diff options
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r-- | sbin/isakmpd/connection.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/crypto.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/dnssec.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/exchange.c | 56 | ||||
-rw-r--r-- | sbin/isakmpd/exchange.h | 18 | ||||
-rw-r--r-- | sbin/isakmpd/ike_aggressive.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/ike_auth.c | 12 | ||||
-rw-r--r-- | sbin/isakmpd/ike_main_mode.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/ike_quick_mode.c | 26 | ||||
-rw-r--r-- | sbin/isakmpd/init.c | 8 | ||||
-rw-r--r-- | sbin/isakmpd/ipsec.c | 14 | ||||
-rw-r--r-- | sbin/isakmpd/isakmp_cfg.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/isakmpd.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/log.c | 6 | ||||
-rw-r--r-- | sbin/isakmpd/message.h | 14 | ||||
-rw-r--r-- | sbin/isakmpd/monitor.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/policy.c | 4 | ||||
-rw-r--r-- | sbin/isakmpd/sa.h | 12 | ||||
-rw-r--r-- | sbin/isakmpd/sysdep/openbsd/sysdep.c | 8 | ||||
-rw-r--r-- | sbin/isakmpd/transport.h | 12 |
20 files changed, 111 insertions, 111 deletions
diff --git a/sbin/isakmpd/connection.c b/sbin/isakmpd/connection.c index 9185cc248f5..4a280ce757a 100644 --- a/sbin/isakmpd/connection.c +++ b/sbin/isakmpd/connection.c @@ -1,4 +1,4 @@ -/* $OpenBSD: connection.c,v 1.39 2017/12/05 20:31:45 jca Exp $ */ +/* $OpenBSD: connection.c,v 1.40 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: connection.c,v 1.28 2000/11/23 12:21:18 niklas Exp $ */ /* @@ -91,7 +91,7 @@ connection_init(void) * Passive connections normally include: all "active" connections that * are not flagged "Active-Only", plus all connections listed in * the 'Passive-Connections' list. - */ + */ TAILQ_INIT(&connections); TAILQ_INIT(&connections_passive); diff --git a/sbin/isakmpd/crypto.c b/sbin/isakmpd/crypto.c index 1b0bd9024f3..eab9856276a 100644 --- a/sbin/isakmpd/crypto.c +++ b/sbin/isakmpd/crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.c,v 1.33 2015/12/09 21:41:50 naddy Exp $ */ +/* $OpenBSD: crypto.c,v 1.34 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: crypto.c,v 1.32 2000/03/07 20:08:51 niklas Exp $ */ /* @@ -301,7 +301,7 @@ crypto_decrypt(struct keystate *ks, u_int8_t *buf, u_int16_t len) /* * XXX There is controversy about the correctness of updating the IV * like this. - */ + */ memcpy(ks->liv, buf + len - ks->xf->blocksize, ks->xf->blocksize); ks->xf->decrypt(ks, buf, len); LOG_DBG_BUF((LOG_CRYPTO, 70, "crypto_decrypt: after decryption", buf, diff --git a/sbin/isakmpd/dnssec.c b/sbin/isakmpd/dnssec.c index 5704bc8e08b..53377829fa0 100644 --- a/sbin/isakmpd/dnssec.c +++ b/sbin/isakmpd/dnssec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dnssec.c,v 1.25 2015/08/20 22:02:21 deraadt Exp $ */ +/* $OpenBSD: dnssec.c,v 1.26 2018/01/04 14:21:00 mpi Exp $ */ /* * Copyright (c) 2001 Håkan Olsson. All rights reserved. @@ -191,7 +191,7 @@ dns_get_key(int type, struct message *msg, int *keylen) * Find a key with the wanted algorithm, if any. * XXX If there are several keys present, we currently only find the * first. - */ + */ for (i = 0; i < rr->rri_nrdatas && key_rr.datalen == 0; i++) { key_rr.flags = ntohs((u_int16_t) * rr->rri_rdatas[i].rdi_data); key_rr.protocol = *(rr->rri_rdatas[i].rdi_data + 2); diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c index 019d03ada5a..6d6416ea957 100644 --- a/sbin/isakmpd/exchange.c +++ b/sbin/isakmpd/exchange.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exchange.c,v 1.140 2017/12/05 20:31:45 jca Exp $ */ +/* $OpenBSD: exchange.c,v 1.141 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */ /* @@ -545,12 +545,12 @@ exchange_lookup(u_int8_t *msg, int phase2) int i; /* - * We use the cookies to get bits to use as an index into exchange_tab, + * We use the cookies to get bits to use as an index into exchange_tab, * as at least one (our cookie) is a good hash, xoring all the bits, * 16 at a time, and then masking, should do. Doing it this way means * we can validate cookies very fast thus delimiting the effects of * "Denial of service"-attacks using packet flooding. - */ + */ for (i = 0; i < ISAKMP_HDR_COOKIES_LEN; i += 2) { cp = msg + ISAKMP_HDR_COOKIES_OFF + i; /* Doing it this way avoids alignment problems. */ @@ -591,9 +591,9 @@ exchange_create(int phase, int initiator, int doi, int type) int delta; /* - * We want the exchange zeroed for exchange_free to be able to find - * out what fields have been filled-in. - */ + * We want the exchange zeroed for exchange_free to be able to find + * out what fields have been filled-in. + */ exchange = calloc(1, sizeof *exchange); if (!exchange) { log_error("exchange_create: calloc (1, %lu) failed", @@ -926,9 +926,9 @@ exchange_establish_p2(struct sa *isakmp_sa, u_int8_t type, char *name, exchange_dump("exchange_establish_p2", exchange); /* - * Do not create SA's for informational exchanges. - * XXX How to handle new group mode? - */ + * Do not create SA's for informational exchanges. + * XXX How to handle new group mode? + */ if (exchange->type != ISAKMP_EXCH_INFO && exchange->type != ISAKMP_EXCH_TRANSACTION) { /* XXX Number of SAs should come from the args structure. */ @@ -970,7 +970,7 @@ exchange_setup_p1(struct message *msg, u_int32_t doi) /* * Unless this is an informational exchange, look up our policy for * this peer. - */ + */ type = GET_ISAKMP_HDR_EXCH_TYPE(msg->iov[0].iov_base); if (type != ISAKMP_EXCH_INFO) { /* @@ -1336,12 +1336,12 @@ exchange_finalize(struct message *msg) } } /* - * Walk over all the SAs and noting them as ready. If we set the - * COMMIT bit, tell the peer each SA is connected. - * - * XXX The decision should really be based on if a SA was installed - * successfully. - */ + * Walk over all the SAs and noting them as ready. If we set the + * COMMIT bit, tell the peer each SA is connected. + * + * XXX The decision should really be based on if a SA was installed + * successfully. + */ for (sa = TAILQ_FIRST(&exchange->sa_list); sa; sa = TAILQ_NEXT(sa, next)) { /* Move over the name to the SA. */ @@ -1396,7 +1396,7 @@ exchange_finalize(struct message *msg) * ISAKMP SA structure for future initialization of phase 2 exchanges' * keystates. Also save the Phase 1 ID and authentication * information. - */ + */ if (exchange->phase == 1 && msg->isakmp_sa) { msg->isakmp_sa->keystate = exchange->keystate; exchange->keystate = 0; @@ -1458,11 +1458,11 @@ exchange_finalize(struct message *msg) exchange->finalize = 0; /* - * There is no reason to keep the SAs connected to us anymore, in fact - * it can hurt us if we have short lifetimes on the SAs and we try - * to call exchange_report, where the SA list will be walked and - * references to freed SAs can occur. - */ + * There is no reason to keep the SAs connected to us anymore, in fact + * it can hurt us if we have short lifetimes on the SAs and we try + * to call exchange_report, where the SA list will be walked and + * references to freed SAs can occur. + */ while (TAILQ_FIRST(&exchange->sa_list)) { sa = TAILQ_FIRST(&exchange->sa_list); @@ -1670,12 +1670,12 @@ exchange_add_certs(struct message *msg) id_len = exchange->initiator ? exchange->id_r_len : exchange->id_i_len; /* - * Without IDs we cannot handle this yet. Keep the aca_list around for - * a later step/retry to see if we got the ID by then. - * Note: A 'return -1' breaks X509-auth interop in the responder case - * with some IPsec clients that send CERTREQs early (such as + * Without IDs we cannot handle this yet. Keep the aca_list around for + * a later step/retry to see if we got the ID by then. + * Note: A 'return -1' breaks X509-auth interop in the responder case + * with some IPsec clients that send CERTREQs early (such as * the SSH Sentinel). - */ + */ if (!id) return 0; @@ -1761,7 +1761,7 @@ exchange_establish(char *name, void (*finalize)(struct exchange *, void *, /* * First of all, never try to establish anything if another exchange * of the same kind is running. - */ + */ exchange = exchange_lookup_by_name(name, phase); if (exchange) { LOG_DBG((LOG_EXCHANGE, 40, diff --git a/sbin/isakmpd/exchange.h b/sbin/isakmpd/exchange.h index e34f85d264a..d0db9038721 100644 --- a/sbin/isakmpd/exchange.h +++ b/sbin/isakmpd/exchange.h @@ -1,4 +1,4 @@ -/* $OpenBSD: exchange.h,v 1.35 2017/09/18 07:42:52 mpi Exp $ */ +/* $OpenBSD: exchange.h,v 1.36 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: exchange.h,v 1.28 2000/09/28 12:54:28 niklas Exp $ */ /* @@ -72,7 +72,7 @@ struct exchange { * has been run to its end, successfully. The 2nd argument is true * if the finalization hook is called due to the exchange not running * to its end normally. - */ + */ void (*finalize)(struct exchange *, void *, int); void *finalize_arg; @@ -82,13 +82,13 @@ struct exchange { /* * The event that will occur when it has taken too long time to try to * run the exchange and which will trigger auto-destruction. - */ + */ struct event *death; /* * Both initiator and responder cookies. * XXX For code clarity we might split this into two fields. - */ + */ u_int8_t cookies[ISAKMP_HDR_COOKIES_LEN]; /* The message ID signifying phase 2 exchanges. */ @@ -115,7 +115,7 @@ struct exchange { /* * A "program counter" into the script that validate message contents * for this exchange. - */ + */ int16_t *exch_pc; /* The last message received, used for checking for duplicates. */ @@ -127,13 +127,13 @@ struct exchange { /* * If some message is queued up for sending, we want to be able to * remove it from the queue, when the exchange is deleted. - */ + */ struct message *in_transit; /* * Initiator's & responder's nonces respectively, with lengths. * XXX Should this be in the DOI-specific parts instead? - */ + */ u_int8_t *nonce_i; size_t nonce_i_len; u_int8_t *nonce_r; @@ -165,7 +165,7 @@ struct exchange { /* * Received certificate - used to verify signatures on packet, * stored here for later policy processing. - * + * * The rules for the recv_* and sent_* fields are: * - recv_cert stores the credential (if any) received from the peer; * the kernel may pass us one, but we ignore it. We pass it to the @@ -187,7 +187,7 @@ struct exchange { * we don't pass it to the kernel, to avoid revealing such information * to processes (processes either already know it, or have no business * knowing it). - */ + */ int recv_certtype, recv_keytype; void *recv_cert; /* Certificate received from peer, * native format */ diff --git a/sbin/isakmpd/ike_aggressive.c b/sbin/isakmpd/ike_aggressive.c index 324460d3dac..5edcb651d43 100644 --- a/sbin/isakmpd/ike_aggressive.c +++ b/sbin/isakmpd/ike_aggressive.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_aggressive.c,v 1.11 2010/06/29 19:50:16 reyk Exp $ */ +/* $OpenBSD: ike_aggressive.c,v 1.12 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: ike_aggressive.c,v 1.4 2000/01/31 22:33:45 niklas Exp $ */ /* @@ -119,7 +119,7 @@ initiator_send_AUTH(struct message *msg) * INITIAL-CONTACT in phase 1, thus contradicting what we learned * above. I will bring this up in the IPsec list. For now we don't * do INITIAL-CONTACT at all when using aggressive mode. - */ + */ return 0; } diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c index 86cf757ae9a..5e2a1a3b41d 100644 --- a/sbin/isakmpd/ike_auth.c +++ b/sbin/isakmpd/ike_auth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_auth.c,v 1.114 2017/11/08 13:33:49 patrick Exp $ */ +/* $OpenBSD: ike_auth.c,v 1.115 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */ /* @@ -348,7 +348,7 @@ pre_shared_gen_skeyid(struct exchange *exchange, size_t *sz) * case in Aggressive mode), try to find the preshared key in the * section of the initiator's Phase 1 ID. This allows us to do * mobile user support with preshared keys. - */ + */ if (!exchange->initiator && exchange->id_i) { switch (exchange->id_i[0]) { case IPSEC_ID_IPV4_ADDR: @@ -387,7 +387,7 @@ pre_shared_gen_skeyid(struct exchange *exchange, size_t *sz) /* * Get the pre-shared key for our peer. This will work even if the key * has been passed to us through a mechanism like PFKEYv2. - */ + */ key = ike_auth_get_key(IKE_AUTH_PRE_SHARED, exchange->name, (char *)buf, &keylen); free(buf); @@ -587,7 +587,7 @@ rsa_sig_decode_hash(struct message *msg) * XXX Assume we should use the same kind of certification as the * remote... moreover, just use the first CERT payload to decide what * to use. - */ + */ p = payload_first(msg, ISAKMP_PAYLOAD_CERT); if (!p) handler = cert_get(ISAKMP_CERTENC_KEYNOTE); @@ -601,7 +601,7 @@ rsa_sig_decode_hash(struct message *msg) /* * We need the policy session initialized now, so we can add * credentials etc. - */ + */ exchange->policy_id = kn_init(); if (exchange->policy_id == -1) { log_print("rsa_sig_decode_hash: failed to initialize policy " @@ -640,7 +640,7 @@ rsa_sig_decode_hash(struct message *msg) * Walk over potential CERT payloads in this message. * XXX I believe this is the wrong spot for this. CERTs can appear * anytime. - */ + */ TAILQ_FOREACH(p, &msg->payload[ISAKMP_PAYLOAD_CERT], link) { p->flags |= PL_MARK; diff --git a/sbin/isakmpd/ike_main_mode.c b/sbin/isakmpd/ike_main_mode.c index e88c4295654..6592e0666f5 100644 --- a/sbin/isakmpd/ike_main_mode.c +++ b/sbin/isakmpd/ike_main_mode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_main_mode.c,v 1.17 2010/06/29 19:50:16 reyk Exp $ */ +/* $OpenBSD: ike_main_mode.c,v 1.18 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: ike_main_mode.c,v 1.77 1999/04/25 22:12:34 niklas Exp $ */ /* @@ -102,7 +102,7 @@ responder_send_KE_NONCE(struct message *msg) /* * Calculate DH values & key material in parallel with the message * going on a roundtrip over the wire. - */ + */ message_register_post_send(msg, (void (*)(struct message *))ike_phase_1_post_exchange_KE_NONCE); diff --git a/sbin/isakmpd/ike_quick_mode.c b/sbin/isakmpd/ike_quick_mode.c index dd437bdf884..dc3c027006d 100644 --- a/sbin/isakmpd/ike_quick_mode.c +++ b/sbin/isakmpd/ike_quick_mode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ike_quick_mode.c,v 1.112 2017/12/07 11:44:02 mpi Exp $ */ +/* $OpenBSD: ike_quick_mode.c,v 1.113 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: ike_quick_mode.c,v 1.139 2001/01/26 10:43:17 niklas Exp $ */ /* @@ -302,7 +302,7 @@ check_policy(struct exchange *exchange, struct sa *sa, struct sa *isakmp_sa) * Add the authorizer (who is requesting the SA/ID); * this may be a public or a secret key, depending on * what mode of authentication we used in Phase 1. - */ + */ for (i = 0; i < nprinc; i++) { LOG_DBG((LOG_POLICY, 40, "check_policy: " "adding authorizer [%s]", principal[i])); @@ -366,7 +366,7 @@ policydone: * XXX Currently, check_policy() is only called from * message_negotiate_sa(), and so this log message reflects this. * Change to something better? - */ + */ if (result == 0) log_print("check_policy: negotiated SA failed policy check"); @@ -374,7 +374,7 @@ policydone: * Given that we have only 2 return values from policy (true/false) * we can just return the query result directly (no pre-processing * needed). - */ + */ return result; } @@ -845,7 +845,7 @@ initiator_send_HASH_SA_NONCE(struct message *msg) * Add the payloads. As this is a SA, we need to recompute the * lengths of the payloads containing others. We also need to * reset these payload's "next payload type" field. - */ + */ if (message_add_payload(msg, ISAKMP_PAYLOAD_SA, sa_buf, sa_len, 1)) goto bail_out; SET_ISAKMP_GEN_LENGTH(sa_buf, sa_len + proposals_len); @@ -878,7 +878,7 @@ initiator_send_HASH_SA_NONCE(struct message *msg) /* * Save SA payload body in ie->sa_i_b, length ie->sa_i_b_len. - */ + */ ie->sa_i_b = message_copy(msg, ISAKMP_GEN_SZ, &ie->sa_i_b_len); if (!ie->sa_i_b) goto bail_out; @@ -886,7 +886,7 @@ initiator_send_HASH_SA_NONCE(struct message *msg) /* * Generate a nonce, and add it to the message. * XXX I want a better way to specify the nonce's size. - */ + */ if (exchange_gen_nonce(msg, 16)) return -1; @@ -1094,9 +1094,9 @@ initiator_recv_HASH_SA_NONCE(struct message *msg) /* * As we are getting an answer on our transform offer, only one * transform should be given. - * + * * XXX Currently we only support negotiating one SA per quick mode run. - */ + */ if (TAILQ_NEXT(sa_p, link)) { log_print("initiator_recv_HASH_SA_NONCE: " "multiple SA payloads in quick mode not supported yet"); @@ -1364,7 +1364,7 @@ post_quick_mode(struct message *msg) /* * Loop over all SA negotiations and do both an in- and an outgoing SA * per protocol. - */ + */ for (sa = TAILQ_FIRST(&exchange->sa_list); sa; sa = TAILQ_NEXT(sa, next)) { for (proto = TAILQ_FIRST(&sa->protos); proto; @@ -1520,7 +1520,7 @@ responder_recv_HASH_SA_NONCE(struct message *msg) /* * Check the payload's integrity. * XXX Share with ipsec_fill_in_hash? - */ + */ LOG_DBG_BUF((LOG_NEGOTIATION, 90, "responder_recv_HASH_SA_NONCE: " "SKEYID_a", isa->skeyid_a, isa->skeyid_len)); prf = prf_alloc(isa->prf_type, isa->hash, isa->skeyid_a, @@ -1759,7 +1759,7 @@ next_sa: /* * Try to find and set the connection name on the exchange. - */ + */ /* * Check for accepted identities as well as lookup the connection @@ -1767,7 +1767,7 @@ next_sa: * * When not using policies make sure the peer proposes sane IDs. * Otherwise this is done by KeyNote. - */ + */ name = connection_passive_lookup_by_ids(ie->id_ci, ie->id_cr); if (name) { exchange->name = strdup(name); diff --git a/sbin/isakmpd/init.c b/sbin/isakmpd/init.c index b0744b4d8dd..4f2e889724b 100644 --- a/sbin/isakmpd/init.c +++ b/sbin/isakmpd/init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: init.c,v 1.41 2013/04/24 13:46:09 deraadt Exp $ */ +/* $OpenBSD: init.c,v 1.42 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: init.c,v 1.25 2000/03/30 14:27:24 ho Exp $ */ /* @@ -110,7 +110,7 @@ reinit(void) * User-initiated SIGHUP's maybe "authorizes" a wait until * next connection-check. * XXX This means we discard exchange->last_msg, is this really ok? - */ + */ /* Reread config file. */ conf_reinit(); @@ -129,14 +129,14 @@ reinit(void) /* * Rescan interfaces (call reinit() in all transports). - */ + */ transport_reinit(); /* * XXX "These" (non-existent) reinitializations should not be done. * cookie_reinit (); * ui_reinit (); - */ + */ sa_reinit(); } diff --git a/sbin/isakmpd/ipsec.c b/sbin/isakmpd/ipsec.c index 855462e09bb..92bb178488a 100644 --- a/sbin/isakmpd/ipsec.c +++ b/sbin/isakmpd/ipsec.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ipsec.c,v 1.148 2017/10/27 08:29:32 mpi Exp $ */ +/* $OpenBSD: ipsec.c,v 1.149 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: ipsec.c,v 1.143 2000/12/11 23:57:42 niklas Exp $ */ /* @@ -832,7 +832,7 @@ ipsec_get_keystate(struct message *msg) * For phase 2 when no SA yet is setup we need to hash the IV used by * the ISAKMP SA concatenated with the message ID, and use that as an * IV for further cryptographic operations. - */ + */ if (!msg->isakmp_sa->keystate) { log_print("ipsec_get_keystate: no keystate in ISAKMP SA %p", msg->isakmp_sa); @@ -1206,7 +1206,7 @@ ipsec_responder(struct message *msg) /* * XXX So far we don't accept any proposals for exchanges we don't * support. - */ + */ if (payload_first(msg, ISAKMP_PAYLOAD_SA)) { message_drop(msg, ISAKMP_NOTIFY_NO_PROPOSAL_CHOSEN, 0, 1, 0); return -1; @@ -1560,7 +1560,7 @@ ipsec_decode_transform(struct message *msg, struct sa *sa, struct proto *proto, /* * If no pseudo-random function was negotiated, it's HMAC. * XXX As PRF_HMAC currently is zero, this is a no-op. - */ + */ if (!ie->prf_type) ie->prf_type = PRF_HMAC; } @@ -2348,7 +2348,7 @@ ipsec_add_contact(struct message *msg) /* * XXX There are better algorithms for already mostly-sorted data like * this, but only qsort is standard. I will someday do this inline. - */ + */ qsort(contacts, contact_cnt, sizeof *contacts, addr_cmp); return 0; } @@ -2521,7 +2521,7 @@ ipsec_id_string(u_int8_t *id, size_t id_len) * XXX Real ugly way of making the offsets correct. Be aware that id * now will point before the actual buffer and cannot be dereferenced * without an offset larger than or equal to ISAKM_GEN_SZ. - */ + */ id -= ISAKMP_GEN_SZ; /* This is the actual length of the ID data field. */ @@ -2531,7 +2531,7 @@ ipsec_id_string(u_int8_t *id, size_t id_len) * Conservative allocation. * XXX I think the ASN1 DN case can be thought through to give a better * estimate. - */ + */ size = MAXIMUM(sizeof "ipv6/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff", sizeof "asn1_dn/" + id_len); buf = malloc(size); diff --git a/sbin/isakmpd/isakmp_cfg.c b/sbin/isakmpd/isakmp_cfg.c index ef8bcd24a97..972d0cf6370 100644 --- a/sbin/isakmpd/isakmp_cfg.c +++ b/sbin/isakmpd/isakmp_cfg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: isakmp_cfg.c,v 1.39 2014/01/23 01:04:28 deraadt Exp $ */ +/* $OpenBSD: isakmp_cfg.c,v 1.40 2018/01/04 14:21:00 mpi Exp $ */ /* * Copyright (c) 2001 Niklas Hallqvist. All rights reserved. @@ -262,7 +262,7 @@ cfg_initiator_send_ATTR(struct message *msg) /* * Use the bitstring built previously to collect the right * parameters for attrp. - */ + */ for (bit = 0; bit < CFG_ATTR_BIT_MAX; bit++) if (bit_test(attrbits, bit)) { attr = attrp + off; diff --git a/sbin/isakmpd/isakmpd.c b/sbin/isakmpd/isakmpd.c index b957e7dc1cd..a1d955ae06a 100644 --- a/sbin/isakmpd/isakmpd.c +++ b/sbin/isakmpd/isakmpd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: isakmpd.c,v 1.105 2017/12/05 20:31:45 jca Exp $ */ +/* $OpenBSD: isakmpd.c,v 1.106 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: isakmpd.c,v 1.54 2000/10/05 09:28:22 niklas Exp $ */ /* @@ -286,7 +286,7 @@ set_slave_signals(void) /* * Do a clean daemon shutdown on TERM/INT. These signals must be * initialized before monitor_init(). INT is only used with '-d'. - */ + */ signal(SIGTERM, daemon_shutdown_now); if (debug == 1) /* i.e '-dd' will skip this. */ signal(SIGINT, daemon_shutdown_now); diff --git a/sbin/isakmpd/log.c b/sbin/isakmpd/log.c index 409cf2a416f..bc826383e9d 100644 --- a/sbin/isakmpd/log.c +++ b/sbin/isakmpd/log.c @@ -1,4 +1,4 @@ -/* $OpenBSD: log.c,v 1.62 2014/10/25 03:18:13 lteo Exp $ */ +/* $OpenBSD: log.c,v 1.63 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: log.c,v 1.30 2000/09/29 08:19:23 niklas Exp $ */ /* @@ -233,7 +233,7 @@ log_debug(int cls, int level, const char *fmt, ...) /* * If we are not debugging this class, or the level is too low, just * return. - */ + */ if (cls >= 0 && (log_level[cls] == 0 || level > log_level[cls])) return; va_start(ap, fmt); @@ -251,7 +251,7 @@ log_debug_buf(int cls, int level, const char *header, const u_int8_t *buf, /* * If we are not debugging this class, or the level is too low, just * return. - */ + */ if (cls >= 0 && (log_level[cls] == 0 || level > log_level[cls])) return; diff --git a/sbin/isakmpd/message.h b/sbin/isakmpd/message.h index 5df66b7e332..686948ce265 100644 --- a/sbin/isakmpd/message.h +++ b/sbin/isakmpd/message.h @@ -1,4 +1,4 @@ -/* $OpenBSD: message.h,v 1.27 2016/03/10 07:32:16 yasuoka Exp $ */ +/* $OpenBSD: message.h,v 1.28 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: message.h,v 1.51 2000/10/10 12:36:39 provos Exp $ */ /* @@ -56,7 +56,7 @@ struct payload { /* * A pointer to the parent payload, used for proposal and transform * payloads. - */ + */ struct payload *context; /* Payload flags described below. */ @@ -90,13 +90,13 @@ struct message { /* * This is the transport the message either arrived on or will be sent * to. - */ + */ struct transport *transport; /* * This is the ISAKMP SA protecting this message. * XXX Needs to be redone to some keystate pointer or something. - */ + */ struct sa *isakmp_sa; /* This is the exchange where this message appears. */ @@ -109,7 +109,7 @@ struct message { * will be one payload, after encryption segment 0 will be the * unencrypted header, and segment 1 will be the encrypted payloads, * all of them. - */ + */ struct iovec *iov; /* The segment count. */ @@ -134,13 +134,13 @@ struct message { /* * Extra baggage needed to travel with the message. Used transiently * in context sensitive ways. - */ + */ void *extra; /* * Hooks for stuff needed to be done after the message has gone out to * the wire. - */ + */ TAILQ_HEAD(post_send_head, post_send) post_send; }; diff --git a/sbin/isakmpd/monitor.c b/sbin/isakmpd/monitor.c index 5a8fb910262..c3f521f38b2 100644 --- a/sbin/isakmpd/monitor.c +++ b/sbin/isakmpd/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.74 2015/08/20 22:02:21 deraadt Exp $ */ +/* $OpenBSD: monitor.c,v 1.75 2018/01/04 14:21:00 mpi Exp $ */ /* * Copyright (c) 2003 Håkan Olsson. All rights reserved. @@ -692,7 +692,7 @@ m_priv_local_sanitize_path(char *path, size_t pmax, int flags) * We only permit paths starting with * /etc/isakmpd/ (read only) * /var/run/ (rw) - */ + */ if (realpath(path, new_path) == NULL || realpath("/var/run", var_run) == NULL) { diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c index f1f919adfbb..e3da6a5053b 100644 --- a/sbin/isakmpd/policy.c +++ b/sbin/isakmpd/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.97 2013/11/22 04:12:47 deraadt Exp $ */ +/* $OpenBSD: policy.c,v 1.98 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */ /* @@ -231,7 +231,7 @@ policy_callback(char *name) /* * If dirty is set, this is the first request for an attribute, so * populate our value cache. - */ + */ if (dirty) { ie = policy_exchange->data; diff --git a/sbin/isakmpd/sa.h b/sbin/isakmpd/sa.h index 257d1839a70..2364e61db2c 100644 --- a/sbin/isakmpd/sa.h +++ b/sbin/isakmpd/sa.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sa.h,v 1.52 2015/03/26 12:21:37 mikeb Exp $ */ +/* $OpenBSD: sa.h,v 1.53 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: sa.h,v 1.58 2000/10/10 12:39:01 provos Exp $ */ /* @@ -77,7 +77,7 @@ struct proto { /* * The chosen transform, only valid while the incoming SA payload that * held it is available for duplicate testing. - */ + */ struct payload *chosen; /* The chosen transform's ID. */ @@ -107,7 +107,7 @@ struct sa { /* * When several SA's are being negotiated in one message we connect * them through this link. - */ + */ TAILQ_ENTRY(sa) next; /* @@ -164,14 +164,14 @@ struct sa { /* * The key used to authenticate phase 1, in printable format, used * only by KeyNote. - */ + */ char *keynote_key; /* * Certificates or other information from Phase 1; these are copied * from the exchange, so look at exchange.h for an explanation of * their use. - */ + */ int recv_certtype, recv_keytype; /* Certificate received from peer, native format. */ void *recv_cert; @@ -181,7 +181,7 @@ struct sa { /* * Certificates or other information we used to authenticate to the * peer, Phase 1. - */ + */ int sent_certtype; /* Certificate (to be) sent to peer, native format. */ void *sent_cert; diff --git a/sbin/isakmpd/sysdep/openbsd/sysdep.c b/sbin/isakmpd/sysdep/openbsd/sysdep.c index a44a3c04c93..8090a265ba0 100644 --- a/sbin/isakmpd/sysdep/openbsd/sysdep.c +++ b/sbin/isakmpd/sysdep/openbsd/sysdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sysdep.c,v 1.36 2014/01/22 03:09:31 deraadt Exp $ */ +/* $OpenBSD: sysdep.c,v 1.37 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: sysdep.c,v 1.9 2000/12/04 04:46:35 angelos Exp $ */ /* @@ -94,9 +94,9 @@ sysdep_cleartext(int fd, int af) } /* - * Need to bypass system security policy, so I can send and - * receive key management datagrams in the clear. - */ + * Need to bypass system security policy, so I can send and + * receive key management datagrams in the clear. + */ level = IPSEC_LEVEL_BYPASS; if (monitor_setsockopt(fd, optsw[sw].ip_proto, optsw[sw].auth_level, (char *) &level, sizeof level) == -1) { diff --git a/sbin/isakmpd/transport.h b/sbin/isakmpd/transport.h index 2b809936b69..ecbe38129e5 100644 --- a/sbin/isakmpd/transport.h +++ b/sbin/isakmpd/transport.h @@ -1,4 +1,4 @@ -/* $OpenBSD: transport.h,v 1.20 2016/08/26 06:18:01 guenther Exp $ */ +/* $OpenBSD: transport.h,v 1.21 2018/01/04 14:21:00 mpi Exp $ */ /* $EOM: transport.h,v 1.16 2000/07/17 18:57:59 provos Exp $ */ /* @@ -78,7 +78,7 @@ struct transport_vtbl { /* * Read a message from the transport's incoming pipe and start * handling it. - */ + */ void (*handle_message) (struct transport *); /* Send a message through the outgoing pipe. */ @@ -87,18 +87,18 @@ struct transport_vtbl { /* * Fill out a sockaddr structure with the transport's destination end's * address info. - */ + */ void (*get_dst) (struct transport *, struct sockaddr **); /* * Fill out a sockaddr structure with the transport's source end's * address info. - */ + */ void (*get_src) (struct transport *, struct sockaddr **); /* * Return a string with decoded src and dst information - */ + */ char *(*decode_ids) (struct transport *); /* @@ -126,7 +126,7 @@ struct transport { * Prioritized send queue. Messages in this queue will be transmitted * before the normal sendq, they will also all be transmitted prior * to a daemon shutdown. Currently only used for DELETE notifications. - */ + */ struct msg_head prio_sendq; /* Flags describing the transport. */ |