $ */
/* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */
/*
@@ -193,22 +193,22 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen)
return 0;
#endif
#if defined(USE_KEYNOTE)
- if ((local_id) &&
- ((keyfile = conf_get_str ("KeyNote",
- "Credential-directory")) != NULL))
+ if (local_id &&
+ (keyfile = conf_get_str ("KeyNote", "Credential-directory")) != 0)
{
struct stat sb;
struct keynote_deckey dc;
char *privkeyfile, *buf2;
int fd;
- privkeyfile = calloc (strlen (keyfile) + strlen (local_id) +
- strlen (PRIVATE_KEY_FILE) + 3, sizeof (char));
- if (privkeyfile == NULL)
+ privkeyfile = calloc (strlen (keyfile) + strlen (local_id)
+ + sizeof PRIVATE_KEY_FILE + sizeof "//" - 1,
+ sizeof (char));
+ if (!privkeyfile)
{
log_print ("ike_auth_get_key: failed to allocate %d bytes",
- strlen (keyfile) + strlen (local_id) +
- strlen (PRIVATE_KEY_FILE) + 3);
+ strlen (keyfile) + strlen (local_id)
+ + sizeof PRIVATE_KEY_FILE + sizeof "//" - 1);
return 0;
}
@@ -231,7 +231,7 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen)
}
buf = calloc (sb.st_size + 1, sizeof (char));
- if (buf == NULL)
+ if (!buf)
{
log_print ("ike_auth_get_key: failed allocating %d bytes",
sb.st_size + 1);
@@ -285,10 +285,11 @@ ike_auth_get_key (int type, char *id, char *local_id, size_t *keylen)
/* Otherwise, try X.509 */
keyfile = conf_get_str ("X509-certificates", "Private-key");
- if (check_file_secrecy (keyfile, NULL))
+ if (check_file_secrecy (keyfile, 0))
return 0;
- if ((keyh = LC (BIO_new, (LC (BIO_s_file, ())))) == NULL)
+ keyh = LC (BIO_new, (LC (BIO_s_file, ())));
+ if (keyh == NULL)
{
log_print ("ike_auth_get_key: "
"BIO_new (BIO_s_file ()) failed");
@@ -348,21 +349,19 @@ pre_shared_gen_skeyid (struct exchange *exchange, size_t *sz)
switch (exchange->id_i[0])
{
case IPSEC_ID_IPV4_ADDR:
- util_ntoa ((char **)&buf, AF_INET, exchange->id_i +
- ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ);
- if (!buf)
- return 0;
- break;
case IPSEC_ID_IPV6_ADDR:
- util_ntoa ((char **)&buf, AF_INET6, exchange->id_i +
- ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ);
+ util_ntoa ((char **)&buf,
+ exchange->id_i[0] == IPSEC_ID_IPV4_ADDR
+ ? AF_INET : AF_INET6,
+ exchange->id_i + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ);
if (!buf)
return 0;
+ break;
case IPSEC_ID_FQDN:
case IPSEC_ID_USER_FQDN:
- buf = calloc (exchange->id_i_len - ISAKMP_ID_DATA_OFF +
- ISAKMP_GEN_SZ + 1, sizeof (char));
+ buf = calloc (exchange->id_i_len - ISAKMP_ID_DATA_OFF
+ + ISAKMP_GEN_SZ + 1, sizeof (char));
if (!buf)
{
log_print ("pre_shared_gen_skeyid: malloc (%d) failed",
@@ -567,7 +566,7 @@ rsa_sig_decode_hash (struct message *msg)
struct ipsec_exch *ie = exchange->data;
struct payload *p;
void *cert = 0;
- u_int8_t *rawcert = NULL;
+ u_int8_t *rawcert = 0;
u_int32_t rawcertlen;
RSA *key = 0;
size_t hashsize = ie->hash->hashsize;
@@ -579,7 +578,7 @@ rsa_sig_decode_hash (struct message *msg)
size_t id_len;
int found = 0, n, i, id_found;
#if defined(USE_DNSSEC)
- u_int8_t *rawkey = NULL;
+ u_int8_t *rawkey = 0;
u_int32_t rawkeylen;
#endif
@@ -605,9 +604,8 @@ rsa_sig_decode_hash (struct message *msg)
handler = cert_get (GET_ISAKMP_CERT_ENCODING (p->p));
if (!handler)
{
- log_print ("rsa_sig_decode_hash: "
- "cert_get (%d) failed", p != NULL
- ? GET_ISAKMP_CERT_ENCODING (p->p) : -1);
+ log_print ("rsa_sig_decode_hash: cert_get (%d) failed",
+ p ? GET_ISAKMP_CERT_ENCODING (p->p) : -1);
return -1;
}
@@ -760,15 +758,14 @@ rsa_sig_decode_hash (struct message *msg)
return -1;
}
- exchange->keynote_key = calloc (strlen (pp) +
- strlen ("rsa-hex:") + 1,
+ exchange->keynote_key = calloc (strlen (pp) + sizeof "rsa-hex:",
sizeof (char));
- if (exchange->keynote_key == NULL)
+ if (!exchange->keynote_key)
{
free (pp);
LK (kn_free_key, (&dc));
log_print ("rsa_sig_decode_hash: failed to allocate %d bytes",
- strlen (pp) + strlen ("rsa-hex:") + 1);
+ strlen (pp) + sizeof "rsa-hex:");
return -1;
}
@@ -905,8 +902,9 @@ rsa_sig_encode_hash (struct message *msg)
id_len = initiator ? exchange->id_i_len : exchange->id_r_len;
/* We may have been provided these by the kernel */
- if ((buf = conf_get_str (exchange->name, "Credentials")) != NULL &&
- (idtype = conf_get_num (exchange->name, "Credential_Type", -1) != -1))
+ buf = conf_get_str (exchange->name, "Credentials");
+ if (buf
+ && (idtype = conf_get_num (exchange->name, "Credential_Type", -1) != -1))
{
exchange->sent_certtype = idtype;
handler = cert_get (idtype);
@@ -917,14 +915,14 @@ rsa_sig_encode_hash (struct message *msg)
}
exchange->sent_cert = handler->cert_from_printable (buf);
- if (exchange->sent_cert == NULL)
+ if (!exchange->sent_cert)
{
log_print ("rsa_sig_encode_hash: failed to retrieve certificate");
return -1;
}
handler->cert_serialize (exchange->sent_cert, &data, &datalen);
- if (data == NULL)
+ if (!data)
{
log_print ("rsa_sig_encode_hash: cert serialization failed");
return -1;
@@ -1011,22 +1009,19 @@ rsa_sig_encode_hash (struct message *msg)
switch (id[ISAKMP_ID_TYPE_OFF - ISAKMP_GEN_SZ])
{
case IPSEC_ID_IPV4_ADDR:
- util_ntoa ((char **)&buf2, AF_INET, id + ISAKMP_ID_DATA_OFF -
- ISAKMP_GEN_SZ);
- if (!buf2)
- return 0;
- break;
case IPSEC_ID_IPV6_ADDR:
- util_ntoa ((char **)&buf2, AF_INET6, id + ISAKMP_ID_DATA_OFF -
- ISAKMP_GEN_SZ);
+ util_ntoa ((char **)&buf2,
+ id[ISAKMP_ID_TYPE_OFF - ISAKMP_GEN_SZ] == IPSEC_ID_IPV4_ADDR
+ ? AF_INET : AF_INET6,
+ id + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ);
if (!buf2)
return 0;
break;
case IPSEC_ID_FQDN:
case IPSEC_ID_USER_FQDN:
- buf2 = calloc (id_len - ISAKMP_ID_DATA_OFF +
- ISAKMP_GEN_SZ + 1, sizeof (char));
+ buf2 = calloc (id_len - ISAKMP_ID_DATA_OFF + ISAKMP_GEN_SZ + 1,
+ sizeof (char));
if (!buf2)
{
log_print ("rsa_sig_encode_hash: malloc (%d) failed",
@@ -1039,16 +1034,17 @@ rsa_sig_encode_hash (struct message *msg)
/* XXX Support more ID types? */
default:
- buf2 = NULL;
+ buf2 = 0;
break;
}
/* Again, we may have these from the kernel */
- if ((buf = conf_get_str (exchange->name, "OKAuthentication")) != NULL)
+ buf = conf_get_str (exchange->name, "OKAuthentication");
+ if (buf)
{
key_from_printable (ISAKMP_KEY_RSA, ISAKMP_KEYTYPE_PRIVATE, buf, &data,
&datalen);
- if ((data == NULL) || (datalen == -1))
+ if (!data || datalen == -1)
{
log_print ("rsa_sig_encode_hash: badly formatted RSA private key");
return 0;
@@ -1058,21 +1054,21 @@ rsa_sig_encode_hash (struct message *msg)
exchange->sent_key = key_internalize (ISAKMP_KEY_RSA,
ISAKMP_KEYTYPE_PRIVATE, data,
datalen);
- if (exchange->sent_key == NULL)
+ if (!exchange->sent_key)
{
log_print ("rsa_sig_encode_hash: bad RSA private key from dynamic "
"SA acquisition subsystem");
return 0;
}
}
- else /* Try through the regular means */
+ else /* Try through the regular means. */
{
exchange->sent_key = ike_auth_get_key (IKE_AUTH_RSA_SIG, exchange->name,
- buf2, NULL);
+ buf2, 0);
free (buf2);
- /* Did we find a key ? */
- if (exchange->sent_key == NULL)
+ /* Did we find a key? */
+ if (!exchange->sent_key)
{
log_print ("rsa_sig_encode_hash: could not get private key");
return -1;
diff --git a/sbin/isakmpd/key.c b/sbin/isakmpd/key.c
index 20d6640bfcf..882df58df78 100644
--- a/sbin/isakmpd/key.c
+++ b/sbin/isakmpd/key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.2 2001/06/25 05:15:11 angelos Exp $ */
+/* $OpenBSD: key.c,v 1.3 2001/07/01 19:48:43 niklas Exp $ */
/*
* The author of this code is Angelos D. Keromytis (angelos@cis.upenn.edu)
*
@@ -66,17 +66,18 @@ key_serialize (int type, int private, void *key, u_int8_t **data, int *datalen)
case ISAKMP_KEYTYPE_PUBLIC:
*datalen = LC (i2d_RSAPublicKey, ((RSA *)key, NULL));
*data = p = malloc (*datalen);
- if (*data == NULL)
+ if (!p)
{
log_error("key_serialize: malloc (%d) failed", *datalen);
return;
}
*datalen = LC (i2d_RSAPublicKey, ((RSA *)key, &p));
break;
+
case ISAKMP_KEYTYPE_PRIVATE:
*datalen = LC (i2d_RSAPrivateKey, ((RSA *)key, NULL));
*data = p = malloc (*datalen);
- if (*data == NULL)
+ if (!p)
{
log_error("key_serialize: malloc (%d) failed", *datalen);
return;
@@ -102,23 +103,25 @@ key_printable (int type, int private, u_int8_t *data, int datalen)
{
case ISAKMP_KEY_PASSPHRASE:
return strdup ((char *)data);
+
case ISAKMP_KEY_RSA:
s = malloc (datalen * 2);
- if (s == NULL)
+ if (!s)
{
log_error ("key_printable: malloc (%d) failed", datalen * 2);
- return NULL;
+ return 0;
}
for (i = 0; i < datalen; i++)
sprintf (s + (2 * i), "%02x", data[i]);
return s;
+
default:
log_error ("key_printable: unknown/unsupported key type %d", type);
- return NULL;
+ return 0;
}
}
-/* Convert from serialized to internal */
+/* Convert from serialized to internal. */
void *
key_internalize (int type, int private, u_int8_t *data, int datalen)
{
@@ -135,7 +138,7 @@ key_internalize (int type, int private, u_int8_t *data, int datalen)
return LC (d2i_RSAPrivateKey, (NULL, &data, datalen));
default:
log_error ("key_internalize: not public or private RSA key passed");
- return NULL;
+ return 0;
}
break;
default:
@@ -143,7 +146,7 @@ key_internalize (int type, int private, u_int8_t *data, int datalen)
break;
}
- return NULL;
+ return 0;
}
/* Convert from printable to serialized */
@@ -157,16 +160,18 @@ key_from_printable (int type, int private, char *key, u_int8_t **data,
*datalen = strlen (key);
*data = strdup (key);
break;
+
case ISAKMP_KEY_RSA:
*datalen = (strlen (key) + 1) / 2; /* Round up, just in case */
*data = malloc (*datalen);
- if (*data == NULL)
+ if (!*data)
{
log_error ("key_from_printable: malloc (%d) failed", *datalen);
return;
}
*datalen = hex2raw (key, *data, *datalen);
break;
+
default:
log_error ("key_from_printable: unknown/unsupported key type %d", type);
break;
diff --git a/sbin/isakmpd/pf_key_v2.c b/sbin/isakmpd/pf_key_v2.c
index 61cd4f178e8..bfb5e0350dc 100644
--- a/sbin/isakmpd/pf_key_v2.c
+++ b/sbin/isakmpd/pf_key_v2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf_key_v2.c,v 1.75 2001/07/01 18:33:50 angelos Exp $ */
+/* $OpenBSD: pf_key_v2.c,v 1.76 2001/07/01 19:48:44 niklas Exp $ */
/* $EOM: pf_key_v2.c,v 1.79 2000/12/12 00:33:19 niklas Exp $ */
/*
@@ -189,7 +189,7 @@ pf_key_v2_seq_by_sa (u_int8_t *spi, size_t sz, u_int8_t proto,
node = TAILQ_NEXT (node, link))
if (node->proto == proto
&& node->sz == sz && memcmp (node->spi, spi, sz) == 0
- && node->dstlen == dst->sa_len
+ && node->dstlen == dst->sa_len
&& memcmp (node->dst, dst, dst->sa_len) == 0)
return node->seq;
return 0;
@@ -649,7 +649,7 @@ pf_key_v2_get_spi (size_t *sz, u_int8_t proto, struct sockaddr *src,
#endif
/* Setup the ADDRESS extensions. */
- len = sizeof (struct sadb_address) + PF_KEY_V2_ROUND (src->sa_len);
+ len = sizeof (struct sadb_address) + PF_KEY_V2_ROUND (src->sa_len);
addr = calloc (1, len);
if (!addr)
goto cleanup;
@@ -675,7 +675,7 @@ pf_key_v2_get_spi (size_t *sz, u_int8_t proto, struct sockaddr *src,
goto cleanup;
addr = 0;
- len = sizeof (struct sadb_address) + PF_KEY_V2_ROUND (dst->sa_len);
+ len = sizeof (struct sadb_address) + PF_KEY_V2_ROUND (dst->sa_len);
addr = calloc (1, len);
if (!addr)
goto cleanup;
@@ -842,7 +842,7 @@ pf_key_v2_set_spi (struct sa *sa, struct proto *proto, int incoming,
ssa.sadb_sa_auth = SADB_AALG_MD5HMAC96;
#else
ssa.sadb_sa_auth = SADB_AALG_MD5HMAC;
-#endif
+#endif
break;
case IPSEC_AUTH_HMAC_SHA:
@@ -1424,14 +1424,14 @@ pf_key_v2_set_spi (struct sa *sa, struct proto *proto, int incoming,
}
static __inline__ int
-pf_key_v2_mask_to_bits (u_int32_t mask)
+pf_key_v2_mask_to_bits (u_int32_t mask)
{
u_int32_t hmask = ntohl (mask);
return (33 - ffs (~hmask + 1)) % 33;
}
static int
-pf_key_v2_mask6_to_bits (u_int8_t *mask)
+pf_key_v2_mask6_to_bits (u_int8_t *mask)
{
int n;
bit_ffc (mask, 128, &n);
@@ -1439,7 +1439,7 @@ pf_key_v2_mask6_to_bits (u_int8_t *mask)
}
static void
-pf_key_v2_setup_sockaddr (void *res, struct sockaddr *src,
+pf_key_v2_setup_sockaddr (void *res, struct sockaddr *src,
struct sockaddr *dst, in_port_t port, int ingress)
{
struct sockaddr_in *ip4_sa;
@@ -1454,9 +1454,9 @@ pf_key_v2_setup_sockaddr (void *res, struct sockaddr *src,
ip4_sa->sin_len = sizeof *ip4_sa;
ip4_sa->sin_port = port;
if (dst)
- p = (u_int8_t *)(ingress ?
- &((struct sockaddr_in *)src)->sin_addr.s_addr :
- &((struct sockaddr_in *)dst)->sin_addr.s_addr);
+ p = (u_int8_t *)(ingress
+ ? &((struct sockaddr_in *)src)->sin_addr.s_addr
+ : &((struct sockaddr_in *)dst)->sin_addr.s_addr);
else
p = (u_int8_t *)&((struct sockaddr_in *)src)->sin_addr.s_addr;
ip4_sa->sin_addr.s_addr = *((in_addr_t *)p);
@@ -1468,9 +1468,9 @@ pf_key_v2_setup_sockaddr (void *res, struct sockaddr *src,
ip6_sa->sin6_len = sizeof *ip6_sa;
ip6_sa->sin6_port = port;
if (dst)
- p = (u_int8_t *)(ingress ?
- &((struct sockaddr_in6 *)src)->sin6_addr.s6_addr :
- &((struct sockaddr_in6 *)dst)->sin6_addr.s6_addr);
+ p = (u_int8_t *)(ingress
+ ? &((struct sockaddr_in6 *)src)->sin6_addr.s6_addr
+ : &((struct sockaddr_in6 *)dst)->sin6_addr.s6_addr);
else
p = (u_int8_t *)&((struct sockaddr_in6 *)src)->sin6_addr.s6_addr;
memcpy (ip6_sa->sin6_addr.s6_addr, p, sizeof (struct in6_addr));
@@ -1490,9 +1490,9 @@ pf_key_v2_setup_sockaddr (void *res, struct sockaddr *src,
*/
static int
pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask,
- struct sockaddr *raddr, struct sockaddr *rmask,
- u_int8_t tproto, u_int16_t sport, u_int16_t dport,
- u_int8_t *spi, u_int8_t proto, struct sockaddr *dst,
+ struct sockaddr *raddr, struct sockaddr *rmask,
+ u_int8_t tproto, u_int16_t sport, u_int16_t dport,
+ u_int8_t *spi, u_int8_t proto, struct sockaddr *dst,
struct sockaddr *src, int delete, int ingress,
u_int8_t srcid_type, u_int8_t *srcid, int srcid_len,
u_int8_t dstid_type, u_int8_t *dstid, int dstid_len)
@@ -1638,7 +1638,7 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask,
#ifdef SADB_X_EXT_FLOW_TYPE
pf_key_v2_setup_sockaddr (addr + 1, src, dst, 0, ingress);
#else
- pf_key_v2_setup_sockaddr (addr + 1, dst, NULL, 0, 0);
+ pf_key_v2_setup_sockaddr (addr + 1, dst, 0, 0, 0);
#endif
if (pf_key_v2_msg_add (flow, (struct sadb_ext *)addr,
PF_KEY_V2_NODE_MALLOCED) == -1)
@@ -1652,7 +1652,7 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask,
addr->sadb_address_exttype = SADB_X_EXT_SRC_FLOW;
addr->sadb_address_len = len / PF_KEY_V2_CHUNK;
addr->sadb_address_reserved = 0;
- pf_key_v2_setup_sockaddr (addr + 1, laddr, NULL, sport, 0);
+ pf_key_v2_setup_sockaddr (addr + 1, laddr, 0, sport, 0);
if (pf_key_v2_msg_add (flow, (struct sadb_ext *)addr,
PF_KEY_V2_NODE_MALLOCED) == -1)
goto cleanup;
@@ -1664,7 +1664,7 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask,
addr->sadb_address_exttype = SADB_X_EXT_SRC_MASK;
addr->sadb_address_len = len / PF_KEY_V2_CHUNK;
addr->sadb_address_reserved = 0;
- pf_key_v2_setup_sockaddr (addr + 1, lmask, NULL, sport ? 0xffff : 0, 0);
+ pf_key_v2_setup_sockaddr (addr + 1, lmask, 0, sport ? 0xffff : 0, 0);
if (pf_key_v2_msg_add (flow, (struct sadb_ext *)addr,
PF_KEY_V2_NODE_MALLOCED) == -1)
goto cleanup;
@@ -1676,7 +1676,7 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask,
addr->sadb_address_exttype = SADB_X_EXT_DST_FLOW;
addr->sadb_address_len = len / PF_KEY_V2_CHUNK;
addr->sadb_address_reserved = 0;
- pf_key_v2_setup_sockaddr (addr + 1, raddr, NULL, sport, 0);
+ pf_key_v2_setup_sockaddr (addr + 1, raddr, 0, sport, 0);
if (pf_key_v2_msg_add (flow, (struct sadb_ext *)addr,
PF_KEY_V2_NODE_MALLOCED) == -1)
goto cleanup;
@@ -1688,7 +1688,7 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask,
addr->sadb_address_exttype = SADB_X_EXT_DST_MASK;
addr->sadb_address_len = len / PF_KEY_V2_CHUNK;
addr->sadb_address_reserved = 0;
- pf_key_v2_setup_sockaddr (addr + 1, rmask, NULL, sport ? 0xffff : 0, 0);
+ pf_key_v2_setup_sockaddr (addr + 1, rmask, 0, sport ? 0xffff : 0, 0);
if (pf_key_v2_msg_add (flow, (struct sadb_ext *)addr,
PF_KEY_V2_NODE_MALLOCED) == -1)
goto cleanup;
@@ -1714,7 +1714,7 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask,
rmask_str = 0;
LOG_DBG ((LOG_SYSDEP, 50,
- "pf_key_v2_flow: src %x %x dst %x %x proto %u sport %u dport %u",
+ "pf_key_v2_flow: src %s %s dst %s %s proto %u sport %u dport %u",
laddr_str ? laddr_str : "<???>", lmask_str ? laddr_str : "<???>",
raddr_str ? laddr_str : "<???>", rmask_str ? laddr_str : "<???>",
tproto, ntohs (sport), ntohs (dport)));
@@ -1738,10 +1738,10 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask,
if (err)
{
if (err == ESRCH) /* These are common and usually harmless. */
- LOG_DBG ((LOG_SYSDEP, 10, "pf_key_v2_flow: %sFLOW: %s",
+ LOG_DBG ((LOG_SYSDEP, 10, "pf_key_v2_flow: %sFLOW: %s",
delete ? "DEL" : "ADD", strerror (err)));
else
- log_print ("pf_key_v2_flow: %sFLOW: %s", delete ? "DEL" : "ADD",
+ log_print ("pf_key_v2_flow: %sFLOW: %s", delete ? "DEL" : "ADD",
strerror (err));
goto cleanup;
}
@@ -1803,18 +1803,18 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask,
addr->sadb_address_len = len / PF_KEY_V2_CHUNK;
addr->sadb_address_proto = IPSEC_ULPROTO_ANY;
addr->sadb_address_reserved = 0;
- pf_key_v2_setup_sockaddr (addr + 1, laddr, NULL, IPSEC_PORT_ANY, 0);
+ pf_key_v2_setup_sockaddr (addr + 1, laddr, 0, IPSEC_PORT_ANY, 0);
switch (laddr->sa_family)
{
case AF_INET:
ip4_sa = (struct sockaddr_in *)lmask;
- addr->sadb_address_prefixlen =
- pf_key_v2_mask_to_bits (ip4_sa->sin_addr.s_addr);
+ addr->sadb_address_prefixlen
+ = pf_key_v2_mask_to_bits (ip4_sa->sin_addr.s_addr);
break;
case AF_INET6:
ip6_sa = (struct sockaddr_in6 *)lmask;
- addr->sadb_address_prefixlen =
- pf_key_v2_mask6_to_bits (&ip6_sa->sin6_addr.s6_addr[0]);
+ addr->sadb_address_prefixlen
+ = pf_key_v2_mask6_to_bits (&ip6_sa->sin6_addr.s6_addr[0]);
break;
}
if (pf_key_v2_msg_add (flow, (struct sadb_ext *)addr,
@@ -1829,18 +1829,18 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask,
addr->sadb_address_len = len / PF_KEY_V2_CHUNK;
addr->sadb_address_proto = IPSEC_ULPROTO_ANY;
addr->sadb_address_reserved = 0;
- pf_key_v2_setup_sockaddr (addr + 1, raddr, NULL, IPSEC_PORT_ANY, 0);
+ pf_key_v2_setup_sockaddr (addr + 1, raddr, 0, IPSEC_PORT_ANY, 0);
switch (raddr->sa_family)
{
case AF_INET:
ip4_sa = (struct sockaddr_in *)rmask;
- addr->sadb_address_prefixlen =
- pf_key_v2_mask_to_bits (ip4_sa->sin_addr.s_addr);
+ addr->sadb_address_prefixlen
+ = pf_key_v2_mask_to_bits (ip4_sa->sin_addr.s_addr);
break;
case AF_INET6:
ip6_sa = (struct sockaddr_in6 *)rmask;
- addr->sadb_address_prefixlen =
- pf_key_v2_mask6_to_bits (&ip6_sa->sin6_addr.s6_addr[0]);
+ addr->sadb_address_prefixlen
+ = pf_key_v2_mask6_to_bits (&ip6_sa->sin6_addr.s6_addr[0]);
break;
}
if (pf_key_v2_msg_add (flow, (struct sadb_ext *)addr,
@@ -1891,7 +1891,7 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask,
/* Add source and destination addresses. */
saddr = (struct sockaddr *)(ipsecrequest + 1);
- pf_key_v2_setup_sockaddr (saddr, src, NULL, 0, 0);
+ pf_key_v2_setup_sockaddr (saddr, src, 0, 0, 0);
switch (src->sa_family)
{
case AF_INET:
@@ -1901,7 +1901,7 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask,
saddr = (struct sockaddr *)((struct sockaddr_in6 *)saddr + 1);
break;
}
- pf_key_v2_setup_sockaddr (saddr, dst, NULL, 0, 0);
+ pf_key_v2_setup_sockaddr (saddr, dst, 0, 0, 0);
if (pf_key_v2_msg_add (flow, (struct sadb_ext *)policy, 0) == -1)
goto cleanup;
@@ -1916,7 +1916,7 @@ pf_key_v2_flow (struct sockaddr *laddr, struct sockaddr *lmask,
rmask_str = 0;
LOG_DBG ((LOG_SYSDEP, 50, "pf_key_v2_flow: src %x %x dst %x %x",
- laddr_str ? laddr_str : "<???>", lmask_str ? laddr_str : "<???>",
+ laddr_str ? laddr_str : "<???>", lmask_str ? laddr_str : "<???>",
raddr_str ? laddr_str : "<???>", rmask_str ? laddr_str : "<???>"));
if (laddr_str)
@@ -2027,10 +2027,10 @@ pf_key_v2_convert_id (u_int8_t *id, int idlen, int *reslen, int *idtype)
addr = id + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ;
if (inet_ntop (AF_INET, addr, addrbuf, ADDRESS_MAX) == NULL)
return 0;
- sprintf (addrbuf + strlen (addrbuf), "/%d",
- pf_key_v2_mask_to_bits ((u_int32_t)*(addr +
- sizeof (struct in_addr))));
- *reslen = strlen(addrbuf);
+ sprintf (addrbuf + strlen (addrbuf), "/%d",
+ pf_key_v2_mask_to_bits ((u_int32_t)
+ *(addr + sizeof (struct in_addr))));
+ *reslen = strlen (addrbuf);
res = strdup (addrbuf);
if (!res)
return 0;
@@ -2042,7 +2042,7 @@ pf_key_v2_convert_id (u_int8_t *id, int idlen, int *reslen, int *idtype)
addr = id + ISAKMP_ID_DATA_OFF - ISAKMP_GEN_SZ;
if (inet_ntop (AF_INET6, addr, addrbuf, ADDRESS_MAX) == NULL)
return 0;
- sprintf (addrbuf + strlen (addrbuf), "/%d",
+ sprintf (addrbuf + strlen (addrbuf), "/%d",
pf_key_v2_mask6_to_bits (addr + sizeof (struct in6_addr)));
*reslen = strlen (addrbuf);
res = strdup (addrbuf);
@@ -2118,13 +2118,13 @@ pf_key_v2_enable_sa (struct sa *sa, struct sa *isakmp_sa)
case AF_INET:
((struct sockaddr_in *)hostmask)->sin_family = AF_INET;
((struct sockaddr_in *)hostmask)->sin_len = sizeof (struct in_addr);
- memset (&((struct sockaddr_in *)hostmask)->sin_addr.s_addr, 0xff,
+ memset (&((struct sockaddr_in *)hostmask)->sin_addr.s_addr, 0xff,
sizeof (struct in_addr));
break;
case AF_INET6:
((struct sockaddr_in6 *)hostmask)->sin6_family = AF_INET6;
((struct sockaddr_in6 *)hostmask)->sin6_len = sizeof (struct in6_addr);
- memset (&((struct sockaddr_in6 *)hostmask)->sin6_addr.s6_addr, 0xff,
+ memset (&((struct sockaddr_in6 *)hostmask)->sin6_addr.s6_addr, 0xff,
sizeof (struct in6_addr));
break;
}
@@ -2132,8 +2132,8 @@ pf_key_v2_enable_sa (struct sa *sa, struct sa *isakmp_sa)
/* Ingress flows, handling SA bundles. */
while (TAILQ_NEXT (proto, link))
{
- error = pf_key_v2_flow (dst, hostmask, src, hostmask, 0, 0, 0,
- proto->spi[1], proto->proto, src, dst,
+ error = pf_key_v2_flow (dst, hostmask, src, hostmask, 0, 0, 0,
+ proto->spi[1], proto->proto, src, dst,
0, 1, 0, 0, 0, 0, 0, 0);
if (error)
goto cleanup;
@@ -2207,7 +2207,7 @@ pf_key_v2_conf_refhandle (int af, char *section)
return num;
}
-/* Remove all dynamically-established configuration entries. */
+/* Remove all dynamically-established configuration entries. */
static int
pf_key_v2_remove_conf (char *section)
{
@@ -2312,14 +2312,14 @@ pf_key_v2_disable_sa (struct sa *sa, int incoming)
case AF_INET:
((struct sockaddr_in *)hostmask)->sin_family = AF_INET;
((struct sockaddr_in *)hostmask)->sin_len = sizeof (struct in_addr);
- memset (&((struct sockaddr_in *)hostmask)->sin_addr.s_addr, 0xff,
+ memset (&((struct sockaddr_in *)hostmask)->sin_addr.s_addr, 0xff,
sizeof (struct in_addr));
break;
case AF_INET6:
((struct sockaddr_in6 *)hostmask)->sin6_family = AF_INET6;
- ((struct sockaddr_in6 *)hostmask)->sin6_len =
+ ((struct sockaddr_in6 *)hostmask)->sin6_len =
sizeof (struct in6_addr);
- memset (&((struct sockaddr_in6 *)hostmask)->sin6_addr.s6_addr, 0xff,
+ memset (&((struct sockaddr_in6 *)hostmask)->sin6_addr.s6_addr, 0xff,
sizeof (struct in6_addr));
break;
}
@@ -2327,8 +2327,8 @@ pf_key_v2_disable_sa (struct sa *sa, int incoming)
/* Ingress flow --- SA bundles */
while (TAILQ_NEXT (proto, link))
{
- error = pf_key_v2_flow (dst, hostmask, src, hostmask, 0, 0, 0,
- proto->spi[1], proto->proto, src, dst,
+ error = pf_key_v2_flow (dst, hostmask, src, hostmask, 0, 0, 0,
+ proto->spi[1], proto->proto, src, dst,
1, 1, 0, 0, 0, 0, 0, 0);
if (error)
return error;
@@ -2350,7 +2350,7 @@ pf_key_v2_disable_sa (struct sa *sa, int incoming)
int
pf_key_v2_delete_spi (struct sa *sa, struct proto *proto, int incoming)
{
- struct sadb_msg msg;
+ struct sadb_msg msg;
struct sadb_sa ssa;
struct sadb_address *addr = 0;
struct sockaddr *saddr;
@@ -2491,7 +2491,7 @@ pf_key_v2_delete_spi (struct sa *sa, struct proto *proto, int incoming)
err = ((struct sadb_msg *)TAILQ_FIRST (ret)->seg)->sadb_msg_errno;
if (err)
{
- LOG_DBG ((LOG_SYSDEP, 10, "pf_key_v2_delete_spi: DELETE: %s",
+ LOG_DBG ((LOG_SYSDEP, 10, "pf_key_v2_delete_spi: DELETE: %s",
strerror (err)));
goto cleanup;
}
@@ -2826,7 +2826,7 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
dhostflag = 1;
break;
- case AF_INET6:
+ case AF_INET6:
if (inet_ntop (AF_INET6, &((struct sockaddr_in6 *)sflow)->sin6_addr,
ssflow, ADDRESS_MAX) == NULL)
{
@@ -2923,7 +2923,7 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
- sizeof (struct sadb_ident);
if (((unsigned char *)(srcident + 1))[slen - 1] != '\0')
{
- log_print ("pf_key_v2_acquire: source identity not NULL-terminated");
+ log_print ("pf_key_v2_acquire: source identity not NUL-terminated");
goto fail;
}
@@ -2963,8 +2963,7 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
/* NUL-terminate the PREFIX string at the separator, then dup. */
*srcid = '\0';
- slen = strlen ((char *)(srcident + 1)) + strlen ("ID:/")
- + 1 + strlen ("Address");
+ slen = strlen ((char *)(srcident + 1)) + sizeof "ID:Address/";
srcid = malloc (slen);
if (!srcid)
{
@@ -3012,7 +3011,7 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
{
log_print ("pf_key_v2_acquire: no user FQDN or ID provided");
goto fail;
- }
+ }
if (srcident->sadb_ident_id)
{
@@ -3036,25 +3035,24 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
}
}
- srcid = malloc ((slen ? slen : strlen (pwd->pw_name)) +
- strlen (prefstring) + 1 + strlen ("ID:/"));
+ srcid = malloc ((slen ? slen : strlen (pwd->pw_name))
+ + strlen (prefstring) + sizeof "ID:/");
if (!srcid)
{
log_error ("pf_key_v2_acquire: malloc (%d) failed",
slen ? slen : strlen (pwd->pw_name)
- + strlen (prefstring) + 1 + strlen ("ID:/"));
+ + strlen (prefstring) + sizeof "ID:/");
goto fail;
}
sprintf (srcid, "ID:%s/", prefstring);
if (slen != 0)
- strlcat (srcid + strlen ("ID:/") + strlen (prefstring),
+ strlcat (srcid + sizeof "ID:/" - 1 + strlen (prefstring),
(char *)(srcident + 1),
- slen + strlen (prefstring) + 1 + strlen ("ID:/"));
+ slen + strlen (prefstring) + sizeof "ID:/");
else
- strlcat (srcid + strlen ("ID:/") + strlen (prefstring),
- pwd->pw_name,
- strlen (prefstring) + 1 + strlen ("ID:/"));
+ strlcat (srcid + sizeof "ID:/" - 1 + strlen (prefstring),
+ pwd->pw_name, strlen (prefstring) + sizeof "ID:/");
pwd = 0;
/* Set the section if it doesn't already exist. */
@@ -3064,7 +3062,7 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
if (conf_set (af, srcid, "ID-type", prefstring, 1, 0)
|| conf_set (af, srcid, "Refcount", "1", 1, 0)
|| conf_set (af, srcid, "Name",
- srcid + strlen ("ID:/") + strlen (prefstring),
+ srcid + sizeof "ID:/" - 1 + strlen (prefstring),
1, 0))
{
conf_end (af, 0);
@@ -3131,8 +3129,7 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
/* NUL-terminate the PREFIX string at the separator, then dup. */
*dstid = '\0';
- slen = strlen ((char *)(dstident + 1)) + strlen ("ID:/")
- + 1 + strlen ("Address");
+ slen = strlen ((char *)(dstident + 1)) + sizeof "ID:Address/";
dstid = malloc (slen);
if (!dstid)
{
@@ -3177,11 +3174,11 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
* name). If there is both a string and a user ID, check
* that they match.
*/
- if ((slen == 0) && (dstident->sadb_ident_id == 0))
+ if (slen == 0 && dstident->sadb_ident_id == 0)
{
log_print ("pf_key_v2_acquire: no user FQDN or ID provided");
goto fail;
- }
+ }
if (dstident->sadb_ident_id)
{
@@ -3206,24 +3203,24 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
}
dstid = malloc ((slen ? slen : strlen (pwd->pw_name))
- + strlen (prefstring) + 1 + strlen ("ID:/"));
+ + strlen (prefstring) + sizeof "ID:/");
if (!dstid)
{
log_error ("pf_key_v2_acquire: malloc (%d) failed",
slen ? slen : strlen (pwd->pw_name)
- + strlen (prefstring) + 1 + strlen ("ID:/"));
+ + strlen (prefstring) + sizeof "ID:/");
goto fail;
}
sprintf (dstid, "ID:%s/", prefstring);
if (slen != 0)
- strlcat (dstid + strlen ("ID:/") + strlen (prefstring),
+ strlcat (dstid + sizeof "ID:/" - 1 + strlen (prefstring),
(char *)(dstident + 1),
- slen + strlen (prefstring) + 1 + strlen ("ID:/"));
+ slen + strlen (prefstring) + sizeof "ID:/");
else
- strlcat (dstid + strlen ("ID:/") + strlen (prefstring),
+ strlcat (dstid + sizeof "ID:/" - 1 + strlen (prefstring),
pwd->pw_name,
- strlen (prefstring) + 1 + strlen ("ID:/"));
+ strlen (prefstring) + sizeof "ID:/");
pwd = 0;
/* Set the section if it doesn't already exist. */
@@ -3233,7 +3230,7 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
if (conf_set (af, dstid, "ID-type", prefstring, 1, 0)
|| conf_set (af, dstid, "Refcount", "1", 1, 0)
|| conf_set (af, dstid, "Name",
- dstid + strlen ("ID:/") + strlen (prefstring),
+ dstid + sizeof "ID:/" - 1 + strlen (prefstring),
1, 0))
{
conf_end (af, 0);
@@ -3291,9 +3288,9 @@ pf_key_v2_acquire (struct pf_key_v2_msg *pmsg)
* exists -- otherwise use the defaults)
*/
- peer = malloc (strlen (dstbuf) + strlen (srcbuf) +
- (srcid ? strlen (srcid) : 0) +
- (dstid ? strlen (dstid) : 0) + strlen ("Peer-/-/") + 1);
+ peer = malloc (strlen (dstbuf) + strlen (srcbuf)
+ + (srcid ? strlen (srcid) : 0)
+ + (dstid ? strlen (dstid) : 0) + sizeof "Peer-/-/");
if (!peer)
goto fail;
diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c
index 9fdaaeb798d..91480f191c5 100644
--- a/sbin/isakmpd/policy.c
+++ b/sbin/isakmpd/policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.36 2001/07/01 18:57:33 angelos Exp $ */
+/* $OpenBSD: policy.c,v 1.37 2001/07/01 19:48:44 niklas Exp $ */
/* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */
/*
@@ -1103,9 +1103,9 @@ policy_callback (char *name)
log_error ("policy_callback: sockaddr2text failed");
goto bad;
}
- memcpy (remote_filter_addr_upper, addr,
+ memcpy (remote_filter_addr_upper, addr,
sizeof remote_filter_addr_upper);
- memcpy (remote_filter_addr_lower, addr,
+ memcpy (remote_filter_addr_lower, addr,
sizeof remote_filter_addr_lower);
free (addr);
remote_filter = strdup (remote_filter_addr_upper);
@@ -1330,9 +1330,9 @@ policy_callback (char *name)
log_error ("policy_callback: sockaddr2text failed");
goto bad;
}
- memcpy (local_filter_addr_upper, addr,
+ memcpy (local_filter_addr_upper, addr,
sizeof local_filter_addr_upper);
- memcpy (local_filter_addr_lower, addr,
+ memcpy (local_filter_addr_lower, addr,
sizeof local_filter_addr_lower);
free (addr);
local_filter = strdup (local_filter_addr_upper);
diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c
index 413d837f140..625b88cf604 100644
--- a/sbin/isakmpd/sa.c
+++ b/sbin/isakmpd/sa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sa.c,v 1.45 2001/06/29 18:52:17 ho Exp $ */
+/* $OpenBSD: sa.c,v 1.46 2001/07/01 19:48:44 niklas Exp $ */
/* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $ */
/*
@@ -97,7 +97,6 @@ sa_init ()
{
LIST_INIT (&sa_tab[i]);
}
-
}
/* XXX We don't yet resize. */
@@ -238,8 +237,8 @@ isakmp_sa_check (struct sa *sa, void *v_arg)
return 0;
}
-/*
- * Find an ISAKMP SA with a "name" of DST & SPI.
+/*
+ * Find an ISAKMP SA with a "name" of DST & SPI.
*/
struct sa *
sa_lookup_isakmp_sa (struct sockaddr *dst, u_int8_t *spi)
@@ -308,7 +307,7 @@ sa_lookup_by_header (u_int8_t *msg, int phase2)
/*
* Lookup the SA given by the COOKIES and possibly the MESSAGE_ID unless
- * NULL, meaning we are looking for phase 1 SAs.
+ * a null pointer, meaning we are looking for phase 1 SAs.
*/
struct sa *
sa_lookup (u_int8_t *cookies, u_int8_t *message_id)
@@ -413,36 +412,36 @@ sa_dump (char *header, struct sa *sa)
char spi_header[80];
int i;
- LOG_DBG ((LOG_REPORT, 0, "%s: %p %s phase %d doi %d flags 0x%x",
- header, sa, sa->name ? sa->name : "<unnamed>", sa->phase,
+ LOG_DBG ((LOG_REPORT, 0, "%s: %p %s phase %d doi %d flags 0x%x",
+ header, sa, sa->name ? sa->name : "<unnamed>", sa->phase,
sa->doi->id, sa->flags));
- LOG_DBG ((LOG_REPORT, 0,
+ LOG_DBG ((LOG_REPORT, 0,
"%s: icookie %08x%08x rcookie %08x%08x", header,
decode_32 (sa->cookies), decode_32 (sa->cookies + 4),
decode_32 (sa->cookies + 8), decode_32 (sa->cookies + 12)));
- LOG_DBG ((LOG_REPORT, 0, "%s: msgid %08x refcnt %d", header,
+ LOG_DBG ((LOG_REPORT, 0, "%s: msgid %08x refcnt %d", header,
decode_32 (sa->message_id), sa->refcnt));
for (proto = TAILQ_FIRST (&sa->protos); proto;
proto = TAILQ_NEXT (proto, link))
{
- LOG_DBG ((LOG_REPORT, 0,
+ LOG_DBG ((LOG_REPORT, 0,
"%s: suite %d proto %d", header, proto->no, proto->proto));
- LOG_DBG ((LOG_REPORT, 0,
+ LOG_DBG ((LOG_REPORT, 0,
"%s: spi_sz[0] %d spi[0] %p spi_sz[1] %d spi[1] %p", header,
proto->spi_sz[0], proto->spi[0], proto->spi_sz[1],
proto->spi[1]));
LOG_DBG ((LOG_REPORT, 0, "%s: %s, %s", header,
- sa->doi == NULL ? "<nodoi>"
- : sa->doi->decode_ids ("initiator id: %s, responder id: %s",
- sa->id_i, sa->id_i_len,
+ !sa->doi ? "<nodoi>"
+ : sa->doi->decode_ids ("initiator id: %s, responder id: %s",
+ sa->id_i, sa->id_i_len,
sa->id_r, sa->id_r_len, 0),
- sa->transport == NULL ? "<no transport>" :
+ !sa->transport ? "<no transport>" :
sa->transport->vtbl->decode_ids (sa->transport)));
for (i = 0; i < 2; i++)
if (proto->spi[i])
{
snprintf (spi_header, 80, "%s: spi[%d]", header, i);
- LOG_DBG_BUF ((LOG_REPORT, 0, spi_header, proto->spi[i],
+ LOG_DBG_BUF ((LOG_REPORT, 0, spi_header, proto->spi[i],
proto->spi_sz[i]));
}
}
@@ -531,7 +530,7 @@ sa_release (struct sa *sa)
{
struct proto *proto;
struct cert_handler *handler;
-
+
LOG_DBG ((LOG_SA, 80, "sa_release: SA %p had %d references",
sa, sa->refcnt));
@@ -671,7 +670,7 @@ sa_add_transform (struct sa *sa, struct payload *xf, int initiator,
"proto %p no %d proto %d chosen %p sa %p id %d",
proto, proto->no, proto->proto, proto->chosen, proto->sa,
proto->id));
-
+
return 0;
cleanup:
@@ -777,7 +776,7 @@ sa_setup_expirations (struct sa *sa)
u_int64_t seconds = sa->seconds;
struct timeval expiration;
- /*
+ /*
* Set the soft timeout to a random percentage between 85 & 95 of
* the negotiated lifetime to break strictly synchronized
* renegotiations. This works better when the randomization is on the
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index 7be9a639734..0d4b080178a 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.c,v 1.58 2001/06/22 16:21:43 provos Exp $ */
+/* $OpenBSD: x509.c,v 1.59 2001/07/01 19:48:44 niklas Exp $ */
/* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */
/*
@@ -233,7 +233,7 @@ x509_generate_kn (int id, X509 *cert)
if (((tm = X509_get_notBefore (cert)) == NULL) ||
(tm->type != V_ASN1_UTCTIME && tm->type != V_ASN1_GENERALIZEDTIME))
{
- tt = time ((time_t) NULL);
+ tt = time (0);
strftime (before, 14, "%G%m%d%H%M%S", localtime (&tt));
timecomp = "LocalTimeOfDay";
}