diff options
Diffstat (limited to 'src/pluto')
47 files changed, 379 insertions, 379 deletions
diff --git a/src/pluto/ac.c b/src/pluto/ac.c index 0c36e5945..769d77e83 100644 --- a/src/pluto/ac.c +++ b/src/pluto/ac.c @@ -224,7 +224,7 @@ static int cmp_ietfAttr(ietfAttr_t *a,ietfAttr_t *b) /* cannot compare OID with STRING or OCTETS attributes */ if (a->kind == IETF_ATTRIBUTE_OID && b->kind != IETF_ATTRIBUTE_OID) return 1; - + cmp_len = a->value.len - b->value.len; len = (cmp_len < 0)? a->value.len : b->value.len; cmp_value = memcmp(a->value.ptr, b->value.ptr, len); @@ -604,7 +604,7 @@ static void release_ietfAttr(ietfAttr_t* attr) list = *plist; } *plist = list->next; - + free(attr->value.ptr); free(attr); free(list); @@ -654,7 +654,7 @@ static void free_first_acert(void) * Free all attribute certificates in the chained list */ void free_acerts(void) -{ +{ while (x509acerts != NULL) free_first_acert(); } @@ -759,7 +759,7 @@ bool verify_x509acert(x509acert_t *ac, bool strict) dntoa(buf, BUF_LEN, ac->issuerName); DBG_log("issuer: '%s'",buf); ) - + ugh = check_ac_validity(ac); if (ugh != NULL) @@ -822,7 +822,7 @@ void load_acerts(void) { char *filename = filelist[n]->d_name; x509acert_t *ac; - + ac = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_AC, BUILD_FROM_FILE, filename, BUILD_END); @@ -859,7 +859,7 @@ void format_groups(const ietfAttrList_t *list, char *buf, int len) , (int)attr->value.len, attr->value.ptr); first_group = FALSE; - + /* return value of snprintf() up to glibc 2.0.6 */ if (written < 0) break; @@ -949,7 +949,7 @@ void list_acerts(bool utc) void list_groups(bool utc) { ietfAttrList_t *list = ietfAttributes; - + if (list != NULL) { whack_log(RC_COMMENT, " "); @@ -962,7 +962,7 @@ void list_groups(bool utc) ietfAttr_t *attr = list->attr; whack_log(RC_COMMENT, "%T, count: %d", &attr->installed, utc, attr->count); - + switch (attr->kind) { case IETF_ATTRIBUTE_OCTETS: diff --git a/src/pluto/alg_info.c b/src/pluto/alg_info.c index c25418fc1..e8f977950 100644 --- a/src/pluto/alg_info.c +++ b/src/pluto/alg_info.c @@ -238,12 +238,12 @@ static void __alg_info_ike_add (struct alg_info_ike *alg_info, int ealg_id, * merging alg_info (ike_info) contents */ -static int default_ike_groups[] = { +static int default_ike_groups[] = { MODP_1536_BIT, MODP_1024_BIT }; -/* +/* * Add IKE alg info _with_ logic (policy): */ static void alg_info_ike_add (struct alg_info *alg_info, int ealg_id, @@ -258,7 +258,7 @@ static void alg_info_ike_add (struct alg_info *alg_info, int ealg_id, n_groups=0; goto in_loop; } - + for (; n_groups--; i++) { modp_id = default_ike_groups[i]; @@ -372,7 +372,7 @@ static status_t alg_info_parse_str(struct alg_info *alg_info, char *alg_str) eat_whitespace(&string); - if (string.len > 0) + if (string.len > 0) { chunk_t alg; @@ -494,7 +494,7 @@ struct alg_info_ike *alg_info_ike_create_from_str(char *alg_str) * several connections instances, * handle free() with ref_cnts */ -void +void alg_info_addref(struct alg_info *alg_info) { if (alg_info != NULL) @@ -529,7 +529,7 @@ alg_info_snprint(char *buf, int buflen, struct alg_info *alg_info) struct esp_info *esp_info; struct ike_info *ike_info; int cnt; - + switch (alg_info->alg_info_protoid) { case PROTO_IPSEC_ESP: { @@ -608,7 +608,7 @@ out: , "buffer space exhausted in alg_info_snprint_ike(), buflen=%d" , buflen); } - + return ptr - buf; } diff --git a/src/pluto/alg_info.h b/src/pluto/alg_info.h index fcf7efca0..85b88ddff 100644 --- a/src/pluto/alg_info.h +++ b/src/pluto/alg_info.h @@ -74,7 +74,7 @@ extern int alg_info_snprint_esp(char *buf, int buflen extern int alg_info_snprint_ike(char *buf, int buflen , struct alg_info_ike *alg_info); #define ALG_INFO_ESP_FOREACH(ai, ai_esp, i) \ - for (i=(ai)->alg_info_cnt,ai_esp=(ai)->esp; i--; ai_esp++) + for (i=(ai)->alg_info_cnt,ai_esp=(ai)->esp; i--; ai_esp++) #define ALG_INFO_IKE_FOREACH(ai, ai_ike, i) \ - for (i=(ai)->alg_info_cnt,ai_ike=(ai)->ike; i--; ai_ike++) + for (i=(ai)->alg_info_cnt,ai_ike=(ai)->ike; i--; ai_ike++) #endif /* ALG_INFO_H */ diff --git a/src/pluto/builder.c b/src/pluto/builder.c index 57b843d2b..2c3a8eaed 100644 --- a/src/pluto/builder.c +++ b/src/pluto/builder.c @@ -59,7 +59,7 @@ static void cert_add(private_builder_t *this, builder_part_t part, ...) va_start(args, part); blob = va_arg(args, chunk_t); va_end(args); - + switch (part) { case BUILD_BLOB_PGP: @@ -134,7 +134,7 @@ static void ac_add(private_builder_t *this, builder_part_t part, ...) va_start(args, part); blob = va_arg(args, chunk_t); va_end(args); - + this->ac = malloc_thing(x509acert_t); *this->ac = empty_ac; @@ -200,10 +200,10 @@ static void crl_add(private_builder_t *this, builder_part_t part, ...) static void *build(private_builder_t *this) { void *cred; - + cred = this->cred; free(this); - + return cred; } @@ -213,7 +213,7 @@ static void *build(private_builder_t *this) static builder_t *builder(int subtype) { private_builder_t *this = malloc_thing(private_builder_t); - + switch (subtype) { case CERT_PLUTO_CERT: @@ -231,7 +231,7 @@ static builder_t *builder(int subtype) } this->public.build = (void*(*)(builder_t*))build; this->cred = NULL; - + return &this->public; } diff --git a/src/pluto/ca.c b/src/pluto/ca.c index 4fdb8cfe7..77374b6f8 100644 --- a/src/pluto/ca.c +++ b/src/pluto/ca.c @@ -103,7 +103,7 @@ trusted_ca(chunk_t a, chunk_t b, int *pathlen) /* go one level up in the CA chain */ a = cacert->issuer; } - + unlock_authcert_list("trusted_ca"); return match; } @@ -539,7 +539,7 @@ add_ca_info(const whack_message_t *msg) /* does the authname already exist? */ ca = get_ca_info(cacert->subject, cacert->serialNumber , cacert->subjectKeyID); - + if (ca != NULL) { /* ca_info is already present */ @@ -557,7 +557,7 @@ add_ca_info(const whack_message_t *msg) /* name */ ca->name = clone_str(msg->name); - + /* authName */ ca->authName = chunk_clone(cacert->subject); dntoa(buf, BUF_LEN, ca->authName); @@ -621,7 +621,7 @@ add_ca_info(const whack_message_t *msg) ca->next = ca_infos; ca_infos = ca; ca->installed = time(NULL); - + unlock_ca_info_list("add_ca_info"); /* add cacert to list of authcerts */ @@ -644,7 +644,7 @@ void list_ca_infos(bool utc) { ca_info_t *ca = ca_infos; - + if (ca != NULL) { whack_log(RC_COMMENT, " "); diff --git a/src/pluto/certs.c b/src/pluto/certs.c index 92ab2cc8e..5c6aa568e 100644 --- a/src/pluto/certs.c +++ b/src/pluto/certs.c @@ -116,7 +116,7 @@ private_key_t* load_private_key(char* filename, prompt_pass_t *pass, { private_key_t *key = NULL; char *path; - + path = concatenate_paths(PRIVATE_KEY_PATH, filename); if (pass && pass->prompt && pass->fd != NULL_FD) { /* use passphrase callback */ @@ -140,7 +140,7 @@ private_key_t* load_private_key(char* filename, prompt_pass_t *pass, { /* no passphrase */ key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type, BUILD_FROM_FILE, path, BUILD_END); - + } if (key) { diff --git a/src/pluto/connections.c b/src/pluto/connections.c index b800b1665..1eb2d332d 100644 --- a/src/pluto/connections.c +++ b/src/pluto/connections.c @@ -109,7 +109,7 @@ find_host_pair(const ip_address *myaddr, u_int16_t myport /* default hisaddr to an appropriate any */ if (hisaddr == NULL) hisaddr = aftoinfo(addrtypeof(myaddr))->any; - + if (nat_traversal_enabled) { /** @@ -1011,7 +1011,7 @@ add_connection(const whack_message_t *wm) loglog(RC_LOG_SERIOUS, "esp string error"); } } - + if (wm->ike) { DBG(DBG_CONTROL, @@ -1038,7 +1038,7 @@ add_connection(const whack_message_t *wm) loglog(RC_LOG_SERIOUS, "ike string error:"); } } - + c->sa_ike_life_seconds = wm->sa_ike_life_seconds; c->sa_ipsec_life_seconds = wm->sa_ipsec_life_seconds; c->sa_rekey_margin = wm->sa_rekey_margin; @@ -1213,7 +1213,7 @@ add_group_instance(struct connection *group, const ip_subnet *target) if (t->spd.that.virt) { DBG_log("virtual_ip not supported in group instance"); - t->spd.that.virt = NULL; + t->spd.that.virt = NULL; } /* add to connections list */ @@ -2356,7 +2356,7 @@ initiate_opportunistic_body(struct find_oppo_bundle *b DBG(DBG_CONTROL, DBG_log("creating new instance from \"%s\"%s" , c->name , (fmt_conn_instance(c, cib), cib))); - + idtoa(&sr->this.id, mycredentialstr, sizeof(mycredentialstr)); @@ -3012,7 +3012,7 @@ ISAKMP_SA_established(struct connection *c, so_serial_t serial) */ if (!isanyaddr(&c->spd.that.host_srcip) && !c->spd.that.has_natip) c->spd.that.modecfg = TRUE; - + if (uniqueIDs) { /* for all connections: if the same Phase 1 IDs are used @@ -4037,7 +4037,7 @@ show_connections_status(bool all, const char *name) if (c->spd.that.groups != NULL) { char buf[BUF_LEN]; - + format_groups(c->spd.that.groups, buf, BUF_LEN); whack_log(RC_COMMENT , "\"%s\"%s: groups: %s" @@ -4058,7 +4058,7 @@ show_connections_status(bool all, const char *name) , (unsigned long) c->sa_keying_tries); /* show DPD parameters if defined */ - + if (c->dpd_action != DPD_ACTION_NONE) whack_log(RC_COMMENT , "\"%s\"%s: dpd_action: %N;" @@ -4095,7 +4095,7 @@ show_connections_status(bool all, const char *name) , instance , c->newest_isakmp_sa , c->newest_ipsec_sa); - + if (all) { ike_alg_show_connection(c, instance); diff --git a/src/pluto/connections.h b/src/pluto/connections.h index 16cbbfd72..512c688f8 100644 --- a/src/pluto/connections.h +++ b/src/pluto/connections.h @@ -292,7 +292,7 @@ find_connection_for_clients(struct spd_route **srp extern chunk_t get_peer_ca_and_groups(struct connection *c , const ietfAttrList_t **peer_list); - + /* instantiating routines * Note: connection_discard() is in state.h because all its work * is looking through state objects. diff --git a/src/pluto/constants.c b/src/pluto/constants.c index d9cf07eee..f4cfaeb6a 100644 --- a/src/pluto/constants.c +++ b/src/pluto/constants.c @@ -68,8 +68,8 @@ ENUM(dpd_action_names, DPD_ACTION_NONE, DPD_ACTION_RESTART, "clear", "hold", "restart" -); - +); + /* Timer events */ ENUM(timer_event_names, EVENT_NULL, EVENT_LOG_DAILY, @@ -274,7 +274,7 @@ const char *const payload_name_nat_d[] = { static enum_names payload_names_nat_d = { ISAKMP_NEXT_NATD_DRAFTS, ISAKMP_NEXT_NATOA_DRAFTS, payload_name_nat_d, NULL }; - + enum_names payload_names = { ISAKMP_NEXT_NONE, ISAKMP_NEXT_NATOA_RFC, payload_name, &payload_names_nat_d }; @@ -845,7 +845,7 @@ static const char *const oakley_auth_name1[] = { "ECDSA signature", "ECDSA-256 signature", "ECDSA-384 signature", - "ECDSA-521-signature", + "ECDSA-521-signature", }; static const char *const oakley_auth_name2[] = { @@ -922,7 +922,7 @@ enum_names oakley_group_names_rfc3526 = oakley_group_name_rfc3526, &oakley_group_names_rfc4753 }; enum_names oakley_group_names = - { MODP_768_BIT, MODP_1536_BIT, + { MODP_768_BIT, MODP_1536_BIT, oakley_group_name, &oakley_group_names_rfc3526 }; /* Oakley Group Type attribute */ @@ -1153,7 +1153,7 @@ const char *const natt_type_bitnames[] = { "4", "5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", - "16", "17", "18", "19", + "16", "17", "18", "19", "20", "21", "22", "23", "24", "25", "26", "27", "28", "29", @@ -1196,8 +1196,8 @@ enum_show(enum_names *ed, unsigned long val) static char bitnamesbuf[200]; /* only one! I hope that it is big enough! */ -int -enum_search(enum_names *ed, const char *str) +int +enum_search(enum_names *ed, const char *str) { enum_names *p; const char *ptr; diff --git a/src/pluto/constants.h b/src/pluto/constants.h index dc8d5de85..b20737b73 100644 --- a/src/pluto/constants.h +++ b/src/pluto/constants.h @@ -689,7 +689,7 @@ extern enum_name_t *cert_policy_names; typedef enum certpolicy { CERT_ALWAYS_SEND = 0, - CERT_SEND_IF_ASKED = 1, + CERT_SEND_IF_ASKED = 1, CERT_NEVER_SEND = 2, CERT_YES_SEND = 3, /* synonym for CERT_ALWAYS_SEND */ diff --git a/src/pluto/crl.c b/src/pluto/crl.c index 132caa5e3..4a7accae7 100644 --- a/src/pluto/crl.c +++ b/src/pluto/crl.c @@ -56,7 +56,7 @@ static const asn1Object_t crlObjects[] = { { 2, "version", ASN1_INTEGER, ASN1_OPT | ASN1_BODY }, /* 2 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 3 */ - { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 4 */ + { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 4 */ { 2, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 5 */ { 2, "thisUpdate", ASN1_EOC, ASN1_RAW }, /* 6 */ { 2, "nextUpdate", ASN1_EOC, ASN1_RAW }, /* 7 */ @@ -292,7 +292,7 @@ bool insert_crl(x509crl_t *crl, chunk_t crl_uri, bool cache_crl) char digest_buf[HASH_SIZE_SHA1]; chunk_t subjectKeyID = chunk_from_buf(digest_buf); bool has_keyID; - + if (issuer_cert->subjectKeyID.ptr == NULL) { has_keyID = compute_subjectKeyID(issuer_cert, subjectKeyID); @@ -343,7 +343,7 @@ void load_crls(void) { char *filename = filelist[n]->d_name; x509crl_t *crl; - + crl = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_PLUTO_CRL, BUILD_FROM_FILE, filename, BUILD_END); if (crl) @@ -520,7 +520,7 @@ check_revocation(const x509crl_t *crl, chunk_t serial *revocationDate = UNDEFINED_TIME; *revocationReason = CRL_REASON_UNSPECIFIED; - + DBG(DBG_CONTROL, DBG_dump_chunk("serial number:", serial) ) @@ -649,7 +649,7 @@ verify_by_crl(const x509cert_t *cert, time_t *until, time_t *revocationDate , crl->authKeyID, AUTH_CA); valid = x509_check_signature(crl->tbsCertList, crl->signature, crl->algorithm, issuer_cert); - + unlock_authcert_list("verify_by_crl"); if (valid) diff --git a/src/pluto/crl.h b/src/pluto/crl.h index dcf039541..db3080c2a 100644 --- a/src/pluto/crl.h +++ b/src/pluto/crl.h @@ -71,7 +71,7 @@ extern bool cache_crls; /* * check periodically for expired crls - */ + */ extern long crl_check_interval; /* used for initialization */ diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c index f47ad1eeb..c6d3950bb 100644 --- a/src/pluto/crypto.c +++ b/src/pluto/crypto.c @@ -21,12 +21,12 @@ #include "log.h" static struct encrypt_desc encrypt_desc_3des = -{ +{ algo_type: IKE_ALG_ENCRYPT, - algo_id: OAKLEY_3DES_CBC, + algo_id: OAKLEY_3DES_CBC, algo_next: NULL, - enc_blocksize: DES_BLOCK_SIZE, + enc_blocksize: DES_BLOCK_SIZE, keydeflen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, keyminlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, keymaxlen: DES_BLOCK_SIZE * 3 * BITS_PER_BYTE, @@ -40,7 +40,7 @@ static struct encrypt_desc encrypt_desc_aes = { algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_AES_CBC, - algo_next: NULL, + algo_next: NULL, enc_blocksize: AES_BLOCK_SIZE, keyminlen: AES_KEY_MIN_LEN, @@ -55,7 +55,7 @@ static struct encrypt_desc encrypt_desc_blowfish = { algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_BLOWFISH_CBC, - algo_next: NULL, + algo_next: NULL, enc_blocksize: BLOWFISH_BLOCK_SIZE, keyminlen: BLOWFISH_KEY_MIN_LEN, @@ -83,7 +83,7 @@ static struct encrypt_desc encrypt_desc_serpent = #define TWOFISH_KEY_DEF_LEN 128 #define TWOFISH_KEY_MAX_LEN 256 -static struct encrypt_desc encrypt_desc_twofish = +static struct encrypt_desc encrypt_desc_twofish = { algo_type: IKE_ALG_ENCRYPT, algo_id: OAKLEY_TWOFISH_CBC, @@ -108,18 +108,18 @@ static struct encrypt_desc encrypt_desc_twofish_ssh = }; static struct hash_desc hash_desc_md5 = -{ +{ algo_type: IKE_ALG_HASH, algo_id: OAKLEY_MD5, - algo_next: NULL, + algo_next: NULL, hash_digest_size: HASH_SIZE_MD5, }; static struct hash_desc hash_desc_sha1 = -{ +{ algo_type: IKE_ALG_HASH, algo_id: OAKLEY_SHA, - algo_next: NULL, + algo_next: NULL, hash_digest_size: HASH_SIZE_SHA1, }; @@ -146,91 +146,91 @@ static struct hash_desc hash_desc_sha2_512 = { const struct dh_desc unset_group = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_NONE, + algo_id: MODP_NONE, algo_next: NULL, ke_size: 0 }; -static struct dh_desc dh_desc_modp_1024 = { +static struct dh_desc dh_desc_modp_1024 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_1024_BIT, + algo_id: MODP_1024_BIT, algo_next: NULL, ke_size: 1024 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_1536 = { +static struct dh_desc dh_desc_modp_1536 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_1536_BIT, + algo_id: MODP_1536_BIT, algo_next: NULL, ke_size: 1536 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_2048 = { +static struct dh_desc dh_desc_modp_2048 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_2048_BIT, + algo_id: MODP_2048_BIT, algo_next: NULL, ke_size: 2048 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_3072 = { +static struct dh_desc dh_desc_modp_3072 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_3072_BIT, + algo_id: MODP_3072_BIT, algo_next: NULL, ke_size: 3072 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_4096 = { +static struct dh_desc dh_desc_modp_4096 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_4096_BIT, + algo_id: MODP_4096_BIT, algo_next: NULL, ke_size: 4096 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_6144 = { +static struct dh_desc dh_desc_modp_6144 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_6144_BIT, + algo_id: MODP_6144_BIT, algo_next: NULL, ke_size: 6144 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_modp_8192 = { +static struct dh_desc dh_desc_modp_8192 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: MODP_8192_BIT, + algo_id: MODP_8192_BIT, algo_next: NULL, ke_size: 8192 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_ecp_256 = { +static struct dh_desc dh_desc_ecp_256 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_256_BIT, + algo_id: ECP_256_BIT, algo_next: NULL, ke_size: 2*256 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_ecp_384 = { +static struct dh_desc dh_desc_ecp_384 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_384_BIT, + algo_id: ECP_384_BIT, algo_next: NULL, ke_size: 2*384 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_ecp_521 = { +static struct dh_desc dh_desc_ecp_521 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_521_BIT, + algo_id: ECP_521_BIT, algo_next: NULL, ke_size: 2*528 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_ecp_192 = { +static struct dh_desc dh_desc_ecp_192 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_192_BIT, + algo_id: ECP_192_BIT, algo_next: NULL, ke_size: 2*192 / BITS_PER_BYTE }; -static struct dh_desc dh_desc_ecp_224 = { +static struct dh_desc dh_desc_ecp_224 = { algo_type: IKE_ALG_DH_GROUP, - algo_id: ECP_224_BIT, + algo_id: ECP_224_BIT, algo_next: NULL, ke_size: 2*224 / BITS_PER_BYTE }; @@ -283,12 +283,12 @@ bool init_crypto(void) (no_md5) ? "MD5" : ""); return FALSE; } - + enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); while (enumerator->enumerate(enumerator, &encryption_alg)) { const struct encrypt_desc *desc; - + switch (encryption_alg) { case ENCR_3DES: @@ -308,7 +308,7 @@ bool init_crypto(void) desc = &encrypt_desc_serpent; break; default: - continue; + continue; } ike_alg_add((struct ike_alg *)desc); } @@ -381,7 +381,7 @@ encryption_algorithm_t oakley_to_encryption_algorithm(int alg) case OAKLEY_DES_CBC: return ENCR_DES; case OAKLEY_IDEA_CBC: - return ENCR_IDEA; + return ENCR_IDEA; case OAKLEY_BLOWFISH_CBC: return ENCR_BLOWFISH; case OAKLEY_RC5_R16_B64_CBC: diff --git a/src/pluto/db_ops.c b/src/pluto/db_ops.c index 4ba4fa324..547ea5f22 100644 --- a/src/pluto/db_ops.c +++ b/src/pluto/db_ops.c @@ -1,6 +1,6 @@ /* Dynamic db (proposal, transforms, attributes) handling. * Author: JuanJo Ciarlante <jjo-ipsec@mendoza.gov.ar> - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your @@ -12,11 +12,11 @@ * for more details. */ -/* +/* * The stratedy is to have (full contained) struct db_prop in db_context * pointing to ONE dynamically sizable transform vector (trans0). * Each transform stores attrib. in ONE dyn. sizable attribute vector (attrs0) - * in a "serialized" way (attributes storage is used in linear sequence for + * in a "serialized" way (attributes storage is used in linear sequence for * subsecuent transforms). * * Resizing for both trans0 and attrs0 is supported: @@ -24,7 +24,7 @@ * also update trans_cur (by offset) * - For attrs0: after allocating and copying attrs, I must rewrite each * trans->attrs present in trans0; to achieve this, calculate - * attrs pointer offset (new minus old) and iterate over + * attrs pointer offset (new minus old) and iterate over * each transform "adding" this difference. * also update attrs_cur (by offset) * @@ -70,7 +70,7 @@ #ifdef NOT_YET /* * Allocator cache: - * Because of the single-threaded nature of pluto/spdb.c, + * Because of the single-threaded nature of pluto/spdb.c, * alloc()/free() is exercised many times with very small * lifetime objects. * Just caching last object (currently it will select the @@ -84,9 +84,9 @@ struct db_ops_alloc_cache { #endif #ifndef NO_DB_OPS_STATS -/* - * stats: do account for allocations - * displayed in db_ops_show_status() +/* + * stats: do account for allocations + * displayed in db_ops_show_status() */ struct db_ops_stats { int st_curr_cnt; /* current number of allocations */ @@ -100,7 +100,7 @@ struct db_ops_stats { static struct db_ops_stats db_context_st = DB_OPS_ZERO; static struct db_ops_stats db_trans_st = DB_OPS_ZERO; static struct db_ops_stats db_attrs_st = DB_OPS_ZERO; -static __inline__ void *malloc_bytes_st(size_t size, struct db_ops_stats *st) +static __inline__ void *malloc_bytes_st(size_t size, struct db_ops_stats *st) { void *ptr = malloc(size); if (ptr) @@ -108,7 +108,7 @@ static __inline__ void *malloc_bytes_st(size_t size, struct db_ops_stats *st) st->st_curr_cnt++; st->st_total_cnt++; if (size > st->st_maxsz) st->st_maxsz=size; - } + } return ptr; } #define ALLOC_BYTES_ST(z,st) malloc_bytes_st(z, &st); @@ -125,13 +125,13 @@ static __inline__ void *malloc_bytes_st(size_t size, struct db_ops_stats *st) * as a result of "add" operations */ int -db_prop_init(struct db_context *ctx, u_int8_t protoid, int max_trans, int max_attrs) +db_prop_init(struct db_context *ctx, u_int8_t protoid, int max_trans, int max_attrs) { ctx->trans0 = NULL; ctx->attrs0 = NULL; if (max_trans > 0) { /* quite silly if not */ - ctx->trans0 = ALLOC_BYTES_ST ( sizeof(struct db_trans) * max_trans, + ctx->trans0 = ALLOC_BYTES_ST ( sizeof(struct db_trans) * max_trans, db_trans_st); memset(ctx->trans0, '\0', sizeof(struct db_trans) * max_trans); } @@ -162,12 +162,12 @@ db_trans_expand(struct db_context *ctx, int delta_trans) int offset; old_trans = ctx->trans0; - new_trans = ALLOC_BYTES_ST ( sizeof (struct db_trans) * max_trans, + new_trans = ALLOC_BYTES_ST ( sizeof (struct db_trans) * max_trans, db_trans_st); if (!new_trans) goto out; memcpy(new_trans, old_trans, ctx->max_trans * sizeof(struct db_trans)); - + /* update trans0 (obviously) */ ctx->trans0 = ctx->prop.trans = new_trans; /* update trans_cur (by offset) */ @@ -175,7 +175,7 @@ db_trans_expand(struct db_context *ctx, int delta_trans) { char *cctx = (char *)(ctx->trans_cur); - + cctx += offset; ctx->trans_cur = (struct db_trans *)cctx; } @@ -186,7 +186,7 @@ db_trans_expand(struct db_context *ctx, int delta_trans) out: return ret; } -/* +/* * Expand storage for attributes by delta_attrs number AND * rewrite trans->attr pointers */ @@ -201,22 +201,22 @@ db_attrs_expand(struct db_context *ctx, int delta_attrs) int offset; old_attrs = ctx->attrs0; - new_attrs = ALLOC_BYTES_ST ( sizeof (struct db_attr) * max_attrs, + new_attrs = ALLOC_BYTES_ST ( sizeof (struct db_attr) * max_attrs, db_attrs_st); if (!new_attrs) goto out; memcpy(new_attrs, old_attrs, ctx->max_attrs * sizeof(struct db_attr)); - + /* update attrs0 and attrs_cur (obviously) */ offset = (char *)(new_attrs) - (char *)(old_attrs); - + { char *actx = (char *)(ctx->attrs0); - + actx += offset; ctx->attrs0 = (struct db_attr *)actx; - + actx = (char *)ctx->attrs_cur; actx += offset; ctx->attrs_cur = (struct db_attr *)actx; @@ -237,13 +237,13 @@ out: return ret; } /* Allocate a new db object */ -struct db_context * -db_prop_new(u_int8_t protoid, int max_trans, int max_attrs) +struct db_context * +db_prop_new(u_int8_t protoid, int max_trans, int max_attrs) { struct db_context *ctx; ctx = ALLOC_BYTES_ST ( sizeof (struct db_context), db_context_st); if (!ctx) goto out; - + if (db_prop_init(ctx, protoid, max_trans, max_attrs) < 0) { PFREE_ST(ctx, db_context_st); ctx=NULL; @@ -266,8 +266,8 @@ db_trans_add(struct db_context *ctx, u_int8_t transid) /* skip incrementing current trans pointer the 1st time*/ if (ctx->trans_cur && ctx->trans_cur->attr_cnt) ctx->trans_cur++; - /* - * Strategy: if more space is needed, expand by + /* + * Strategy: if more space is needed, expand by * <current_size>/2 + 1 * * This happens to produce a "reasonable" sequence @@ -287,10 +287,10 @@ db_trans_add(struct db_context *ctx, u_int8_t transid) } /* Add attr copy to current transform, expanding attrs0 if needed */ int -db_attr_add(struct db_context *ctx, const struct db_attr *a) +db_attr_add(struct db_context *ctx, const struct db_attr *a) { - /* - * Strategy: if more space is needed, expand by + /* + * Strategy: if more space is needed, expand by * <current_size>/2 + 1 */ if ((ctx->attrs_cur - ctx->attrs0) >= ctx->max_attrs) { @@ -302,7 +302,7 @@ db_attr_add(struct db_context *ctx, const struct db_attr *a) ctx->trans_cur->attr_cnt++; return 0; } -/* Add attr copy (by value) to current transform, +/* Add attr copy (by value) to current transform, * expanding attrs0 if needed, just calls db_attr_add(). */ int @@ -317,7 +317,7 @@ db_attr_add_values(struct db_context *ctx, u_int16_t type, u_int16_t val) int db_ops_show_status(void) { - whack_log(RC_COMMENT, "stats " __FILE__ ": " + whack_log(RC_COMMENT, "stats " __FILE__ ": " DB_OPS_STATS_DESC " :" DB_OPS_STATS_STR("context") DB_OPS_STATS_STR("trans") @@ -329,7 +329,7 @@ db_ops_show_status(void) return 0; } #endif /* NO_DB_OPS_STATS */ -/* +/* * From below to end just testing stuff .... */ #ifdef TEST @@ -349,7 +349,7 @@ static void db_prop_print(struct db_prop *p) default: continue; } - printf(" transid=\"%s\"\n", + printf(" transid=\"%s\"\n", enum_name(n, t->transid)); for (ai=0, a=t->attrs; ai < t->attr_cnt; ai++, a++) { int i; @@ -367,16 +367,16 @@ static void db_prop_print(struct db_prop *p) default: continue; } - printf(" type=\"%s\" value=\"%s\"\n", + printf(" type=\"%s\" value=\"%s\"\n", enum_name(n_at, i), enum_name(n_av, a->val)); } } } -static void db_print(struct db_context *ctx) +static void db_print(struct db_context *ctx) { - printf("trans_cur diff=%d, attrs_cur diff=%d\n", + printf("trans_cur diff=%d, attrs_cur diff=%d\n", ctx->trans_cur - ctx->trans0, ctx->attrs_cur - ctx->attrs0); db_prop_print(&ctx->prop); diff --git a/src/pluto/demux.c b/src/pluto/demux.c index 3cfc909af..73582dd92 100644 --- a/src/pluto/demux.c +++ b/src/pluto/demux.c @@ -1399,7 +1399,7 @@ process_packet(struct msg_digest **mdp) { memcpy(st->st_ph1_iv, st->st_new_iv, st->st_new_iv_len); st->st_ph1_iv_len = st->st_new_iv_len; - + /* backup new_iv */ new_iv_len = st->st_new_iv_len; passert(new_iv_len <= MAX_DIGEST_LEN) @@ -1498,7 +1498,7 @@ process_packet(struct msg_digest **mdp) } else { - set_cur_state(st); + set_cur_state(st); from_state = st->st_state; } @@ -1681,7 +1681,7 @@ process_packet(struct msg_digest **mdp) default: auth = st->st_oakley.auth; } - + while (!LHAS(smc->flags, auth)) { smc++; @@ -1823,7 +1823,7 @@ process_packet(struct msg_digest **mdp) memcpy(new_iv, data.ptr + data.len - crypter_block_size, crypter_block_size); - crypter->set_key(crypter, st->st_enc_key); + crypter->set_key(crypter, st->st_enc_key); crypter->decrypt(crypter, data, iv, NULL); crypter->destroy(crypter); @@ -2310,7 +2310,7 @@ complete_state_transition(struct msg_digest **mdp, stf_status result) const char *story = state_story[st->st_state - STATE_MAIN_R0]; enum rc_type w = RC_NEW_STATE + st->st_state; char sadetails[128]; - + sadetails[0]='\0'; if (IS_IPSEC_SA_ESTABLISHED(st->st_state)) diff --git a/src/pluto/dnskey.c b/src/pluto/dnskey.c index 998a10c35..5b2ce4c61 100644 --- a/src/pluto/dnskey.c +++ b/src/pluto/dnskey.c @@ -1817,7 +1817,7 @@ static void recover_adns_die(void) { struct adns_continuation *cr = NULL; - + adns_pid = 0; if(adns_restart_count < ADNS_RESTART_MAX) { adns_restart_count++; @@ -1834,7 +1834,7 @@ recover_adns_die(void) if(continuations != NULL) { for (; cr->previous != NULL; cr = cr->previous); } - + next_query = cr; if(next_query != NULL) { diff --git a/src/pluto/fetch.c b/src/pluto/fetch.c index 0c69aa526..b8804fb07 100644 --- a/src/pluto/fetch.c +++ b/src/pluto/fetch.c @@ -297,7 +297,7 @@ static char* complete_uri(chunk_t distPoint, const char *ldaphost) if (symbol != NULL) { size_t type_len = symbol - ptr; - + if (type_len >= 4 && strncasecmp(ptr, "ldap", 4) == 0) { ptr = symbol + 1; @@ -307,7 +307,7 @@ static char* complete_uri(chunk_t distPoint, const char *ldaphost) { len -= 2; symbol = memchr(ptr, '/', len); - + if (symbol != NULL && symbol - ptr == 0 && ldaphost != NULL) { uri = malloc(distPoint.len + strlen(ldaphost) + 1); @@ -322,7 +322,7 @@ static char* complete_uri(chunk_t distPoint, const char *ldaphost) } } } - + /* default action: copy distributionPoint without change */ uri = malloc(distPoint.len + 1); sprintf(uri, "%.*s", (int)distPoint.len, distPoint.ptr); @@ -357,7 +357,7 @@ static void fetch_crls(bool cache_crls) { char *uri = complete_uri(gn->name, ldaphost); x509crl_t *crl; - + crl = fetch_crl(uri); if (crl) { @@ -413,7 +413,7 @@ static void fetch_ocsp_status(ocsp_location_t* location) *(uri + location->uri.len) = '\0'; DBG1(" requesting ocsp status from '%s' ...", uri); - if (lib->fetcher->fetch(lib->fetcher, uri, &response, + if (lib->fetcher->fetch(lib->fetcher, uri, &response, FETCH_REQUEST_DATA, request, FETCH_REQUEST_TYPE, "application/ocsp-request", FETCH_END) == SUCCESS) @@ -432,7 +432,7 @@ static void fetch_ocsp_status(ocsp_location_t* location) /* increment the trial counter of the unresolved fetch requests */ { ocsp_certinfo_t *certinfo = location->certinfo; - + while (certinfo != NULL) { certinfo->trials++; @@ -562,7 +562,7 @@ void add_distribution_points(const generalName_t *newPoints ,generalName_t **dis { /* skip empty distribution point */ if (newPoints->name.len > 0) - { + { bool add = TRUE; generalName_t *gn = *distributionPoints; diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c index f833f85b5..a2648799c 100644 --- a/src/pluto/ike_alg.c +++ b/src/pluto/ike_alg.c @@ -176,13 +176,13 @@ struct db_context *ike_alg_db_new(struct connection *c, lset_t policy) enum_show(&oakley_enc_names, ealg)); continue; } - if (!ike_alg_get_hasher(halg)) + if (!ike_alg_get_hasher(halg)) { plog("ike alg: hasher %s not present", enum_show(&oakley_hash_names, halg)); continue; } - if (!ike_alg_get_dh_group(modp)) + if (!ike_alg_get_dh_group(modp)) { plog("ike alg: dh group %s not present", enum_show(&oakley_group_names, modp)); diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index f728065ae..21cecd90b 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -405,7 +405,7 @@ static void send_notification(struct state *sndst, u_int16_t type, init_phase2_iv(encst, &msgid); if (!encrypt_message(&r_hdr_pbs, encst)) impossible(); - + /* restore preserved st_iv and st_new_iv */ memcpy(encst->st_iv, old_iv, old_iv_len); memcpy(encst->st_new_iv, new_iv, new_iv_len); @@ -755,7 +755,7 @@ void accept_delete(struct state *st, struct msg_digest *md, else { struct connection *oldc; - + oldc = cur_connection; set_cur_connection(dst->st_connection); @@ -791,7 +791,7 @@ void accept_delete(struct state *st, struct msg_digest *md, { struct connection *rc = dst->st_connection; struct connection *oldc; - + oldc = cur_connection; set_cur_connection(rc); @@ -871,7 +871,7 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor pb_stream rbody; int vids_to_send = 0; - + /* set up new state */ st->st_connection = c; set_cur_state(st); /* we must reset before exit */ @@ -1253,7 +1253,7 @@ static bool generate_skeyids_iv(struct state *st) prf->allocate_bytes(prf, st->st_shared, NULL); prf->allocate_bytes(prf, icookie, NULL); prf->allocate_bytes(prf, rcookie, NULL); - prf->allocate_bytes(prf, seed_skeyid_d, &st->st_skeyid_d); + prf->allocate_bytes(prf, seed_skeyid_d, &st->st_skeyid_d); /* SKEYID_A */ free(st->st_skeyid_a.ptr); @@ -1261,7 +1261,7 @@ static bool generate_skeyids_iv(struct state *st) prf->allocate_bytes(prf, st->st_shared, NULL); prf->allocate_bytes(prf, icookie, NULL); prf->allocate_bytes(prf, rcookie, NULL); - prf->allocate_bytes(prf, seed_skeyid_a, &st->st_skeyid_a); + prf->allocate_bytes(prf, seed_skeyid_a, &st->st_skeyid_a); /* SKEYID_E */ free(st->st_skeyid_e.ptr); @@ -1269,7 +1269,7 @@ static bool generate_skeyids_iv(struct state *st) prf->allocate_bytes(prf, st->st_shared, NULL); prf->allocate_bytes(prf, icookie, NULL); prf->allocate_bytes(prf, rcookie, NULL); - prf->allocate_bytes(prf, seed_skeyid_e, &st->st_skeyid_e); + prf->allocate_bytes(prf, seed_skeyid_e, &st->st_skeyid_e); prf->destroy(prf); } @@ -1288,7 +1288,7 @@ static bool generate_skeyids_iv(struct state *st) DBG_dump_chunk("DH_i:", st->st_gi); DBG_dump_chunk("DH_r:", st->st_gr); ); - + hasher->get_hash(hasher, st->st_gi, NULL); hasher->get_hash(hasher, st->st_gr, st->st_new_iv); hasher->destroy(hasher); @@ -1301,7 +1301,7 @@ static bool generate_skeyids_iv(struct state *st) */ { size_t keysize = st->st_oakley.enckeylen/BITS_PER_BYTE; - + /* free any existing key */ free(st->st_enc_key.ptr); @@ -1318,7 +1318,7 @@ static bool generate_skeyids_iv(struct state *st) prf = lib->crypto->create_prf(lib->crypto, prf_alg); prf->set_key(prf, st->st_skeyid_e); prf_block_size = prf->get_block_size(prf); - + for (i = 0;;) { prf->get_bytes(prf, seed, &keytemp[i]); @@ -1335,7 +1335,7 @@ static bool generate_skeyids_iv(struct state *st) else { st->st_enc_key = chunk_create(st->st_skeyid_e.ptr, keysize); - } + } st->st_enc_key = chunk_clone(st->st_enc_key); } @@ -1486,7 +1486,7 @@ static size_t sign_hash(signature_scheme_t scheme, struct connection *c, */ struct tac_state { struct state *st; - chunk_t hash; + chunk_t hash; chunk_t sig; int tried_cnt; /* number of keys tried */ }; @@ -1723,7 +1723,7 @@ encrypt_message(pb_stream *pbs, struct state *st) crypter->set_key(crypter, st->st_enc_key); crypter->encrypt(crypter, data, iv, NULL); crypter->destroy(crypter); - + new_iv = data.ptr + data.len - crypter_block_size; memcpy(st->st_new_iv, new_iv, crypter_block_size); update_iv(st); @@ -1755,7 +1755,7 @@ static size_t quick_mode_hash12(u_char *dest, u_char *start, u_char *roof, if (hash2) { prf->get_bytes(prf, st->st_ni, NULL); /* include Ni_b in the hash */ - } + } prf->get_bytes(prf, msg_chunk, dest); prf_block_size = prf->get_block_size(prf); prf->destroy(prf); @@ -1781,7 +1781,7 @@ static size_t quick_mode_hash3(u_char *dest, struct state *st) pseudo_random_function_t prf_alg; prf_t *prf; size_t prf_block_size; - + prf_alg = oakley_to_prf(st->st_oakley.hash); prf = lib->crypto->create_prf(lib->crypto, prf_alg); prf->set_key(prf, st->st_skeyid_a); @@ -1814,7 +1814,7 @@ void init_phase2_iv(struct state *st, const msgid_t *msgid) st->st_new_iv_len = hasher->get_hash_size(hasher); passert(st->st_new_iv_len <= sizeof(st->st_new_iv)); - + hasher->get_hash(hasher, iv_chunk, NULL); hasher->get_hash(hasher, msgid_chunk, st->st_new_iv); hasher->destroy(hasher); @@ -1878,7 +1878,7 @@ stf_status quick_outI1(int whack_sock, struct state *isakmp_sa, bool has_client = c->spd.this.has_client || c->spd.that.has_client || c->spd.this.protocol || c->spd.that.protocol || c->spd.this.port || c->spd.that.port; - + bool send_natoa = FALSE; u_int8_t np = ISAKMP_NEXT_NONE; @@ -1957,7 +1957,7 @@ stf_status quick_outI1(int whack_sock, struct state *isakmp_sa, /* SA out */ - /* + /* * See if pfs_group has been specified for this conn, * if not, fallback to old use-same-as-P1 behaviour */ @@ -2142,7 +2142,7 @@ static void decode_cr(struct msg_digest *md, struct connection *c) { struct isakmp_cr *const cr = &p->payload.cr; chunk_t ca_name; - + ca_name.len = pbs_left(&p->pbs); ca_name.ptr = (ca_name.len > 0)? p->pbs.cur : NULL; @@ -2155,7 +2155,7 @@ static void decode_cr(struct msg_digest *md, struct connection *c) if (ca_name.len > 0) { generalName_t *gn; - + if (!is_asn1(ca_name)) continue; @@ -2646,7 +2646,7 @@ static void compute_proto_keymat(struct state *st, u_int8_t protoid, if (needed_len && pi->attrs.key_len) { needed_len = pi->attrs.key_len / BITS_PER_BYTE; - } + } switch (pi->attrs.transid) { @@ -2745,7 +2745,7 @@ static void compute_proto_keymat(struct state *st, u_int8_t protoid, char *keymat_i_peer = pi->peer_keymat + i; chunk_t keymat_our = { keymat_i_our, prf_block_size }; chunk_t keymat_peer = { keymat_i_peer, prf_block_size }; - + if (st->st_shared.ptr != NULL) { /* PFS: include the g^xy */ @@ -3611,7 +3611,7 @@ main_id_and_auth(struct msg_digest *md #endif /* USE_KEYRR */ kc == NULL? NULL : kc->ac.gateways_from_dns ); - + if (r == STF_SUSPEND) { /* initiate/resume asynchronous DNS lookup for key */ @@ -3715,7 +3715,7 @@ main_id_and_auth(struct msg_digest *md * to find authentication, or we run out of things * to try. */ -static void key_continue(struct adns_continuation *cr, err_t ugh, +static void key_continue(struct adns_continuation *cr, err_t ugh, key_tail_fn *tail) { struct key_continuation *kc = (void *)cr; @@ -4145,7 +4145,7 @@ stf_status quick_inI1_outR1(struct msg_digest *md) if (!decode_net_id(&id_pd->next->payload.ipsec_id, &id_pd->next->pbs , &b.my.net, "our client")) return STF_FAIL + INVALID_ID_INFORMATION; - + b.my.proto = id_pd->next->payload.ipsec_id.isaiid_protoid; b.my.port = id_pd->next->payload.ipsec_id.isaiid_port; b.my.net.addr.u.v4.sin_port = htons(b.my.port); @@ -4492,7 +4492,7 @@ static enum verify_oppo_step quick_inI1_outR1_process_answer( { public_key_t *pub_key; struct gw_info *gwp; - + /* check that the public key that authenticated * the ISAKMP SA (p1st) will do for this gateway. */ @@ -4888,14 +4888,14 @@ static void dpd_init(struct state *st) { struct state *p1st = find_state(st->st_icookie, st->st_rcookie , &st->st_connection->spd.that.host_addr, 0); - + if (p1st == NULL) loglog(RC_LOG_SERIOUS, "could not find phase 1 state for DPD"); else if (p1st->st_dpd) { plog("Dead Peer Detection (RFC 3706) enabled"); /* randomize the first DPD event */ - + event_schedule(EVENT_DPD , (0.5 + rand()/(RAND_MAX + 1.E0)) * st->st_connection->dpd_delay , st); @@ -4975,10 +4975,10 @@ stf_status quick_inR1_outI2(struct msg_digest *md) } /* check the peer's group attributes */ - + { const ietfAttrList_t *peer_list = NULL; - + get_peer_ca_and_groups(st->st_connection, &peer_list); if (!group_membership(peer_list, st->st_connection->name @@ -5041,7 +5041,7 @@ stf_status quick_inR1_outI2(struct msg_digest *md) , st->st_connection->newest_ipsec_sa , st->st_connection->spd.eroute_owner)); } - + st->st_connection->newest_ipsec_sa = st->st_serialno; /* note (presumed) success */ @@ -5114,9 +5114,9 @@ static stf_status send_isakmp_notification(struct state *st, u_int16_t type, u_char *r_hashval, /* where in reply to jam hash value */ *r_hash_start; /* start of what is to be hashed */ - + msgid = generate_msgid(st); - + init_pbs(&reply, reply_buffer, sizeof(reply_buffer), "ISAKMP notify"); /* HDR* */ @@ -5144,22 +5144,22 @@ static stf_status send_isakmp_notification(struct state *st, u_int16_t type, isan.isan_np = ISAKMP_NEXT_NONE; isan.isan_doi = ISAKMP_DOI_IPSEC; isan.isan_protoid = PROTO_ISAKMP; - isan.isan_spisize = COOKIE_SIZE * 2; + isan.isan_spisize = COOKIE_SIZE * 2; isan.isan_type = type; if (!out_struct(&isan, &isakmp_notification_desc, &rbody, ¬ify_pbs)) return STF_INTERNAL_ERROR; if (!out_raw(st->st_icookie, COOKIE_SIZE, ¬ify_pbs, "notify icookie")) - return STF_INTERNAL_ERROR; + return STF_INTERNAL_ERROR; if (!out_raw(st->st_rcookie, COOKIE_SIZE, ¬ify_pbs, "notify rcookie")) - return STF_INTERNAL_ERROR; + return STF_INTERNAL_ERROR; if (data != NULL && len > 0) if (!out_raw(data, len, ¬ify_pbs, "notify data")) - return STF_INTERNAL_ERROR; + return STF_INTERNAL_ERROR; close_output_pbs(¬ify_pbs); } - + { - /* finish computing HASH */ + /* finish computing HASH */ chunk_t msgid_chunk = chunk_from_thing(msgid); chunk_t msg_chunk = { r_hash_start, rbody.cur-r_hash_start }; pseudo_random_function_t prf_alg; @@ -5195,7 +5195,7 @@ static stf_status send_isakmp_notification(struct state *st, u_int16_t type, init_phase2_iv(st, &msgid); if (!encrypt_message(&rbody, st)) return STF_INTERNAL_ERROR; - + /* restore preserved st_iv and st_new_iv */ memcpy(st->st_iv, old_iv, old_iv_len); memcpy(st->st_new_iv, new_iv, new_iv_len); diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c index 46edac1cd..f9972599b 100644 --- a/src/pluto/kernel.c +++ b/src/pluto/kernel.c @@ -868,7 +868,7 @@ static void set_text_said(char *text_said, const ip_address *dst, * this allows the entry to be deleted. */ static struct bare_shunt** bare_shunt_ptr(const ip_subnet *ours, - const ip_subnet *his, + const ip_subnet *his, int transport_proto) { struct bare_shunt *p, **pp; @@ -1861,7 +1861,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) if (ei == &esp_info[countof(esp_info)]) { /* Check for additional kernel alg */ - if ((ei=kernel_alg_esp_info(st->st_esp.attrs.transid, + if ((ei=kernel_alg_esp_info(st->st_esp.attrs.transid, st->st_esp.attrs.auth))!=NULL) { break; @@ -1906,7 +1906,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) { case ESP_3DES: /* 168 bits in kernel, need 192 bits for keymat_len */ - if (key_len == 21) + if (key_len == 21) { key_len = 24; } @@ -1914,7 +1914,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) case ESP_DES: /* 56 bits in kernel, need 64 bits for keymat_len */ if (key_len == 7) - { + { key_len = 8; } break; @@ -1930,7 +1930,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) key_len += 4; break; default: - break; + break; } /* divide up keying material */ @@ -2032,7 +2032,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) { struct pfkey_proto_info proto_info[4]; int i = 0; - + if (st->st_ipcomp.present) { proto_info[i].proto = IPPROTO_COMP; @@ -2040,7 +2040,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) proto_info[i].reqid = c->spd.reqid + 2; i++; } - + if (st->st_esp.present) { proto_info[i].proto = IPPROTO_ESP; @@ -2048,7 +2048,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) proto_info[i].reqid = c->spd.reqid + 1; i++; } - + if (st->st_ah.present) { proto_info[i].proto = IPPROTO_AH; @@ -2056,9 +2056,9 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) proto_info[i].reqid = c->spd.reqid; i++; } - + proto_info[i].proto = 0; - + if (kernel_ops->inbound_eroute && encapsulation == ENCAPSULATION_MODE_TUNNEL) { @@ -2068,7 +2068,7 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) proto_info[i].encapsulation = ENCAPSULATION_MODE_TRANSPORT; } } - + /* MCR - should be passed a spd_eroute structure here */ (void) raw_eroute(&c->spd.that.host_addr, &c->spd.that.client , &c->spd.this.host_addr, &c->spd.this.client @@ -2079,11 +2079,11 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) } /* If there are multiple SPIs, group them. */ - + if (kernel_ops->grp_sa && said_next > &said[1]) { struct kernel_sa *s; - + /* group SAs, two at a time, inner to outer (backwards in said[]) * The grouping is by pairs. So if said[] contains ah esp ipip, * the grouping would be ipip:esp, esp:ah. @@ -2095,15 +2095,15 @@ static bool setup_half_ipsec_sa(struct state *st, bool inbound) text_said1[SATOT_BUF]; /* group s[1] and s[0], in that order */ - + set_text_said(text_said0, s[0].dst, s[0].spi, s[0].proto); set_text_said(text_said1, s[1].dst, s[1].spi, s[1].proto); - + DBG(DBG_KLIPS, DBG_log("grouping %s and %s", text_said1, text_said0)); - + s[0].text_said = text_said0; s[1].text_said = text_said1; - + if (!kernel_ops->grp_sa(s + 1, s)) { goto fail; @@ -2438,7 +2438,7 @@ bool route_and_eroute(struct connection *c USED_BY_KLIPS, , c->name , (c->policy_next ? c->policy_next->name : "none") , ero ? ero->name : "null" - , esr + , esr , ro ? ro->name : "null" , rosr , st ? st->st_serialno : 0)); @@ -2839,7 +2839,7 @@ static bool update_nat_t_ipsec_esp_sa (struct state *st, bool inbound) { struct connection *c = st->st_connection; char text_said[SATOT_BUF]; - struct kernel_sa sa; + struct kernel_sa sa; ip_address src = inbound? c->spd.that.host_addr : c->spd.this.host_addr, dst = inbound? c->spd.this.host_addr : c->spd.that.host_addr; @@ -2924,7 +2924,7 @@ bool was_eroute_idle(struct state *st, time_t idle_max, time_t *idle_time) ret = *idle_time >= idle_max; } } - else + else { while (f != NULL) { diff --git a/src/pluto/kernel_alg.c b/src/pluto/kernel_alg.c index 7e7d25872..35e3eab4a 100644 --- a/src/pluto/kernel_alg.c +++ b/src/pluto/kernel_alg.c @@ -90,7 +90,7 @@ static struct sadb_alg* sadb_alg_ptr (int satype, int exttype, int alg_id, default: return NULL; } - + return alg_p; } @@ -154,7 +154,7 @@ bool kernel_alg_esp_enc_ok(u_int alg_id, u_int key_len, if (!ret) goto out; alg_p = &esp_ealg[alg_id]; - + /* * test #2: if key_len specified, it must be in range */ @@ -195,8 +195,8 @@ out: return ret; } -/* - * ML: make F_STRICT logic consider enc,auth algorithms +/* + * ML: make F_STRICT logic consider enc,auth algorithms */ bool kernel_alg_esp_ok_final(u_int ealg, u_int key_len, u_int aalg, struct alg_info_esp *alg_info) @@ -252,7 +252,7 @@ bool kernel_alg_esp_ok_final(u_int ealg, u_int key_len, u_int aalg, return TRUE; } -/** +/** * Load kernel_alg arrays from /proc used in manual mode from klips/utils/spi.c */ int kernel_alg_proc_read(void) @@ -312,7 +312,7 @@ int kernel_alg_proc_read(void) return 0; } -/** +/** * Load kernel_alg arrays pluto's SADB_REGISTER user by pluto/kernel.c */ void kernel_alg_register_pfkey(const struct sadb_msg *msg_buf, int buflen) @@ -422,7 +422,7 @@ u_int kernel_alg_esp_enc_keylen(u_int alg_id) break; } -none: +none: DBG(DBG_KLIPS, DBG_log("kernel_alg_esp_enc_keylen(): alg_id=%d, keylen=%d", alg_id, keylen) @@ -471,7 +471,7 @@ void kernel_alg_list(void) } } whack_log(RC_COMMENT, " encryption:%s", buf); - + pos = buf; *pos = '\0'; len = BUF_LEN; @@ -507,7 +507,7 @@ void kernel_alg_show_connection(struct connection *c, const char *instance) pfsgroup_name = (c->policy & POLICY_PFS) ? (c->alg_info_esp->esp_pfsgroup) ? - enum_show(&oakley_group_names, + enum_show(&oakley_group_names, c->alg_info_esp->esp_pfsgroup) : "<Phase1>" : "<N/A>"; @@ -634,7 +634,7 @@ static bool kernel_alg_db_add(struct db_context *db_ctx, DBG_log("kernel_alg_db_add() kernel enc ealg_id=%d not present", ealg_id); return FALSE; } - + if (!(policy & POLICY_AUTHENTICATE) && /* skip ESP auth attrs for AH */ esp_info->esp_aalg_id != AUTH_ALGORITHM_NONE) { @@ -666,11 +666,11 @@ static bool kernel_alg_db_add(struct db_context *db_ctx, { db_attr_add_values(db_ctx, KEY_LENGTH, esp_info->esp_ealg_keylen); } - + return TRUE; } -/* +/* * Create proposal with runtime kernel algos, merging * with passed proposal if not NULL * @@ -713,7 +713,7 @@ struct db_context* kernel_alg_db_new(struct alg_info_esp *alg_info, else { u_int ealg_id; - + ESP_EALG_FOR_EACH_UPDOWN(ealg_id) { u_int aalg_id; diff --git a/src/pluto/kernel_netlink.c b/src/pluto/kernel_netlink.c index 0376e817b..362270318 100644 --- a/src/pluto/kernel_netlink.c +++ b/src/pluto/kernel_netlink.c @@ -183,7 +183,7 @@ static void init_netlink(void) * @param hdr - Data to be sent. * @param rbuf - Return Buffer - contains data returned from the send. * @param rbuf_len - Length of rbuf - * @param description - String - user friendly description of what is + * @param description - String - user friendly description of what is * being attempted. Used for diagnostics * @param text_said - String * @return bool True if the message was succesfully sent. @@ -382,7 +382,7 @@ static bool netlink_policy(struct nlmsghdr *hdr, bool enoent_ok, * @param proto int (Currently unused) Contains protocol (u=tcp, 17=udp, etc...) * @param transport_proto int (Currently unused) 0=tunnel, 1=transport * @param satype int - * @param proto_info + * @param proto_info * @param lifetime (Currently unused) * @param ip int * @return boolean True if successful @@ -590,7 +590,7 @@ static bool netlink_add_sa(const struct kernel_sa *sa, bool replace) char data[1024]; } req; struct rtattr *attr; - u_int16_t icv_size = 64; + u_int16_t icv_size = 64; memset(&req, 0, sizeof(req)); req.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; @@ -680,13 +680,13 @@ static bool netlink_add_sa(const struct kernel_sa *sa, bool replace) attr->rta_type = XFRMA_ALG_AEAD; attr->rta_len = RTA_LENGTH(sizeof(struct xfrm_algo_aead) + sa->enckeylen); req.n.nlmsg_len += attr->rta_len; - + algo = (struct xfrm_algo_aead*)RTA_DATA(attr); algo->alg_key_len = sa->enckeylen * BITS_PER_BYTE; algo->alg_icv_len = icv_size; strcpy(algo->alg_name, name); memcpy(algo->alg_key, sa->enckey, sa->enckeylen); - + attr = (struct rtattr *)((char *)attr + attr->rta_len); break; } @@ -962,7 +962,7 @@ static void linux_pfkey_register(void) /** Create ip_address out of xfrm_address_t. * - * @param family + * @param family * @param src xfrm formatted IP address * @param dst ip_address formatted destination * @return err_t NULL if okay, otherwise an error @@ -1001,7 +1001,7 @@ static err_t xfrm_sel_to_ip_pair(const struct xfrm_selector *sel, if ((ugh = xfrm_to_ip_address(family, &sel->saddr, src)) || (ugh = xfrm_to_ip_address(family, &sel->daddr, dst))) - { + { return ugh; } diff --git a/src/pluto/kernel_noklips.c b/src/pluto/kernel_noklips.c index 82a6ab648..e99efe062 100644 --- a/src/pluto/kernel_noklips.c +++ b/src/pluto/kernel_noklips.c @@ -107,7 +107,7 @@ noklips_del_sa(const struct kernel_sa *sa UNUSED) const struct kernel_ops noklips_kernel_ops = { type: KERNEL_TYPE_NONE, async_fdp: NULL, - + init: init_noklips, pfkey_register: noklips_register, pfkey_register_response: noklips_register_response, diff --git a/src/pluto/kernel_pfkey.c b/src/pluto/kernel_pfkey.c index 7ac405fd4..99ba4ff30 100644 --- a/src/pluto/kernel_pfkey.c +++ b/src/pluto/kernel_pfkey.c @@ -73,7 +73,7 @@ static sparse_names pfkey_type_names = { NE(SADB_X_DELFLOW), NE(SADB_X_DEBUG), NE(SADB_X_NAT_T_NEW_MAPPING), - NE(SADB_MAX), + NE(SADB_MAX), { 0, sparse_end } }; @@ -531,7 +531,7 @@ pfkeyext_protocol(int transport_proto , const char *text_said , struct sadb_ext *extensions[SADB_EXT_MAX + 1]) { - return (transport_proto == 0)? TRUE + return (transport_proto == 0)? TRUE : pfkey_build( pfkey_x_protocol_build(extensions + SADB_X_EXT_PROTOCOL, transport_proto) , description, text_said, extensions); diff --git a/src/pluto/keys.c b/src/pluto/keys.c index 72ae19f9e..4035495c6 100644 --- a/src/pluto/keys.c +++ b/src/pluto/keys.c @@ -392,7 +392,7 @@ enum rsa_private_key_part_t { RSA_PART_EXPONENT1 = 5, RSA_PART_EXPONENT2 = 6, RSA_PART_COEFFICIENT = 7 -}; +}; const char *rsa_private_key_part_names[] = { "Modulus", @@ -464,13 +464,13 @@ static err_t process_rsa_secret(private_key_t **key) goto end; } - *key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, + *key = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, BUILD_RSA_MODULUS, rsa_chunk[RSA_PART_MODULUS], BUILD_RSA_PUB_EXP, rsa_chunk[RSA_PART_PUBLIC_EXPONENT], BUILD_RSA_PRIV_EXP, rsa_chunk[RSA_PART_PRIVATE_EXPONENT], BUILD_RSA_PRIME1, rsa_chunk[RSA_PART_PRIME1], BUILD_RSA_PRIME2, rsa_chunk[RSA_PART_PRIME2], - BUILD_RSA_EXP1, rsa_chunk[RSA_PART_EXPONENT1], + BUILD_RSA_EXP1, rsa_chunk[RSA_PART_EXPONENT1], BUILD_RSA_EXP2, rsa_chunk[RSA_PART_EXPONENT2], BUILD_RSA_COEFF, rsa_chunk[RSA_PART_COEFFICIENT], BUILD_END); @@ -486,7 +486,7 @@ end: { chunk_clear(&rsa_chunk[p]); } - return ugh; + return ugh; } /** @@ -714,7 +714,7 @@ static err_t process_pin(secret_t *s, int whackfd) } } else - { + { /* we read the pin directly from ipsec.secrets */ err_t ugh = process_psk_secret(&sc->pin); if (ugh != NULL) diff --git a/src/pluto/log.c b/src/pluto/log.c index e34409f1c..1a211c27a 100644 --- a/src/pluto/log.c +++ b/src/pluto/log.c @@ -99,12 +99,12 @@ static void pluto_dbg(int level, char *fmt, ...) else if (cur_debugging & DBG_RAW) { debug_level = 3; - } + } else if (cur_debugging & DBG_PARSING) { debug_level = 2; } - else + else { debug_level = 1; } @@ -835,8 +835,8 @@ static void show_loaded_plugins() char buf[BUF_LEN], *plugin; int len = 0; enumerator_t *enumerator; - - buf[0] = '\0'; + + buf[0] = '\0'; enumerator = lib->plugins->create_plugin_enumerator(lib->plugins); while (len < BUF_LEN && enumerator->enumerate(enumerator, &plugin)) { diff --git a/src/pluto/modecfg.c b/src/pluto/modecfg.c index 228827f2a..c1092f461 100644 --- a/src/pluto/modecfg.c +++ b/src/pluto/modecfg.c @@ -140,7 +140,7 @@ get_internal_addr(struct connection *c, internal_addr_t *ia) c->spd.that.client.addr = ia->ipaddr; c->spd.that.client.maskbits = 32; c->spd.that.has_client = TRUE; - + ia->attr_set = LELEM(INTERNAL_IP4_ADDRESS) | LELEM(INTERNAL_IP4_NETMASK); } @@ -165,7 +165,7 @@ get_internal_addr(struct connection *c, internal_addr_t *ia) } plog("assigning DNS server %s to peer", dns_str); - /* differentiate between IP4 and IP6 in modecfg_build_msg() */ + /* differentiate between IP4 and IP6 in modecfg_build_msg() */ ia->attr_set |= LELEM(INTERNAL_IP4_DNS); dns_idx++; } @@ -191,7 +191,7 @@ get_internal_addr(struct connection *c, internal_addr_t *ia) } plog("assigning NBNS server %s to peer", nbns_str); - /* differentiate between IP4 and IP6 in modecfg_build_msg() */ + /* differentiate between IP4 and IP6 in modecfg_build_msg() */ ia->attr_set |= LELEM(INTERNAL_IP4_NBNS); nbns_idx++; } @@ -227,7 +227,7 @@ set_internal_addr(struct connection *c, internal_addr_t *ia) plog("replacing virtual IP source address %s by %s" , old_srcip, new_srcip); } - + /* setting srcip */ c->spd.this.host_srcip = ia->ipaddr; @@ -263,12 +263,12 @@ static size_t modecfg_hash(u_char *dest, u_char *start, u_char *roof, DBG(DBG_CRYPT, DBG_log("ModeCfg HASH computed:"); DBG_dump("", dest, prf_block_size) - ) + ) return prf_block_size; } -/* +/* * Generate an IKE message containing ModeCfg information (eg: IP, DNS, WINS) */ static stf_status @@ -322,7 +322,7 @@ modecfg_build_msg(struct state *st, pb_stream *rbody is_unity_attr_set = FALSE; } } - + dont_advance = FALSE; if (attr_set & 1) @@ -384,7 +384,7 @@ modecfg_build_msg(struct state *st, pb_stream *rbody mask[t] = 0xff; m -= 8; } -#endif +#endif if (st->st_connection->spd.this.client.maskbits == 0) { mask = 0; @@ -735,7 +735,7 @@ modecfg_parse_attributes(pb_stream *attrs, internal_addr_t *ia) return STF_OK; } -/* +/* * Parse a ModeCfg message */ static stf_status @@ -859,7 +859,7 @@ modecfg_inR0(struct msg_digest *md) /* STATE_MODE_CFG_I1: * HDR*, HASH, ATTR(REPLY=IP) * - * used in ModeCfg pull mode, on the client (initiator) + * used in ModeCfg pull mode, on the client (initiator) */ stf_status modecfg_inI1(struct msg_digest *md) @@ -1148,7 +1148,7 @@ xauth_inR1(struct msg_digest *md) plog("user password attribute is missing in XAUTH reply"); st->st_xauth.status = FALSE; } - else + else { xauth_peer_t peer; diff --git a/src/pluto/modecfg.h b/src/pluto/modecfg.h index 86bfc6ed2..bc1443012 100644 --- a/src/pluto/modecfg.h +++ b/src/pluto/modecfg.h @@ -1,7 +1,7 @@ /* Mode Config related functions * Copyright (C) 2001-2002 Colubris Networks * Copyright (C) 2003-2004 Xelerance Corporation - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your diff --git a/src/pluto/nat_traversal.c b/src/pluto/nat_traversal.c index de3972fe2..ac35b01ac 100644 --- a/src/pluto/nat_traversal.c +++ b/src/pluto/nat_traversal.c @@ -147,7 +147,7 @@ static void _natd_hash(const struct hash_desc *oakley_hasher, char *hash, addr_chunk = chunk_from_thing(ip->u.v6.sin6_addr.s6_addr); break; default: - addr_chunk = chunk_empty; /* should never occur */ + addr_chunk = chunk_empty; /* should never occur */ } hasher->get_hash(hasher, addr_chunk, NULL); hasher->get_hash(hasher, port_chunk, hash); @@ -310,7 +310,7 @@ bool nat_traversal_add_natd(u_int8_t np, pb_stream *outs, DBG(DBG_EMITTING, DBG_log("sending NATD payloads") ) - + /* * First one with sender IP & port */ @@ -348,7 +348,7 @@ bool nat_traversal_add_natd(u_int8_t np, pb_stream *outs, /* * nat_traversal_natoa_lookup() - * + * * Look for NAT-OA in message */ void nat_traversal_natoa_lookup(struct msg_digest *md) @@ -435,7 +435,7 @@ void nat_traversal_natoa_lookup(struct msg_digest *md) { char ip_t[ADDRTOT_BUF]; addrtot(&ip, 0, ip_t, sizeof(ip_t)); - + DBG_log("received NAT-OA: %s", ip_t); } ) @@ -514,7 +514,7 @@ void nat_traversal_show_result (u_int32_t nt, u_int16_t sport) mth = natt_type_bitnames[2]; break; } - + switch (nt & NAT_T_DETECTED) { case 0: diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c index cdbdd32c1..4be3298ae 100644 --- a/src/pluto/ocsp.c +++ b/src/pluto/ocsp.c @@ -294,7 +294,7 @@ static bool build_ocsp_location(const x509cert_t *cert, ocsp_location_t *locatio { hasher_t *hasher; static u_char digest[HASH_SIZE_SHA1]; /* temporary storage */ - + location->uri = cert->accessLocation; if (location->uri.ptr == NULL) @@ -310,7 +310,7 @@ static bool build_ocsp_location(const x509cert_t *cert, ocsp_location_t *locatio return FALSE; } } - + /* compute authNameID from as SHA-1 hash of issuer DN */ location->authNameID = chunk_create(digest, HASH_SIZE_SHA1); hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); @@ -325,8 +325,8 @@ static bool build_ocsp_location(const x509cert_t *cert, ocsp_location_t *locatio location->issuer = cert->issuer; location->authKeyID = cert->authKeyID; location->authKeySerialNumber = cert->authKeySerialNumber; - - if (cert->authKeyID.ptr == NULL) + + if (cert->authKeyID.ptr == NULL) { x509cert_t *authcert = get_authcert(cert->issuer , cert->authKeySerialNumber, cert->authKeyID, AUTH_CA); @@ -426,7 +426,7 @@ cert_status_t verify_by_ocsp(const x509cert_t *cert, time_t *until, *revocationDate = UNDEFINED_TIME; *revocationReason = CRL_REASON_UNSPECIFIED; - + /* is an ocsp location defined? */ if (!build_ocsp_location(cert, &location)) return CERT_UNDEFINED; @@ -457,7 +457,7 @@ void check_ocsp(void) lock_ocsp_cache("check_ocsp"); location = ocsp_cache; - + while (location != NULL) { char buf[BUF_LEN]; @@ -1039,11 +1039,11 @@ static bool valid_ocsp_response(response_t *res) unlock_authcert_list("valid_ocsp_response"); return FALSE; } - + DBG(DBG_CONTROL, DBG_log("certificate is valid") ) - + authcert = get_authcert(cert->issuer, cert->authKeySerialNumber , cert->authKeyID, AUTH_CA); @@ -1388,7 +1388,7 @@ void add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, *certinfop = cnew; certinfo = cnew; } - + DBG(DBG_CONTROL, datatot(info->serialNumber.ptr, info->serialNumber.len, ':' , buf, BUF_LEN); @@ -1403,7 +1403,7 @@ void add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, if (request) { certinfo->status = CERT_UNDEFINED; - + if (cmp != 0) { certinfo->thisUpdate = now; @@ -1415,7 +1415,7 @@ void add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, certinfo->status = info->status; certinfo->revocationTime = info->revocationTime; certinfo->revocationReason = info->revocationReason; - + certinfo->thisUpdate = (info->thisUpdate != UNDEFINED_TIME)? info->thisUpdate : now; @@ -1446,7 +1446,7 @@ static void process_single_response(ocsp_location_t *location, plog("ocsp single response has wrong issuer"); return; } - + /* traverse list of certinfos in increasing order */ certinfop = &location->certinfo; certinfo = *certinfop; @@ -1468,14 +1468,14 @@ static void process_single_response(ocsp_location_t *location, /* unlink cert from ocsp fetch request list */ *certinfop = certinfo->next; - + /* update certinfo using the single response information */ certinfo->thisUpdate = sres->thisUpdate; certinfo->nextUpdate = sres->nextUpdate; certinfo->status = sres->status; certinfo->revocationTime = sres->revocationTime; certinfo->revocationReason = sres->revocationReason; - + /* add or update certinfo in ocsp cache */ lock_ocsp_cache("process_single_response"); add_certinfo(location, certinfo, &ocsp_cache, FALSE); diff --git a/src/pluto/packet.c b/src/pluto/packet.c index 01967efed..b82fe20e3 100644 --- a/src/pluto/packet.c +++ b/src/pluto/packet.c @@ -535,7 +535,7 @@ struct_desc isakmp_vendor_id_desc = { "ISAKMP Vendor ID Payload", isag_fields, s +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! Next Payload ! RESERVED ! Payload Length ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - ! Type ! RESERVED ! Identifier ! + ! Type ! RESERVED ! Identifier ! +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ ! ! ~ Attributes ~ diff --git a/src/pluto/pgpcert.c b/src/pluto/pgpcert.c index 3cbfeb717..e1561665a 100644 --- a/src/pluto/pgpcert.c +++ b/src/pluto/pgpcert.c @@ -283,7 +283,7 @@ static bool parse_pgp_pubkey_packet(chunk_t *packet, pgpcert_t *cert) else { chunk_t fp; - + /* V3 fingerprint is computed by public_key_t class */ if (!cert->public_key->get_fingerprint(cert->public_key, KEY_ID_PGPV3, &fp)) @@ -307,7 +307,7 @@ bool parse_pgp(chunk_t blob, pgpcert_t *cert) /* should not occur, nothing to parse */ return FALSE; } - + /* parse a PGP certificate file */ cert->certificate = blob; time(&cert->installed); diff --git a/src/pluto/pkcs7.c b/src/pluto/pkcs7.c index 9b13c236a..e6b085f78 100644 --- a/src/pluto/pkcs7.c +++ b/src/pluto/pkcs7.c @@ -155,13 +155,13 @@ static char ASN1_pkcs7_encrypted_data_oid_str[] = { 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06 }; -static const chunk_t ASN1_pkcs7_data_oid = +static const chunk_t ASN1_pkcs7_data_oid = chunk_from_buf(ASN1_pkcs7_data_oid_str); static const chunk_t ASN1_pkcs7_signed_data_oid = chunk_from_buf(ASN1_pkcs7_signed_data_oid_str); static const chunk_t ASN1_pkcs7_enveloped_data_oid = chunk_from_buf(ASN1_pkcs7_enveloped_data_oid_str); -static const chunk_t ASN1_pkcs7_signed_enveloped_data_oid = +static const chunk_t ASN1_pkcs7_signed_enveloped_data_oid = chunk_from_buf(ASN1_pkcs7_signed_enveloped_data_oid_str); static const chunk_t ASN1_pkcs7_digested_data_oid = chunk_from_buf(ASN1_pkcs7_digested_data_oid_str); @@ -180,7 +180,7 @@ static u_char ASN1_des_cbc_oid_str[] = { 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x07 }; -static const chunk_t ASN1_3des_ede_cbc_oid = +static const chunk_t ASN1_3des_ede_cbc_oid = chunk_from_buf(ASN1_3des_ede_cbc_oid_str); static const chunk_t ASN1_des_cbc_oid = chunk_from_buf(ASN1_des_cbc_oid_str); @@ -308,7 +308,7 @@ bool pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert case PKCS7_SIGNER_INFO: signerInfos++; DBG2(" signer #%d", signerInfos); - break; + break; case PKCS7_SIGNED_ISSUER: dntoa(buf, BUF_LEN, object); DBG2(" '%s'",buf); @@ -444,21 +444,21 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, case PKCS7_ISSUER: dntoa(buf, BUF_LEN, object); DBG2(" '%s'", buf); - break; + break; case PKCS7_SERIAL_NUMBER: if (!chunk_equals(serialNumber, object)) { DBG1("serial numbers do not match"); goto end; - } - break; + } + break; case PKCS7_ENCRYPTION_ALG: enc_alg = asn1_parse_algorithmIdentifier(object, level, NULL); if (enc_alg != OID_RSA_ENCRYPTION) { DBG1("only rsa encryption supported"); goto end; - } + } break; case PKCS7_ENCRYPTED_KEY: if (!key->decrypt(key, object, &symmetric_key)) @@ -477,7 +477,7 @@ bool pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data, break; case PKCS7_CONTENT_ENC_ALGORITHM: content_enc_alg = asn1_parse_algorithmIdentifier(object, level, &iv); - + if (content_enc_alg == OID_UNKNOWN) { DBG1("unknown content encryption algorithm"); @@ -585,12 +585,12 @@ chunk_t pkcs7_contentType_attribute(void) /** * @brief Builds a messageDigest attribute - * - * + * + * * @param[in] blob content to create digest of * @param[in] digest_alg digest algorithm to be used * @return ASN.1 encoded messageDigest attribute - * + * */ chunk_t pkcs7_messageDigest_attribute(chunk_t content, int digest_alg) { @@ -737,7 +737,7 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int enc_ /* generate a true random symmetric encryption key and a pseudo-random iv */ { rng_t *rng; - + rng = lib->crypto->create_rng(lib->crypto, RNG_TRUE); rng->allocate_bytes(rng, crypter->get_key_size(crypter), &symmetricKey); DBG4("symmetric encryption key %B", &symmetricKey); @@ -775,13 +775,13 @@ chunk_t pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int enc_ cert->public_key->encrypt(cert->public_key, symmetricKey, &protectedKey); - /* build pkcs7 enveloped data object */ + /* build pkcs7 enveloped data object */ { - + chunk_t contentEncryptionAlgorithm = asn1_wrap(ASN1_SEQUENCE, "mm" , asn1_build_known_oid(enc_alg) , asn1_simple_object(ASN1_OCTET_STRING, iv)); - + chunk_t encryptedContentInfo = asn1_wrap(ASN1_SEQUENCE, "cmm" , ASN1_pkcs7_data_oid , contentEncryptionAlgorithm diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c index 550bda999..808e5f042 100644 --- a/src/pluto/plutomain.c +++ b/src/pluto/plutomain.c @@ -234,8 +234,8 @@ static void print_plugins() char buf[BUF_LEN], *plugin; int len = 0; enumerator_t *enumerator; - - buf[0] = '\0'; + + buf[0] = '\0'; enumerator = lib->plugins->create_plugin_enumerator(lib->plugins); while (len < BUF_LEN && enumerator->enumerate(enumerator, &plugin)) { @@ -652,7 +652,7 @@ int main(int argc, char **argv) } /* load plugins, further infrastructure may need it */ - if (!lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, + if (!lib->plugins->load(lib->plugins, IPSEC_PLUGINDIR, lib->settings->get_str(lib->settings, "pluto.load", PLUGINS))) { exit(SS_RC_INITIALIZATION_FAILED); @@ -678,7 +678,7 @@ int main(int argc, char **argv) /* drop unneeded capabilities and change UID/GID */ prctl(PR_SET_KEEPCAPS, 1); - + #ifdef IPSEC_GROUP { struct group group, *grp; diff --git a/src/pluto/rcv_whack.c b/src/pluto/rcv_whack.c index 013deb446..818b84e6e 100644 --- a/src/pluto/rcv_whack.c +++ b/src/pluto/rcv_whack.c @@ -424,7 +424,7 @@ whack_handle(int whackctlfd) if (msg.whack_ca && msg.cacert != NULL) add_ca_info(&msg); - + /* process "listen" before any operation that could require it */ if (msg.whack_listen) { diff --git a/src/pluto/rsaref/pkcs11.h b/src/pluto/rsaref/pkcs11.h index 9261e1e4c..3283bdc89 100644 --- a/src/pluto/rsaref/pkcs11.h +++ b/src/pluto/rsaref/pkcs11.h @@ -7,10 +7,10 @@ * License is also granted to make and use derivative works provided that * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or + * Cryptographic Token Interface (Cryptoki)" in all material mentioning or * referencing the derived work. - * RSA Security Inc. makes no representations concerning either the + * RSA Security Inc. makes no representations concerning either the * merchantability of this software or the suitability of this software for * any particular purpose. It is provided "as is" without express or implied * warranty of any kind. @@ -275,7 +275,7 @@ extern "C" { #define CK_PKCS11_FUNCTION_INFO(name) \ __PASTE(CK_,name) name; - + struct CK_FUNCTION_LIST { CK_VERSION version; /* Cryptoki version */ diff --git a/src/pluto/rsaref/pkcs11f.h b/src/pluto/rsaref/pkcs11f.h index dec6315dd..54b884aed 100644 --- a/src/pluto/rsaref/pkcs11f.h +++ b/src/pluto/rsaref/pkcs11f.h @@ -7,10 +7,10 @@ * License is also granted to make and use derivative works provided that * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or + * Cryptographic Token Interface (Cryptoki)" in all material mentioning or * referencing the derived work. - * RSA Security Inc. makes no representations concerning either the + * RSA Security Inc. makes no representations concerning either the * merchantability of this software or the suitability of this software for * any particular purpose. It is provided "as is" without express or implied * warranty of any kind. @@ -564,7 +564,7 @@ CK_PKCS11_FUNCTION_INFO(C_Sign) /* C_SignUpdate continues a multiple-part signature operation, - * where the signature is (will be) an appendix to the data, + * where the signature is (will be) an appendix to the data, * and plaintext cannot be recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_SignUpdate) #ifdef CK_NEED_ARG_LIST @@ -576,7 +576,7 @@ CK_PKCS11_FUNCTION_INFO(C_SignUpdate) #endif -/* C_SignFinal finishes a multiple-part signature operation, +/* C_SignFinal finishes a multiple-part signature operation, * returning the signature. */ CK_PKCS11_FUNCTION_INFO(C_SignFinal) #ifdef CK_NEED_ARG_LIST @@ -625,12 +625,12 @@ CK_PKCS11_FUNCTION_INFO(C_VerifyInit) ( CK_SESSION_HANDLE hSession, /* the session's handle */ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ - CK_OBJECT_HANDLE hKey /* verification key */ + CK_OBJECT_HANDLE hKey /* verification key */ ); #endif -/* C_Verify verifies a signature in a single-part operation, +/* C_Verify verifies a signature in a single-part operation, * where the signature is an appendix to the data, and plaintext * cannot be recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_Verify) @@ -646,7 +646,7 @@ CK_PKCS11_FUNCTION_INFO(C_Verify) /* C_VerifyUpdate continues a multiple-part verification - * operation, where the signature is an appendix to the data, + * operation, where the signature is an appendix to the data, * and plaintext cannot be recovered from the signature. */ CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) #ifdef CK_NEED_ARG_LIST @@ -772,7 +772,7 @@ CK_PKCS11_FUNCTION_INFO(C_GenerateKey) #endif -/* C_GenerateKeyPair generates a public-key/private-key pair, +/* C_GenerateKeyPair generates a public-key/private-key pair, * creating new key objects. */ CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair) #ifdef CK_NEED_ARG_LIST diff --git a/src/pluto/smartcard.c b/src/pluto/smartcard.c index 7e4452d89..8b479009f 100644 --- a/src/pluto/smartcard.c +++ b/src/pluto/smartcard.c @@ -115,7 +115,7 @@ static const char *const pkcs11_return_name_10[] = { }; static const char *const pkcs11_return_name_20[] = { - "CKR_DATA_INVALID", + "CKR_DATA_INVALID", "CKR_DATA_LEN_RANGE" }; @@ -659,7 +659,7 @@ scx_find_all_cert_objects(void) , enum_show(&pkcs11_return_names, rv)); continue; } - + if (!(info.flags & CKF_TOKEN_PRESENT)) { plog("no token present in slot %lu", slot); @@ -750,7 +750,7 @@ scx_init(const char* module, const char *init_args) } /* - * finalize and unload PKCS#11 cryptoki module + * finalize and unload PKCS#11 cryptoki module */ void scx_finalize(void) @@ -791,12 +791,12 @@ scx_on_smartcard(const char *filename) #ifdef SMARTCARD /* - * find a specific object on the smartcard + * find a specific object on the smartcard */ static bool -scx_pkcs11_find_object( CK_SESSION_HANDLE session, - CK_OBJECT_HANDLE_PTR object, - CK_OBJECT_CLASS class, +scx_pkcs11_find_object( CK_SESSION_HANDLE session, + CK_OBJECT_HANDLE_PTR object, + CK_OBJECT_CLASS class, const char* id) { size_t len; @@ -863,7 +863,7 @@ scx_find_cert_id_in_slot(smartcard_t *sc, CK_SLOT_ID slot) , enum_show(&pkcs11_return_names, rv)); return FALSE; } - + if (!(info.flags & CKF_TOKEN_PRESENT)) { plog("no token present in slot %lu", slot); @@ -891,7 +891,7 @@ scx_find_cert_id_in_slot(smartcard_t *sc, CK_SLOT_ID slot) sc->session_opened = TRUE; return TRUE; } - + rv = pkcs11_functions->C_CloseSession(session); if (rv != CKR_OK) { @@ -996,7 +996,7 @@ scx_login(smartcard_t *sc) ) return TRUE; } - + if (sc->pin.ptr == NULL) { plog("unable to log in without PIN!"); @@ -1009,7 +1009,7 @@ scx_login(smartcard_t *sc) return FALSE; } - rv = pkcs11_functions->C_Login(sc->session, CKU_USER + rv = pkcs11_functions->C_Login(sc->session, CKU_USER , (CK_UTF8CHAR *) sc->pin.ptr, sc->pin.len); if (rv != CKR_OK && rv != CKR_USER_ALREADY_LOGGED_IN) { @@ -1035,7 +1035,7 @@ static void scx_logout(smartcard_t *sc) { CK_RV rv; - + rv = pkcs11_functions->C_Logout(sc->session); if (rv != CKR_OK) plog("error in C_Logout: %s" @@ -1067,7 +1067,7 @@ scx_release_context(smartcard_t *sc) scx_logout(sc); sc->session_opened = FALSE; - + rv = pkcs11_functions->C_CloseSession(sc->session); if (rv != CKR_OK) plog("error in C_CloseSession: %s" @@ -1169,7 +1169,7 @@ scx_parse_number_slot_id(const char *number_slot_id) if (len == 0) /* default: use certificate #1 */ { - sc->number = 1; + sc->number = 1; } else if (*number_slot_id == '#') /* #number scheme */ { @@ -1223,7 +1223,7 @@ scx_verify_pin(smartcard_t *sc) { #ifdef SMARTCARD CK_RV rv; - + if (!sc->pinpad) sc->valid = FALSE; @@ -1377,7 +1377,7 @@ scx_sign_hash(smartcard_t *sc, const u_char *in, size_t inlen #endif } -/* +/* * encrypt data block with an RSA public key */ bool @@ -1423,7 +1423,7 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen scx_release_context(sc); return FALSE; } - + /* there must be enough space left for the PKCS#1 v1.5 padding */ if (inlen > attr[0].ulValueLen - 11) { @@ -1467,7 +1467,7 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen rsa_key = asn1_wrap(ASN1_SEQUENCE, "mm", asn1_integer("m", rsa_modulus), asn1_integer("m", rsa_exponent)); - key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, + key = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, BUILD_BLOB_ASN1_DER, rsa_key, BUILD_END); free(rsa_key.ptr); if (key == NULL) @@ -1527,7 +1527,7 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen return FALSE; #endif } -/* +/* * decrypt a data block with an RSA private key */ bool @@ -1570,7 +1570,7 @@ scx_decrypt(smartcard_t *sc, const u_char *in, size_t inlen scx_release_context(sc); return FALSE; } - + DBG(DBG_CONTROL, DBG_log("doing RSA decryption on smartcard") ) @@ -1680,7 +1680,7 @@ scx_op_via_whack(const char* msg, int inbase, int outbase, sc_op_t op DBG_dump("smartcard output data:\n", inbuf, outlen) ) - if (outbase == 0) /* use default base */ + if (outbase == 0) /* use default base */ outbase = DEFAULT_BASE; if (outbase == 256) /* ascii plain text */ @@ -1957,7 +1957,7 @@ scx_list(bool utc) , scx_print_slot(sc, " ") , sc->session_opened? "opened" : "closed" , sc->logged_in? "in" : "out" - , sc->pinpad? "pin pad" + , sc->pinpad? "pin pad" : ((sc->pin.ptr == NULL)? "no pin" : sc->valid? "valid pin" : "invalid pin")); if (sc->id != NULL) diff --git a/src/pluto/spdb.c b/src/pluto/spdb.c index a86c9f215..975e79f96 100644 --- a/src/pluto/spdb.c +++ b/src/pluto/spdb.c @@ -607,7 +607,7 @@ static u_int32_t decode_long_duration(pb_stream *pbs) } /* Preparse the body of an ISAKMP SA Payload and - * return body of ISAKMP Proposal Payload + * return body of ISAKMP Proposal Payload * * Only IPsec DOI is accepted (what is the ISAKMP DOI?). * Error response is rudimentary. @@ -1114,7 +1114,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit, , (long) val , OAKLEY_ISAKMP_SA_LIFETIME_MAXIMUM); #endif - } + } ta.life_seconds = val; break; case OAKLEY_LIFE_KILOBYTES: @@ -2138,7 +2138,7 @@ parse_ipsec_sa_body( } if (tn == esp_proposal.isap_notrans) continue; /* we didn't find a nice one */ - + esp_attrs.spi = esp_spi; inner_proto = IPPROTO_ESP; if (esp_attrs.encapsulation == ENCAPSULATION_MODE_TUNNEL) diff --git a/src/pluto/state.c b/src/pluto/state.c index 5bef36c5c..9c6f49235 100644 --- a/src/pluto/state.c +++ b/src/pluto/state.c @@ -448,7 +448,7 @@ void delete_states_by_connection(struct connection *c, bool relations) } } } - + sr = &c->spd; while (sr != NULL) { @@ -521,7 +521,7 @@ struct state *duplicate_state(struct state *st) memcpy(nst->st_icookie, st->st_icookie, COOKIE_SIZE); memcpy(nst->st_rcookie, st->st_rcookie, COOKIE_SIZE); - + nst->st_connection = st->st_connection; nst->st_doi = st->st_doi; nst->st_situation = st->st_situation; @@ -724,7 +724,7 @@ void fmt_state(bool all, struct state *st, time_t n, char *state_buf, ? "; eroute owner" : ""; const char *dpd = (all && st->st_dpd && c->dpd_action != DPD_ACTION_NONE) ? "; DPD active" : ""; - + passert(st->st_event != 0); fmt_conn_instance(c, inst); diff --git a/src/pluto/timer.c b/src/pluto/timer.c index 89082f88e..1fbd92969 100644 --- a/src/pluto/timer.c +++ b/src/pluto/timer.c @@ -143,7 +143,7 @@ void event_schedule(enum event_type type, time_t tm, struct state *st) bool init_secret(void) { rng_t *rng; - + rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (rng == NULL) @@ -216,7 +216,7 @@ void handle_timer_event(void) passert(st->st_dpd_event == ev); st->st_dpd_event = NULL; } - else + else { passert(st->st_event == ev); st->st_event = NULL; diff --git a/src/pluto/vendor.c b/src/pluto/vendor.c index 090a3cb90..8c1aaf0b8 100644 --- a/src/pluto/vendor.c +++ b/src/pluto/vendor.c @@ -158,7 +158,7 @@ static struct vid_struct _vid_tab[] = { { VID_CISCO3K, VID_KEEP | VID_SUBSTRING_MATCH, NULL, "Cisco VPN 3000 Series" , { "\x1f\x07\xf7\x0e\xaa\x65\x14\xd3\xb0\xfa\x96\x54\x2a\x50", 14 } }, - { VID_CISCO_IOS, VID_KEEP | VID_SUBSTRING_MATCH, + { VID_CISCO_IOS, VID_KEEP | VID_SUBSTRING_MATCH, NULL, "Cisco IOS Device", { "\x3e\x98\x40\x48", 4 } }, /* @@ -297,7 +297,7 @@ static struct vid_struct _vid_tab[] = { DEC_MD5_VID(NATT_RFC, "RFC 3947") /* misc */ - + { VID_MISC_XAUTH, VID_KEEP, NULL, "XAUTH", { "\x09\x00\x26\x89\xdf\xd6\xb7\x12", 8 } }, @@ -305,7 +305,7 @@ static struct vid_struct _vid_tab[] = { { "\xaf\xca\xd7\x13\x68\xa1\xf1\xc9\x6b\x86\x96\xfc\x77\x57\x01\x00", 16 } }, DEC_MD5_VID(MISC_FRAGMENTATION, "FRAGMENTATION") - + DEC_MD5_VID(INITIAL_CONTACT, "Vid-Initial-Contact") /** @@ -339,7 +339,7 @@ void init_vendorid(void) else if (vid->flags & VID_MD5HASH) { chunk_t vid_data = { (u_char *)vid->data, strlen(vid->data) }; - + /** VendorID is a string to hash with MD5 **/ hasher->allocate_hash(hasher, vid_data, &vid->vid); } diff --git a/src/pluto/virtual.c b/src/pluto/virtual.c index 2067bde01..84f24e9c8 100644 --- a/src/pluto/virtual.c +++ b/src/pluto/virtual.c @@ -227,7 +227,7 @@ struct virtual_t } else goto fail; - + str = *next ? next+1 : NULL; } @@ -312,7 +312,7 @@ is_virtual_net_allowed(const struct connection *c, const ip_subnet *peer_net, if (c->spd.that.virt->n_net && net_in_list(peer_net, c->spd.that.virt->net, c->spd.that.virt->n_net)) return TRUE; - + if (c->spd.that.virt->flags & F_VIRTUAL_ALL) { /** %all must only be used for testing - log it **/ diff --git a/src/pluto/x509.c b/src/pluto/x509.c index 827c2c95c..50322da88 100644 --- a/src/pluto/x509.c +++ b/src/pluto/x509.c @@ -49,7 +49,7 @@ static x509cert_t *x509certs = NULL; /** - * ASN.1 definition of a basicConstraints extension + * ASN.1 definition of a basicConstraints extension */ static const asn1Object_t basicConstraintsObjects[] = { { 0, "basicConstraints", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ @@ -61,7 +61,7 @@ static const asn1Object_t basicConstraintsObjects[] = { #define BASIC_CONSTRAINTS_CA 1 /** - * ASN.1 definition of a authorityKeyIdentifier extension + * ASN.1 definition of a authorityKeyIdentifier extension */ static const asn1Object_t authKeyIdentifierObjects[] = { { 0, "authorityKeyIdentifier", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */ @@ -78,7 +78,7 @@ static const asn1Object_t authKeyIdentifierObjects[] = { #define AUTH_KEY_ID_CERT_SERIAL 5 /** - * ASN.1 definition of a authorityInfoAccess extension + * ASN.1 definition of a authorityInfoAccess extension */ static const asn1Object_t authInfoAccessObjects[] = { { 0, "authorityInfoAccess", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ @@ -103,7 +103,7 @@ static const asn1Object_t extendedKeyUsageObjects[] = { #define EXT_KEY_USAGE_PURPOSE_ID 1 /** - * ASN.1 definition of generalNames + * ASN.1 definition of generalNames */ static const asn1Object_t generalNamesObjects[] = { { 0, "generalNames", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ @@ -114,7 +114,7 @@ static const asn1Object_t generalNamesObjects[] = { #define GENERAL_NAMES_GN 1 /** - * ASN.1 definition of generalName + * ASN.1 definition of generalName */ static const asn1Object_t generalNameObjects[] = { { 0, "otherName", ASN1_CONTEXT_C_0, ASN1_OPT|ASN1_BODY }, /* 0 */ @@ -148,7 +148,7 @@ static const asn1Object_t generalNameObjects[] = { #define GN_OBJ_REGISTERED_ID 16 /** - * ASN.1 definition of otherName + * ASN.1 definition of otherName */ static const asn1Object_t otherNameObjects[] = { {0, "type-id", ASN1_OID, ASN1_BODY }, /* 0 */ @@ -396,7 +396,7 @@ static err_t get_next_rdn(chunk_t *rdn, chunk_t * attribute, chunk_t *oid, return "RDN is not a SET"; } attribute->len = asn1_length(rdn); - + if (attribute->len == ASN1_INVALID_LENGTH) { return "Invalid attribute length"; @@ -416,13 +416,13 @@ static err_t get_next_rdn(chunk_t *rdn, chunk_t * attribute, chunk_t *oid, /* extract the attribute body */ body.len = asn1_length(attribute); - + if (body.len == ASN1_INVALID_LENGTH) { return "Invalid attribute body length"; } body.ptr = attribute->ptr; - + /* advance to start of next attribute */ attribute->ptr += body.len; attribute->len -= body.len; @@ -435,8 +435,8 @@ static err_t get_next_rdn(chunk_t *rdn, chunk_t * attribute, chunk_t *oid, /* extract OID */ oid->len = asn1_length(&body); - - if (oid->len == ASN1_INVALID_LENGTH) + + if (oid->len == ASN1_INVALID_LENGTH) { return "Invalid attribute OID length"; } @@ -451,7 +451,7 @@ static err_t get_next_rdn(chunk_t *rdn, chunk_t * attribute, chunk_t *oid, /* extract string value */ value->len = asn1_length(&body); - + if (value->len == ASN1_INVALID_LENGTH) { return "Invalid attribute string length"; @@ -1092,7 +1092,7 @@ chunk_t build_subjectAltNames(generalName_t *subjectAltNames) chunk_t names; size_t len = 0; generalName_t *gn = subjectAltNames; - + /* compute the total size of the ASN.1 attributes object */ while (gn != NULL) { @@ -1127,7 +1127,7 @@ static chunk_t build_tbs_x509cert(x509cert_t *cert, public_key_t *rsa) rsa->get_encoding(rsa, KEY_PUB_ASN1_DER, &key); chunk_t keyInfo = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), + asn1_algorithmIdentifier(OID_RSA_ENCRYPTION), asn1_bitstring("m", key)); if (cert->subjectAltName != NULL) @@ -1143,7 +1143,7 @@ static chunk_t build_tbs_x509cert(x509cert_t *cert, public_key_t *rsa) , asn1_algorithmIdentifier(cert->sigAlg) , cert->issuer , asn1_wrap(ASN1_SEQUENCE, "mm" - , asn1_from_time(&cert->notBefore, ASN1_UTCTIME) + , asn1_from_time(&cert->notBefore, ASN1_UTCTIME) , asn1_from_time(&cert->notAfter, ASN1_UTCTIME) ) , cert->subject @@ -1237,7 +1237,7 @@ void store_x509certs(x509cert_t **firstcert, bool strict) if (cert->isCA) { *pp = cert->next; - + /* we don't accept self-signed CA certs */ if (same_dn(cert->issuer, cert->subject)) { @@ -1258,11 +1258,11 @@ void store_x509certs(x509cert_t **firstcert, bool strict) } /* now verify the candidate CA certs */ - + while (cacerts != NULL) { x509cert_t *cert = cacerts; - + cacerts = cacerts->next; if (trust_authcert_candidate(cert, cacerts)) @@ -1275,7 +1275,7 @@ void store_x509certs(x509cert_t **firstcert, bool strict) free_x509cert(cert); } } - + /* now verify the end certificates */ pp = firstcert; @@ -1314,7 +1314,7 @@ bool x509_check_signature(chunk_t tbs, chunk_t sig, int algorithm, { return FALSE; } - return key->verify(key, scheme, tbs, sig); + return key->verify(key, scheme, tbs, sig); } /** @@ -1329,7 +1329,7 @@ chunk_t x509_build_signature(chunk_t tbs, int algorithm, private_key_t *key, if (scheme == SIGN_UNKNOWN || !key->sign(key, scheme, tbs, &signature)) { return chunk_empty; - } + } return (bit_string) ? asn1_bitstring("m", signature) : asn1_wrap(ASN1_OCTET_STRING, "m", signature); } @@ -1399,7 +1399,7 @@ void gntoid(struct id *id, const generalName_t *gn) bool compute_subjectKeyID(x509cert_t *cert, chunk_t subjectKeyID) { chunk_t fingerprint; - + if (!cert->public_key->get_fingerprint(cert->public_key, KEY_ID_PUBKEY_SHA1, &fingerprint)) { @@ -1446,7 +1446,7 @@ static bool parse_otherName(chunk_t blob, int level0) } } success = parser->success(parser); - + end: parser->destroy(parser); return success; @@ -1466,11 +1466,11 @@ static generalName_t* parse_generalName(chunk_t blob, int level0) parser = asn1_parser_create(generalNameObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { bool valid_gn = FALSE; - + switch (objectID) { case GN_OBJ_RFC822_NAME: case GN_OBJ_DNS_NAME: @@ -1517,7 +1517,7 @@ static generalName_t* parse_generalName(chunk_t blob, int level0) goto end; } } - + end: parser->destroy(parser); return gn; @@ -1536,7 +1536,7 @@ static generalName_t* parse_generalNames(chunk_t blob, int level0, bool implicit parser = asn1_parser_create(generalNamesObjects, blob); parser->set_top_level(parser, level0); parser->set_flags(parser, implicit, FALSE); - + while (parser->iterate(parser, &objectID, &object)) { if (objectID == GENERAL_NAMES_GN) @@ -1584,7 +1584,7 @@ void parse_authorityKeyIdentifier(chunk_t blob, int level0, parser = asn1_parser_create(authKeyIdentifierObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { switch (objectID) @@ -1623,7 +1623,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, parser = asn1_parser_create(authInfoAccessObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { switch (objectID) @@ -1665,7 +1665,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, break; } } - + end: parser->destroy(parser); } @@ -1682,7 +1682,7 @@ static bool parse_extendedKeyUsage(chunk_t blob, int level0) parser = asn1_parser_create(extendedKeyUsageObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { if (objectID == EXT_KEY_USAGE_PURPOSE_ID @@ -1711,7 +1711,7 @@ static generalName_t* parse_crlDistributionPoints(chunk_t blob, int level0) parser = asn1_parser_create(crlDistributionPointsObjects, blob); parser->set_top_level(parser, level0); - + while (parser->iterate(parser, &objectID, &object)) { if (objectID == CRL_DIST_POINTS_FULLNAME) @@ -1752,7 +1752,7 @@ bool parse_x509cert(chunk_t blob, u_int level0, x509cert_t *cert) while (parser->iterate(parser, &objectID, &object)) { u_int level = parser->get_level(parser) + 1; - + switch (objectID) { case X509_OBJ_CERTIFICATE: cert->certificate = object; @@ -2015,7 +2015,7 @@ bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until) DBG(DBG_CONTROL, DBG_log("certificate is good") ) - + /* with strict crl policy the public key must have the same * lifetime as the validity of the ocsp status or crl lifetime */ @@ -2099,7 +2099,7 @@ void list_x509cert_chain(const char *caption, x509cert_t* cert, check_expiry(cert->notAfter, CA_CERT_WARNING_INTERVAL, TRUE)); whack_log(RC_COMMENT, " pubkey: %N %4d bits%s", key_type_names, key->get_type(key), - key->get_keysize(key) * BITS_PER_BYTE, + key->get_keysize(key) * BITS_PER_BYTE, cert->smartcard ? ", on smartcard" : (has_private_key(c)? ", has private key" : "")); if (key->get_fingerprint(key, KEY_ID_PUBKEY_INFO_SHA1, &keyid)) diff --git a/src/pluto/x509.h b/src/pluto/x509.h index ab0fbac9e..7bad35257 100644 --- a/src/pluto/x509.h +++ b/src/pluto/x509.h @@ -69,7 +69,7 @@ struct x509cert { time_t notBefore; time_t notAfter; chunk_t subject; - public_key_t *public_key; + public_key_t *public_key; /* issuerUniqueID */ /* subjectUniqueID */ /* v3 extensions */ diff --git a/src/pluto/xauth.c b/src/pluto/xauth.c index af2d72d71..2086a92cc 100644 --- a/src/pluto/xauth.c +++ b/src/pluto/xauth.c @@ -1,7 +1,7 @@ /* Initialization and finalization of the dynamic XAUTH module * Copyright (C) 2006 Andreas Steffen * Hochschule fuer Technik Rapperswil, Switzerland - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your @@ -23,7 +23,7 @@ #include "keys.h" #include "log.h" -void +void xauth_init(void) { #ifdef XAUTH_DEFAULT_LIB diff --git a/src/pluto/xauth.h b/src/pluto/xauth.h index 8ab125ac4..23cae3ed8 100644 --- a/src/pluto/xauth.h +++ b/src/pluto/xauth.h @@ -1,7 +1,7 @@ /* Interface definition of the XAUTH server and|or client module * Copyright (C) 2006 Andreas Steffen * Hochschule fuer Technik Rapperswil, Switzerland - * + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your |