conversion from 8 spaces to 4 spaces per tab
authorAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 19 Apr 2009 19:16:09 +0000 (19:16 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sun, 19 Apr 2009 19:16:09 +0000 (19:16 -0000)
138 files changed:
src/pluto/ac.c
src/pluto/ac.h
src/pluto/adns.c
src/pluto/adns.h
src/pluto/alg_info.c
src/pluto/alg_info.h
src/pluto/asn1.c
src/pluto/asn1.h
src/pluto/ca.c
src/pluto/ca.h
src/pluto/certs.c
src/pluto/certs.h
src/pluto/connections.c
src/pluto/connections.h
src/pluto/constants.c
src/pluto/constants.h
src/pluto/cookie.c
src/pluto/cookie.h
src/pluto/crl.c
src/pluto/crl.h
src/pluto/crypto.c
src/pluto/crypto.h
src/pluto/db_ops.c
src/pluto/db_ops.h
src/pluto/defs.c
src/pluto/defs.h
src/pluto/demux.c
src/pluto/demux.h
src/pluto/dnskey.c
src/pluto/dnskey.h
src/pluto/dsa.c
src/pluto/dsa.h
src/pluto/elgamal.c
src/pluto/elgamal.h
src/pluto/fetch.c
src/pluto/fetch.h
src/pluto/foodgroups.c
src/pluto/foodgroups.h
src/pluto/gcryptfix.c
src/pluto/gcryptfix.h
src/pluto/id.c
src/pluto/id.h
src/pluto/ike_alg.c
src/pluto/ike_alg.h
src/pluto/ipsec_doi.c
src/pluto/ipsec_doi.h
src/pluto/kameipsec.h
src/pluto/kernel.c
src/pluto/kernel.h
src/pluto/kernel_alg.c
src/pluto/kernel_netlink.c
src/pluto/kernel_noklips.c
src/pluto/kernel_pfkey.c
src/pluto/keys.c
src/pluto/keys.h
src/pluto/lex.c
src/pluto/lex.h
src/pluto/library.c
src/pluto/library.h
src/pluto/log.c
src/pluto/log.h
src/pluto/md2.c
src/pluto/md2.h
src/pluto/md5.c
src/pluto/md5.h
src/pluto/modecfg.c
src/pluto/mp_defs.c
src/pluto/mp_defs.h
src/pluto/nat_traversal.c
src/pluto/nat_traversal.h
src/pluto/ocsp.c
src/pluto/ocsp.h
src/pluto/packet.c
src/pluto/packet.h
src/pluto/pem.c
src/pluto/pem.h
src/pluto/pgp.c
src/pluto/pgp.h
src/pluto/pkcs1.c
src/pluto/pkcs1.h
src/pluto/pkcs7.c
src/pluto/pkcs7.h
src/pluto/plutomain.c
src/pluto/primegen.c
src/pluto/rcv_whack.c
src/pluto/rnd.c
src/pluto/server.c
src/pluto/server.h
src/pluto/sha1.c
src/pluto/sha1.h
src/pluto/smallprime.c
src/pluto/smartcard.c
src/pluto/smartcard.h
src/pluto/spdb.c
src/pluto/spdb.h
src/pluto/state.c
src/pluto/state.h
src/pluto/timer.c
src/pluto/timer.h
src/pluto/vendor.c
src/pluto/vendor.h
src/pluto/virtual.c
src/pluto/virtual.h
src/pluto/x509.c
src/pluto/x509.h
src/pluto/xauth.c
src/pluto/xauth.h
src/scepclient/loglite.c
src/scepclient/pkcs10.c
src/scepclient/pkcs10.h
src/scepclient/rsakey.c
src/scepclient/rsakey.h
src/scepclient/scep.c
src/scepclient/scep.h
src/scepclient/scepclient.c
src/starter/args.c
src/starter/args.h
src/starter/cmp.c
src/starter/confread.c
src/starter/confread.h
src/starter/exec.c
src/starter/files.h
src/starter/interfaces.c
src/starter/interfaces.h
src/starter/invokecharon.c
src/starter/invokepluto.c
src/starter/keywords.h
src/starter/klips.c
src/starter/loglite.c
src/starter/netkey.c
src/starter/parser.h
src/starter/parser.l
src/starter/parser.y
src/starter/starter.c
src/starter/starterstroke.c
src/starter/starterwhack.c
src/whack/whack.c
src/whack/whack.h

index d7aca06..d661557 100644 (file)
@@ -50,161 +50,161 @@ static ietfAttrList_t *ietfAttributes = NULL;
 
 static const asn1Object_t ietfAttrSyntaxObjects[] =
 {
-  { 0, "ietfAttrSyntax",               ASN1_SEQUENCE,        ASN1_NONE }, /*  0 */
-  { 1,   "policyAuthority",            ASN1_CONTEXT_C_0,     ASN1_OPT |
-                                                             ASN1_BODY }, /*  1 */
-  { 1,   "end opt",                    ASN1_EOC,             ASN1_END  }, /*  2 */
-  { 1,   "values",                     ASN1_SEQUENCE,        ASN1_LOOP }, /*  3 */
-  { 2,     "octets",                   ASN1_OCTET_STRING,    ASN1_OPT |
-                                                             ASN1_BODY }, /*  4 */
-  { 2,     "end choice",               ASN1_EOC,             ASN1_END  }, /*  5 */
-  { 2,     "oid",                      ASN1_OID,             ASN1_OPT |
-                                                             ASN1_BODY }, /*  6 */
-  { 2,     "end choice",               ASN1_EOC,             ASN1_END  }, /*  7 */
-  { 2,     "string",                   ASN1_UTF8STRING,      ASN1_OPT |
-                                                             ASN1_BODY }, /*  8 */
-  { 2,     "end choice",               ASN1_EOC,             ASN1_END  }, /*  9 */
-  { 1,   "end loop",                   ASN1_EOC,             ASN1_END  }  /* 10 */
+  { 0, "ietfAttrSyntax",                ASN1_SEQUENCE,        ASN1_NONE }, /*  0 */
+  { 1,   "policyAuthority",             ASN1_CONTEXT_C_0,     ASN1_OPT |
+                                                                                                                         ASN1_BODY }, /*  1 */
+  { 1,   "end opt",                     ASN1_EOC,             ASN1_END  }, /*  2 */
+  { 1,   "values",                      ASN1_SEQUENCE,        ASN1_LOOP }, /*  3 */
+  { 2,     "octets",                    ASN1_OCTET_STRING,    ASN1_OPT |
+                                                                                                                         ASN1_BODY }, /*  4 */
+  { 2,     "end choice",                ASN1_EOC,             ASN1_END  }, /*  5 */
+  { 2,     "oid",                       ASN1_OID,             ASN1_OPT |
+                                                                                                                         ASN1_BODY }, /*  6 */
+  { 2,     "end choice",                ASN1_EOC,             ASN1_END  }, /*  7 */
+  { 2,     "string",                    ASN1_UTF8STRING,      ASN1_OPT |
+                                                                                                                         ASN1_BODY }, /*  8 */
+  { 2,     "end choice",                ASN1_EOC,             ASN1_END  }, /*  9 */
+  { 1,   "end loop",                    ASN1_EOC,             ASN1_END  }  /* 10 */
 };
 
-#define IETF_ATTR_OCTETS        4
-#define IETF_ATTR_OID           6
-#define IETF_ATTR_STRING        8
-#define IETF_ATTR_ROOF         11
+#define IETF_ATTR_OCTETS         4
+#define IETF_ATTR_OID            6
+#define IETF_ATTR_STRING         8
+#define IETF_ATTR_ROOF          11
 
 /* ASN.1 definition of roleSyntax */
 
 static const asn1Object_t roleSyntaxObjects[] =
 {
-  { 0, "roleSyntax",                   ASN1_SEQUENCE,        ASN1_NONE }, /*  0 */
-  { 1,   "roleAuthority",              ASN1_CONTEXT_C_0,     ASN1_OPT |
-                                                             ASN1_OBJ  }, /*  1 */
-  { 1,   "end opt",                    ASN1_EOC,             ASN1_END  }, /*  2 */
-  { 1,   "roleName",                   ASN1_CONTEXT_C_1,     ASN1_OBJ  }  /*  3 */
+  { 0, "roleSyntax",                    ASN1_SEQUENCE,        ASN1_NONE }, /*  0 */
+  { 1,   "roleAuthority",               ASN1_CONTEXT_C_0,     ASN1_OPT |
+                                                                                                                         ASN1_OBJ  }, /*  1 */
+  { 1,   "end opt",                     ASN1_EOC,             ASN1_END  }, /*  2 */
+  { 1,   "roleName",                    ASN1_CONTEXT_C_1,     ASN1_OBJ  }  /*  3 */
 };
 
-#define ROLE_ROOF              4
+#define ROLE_ROOF               4
 
 /* ASN.1 definition of an X509 attribute certificate */
 
 static const asn1Object_t acObjects[] =
 {
-  { 0, "AttributeCertificate",         ASN1_SEQUENCE,        ASN1_OBJ  }, /*  0 */
+  { 0, "AttributeCertificate",          ASN1_SEQUENCE,        ASN1_OBJ  }, /*  0 */
   { 1,   "AttributeCertificateInfo",    ASN1_SEQUENCE,        ASN1_OBJ  }, /*  1 */
-  { 2,    "version",                   ASN1_INTEGER,         ASN1_DEF |
-                                                             ASN1_BODY }, /*  2 */
-  { 2,    "holder",                    ASN1_SEQUENCE,        ASN1_NONE }, /*  3 */
-  { 3,      "baseCertificateID",       ASN1_CONTEXT_C_0,     ASN1_OPT  }, /*  4 */
-  { 4,        "issuer",                ASN1_SEQUENCE,        ASN1_OBJ  }, /*  5 */
-  { 4,        "serial",                ASN1_INTEGER,         ASN1_BODY }, /*  6 */
-  { 4,         "issuerUID",            ASN1_BIT_STRING,      ASN1_OPT |
-                                                              ASN1_BODY }, /*  7 */
-  { 4,         "end opt",              ASN1_EOC,             ASN1_END  }, /*  8 */
-  { 3,       "end opt",                        ASN1_EOC,             ASN1_END  }, /*  9 */
-  { 3,      "entityName",              ASN1_CONTEXT_C_1,     ASN1_OPT |
-                                                             ASN1_OBJ  }, /* 10 */
-  { 3,       "end opt",                        ASN1_EOC,             ASN1_END  }, /* 11 */
-  { 3,      "objectDigestInfo",        ASN1_CONTEXT_C_2,     ASN1_OPT  }, /* 12 */
-  { 4,        "digestedObjectType",    ASN1_ENUMERATED,      ASN1_BODY }, /* 13*/
-  { 4,        "otherObjectTypeID",     ASN1_OID,             ASN1_OPT |
-                                                             ASN1_BODY }, /* 14 */
-  { 4,         "end opt",              ASN1_EOC,             ASN1_END  }, /* 15*/
-  { 4,         "digestAlgorithm",      ASN1_EOC,             ASN1_RAW  }, /* 16 */
-  { 3,       "end opt",                        ASN1_EOC,             ASN1_END  }, /* 17 */
-  { 2,    "v2Form",                    ASN1_CONTEXT_C_0,     ASN1_NONE }, /* 18 */
-  { 3,      "issuerName",              ASN1_SEQUENCE,        ASN1_OPT |
-                                                              ASN1_OBJ  }, /* 19 */
-  { 3,       "end opt",                        ASN1_EOC,             ASN1_END  }, /* 20 */
-  { 3,      "baseCertificateID",       ASN1_CONTEXT_C_0,     ASN1_OPT  }, /* 21 */
-  { 4,        "issuerSerial",          ASN1_SEQUENCE,        ASN1_NONE }, /* 22 */
-  { 5,          "issuer",              ASN1_SEQUENCE,        ASN1_OBJ  }, /* 23 */
-  { 5,          "serial",              ASN1_INTEGER,         ASN1_BODY }, /* 24 */
-  { 5,           "issuerUID",          ASN1_BIT_STRING,      ASN1_OPT |
-                                                              ASN1_BODY }, /* 25 */
-  { 5,           "end opt",            ASN1_EOC,             ASN1_END  }, /* 26 */
-  { 3,       "end opt",                        ASN1_EOC,             ASN1_END  }, /* 27 */
-  { 3,       "objectDigestInfo",       ASN1_CONTEXT_C_1,     ASN1_OPT  }, /* 28 */
-  { 4,        "digestInfo",            ASN1_SEQUENCE,        ASN1_OBJ  }, /* 29 */
-  { 5,          "digestedObjectType",  ASN1_ENUMERATED,      ASN1_BODY }, /* 30 */
-  { 5,          "otherObjectTypeID",   ASN1_OID,             ASN1_OPT |
-                                                             ASN1_BODY }, /* 31 */
-  { 5,           "end opt",            ASN1_EOC,             ASN1_END  }, /* 32 */
-  { 5,           "digestAlgorithm",    ASN1_EOC,             ASN1_RAW  }, /* 33 */
-  { 3,       "end opt",                        ASN1_EOC,             ASN1_END  }, /* 34 */
-  { 2,    "signature",                 ASN1_EOC,             ASN1_RAW  }, /* 35 */
-  { 2,    "serialNumber",              ASN1_INTEGER,         ASN1_BODY }, /* 36 */
-  { 2,    "attrCertValidityPeriod",    ASN1_SEQUENCE,        ASN1_NONE }, /* 37 */
-  { 3,      "notBeforeTime",           ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 38 */
-  { 3,      "notAfterTime",            ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 39 */
-  { 2,    "attributes",                ASN1_SEQUENCE,        ASN1_LOOP }, /* 40 */
-  { 3,       "attribute",              ASN1_SEQUENCE,        ASN1_NONE }, /* 41 */
-  { 4,         "type",                 ASN1_OID,             ASN1_BODY }, /* 42 */
-  { 4,         "values",               ASN1_SET,             ASN1_LOOP }, /* 43 */
-  { 5,           "value",              ASN1_EOC,             ASN1_RAW  }, /* 44 */
-  { 4,                "end loop",              ASN1_EOC,             ASN1_END  }, /* 45 */
-  { 2,     "end loop",                 ASN1_EOC,             ASN1_END  }, /* 46 */
-  { 2,     "extensions",               ASN1_SEQUENCE,        ASN1_LOOP }, /* 47 */
-  { 3,       "extension",              ASN1_SEQUENCE,        ASN1_NONE }, /* 48 */
-  { 4,         "extnID",               ASN1_OID,             ASN1_BODY }, /* 49 */
-  { 4,         "critical",             ASN1_BOOLEAN,         ASN1_DEF |
-                                                             ASN1_BODY }, /* 50 */
-  { 4,         "extnValue",            ASN1_OCTET_STRING,    ASN1_BODY }, /* 51 */
-  { 2,     "end loop",                 ASN1_EOC,             ASN1_END  }, /* 52 */
-  { 1,   "signatureAlgorithm",         ASN1_EOC,             ASN1_RAW  }, /* 53 */
-  { 1,   "signatureValue",             ASN1_BIT_STRING,      ASN1_BODY }  /* 54 */
+  { 2,     "version",                   ASN1_INTEGER,         ASN1_DEF |
+                                                                                                                         ASN1_BODY }, /*  2 */
+  { 2,     "holder",                    ASN1_SEQUENCE,        ASN1_NONE }, /*  3 */
+  { 3,       "baseCertificateID",       ASN1_CONTEXT_C_0,     ASN1_OPT  }, /*  4 */
+  { 4,         "issuer",                ASN1_SEQUENCE,        ASN1_OBJ  }, /*  5 */
+  { 4,         "serial",                ASN1_INTEGER,         ASN1_BODY }, /*  6 */
+  { 4,         "issuerUID",             ASN1_BIT_STRING,      ASN1_OPT |
+                                                                                                                         ASN1_BODY }, /*  7 */
+  { 4,         "end opt",               ASN1_EOC,             ASN1_END  }, /*  8 */
+  { 3,       "end opt",                 ASN1_EOC,             ASN1_END  }, /*  9 */
+  { 3,       "entityName",              ASN1_CONTEXT_C_1,     ASN1_OPT |
+                                                                                                                         ASN1_OBJ  }, /* 10 */
+  { 3,       "end opt",                 ASN1_EOC,             ASN1_END  }, /* 11 */
+  { 3,       "objectDigestInfo",        ASN1_CONTEXT_C_2,     ASN1_OPT  }, /* 12 */
+  { 4,         "digestedObjectType",    ASN1_ENUMERATED,      ASN1_BODY }, /* 13*/
+  { 4,         "otherObjectTypeID",     ASN1_OID,             ASN1_OPT |
+                                                                                                                         ASN1_BODY }, /* 14 */
+  { 4,         "end opt",               ASN1_EOC,             ASN1_END  }, /* 15*/
+  { 4,         "digestAlgorithm",       ASN1_EOC,             ASN1_RAW  }, /* 16 */
+  { 3,       "end opt",                 ASN1_EOC,             ASN1_END  }, /* 17 */
+  { 2,     "v2Form",                    ASN1_CONTEXT_C_0,     ASN1_NONE }, /* 18 */
+  { 3,       "issuerName",              ASN1_SEQUENCE,        ASN1_OPT |
+                                                                                                                         ASN1_OBJ  }, /* 19 */
+  { 3,       "end opt",                 ASN1_EOC,             ASN1_END  }, /* 20 */
+  { 3,       "baseCertificateID",       ASN1_CONTEXT_C_0,     ASN1_OPT  }, /* 21 */
+  { 4,         "issuerSerial",          ASN1_SEQUENCE,        ASN1_NONE }, /* 22 */
+  { 5,           "issuer",              ASN1_SEQUENCE,        ASN1_OBJ  }, /* 23 */
+  { 5,           "serial",              ASN1_INTEGER,         ASN1_BODY }, /* 24 */
+  { 5,           "issuerUID",           ASN1_BIT_STRING,      ASN1_OPT |
+                                                                                                                         ASN1_BODY }, /* 25 */
+  { 5,           "end opt",             ASN1_EOC,             ASN1_END  }, /* 26 */
+  { 3,       "end opt",                 ASN1_EOC,             ASN1_END  }, /* 27 */
+  { 3,       "objectDigestInfo",        ASN1_CONTEXT_C_1,     ASN1_OPT  }, /* 28 */
+  { 4,         "digestInfo",            ASN1_SEQUENCE,        ASN1_OBJ  }, /* 29 */
+  { 5,           "digestedObjectType",  ASN1_ENUMERATED,      ASN1_BODY }, /* 30 */
+  { 5,           "otherObjectTypeID",   ASN1_OID,             ASN1_OPT |
+                                                                                                                         ASN1_BODY }, /* 31 */
+  { 5,           "end opt",             ASN1_EOC,             ASN1_END  }, /* 32 */
+  { 5,           "digestAlgorithm",     ASN1_EOC,             ASN1_RAW  }, /* 33 */
+  { 3,       "end opt",                 ASN1_EOC,             ASN1_END  }, /* 34 */
+  { 2,     "signature",                 ASN1_EOC,             ASN1_RAW  }, /* 35 */
+  { 2,     "serialNumber",              ASN1_INTEGER,         ASN1_BODY }, /* 36 */
+  { 2,     "attrCertValidityPeriod",    ASN1_SEQUENCE,        ASN1_NONE }, /* 37 */
+  { 3,       "notBeforeTime",           ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 38 */
+  { 3,       "notAfterTime",            ASN1_GENERALIZEDTIME, ASN1_BODY }, /* 39 */
+  { 2,     "attributes",                ASN1_SEQUENCE,        ASN1_LOOP }, /* 40 */
+  { 3,       "attribute",               ASN1_SEQUENCE,        ASN1_NONE }, /* 41 */
+  { 4,         "type",                  ASN1_OID,             ASN1_BODY }, /* 42 */
+  { 4,         "values",                ASN1_SET,             ASN1_LOOP }, /* 43 */
+  { 5,           "value",               ASN1_EOC,             ASN1_RAW  }, /* 44 */
+  { 4,         "end loop",              ASN1_EOC,             ASN1_END  }, /* 45 */
+  { 2,     "end loop",                  ASN1_EOC,             ASN1_END  }, /* 46 */
+  { 2,     "extensions",                ASN1_SEQUENCE,        ASN1_LOOP }, /* 47 */
+  { 3,       "extension",               ASN1_SEQUENCE,        ASN1_NONE }, /* 48 */
+  { 4,         "extnID",                ASN1_OID,             ASN1_BODY }, /* 49 */
+  { 4,         "critical",              ASN1_BOOLEAN,         ASN1_DEF |
+                                                                                                                         ASN1_BODY }, /* 50 */
+  { 4,         "extnValue",             ASN1_OCTET_STRING,    ASN1_BODY }, /* 51 */
+  { 2,     "end loop",                  ASN1_EOC,             ASN1_END  }, /* 52 */
+  { 1,   "signatureAlgorithm",          ASN1_EOC,             ASN1_RAW  }, /* 53 */
+  { 1,   "signatureValue",              ASN1_BIT_STRING,      ASN1_BODY }  /* 54 */
 };
 
-#define AC_OBJ_CERTIFICATE              0
-#define AC_OBJ_CERTIFICATE_INFO                 1
-#define AC_OBJ_VERSION                  2
-#define AC_OBJ_HOLDER_ISSUER            5
-#define AC_OBJ_HOLDER_SERIAL            6
-#define AC_OBJ_ENTITY_NAME             10
-#define AC_OBJ_ISSUER_NAME             19
-#define AC_OBJ_ISSUER                  23
-#define AC_OBJ_SIG_ALG                 35
-#define AC_OBJ_SERIAL_NUMBER           36
-#define AC_OBJ_NOT_BEFORE              38
-#define AC_OBJ_NOT_AFTER               39
-#define AC_OBJ_ATTRIBUTE_TYPE          42
-#define AC_OBJ_ATTRIBUTE_VALUE         44
-#define AC_OBJ_EXTN_ID                 49
-#define AC_OBJ_CRITICAL                        50
-#define AC_OBJ_EXTN_VALUE              51
-#define AC_OBJ_ALGORITHM               53
-#define AC_OBJ_SIGNATURE               54
-#define AC_OBJ_ROOF                    55
+#define AC_OBJ_CERTIFICATE               0
+#define AC_OBJ_CERTIFICATE_INFO          1
+#define AC_OBJ_VERSION                   2
+#define AC_OBJ_HOLDER_ISSUER             5
+#define AC_OBJ_HOLDER_SERIAL             6
+#define AC_OBJ_ENTITY_NAME              10
+#define AC_OBJ_ISSUER_NAME              19
+#define AC_OBJ_ISSUER                   23
+#define AC_OBJ_SIG_ALG                  35
+#define AC_OBJ_SERIAL_NUMBER            36
+#define AC_OBJ_NOT_BEFORE               38
+#define AC_OBJ_NOT_AFTER                39
+#define AC_OBJ_ATTRIBUTE_TYPE           42
+#define AC_OBJ_ATTRIBUTE_VALUE          44
+#define AC_OBJ_EXTN_ID                  49
+#define AC_OBJ_CRITICAL                 50
+#define AC_OBJ_EXTN_VALUE               51
+#define AC_OBJ_ALGORITHM                53
+#define AC_OBJ_SIGNATURE                54
+#define AC_OBJ_ROOF                     55
 
 const x509acert_t empty_ac = {
-      NULL     , /* *next */
-            0  , /* installed */
-    { NULL, 0 }, /* certificate */
-    { NULL, 0 }, /*   certificateInfo */
-            1  , /*     version */
-                /*     holder */
-                /*       baseCertificateID */
-    { NULL, 0 }, /*         holderIssuer */
-    { NULL, 0 }, /*         holderSerial */
-                /*       entityName */
-    { NULL, 0 }, /*         generalNames */
-                /*     v2Form */
-    { NULL, 0 }, /*       issuerName */
-                 /*     signature */
-    OID_UNKNOWN, /*       sigAlg */
-    { NULL, 0 }, /*     serialNumber */
-                 /*     attrCertValidityPeriod */
-            0  , /*       notBefore */
-            0  , /*       notAfter */
-                /*     attributes */
-      NULL     , /*       charging */
-      NULL     , /*       groups */
-                /*     extensions */
-    { NULL, 0 }, /*       authKeyID */
-    { NULL, 0 }, /*       authKeySerialNumber */
-      FALSE    , /*       noRevAvail */
-                /*   signatureAlgorithm */
-    OID_UNKNOWN, /*     algorithm */
-    { NULL, 0 }, /*   signature */
+         NULL     , /* *next */
+                       0  , /* installed */
+       { NULL, 0 }, /* certificate */
+       { NULL, 0 }, /*   certificateInfo */
+                       1  , /*     version */
+                                /*     holder */
+                                /*       baseCertificateID */
+       { NULL, 0 }, /*         holderIssuer */
+       { NULL, 0 }, /*         holderSerial */
+                                /*       entityName */
+       { NULL, 0 }, /*         generalNames */
+                                /*     v2Form */
+       { NULL, 0 }, /*       issuerName */
+                                /*     signature */
+       OID_UNKNOWN, /*       sigAlg */
+       { NULL, 0 }, /*     serialNumber */
+                                /*     attrCertValidityPeriod */
+                       0  , /*       notBefore */
+                       0  , /*       notAfter */
+                                /*     attributes */
+         NULL     , /*       charging */
+         NULL     , /*       groups */
+                                /*     extensions */
+       { NULL, 0 }, /*       authKeyID */
+       { NULL, 0 }, /*       authKeySerialNumber */
+         FALSE    , /*       noRevAvail */
+                                /*   signatureAlgorithm */
+       OID_UNKNOWN, /*     algorithm */
+       { NULL, 0 }, /*   signature */
 };
 
 
@@ -214,17 +214,17 @@ const x509acert_t empty_ac = {
 static int
 cmp_ietfAttr(ietfAttr_t *a,ietfAttr_t *b)
 {
-    int cmp_len, len, cmp_value;
+       int cmp_len, len, cmp_value;
 
-    /* cannot compare OID with STRING or OCTETS attributes */
-    if (a->kind == IETF_ATTRIBUTE_OID && b->kind != IETF_ATTRIBUTE_OID)
-       return 1;
-       
-    cmp_len = a->value.len - b->value.len;
-    len = (cmp_len < 0)? a->value.len : b->value.len;
-    cmp_value = memcmp(a->value.ptr, b->value.ptr, len);
+       /* cannot compare OID with STRING or OCTETS attributes */
+       if (a->kind == IETF_ATTRIBUTE_OID && b->kind != IETF_ATTRIBUTE_OID)
+               return 1;
+               
+       cmp_len = a->value.len - b->value.len;
+       len = (cmp_len < 0)? a->value.len : b->value.len;
+       cmp_value = memcmp(a->value.ptr, b->value.ptr, len);
 
-    return (cmp_value == 0)? cmp_len : cmp_value;
+       return (cmp_value == 0)? cmp_len : cmp_value;
 }
 
 /*
@@ -233,41 +233,41 @@ cmp_ietfAttr(ietfAttr_t *a,ietfAttr_t *b)
 static ietfAttr_t*
 add_ietfAttr(ietfAttr_t *attr)
 {
-    ietfAttrList_t **listp = &ietfAttributes;
-    ietfAttrList_t *list = *listp;
-    int cmp = -1;
-
-    while (list != NULL)
-    {
-       cmp = cmp_ietfAttr(attr, list->attr);
-       if (cmp <= 0)
-           break;
-       listp = &list->next;
-       list = *listp;
-    }
-
-    if (cmp == 0)
-    {
-       /* attribute already exists, increase count */
-       free(attr);
-       list->attr->count++;
-       return list->attr;
-    }
-    else
-    {
-       ietfAttrList_t *el = malloc_thing(ietfAttrList_t);
-
-       /* new attribute, unshare value */
-       attr->value = chunk_clone(attr->value);
-       attr->count = 1;
-       time(&attr->installed);
-
-       el->attr = attr;
-       el->next = list;
-       *listp = el;
-
-       return attr;
-    }
+       ietfAttrList_t **listp = &ietfAttributes;
+       ietfAttrList_t *list = *listp;
+       int cmp = -1;
+
+       while (list != NULL)
+       {
+               cmp = cmp_ietfAttr(attr, list->attr);
+               if (cmp <= 0)
+                       break;
+               listp = &list->next;
+               list = *listp;
+       }
+
+       if (cmp == 0)
+       {
+               /* attribute already exists, increase count */
+               free(attr);
+               list->attr->count++;
+               return list->attr;
+       }
+       else
+       {
+               ietfAttrList_t *el = malloc_thing(ietfAttrList_t);
+
+               /* new attribute, unshare value */
+               attr->value = chunk_clone(attr->value);
+               attr->count = 1;
+               time(&attr->installed);
+
+               el->attr = attr;
+               el->next = list;
+               *listp = el;
+
+               return attr;
+       }
 }
 
 /*
@@ -276,106 +276,106 @@ add_ietfAttr(ietfAttr_t *attr)
 void
 decode_groups(char *groups, ietfAttrList_t **listp)
 {
-    if (groups == NULL)
-       return;
+       if (groups == NULL)
+               return;
 
-    while (strlen(groups) > 0)
-    {
-       char *end;
-       char *next = strchr(groups, ',');
+       while (strlen(groups) > 0)
+       {
+               char *end;
+               char *next = strchr(groups, ',');
 
-       if (next == NULL)
-          end = next = groups + strlen(groups);
-       else
-          end = next++;
+               if (next == NULL)
+                  end = next = groups + strlen(groups);
+               else
+                  end = next++;
 
-       /* eat preceeding whitespace */
-       while (groups < end && *groups == ' ')
-           groups++;
+               /* eat preceeding whitespace */
+               while (groups < end && *groups == ' ')
+                       groups++;
 
-       /* eat trailing whitespace */
-       while (end > groups && *(end-1) == ' ')
-           end--;
+               /* eat trailing whitespace */
+               while (end > groups && *(end-1) == ' ')
+                       end--;
 
-       if (groups < end)
-       {
-           ietfAttr_t *attr   = malloc_thing(ietfAttr_t);
-           ietfAttrList_t *el = malloc_thing(ietfAttrList_t);
+               if (groups < end)
+               {
+                       ietfAttr_t *attr   = malloc_thing(ietfAttr_t);
+                       ietfAttrList_t *el = malloc_thing(ietfAttrList_t);
 
-           attr->kind  = IETF_ATTRIBUTE_STRING;
-           attr->value.ptr = groups;
-           attr->value.len = end - groups;
-           attr->count = 0;
+                       attr->kind  = IETF_ATTRIBUTE_STRING;
+                       attr->value.ptr = groups;
+                       attr->value.len = end - groups;
+                       attr->count = 0;
 
-           el->attr = add_ietfAttr(attr);
-           el->next = *listp;
-           *listp = el;
-       }
+                       el->attr = add_ietfAttr(attr);
+                       el->next = *listp;
+                       *listp = el;
+               }
 
-       groups = next;
-    }
+               groups = next;
+       }
 }
 
 static bool
 same_attribute(const ietfAttr_t *a, const ietfAttr_t *b)
 {
-    return (a->kind == b->kind && a->value.len == b->value.len
-          && memeq(a->value.ptr, b->value.ptr, b->value.len));
+       return (a->kind == b->kind && a->value.len == b->value.len
+                  && memeq(a->value.ptr, b->value.ptr, b->value.len));
 }
 
 bool
 group_membership(const ietfAttrList_t *peer_list
-              , const char *conn
-              , const ietfAttrList_t *conn_list)
+                          , const char *conn
+                          , const ietfAttrList_t *conn_list)
 {
-    if (conn_list == NULL)
-       return TRUE;
-
-    while (peer_list != NULL)
-    {
-       const ietfAttr_t *peer_attr = peer_list->attr;
-       const ietfAttrList_t *list = conn_list;
+       if (conn_list == NULL)
+               return TRUE;
 
-       while (list != NULL)
+       while (peer_list != NULL)
        {
-           ietfAttr_t *conn_attr = list->attr;
+               const ietfAttr_t *peer_attr = peer_list->attr;
+               const ietfAttrList_t *list = conn_list;
 
-           if (same_attribute(conn_attr, peer_attr))
-           {
+               while (list != NULL)
+               {
+                       ietfAttr_t *conn_attr = list->attr;
+
+                       if (same_attribute(conn_attr, peer_attr))
+                       {
+                               DBG(DBG_CONTROL,
+                                       DBG_log("%s: peer matches group '%.*s'"
+                                               , conn
+                                               , (int)peer_attr->value.len, peer_attr->value.ptr)
+                               )
+                               return TRUE;
+                       }
+                       list = list->next;
+               }
+               peer_list = peer_list->next;
+       }
                DBG(DBG_CONTROL,
-                   DBG_log("%s: peer matches group '%.*s'"
-                       , conn
-                       , (int)peer_attr->value.len, peer_attr->value.ptr)
+                       DBG_log("%s: peer doesn't match any group", conn)
                )
-               return TRUE;
-           }
-           list = list->next;
-       }
-       peer_list = peer_list->next;
-    }
-       DBG(DBG_CONTROL,
-           DBG_log("%s: peer doesn't match any group", conn)
-       )
-    return FALSE;
+       return FALSE;
 }
 
 
 void
 unshare_ietfAttrList(ietfAttrList_t **listp)
 {
-    ietfAttrList_t *list = *listp;
-
-    while (list != NULL)
-    {
-       ietfAttrList_t *el = malloc_thing(ietfAttrList_t);
-
-       el->attr = list->attr;
-       el->attr->count++;
-       el->next = NULL;
-       *listp = el;
-       listp = &el->next;
-       list = list->next;
-    }
+       ietfAttrList_t *list = *listp;
+
+       while (list != NULL)
+       {
+               ietfAttrList_t *el = malloc_thing(ietfAttrList_t);
+
+               el->attr = list->attr;
+               el->attr->count++;
+               el->next = NULL;
+               *listp = el;
+               listp = &el->next;
+               list = list->next;
+       }
 }
 
 /*
@@ -384,44 +384,44 @@ unshare_ietfAttrList(ietfAttrList_t **listp)
 static ietfAttrList_t*
 parse_ietfAttrSyntax(chunk_t blob, int level0)
 {
-    asn1_ctx_t ctx;
-    chunk_t object;
-    u_int level;
-    int objectID = 0;
-
-    ietfAttrList_t *list = NULL;
+       asn1_ctx_t ctx;
+       chunk_t object;
+       u_int level;
+       int objectID = 0;
 
-    asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
+       ietfAttrList_t *list = NULL;
 
-    while (objectID < IETF_ATTR_ROOF)
-    {
-       if (!extract_object(ietfAttrSyntaxObjects, &objectID, &object, &level, &ctx))
-            return NULL;
+       asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
 
-       switch (objectID)
+       while (objectID < IETF_ATTR_ROOF)
        {
-       case IETF_ATTR_OCTETS:
-       case IETF_ATTR_OID:
-       case IETF_ATTR_STRING:
-           {
-               ietfAttr_t *attr   = malloc_thing(ietfAttr_t);
-               ietfAttrList_t *el = malloc_thing(ietfAttrList_t);
+               if (!extract_object(ietfAttrSyntaxObjects, &objectID, &object, &level, &ctx))
+                        return NULL;
 
-               attr->kind  = (objectID - IETF_ATTR_OCTETS) / 2;
-               attr->value = object;
-               attr->count = 0;
-
-               el->attr = add_ietfAttr(attr);
-               el->next = list;
-               list = el;
-           }
-           break;
-       default:
-           break;
+               switch (objectID)
+               {
+               case IETF_ATTR_OCTETS:
+               case IETF_ATTR_OID:
+               case IETF_ATTR_STRING:
+                       {
+                               ietfAttr_t *attr   = malloc_thing(ietfAttr_t);
+                               ietfAttrList_t *el = malloc_thing(ietfAttrList_t);
+
+                               attr->kind  = (objectID - IETF_ATTR_OCTETS) / 2;
+                               attr->value = object;
+                               attr->count = 0;
+
+                               el->attr = add_ietfAttr(attr);
+                               el->next = list;
+                               list = el;
+                       }
+                       break;
+               default:
+                       break;
+               }
+               objectID++;
        }
-       objectID++;
-    }
-    return list;
+       return list;
 }
 /*
  * parses roleSyntax
@@ -429,24 +429,24 @@ parse_ietfAttrSyntax(chunk_t blob, int level0)
 static void
 parse_roleSyntax(chunk_t blob, int level0)
 {
-    asn1_ctx_t ctx;
-    chunk_t object;
-    u_int level;
-    int objectID = 0;
+       asn1_ctx_t ctx;
+       chunk_t object;
+       u_int level;
+       int objectID = 0;
 
-    asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
+       asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
 
-    while (objectID < ROLE_ROOF)
-    {
-       if (!extract_object(roleSyntaxObjects, &objectID, &object, &level, &ctx))
-            return;
+       while (objectID < ROLE_ROOF)
+       {
+               if (!extract_object(roleSyntaxObjects, &objectID, &object, &level, &ctx))
+                        return;
 
-       switch (objectID) {
-       default:
-           break;
+               switch (objectID) {
+               default:
+                       break;
+               }
+               objectID++;
        }
-       objectID++;
-    }
 }
 
 /*
@@ -455,146 +455,146 @@ parse_roleSyntax(chunk_t blob, int level0)
 bool
 parse_ac(chunk_t blob, x509acert_t *ac)
 {
-    asn1_ctx_t ctx;
-    bool critical;
-    chunk_t object;
-    u_int level;
-    int objectID = 0;
-    int type = OID_UNKNOWN;
-    int extn_oid = OID_UNKNOWN;
+       asn1_ctx_t ctx;
+       bool critical;
+       chunk_t object;
+       u_int level;
+       int objectID = 0;
+       int type = OID_UNKNOWN;
+       int extn_oid = OID_UNKNOWN;
 
-    asn1_init(&ctx, blob, 0, FALSE, DBG_RAW);
+       asn1_init(&ctx, blob, 0, FALSE, DBG_RAW);
 
-    while (objectID < AC_OBJ_ROOF) {
+       while (objectID < AC_OBJ_ROOF) {
 
-       if (!extract_object(acObjects, &objectID, &object, &level, &ctx))
-            return FALSE;
+               if (!extract_object(acObjects, &objectID, &object, &level, &ctx))
+                        return FALSE;
 
-       /* those objects which will parsed further need the next higher level */
-       level++;
+               /* those objects which will parsed further need the next higher level */
+               level++;
+
+               switch (objectID)
+               {
+               case AC_OBJ_CERTIFICATE:
+                       ac->certificate = object;
+                       break;
+               case AC_OBJ_CERTIFICATE_INFO:
+                       ac->certificateInfo = object;
+                       break;
+               case AC_OBJ_VERSION:
+                       ac->version = (object.len) ? (1 + (u_int)*object.ptr) : 1;
+                       DBG(DBG_PARSING,
+                               DBG_log("  v%d", ac->version);
+                       )
+                       if (ac->version != 2)
+                       {
+                               plog("v%d attribute certificates are not supported"
+                                       , ac->version);
+                               return FALSE;
+                       }
+                       break;
+               case AC_OBJ_HOLDER_ISSUER:
+                       ac->holderIssuer = get_directoryName(object, level, FALSE);
+                       break;
+               case AC_OBJ_HOLDER_SERIAL:
+                       ac->holderSerial = object;
+                       break;
+               case AC_OBJ_ENTITY_NAME:
+                       ac->entityName = get_directoryName(object, level, TRUE);
+                       break;
+               case AC_OBJ_ISSUER_NAME:
+                       ac->issuerName = get_directoryName(object, level, FALSE);
+                       break;
+               case AC_OBJ_SIG_ALG:
+                       ac->sigAlg = parse_algorithmIdentifier(object, level, NULL);
+                       break;
+               case AC_OBJ_SERIAL_NUMBER:
+                       ac->serialNumber = object;
+                       break;
+               case AC_OBJ_NOT_BEFORE:
+                       ac->notBefore = asn1totime(&object, ASN1_GENERALIZEDTIME);
+                       break;
+               case AC_OBJ_NOT_AFTER:
+                       ac->notAfter = asn1totime(&object, ASN1_GENERALIZEDTIME);
+                       break;
+               case AC_OBJ_ATTRIBUTE_TYPE:
+                       type = asn1_known_oid(object);
+                       break;
+               case AC_OBJ_ATTRIBUTE_VALUE:
+                       {
+                               switch (type) {
+                               case OID_AUTHENTICATION_INFO:
+                                       DBG(DBG_PARSING,
+                                               DBG_log("  need to parse authenticationInfo")
+                                       )
+                                       break;
+                               case OID_ACCESS_IDENTITY:
+                                       DBG(DBG_PARSING,
+                                               DBG_log("  need to parse accessIdentity")
+                                       )
+                                       break;
+                               case OID_CHARGING_IDENTITY:
+                                       ac->charging = parse_ietfAttrSyntax(object, level);
+                                       break;
+                               case OID_GROUP:
+                                       ac->groups = parse_ietfAttrSyntax(object, level);
+                                       break;
+                               case OID_ROLE:
+                                       parse_roleSyntax(object, level);
+                                       break;
+                               default:
+                                       break;
+                               }
+                       }
+                       break;
+               case AC_OBJ_EXTN_ID:
+                       extn_oid = asn1_known_oid(object);
+                       break;
+               case AC_OBJ_CRITICAL:
+                       critical = object.len && *object.ptr;
+                       DBG(DBG_PARSING,
+                               DBG_log("  %s",(critical)?"TRUE":"FALSE");
+                       )
+                       break;
+               case AC_OBJ_EXTN_VALUE:
+                       {
+                               switch (extn_oid) {
+                               case OID_CRL_DISTRIBUTION_POINTS:
+                                       DBG(DBG_PARSING,
+                                               DBG_log("  need to parse crlDistributionPoints")
+                                       )
+                                       break;
+                               case OID_AUTHORITY_KEY_ID:
+                                       parse_authorityKeyIdentifier(object, level
+                                               , &ac->authKeyID, &ac->authKeySerialNumber);
+                                       break;
+                               case OID_TARGET_INFORMATION:
+                                       DBG(DBG_PARSING,
+                                               DBG_log("  need to parse targetInformation")
+                                       )
+                                       break;
+                               case OID_NO_REV_AVAIL:
+                                       ac->noRevAvail = TRUE;
+                                       break;
+                               default:
+                                       break;
+                               }
+                       }
+                       break;
+               case AC_OBJ_ALGORITHM:
+                       ac->algorithm = parse_algorithmIdentifier(object, level, NULL);
+                       break;
+               case AC_OBJ_SIGNATURE:
+                       ac->signature = object;
+                       break;
 
-       switch (objectID)
-       {
-       case AC_OBJ_CERTIFICATE:
-           ac->certificate = object;
-           break;
-       case AC_OBJ_CERTIFICATE_INFO:
-           ac->certificateInfo = object;
-           break;
-       case AC_OBJ_VERSION:
-           ac->version = (object.len) ? (1 + (u_int)*object.ptr) : 1;
-           DBG(DBG_PARSING,
-               DBG_log("  v%d", ac->version);
-           )
-           if (ac->version != 2)
-           {
-               plog("v%d attribute certificates are not supported"
-                   , ac->version);
-               return FALSE;
-           }
-           break;
-       case AC_OBJ_HOLDER_ISSUER:
-           ac->holderIssuer = get_directoryName(object, level, FALSE);
-           break;
-       case AC_OBJ_HOLDER_SERIAL:
-           ac->holderSerial = object;
-           break;
-       case AC_OBJ_ENTITY_NAME:
-           ac->entityName = get_directoryName(object, level, TRUE);
-           break;
-       case AC_OBJ_ISSUER_NAME:
-           ac->issuerName = get_directoryName(object, level, FALSE);
-           break;
-       case AC_OBJ_SIG_ALG:
-           ac->sigAlg = parse_algorithmIdentifier(object, level, NULL);
-           break;
-       case AC_OBJ_SERIAL_NUMBER:
-           ac->serialNumber = object;
-           break;
-       case AC_OBJ_NOT_BEFORE:
-           ac->notBefore = asn1totime(&object, ASN1_GENERALIZEDTIME);
-           break;
-       case AC_OBJ_NOT_AFTER:
-           ac->notAfter = asn1totime(&object, ASN1_GENERALIZEDTIME);
-           break;
-       case AC_OBJ_ATTRIBUTE_TYPE:
-           type = asn1_known_oid(object);
-           break;
-       case AC_OBJ_ATTRIBUTE_VALUE:
-           {
-               switch (type) {
-               case OID_AUTHENTICATION_INFO:
-                   DBG(DBG_PARSING,
-                       DBG_log("  need to parse authenticationInfo")
-                   )
-                   break;
-               case OID_ACCESS_IDENTITY:
-                   DBG(DBG_PARSING,
-                       DBG_log("  need to parse accessIdentity")
-                   )
-                   break;
-               case OID_CHARGING_IDENTITY:
-                   ac->charging = parse_ietfAttrSyntax(object, level);
-                   break;
-               case OID_GROUP:
-                   ac->groups = parse_ietfAttrSyntax(object, level);
-                   break;
-               case OID_ROLE:
-                   parse_roleSyntax(object, level);
-                   break;
-               default:
-                   break;
-               }
-           }
-           break;
-       case AC_OBJ_EXTN_ID:
-           extn_oid = asn1_known_oid(object);
-           break;
-       case AC_OBJ_CRITICAL:
-           critical = object.len && *object.ptr;
-           DBG(DBG_PARSING,
-               DBG_log("  %s",(critical)?"TRUE":"FALSE");
-           )
-           break;
-       case AC_OBJ_EXTN_VALUE:
-           {
-               switch (extn_oid) {
-               case OID_CRL_DISTRIBUTION_POINTS:
-                   DBG(DBG_PARSING,
-                       DBG_log("  need to parse crlDistributionPoints")
-                   )
-                   break;
-               case OID_AUTHORITY_KEY_ID:
-                   parse_authorityKeyIdentifier(object, level
-                       , &ac->authKeyID, &ac->authKeySerialNumber);
-                   break;
-               case OID_TARGET_INFORMATION:
-                   DBG(DBG_PARSING,
-                       DBG_log("  need to parse targetInformation")
-                   )
-                   break;
-               case OID_NO_REV_AVAIL:
-                   ac->noRevAvail = TRUE;
-                   break;
                default:
-                   break;
+                       break;
                }
-           }
-           break;
-       case AC_OBJ_ALGORITHM:
-           ac->algorithm = parse_algorithmIdentifier(object, level, NULL);
-           break;
-       case AC_OBJ_SIGNATURE:
-           ac->signature = object;
-           break;
-
-       default:
-           break;
+               objectID++;
        }
-       objectID++;
-    }
-    time(&ac->installed);
-    return TRUE;
+       time(&ac->installed);
+       return TRUE;
 }
 
 /*
@@ -603,22 +603,22 @@ parse_ac(chunk_t blob, x509acert_t *ac)
 static void
 release_ietfAttr(ietfAttr_t* attr)
 {
-    if (--attr->count == 0)
-    {
-       ietfAttrList_t **plist = &ietfAttributes;
-       ietfAttrList_t *list = *plist;
-
-       while (list->attr != attr)
+       if (--attr->count == 0)
        {
-           plist = &list->next;
-           list = *plist;
+               ietfAttrList_t **plist = &ietfAttributes;
+               ietfAttrList_t *list = *plist;
+
+               while (list->attr != attr)
+               {
+                       plist = &list->next;
+                       list = *plist;
+               }
+               *plist = list->next;
+               
+               free(attr->value.ptr);
+               free(attr);
+               free(list);
        }
-        *plist = list->next;
-       
-       free(attr->value.ptr);
-       free(attr);
-       free(list);
-    }
 }
 
 /*
@@ -627,14 +627,14 @@ release_ietfAttr(ietfAttr_t* attr)
 void
 free_ietfAttrList(ietfAttrList_t* list)
 {
-    while (list != NULL)
-    {
-       ietfAttrList_t *el = list;
-
-       release_ietfAttr(el->attr);
-       list = list->next;
-       free(el);
-    }
+       while (list != NULL)
+       {
+               ietfAttrList_t *el = list;
+
+               release_ietfAttr(el->attr);
+               list = list->next;
+               free(el);
+       }
 }
 
 /*
@@ -643,13 +643,13 @@ free_ietfAttrList(ietfAttrList_t* list)
 void
 free_acert(x509acert_t *ac)
 {
-    if (ac != NULL)
-    {
-       free_ietfAttrList(ac->charging);
-       free_ietfAttrList(ac->groups);
-       free(ac->certificate.ptr);
-       free(ac);
-    }
+       if (ac != NULL)
+       {
+               free_ietfAttrList(ac->charging);
+               free_ietfAttrList(ac->groups);
+               free(ac->certificate.ptr);
+               free(ac);
+       }
 }
 
 /*
@@ -658,9 +658,9 @@ free_acert(x509acert_t *ac)
 static void
 free_first_acert(void)
 {
-    x509acert_t *first = x509acerts;
-    x509acerts = first->next;
-    free_acert(first);
+       x509acert_t *first = x509acerts;
+       x509acerts = first->next;
+       free_acert(first);
 }
 
 /*
@@ -669,8 +669,8 @@ free_first_acert(void)
 void
 free_acerts(void)
 {
-    while (x509acerts != NULL)
-       free_first_acert();
+       while (x509acerts != NULL)
+               free_first_acert();
 }
 
 /*
@@ -679,27 +679,27 @@ free_acerts(void)
 x509acert_t*
 get_x509acert(chunk_t issuer, chunk_t serial)
 {
-    x509acert_t *ac = x509acerts;
-    x509acert_t *prev_ac = NULL;
+       x509acert_t *ac = x509acerts;
+       x509acert_t *prev_ac = NULL;
 
-    while (ac != NULL)
-    {
-       if (same_dn(issuer, ac->holderIssuer)
-       &&  same_serial(serial, ac->holderSerial))
+       while (ac != NULL)
        {
-           if (ac!= x509acerts)
-           {
-               /* bring the certificate up front */
-               prev_ac->next = ac->next;
-               ac->next = x509acerts;
-               x509acerts = ac;
-           }
-           return ac;
+               if (same_dn(issuer, ac->holderIssuer)
+               &&  same_serial(serial, ac->holderSerial))
+               {
+                       if (ac!= x509acerts)
+                       {
+                               /* bring the certificate up front */
+                               prev_ac->next = ac->next;
+                               ac->next = x509acerts;
+                               x509acerts = ac;
+                       }
+                       return ac;
+               }
+               prev_ac = ac;
+               ac = ac->next;
        }
-       prev_ac = ac;
-       ac = ac->next;
-    }
-    return NULL;
+       return NULL;
 }
 
 /*
@@ -708,32 +708,32 @@ get_x509acert(chunk_t issuer, chunk_t serial)
 static void
 add_acert(x509acert_t *ac)
 {
-    x509acert_t *old_ac = get_x509acert(ac->holderIssuer, ac->holderSerial);
+       x509acert_t *old_ac = get_x509acert(ac->holderIssuer, ac->holderSerial);
 
-    if (old_ac != NULL)
-    {
-       if (ac->notBefore >old_ac->notBefore)
-       {
-           /* delete the old attribute cert */
-           free_first_acert();
-           DBG(DBG_CONTROL,
-               DBG_log("attribute cert is newer - existing cert deleted")
-           )
-       }
-       else
+       if (old_ac != NULL)
        {
-           DBG(DBG_CONTROL,
-               DBG_log("attribute cert is not newer - existing cert kept");
-           )
-           free_acert(ac);
-           return;
+               if (ac->notBefore >old_ac->notBefore)
+               {
+                       /* delete the old attribute cert */
+                       free_first_acert();
+                       DBG(DBG_CONTROL,
+                               DBG_log("attribute cert is newer - existing cert deleted")
+                       )
+               }
+               else
+               {
+                       DBG(DBG_CONTROL,
+                               DBG_log("attribute cert is not newer - existing cert kept");
+                       )
+                       free_acert(ac);
+                       return;
+               }
        }
-    }
-    plog("attribute cert added");
+       plog("attribute cert added");
 
-    /* insert new attribute cert at the root of the chain */
-    ac->next = x509acerts;
-    x509acerts = ac;
+       /* insert new attribute cert at the root of the chain */
+       ac->next = x509acerts;
+       x509acerts = ac;
 }
 
 /* verify the validity of an attribute certificate by
@@ -742,21 +742,21 @@ add_acert(x509acert_t *ac)
 static err_t
 check_ac_validity(const x509acert_t *ac)
 {
-    time_t current_time;
-
-    time(&current_time);
-    DBG(DBG_CONTROL | DBG_PARSING,
-       DBG_log("  not before  : %T", &ac->notBefore, TRUE);
-       DBG_log("  current time: %T", &current_time, TRUE);
-       DBG_log("  not after   : %T", &ac->notAfter, TRUE);
-    )
-
-    if (current_time < ac->notBefore)
-       return "attribute certificate is not valid yet";
-    if (current_time > ac->notAfter)
-       return "attribute certificate has expired";
-    else
-       return NULL;
+       time_t current_time;
+
+       time(&current_time);
+       DBG(DBG_CONTROL | DBG_PARSING,
+               DBG_log("  not before  : %T", &ac->notBefore, TRUE);
+               DBG_log("  current time: %T", &current_time, TRUE);
+               DBG_log("  not after   : %T", &ac->notAfter, TRUE);
+       )
+
+       if (current_time < ac->notBefore)
+               return "attribute certificate is not valid yet";
+       if (current_time > ac->notAfter)
+               return "attribute certificate has expired";
+       else
+               return NULL;
 }
 
 /*
@@ -765,54 +765,54 @@ check_ac_validity(const x509acert_t *ac)
 bool
 verify_x509acert(x509acert_t *ac, bool strict)
 {
-    u_char buf[BUF_LEN];
-    x509cert_t *aacert;
-    err_t ugh = NULL;
-    time_t valid_until = ac->notAfter;
-
-    DBG(DBG_CONTROL,
-       dntoa(buf, BUF_LEN, ac->entityName);
-       DBG_log("holder: '%s'",buf);
-       dntoa(buf, BUF_LEN, ac->issuerName);
-       DBG_log("issuer: '%s'",buf);
-    )
-    
-    ugh = check_ac_validity(ac);
-
-    if (ugh != NULL)
-    {
-       plog("%s", ugh);
-       return FALSE;
-    }
-    DBG(DBG_CONTROL,
-       DBG_log("attribute certificate is valid")
-    )
-
-    lock_authcert_list("verify_x509acert");
-    aacert = get_authcert(ac->issuerName, ac->authKeySerialNumber
-       , ac->authKeyID, AUTH_AA);
-    unlock_authcert_list("verify_x509acert");
-
-    if (aacert == NULL)
-    {
-       plog("issuer aacert not found");
-       return FALSE;
-    }
-    DBG(DBG_CONTROL,
-       DBG_log("issuer aacert found")
-    )
-
-    if (!check_signature(ac->certificateInfo, ac->signature
-                        , ac->algorithm, ac->algorithm, aacert))
-    {
-       plog("attribute certificate signature is invalid");
-       return FALSE;
-    }
-    DBG(DBG_CONTROL,
-       DBG_log("attribute certificate signature is valid");
-    )
+       u_char buf[BUF_LEN];
+       x509cert_t *aacert;
+       err_t ugh = NULL;
+       time_t valid_until = ac->notAfter;
+
+       DBG(DBG_CONTROL,
+               dntoa(buf, BUF_LEN, ac->entityName);
+               DBG_log("holder: '%s'",buf);
+               dntoa(buf, BUF_LEN, ac->issuerName);
+               DBG_log("issuer: '%s'",buf);
+       )
+       
+       ugh = check_ac_validity(ac);
+
+       if (ugh != NULL)
+       {
+               plog("%s", ugh);
+               return FALSE;
+       }
+       DBG(DBG_CONTROL,
+               DBG_log("attribute certificate is valid")
+       )
 
-    return verify_x509cert(aacert, strict, &valid_until);
+       lock_authcert_list("verify_x509acert");
+       aacert = get_authcert(ac->issuerName, ac->authKeySerialNumber
+               , ac->authKeyID, AUTH_AA);
+       unlock_authcert_list("verify_x509acert");
+
+       if (aacert == NULL)
+       {
+               plog("issuer aacert not found");
+               return FALSE;
+       }
+       DBG(DBG_CONTROL,
+               DBG_log("issuer aacert found")
+       )
+
+       if (!check_signature(ac->certificateInfo, ac->signature
+                                                , ac->algorithm, ac->algorithm, aacert))
+       {
+               plog("attribute certificate signature is invalid");
+               return FALSE;
+       }
+       DBG(DBG_CONTROL,
+               DBG_log("attribute certificate signature is valid");
+       )
+
+       return verify_x509cert(aacert, strict, &valid_until);
 }
 
 /*
@@ -821,45 +821,45 @@ verify_x509acert(x509acert_t *ac, bool strict)
 void
 load_acerts(void)
 {
-    u_char buf[BUF_LEN];
-
-    /* change directory to specified path */
-    u_char *save_dir = getcwd(buf, BUF_LEN);
-
-    if (!chdir(A_CERT_PATH))
-    {
-       struct dirent **filelist;
-       int n;
+       u_char buf[BUF_LEN];
 
-       plog("Changing to directory '%s'",A_CERT_PATH);
-       n = scandir(A_CERT_PATH, &filelist, file_select, alphasort);
+       /* change directory to specified path */
+       u_char *save_dir = getcwd(buf, BUF_LEN);
 
-       if (n > 0)
+       if (!chdir(A_CERT_PATH))
        {
-           while (n--)
-           {
-               chunk_t blob = chunk_empty;
-               bool pgp = FALSE;
+               struct dirent **filelist;
+               int n;
+
+               plog("Changing to directory '%s'",A_CERT_PATH);
+               n = scandir(A_CERT_PATH, &filelist, file_select, alphasort);
 
-               if (load_coded_file(filelist[n]->d_name, NULL, "acert", &blob, &pgp))
+               if (n > 0)
                {
-                   x509acert_t *ac = malloc_thing(x509acert_t);
-                   
-                   *ac = empty_ac;
-
-                   if (parse_ac(blob, ac)
-                   && verify_x509acert(ac, FALSE))
-                       add_acert(ac);
-                   else
-                       free_acert(ac);
+                       while (n--)
+                       {
+                               chunk_t blob = chunk_empty;
+                               bool pgp = FALSE;
+
+                               if (load_coded_file(filelist[n]->d_name, NULL, "acert", &blob, &pgp))
+                               {
+                                       x509acert_t *ac = malloc_thing(x509acert_t);
+                                       
+                                       *ac = empty_ac;
+
+                                       if (parse_ac(blob, ac)
+                                       && verify_x509acert(ac, FALSE))
+                                               add_acert(ac);
+                                       else
+                                               free_acert(ac);
+                               }
+                               free(filelist[n]);
+                       }
+                       free(filelist);
                }
-               free(filelist[n]);
-           }
-           free(filelist);
        }
-    }
-    /* restore directory path */
-    ignore_result(chdir(save_dir));
+       /* restore directory path */
+       ignore_result(chdir(save_dir));
 }
 
 /*
@@ -868,30 +868,30 @@ load_acerts(void)
 void
 format_groups(const ietfAttrList_t *list, char *buf, int len)
 {
-    bool first_group = TRUE;
+       bool first_group = TRUE;
 
-    while (list != NULL && len > 0)
-    {
-       ietfAttr_t *attr = list->attr;
-
-       if (attr->kind == IETF_ATTRIBUTE_OCTETS
-       ||  attr->kind == IETF_ATTRIBUTE_STRING)
+       while (list != NULL && len > 0)
        {
-           int written = snprintf(buf, len, "%s%.*s"
-                           , (first_group)? "" : ", "
-                           , (int)attr->value.len, attr->value.ptr);
-
-           first_group = FALSE;
-           
-           /* return value of snprintf() up to glibc 2.0.6 */
-           if (written < 0)
-               break;
-
-           buf += written;
-           len -= written;
+               ietfAttr_t *attr = list->attr;
+
+               if (attr->kind == IETF_ATTRIBUTE_OCTETS
+               ||  attr->kind == IETF_ATTRIBUTE_STRING)
+               {
+                       int written = snprintf(buf, len, "%s%.*s"
+                                                       , (first_group)? "" : ", "
+                                                       , (int)attr->value.len, attr->value.ptr);
+
+                       first_group = FALSE;
+                       
+                       /* return value of snprintf() up to glibc 2.0.6 */
+                       if (written < 0)
+                               break;
+
+                       buf += written;
+                       len -= written;
+               }
+               list = list->next;
        }
-       list = list->next;
-    }
 }
 
 /*
@@ -900,71 +900,71 @@ format_groups(const ietfAttrList_t *list, char *buf, int len)
 void
 list_acerts(bool utc)
 {
-    x509acert_t *ac = x509acerts;
-    time_t now;
-
-    /* determine the current time */
-    time(&now);
+       x509acert_t *ac = x509acerts;
+       time_t now;
 
-    if (ac != NULL)
-    {
-       whack_log(RC_COMMENT, " ");
-       whack_log(RC_COMMENT, "List of X.509 Attribute Certificates:");
-       whack_log(RC_COMMENT, " ");
-    }
-
-    while (ac != NULL)
-    {
-       u_char buf[BUF_LEN];
+       /* determine the current time */
+       time(&now);
 
-       whack_log(RC_COMMENT, "%T", &ac->installed, utc);
-       if (ac->entityName.ptr != NULL)
-       {
-           dntoa(buf, BUF_LEN, ac->entityName);
-           whack_log(RC_COMMENT, "       holder:   '%s'", buf);
-       }
-       if (ac->holderIssuer.ptr != NULL)
-       {
-           dntoa(buf, BUF_LEN, ac->holderIssuer);
-           whack_log(RC_COMMENT, "       hissuer:  '%s'", buf);
-       }
-       if (ac->holderSerial.ptr != NULL)
-       {
-           datatot(ac->holderSerial.ptr, ac->holderSerial.len, ':'
-               , buf, BUF_LEN);
-           whack_log(RC_COMMENT, "       hserial:   %s", buf);
-       }
-       if (ac->groups != NULL)
-       {
-           format_groups(ac->groups, buf, BUF_LEN);
-           whack_log(RC_COMMENT, "       groups:    %s", buf);
-       }
-       dntoa(buf, BUF_LEN, ac->issuerName);
-       whack_log(RC_COMMENT, "       issuer:   '%s'", buf);
-       datatot(ac->serialNumber.ptr, ac->serialNumber.len, ':'
-           , buf, BUF_LEN);
-       whack_log(RC_COMMENT, "       serial:    %s", buf);
-       whack_log(RC_COMMENT, "       validity:  not before %T %s",
-               &ac->notBefore, utc,
-               (ac->notBefore < now)?"ok":"fatal (not valid yet)");
-       whack_log(RC_COMMENT, "                  not after  %T %s",
-               &ac->notAfter, utc,
-               check_expiry(ac->notAfter, ACERT_WARNING_INTERVAL, TRUE));
-       if (ac->authKeyID.ptr != NULL)
+       if (ac != NULL)
        {
-           datatot(ac->authKeyID.ptr, ac->authKeyID.len, ':'
-               , buf, BUF_LEN);
-           whack_log(RC_COMMENT, "       authkey:   %s", buf);
+               whack_log(RC_COMMENT, " ");
+               whack_log(RC_COMMENT, "List of X.509 Attribute Certificates:");
+               whack_log(RC_COMMENT, " ");
        }
-       if (ac->authKeySerialNumber.ptr != NULL)
+
+       while (ac != NULL)
        {
-           datatot(ac->authKeySerialNumber.ptr, ac->authKeySerialNumber.len, ':'
-               , buf, BUF_LEN);
-           whack_log(RC_COMMENT, "       aserial:   %s", buf);
-       }
+               u_char buf[BUF_LEN];
 
-       ac = ac->next;
-    }
+               whack_log(RC_COMMENT, "%T", &ac->installed, utc);
+               if (ac->entityName.ptr != NULL)
+               {
+                       dntoa(buf, BUF_LEN, ac->entityName);
+                       whack_log(RC_COMMENT, "       holder:   '%s'", buf);
+               }
+               if (ac->holderIssuer.ptr != NULL)
+               {
+                       dntoa(buf, BUF_LEN, ac->holderIssuer);
+                       whack_log(RC_COMMENT, "       hissuer:  '%s'", buf);
+               }
+               if (ac->holderSerial.ptr != NULL)
+               {
+                       datatot(ac->holderSerial.ptr, ac->holderSerial.len, ':'
+                               , buf, BUF_LEN);
+                       whack_log(RC_COMMENT, "       hserial:   %s", buf);
+               }
+               if (ac->groups != NULL)
+               {
+                       format_groups(ac->groups, buf, BUF_LEN);
+                       whack_log(RC_COMMENT, "       groups:    %s", buf);
+               }
+               dntoa(buf, BUF_LEN, ac->issuerName);
+               whack_log(RC_COMMENT, "       issuer:   '%s'", buf);
+               datatot(ac->serialNumber.ptr, ac->serialNumber.len, ':'
+                       , buf, BUF_LEN);
+               whack_log(RC_COMMENT, "       serial:    %s", buf);
+               whack_log(RC_COMMENT, "       validity:  not before %T %s",
+                               &ac->notBefore, utc,
+                               (ac->notBefore < now)?"ok":"fatal (not valid yet)");
+               whack_log(RC_COMMENT, "                  not after  %T %s",
+                               &ac->notAfter, utc,
+                               check_expiry(ac->notAfter, ACERT_WARNING_INTERVAL, TRUE));
+               if (ac->authKeyID.ptr != NULL)
+               {
+                       datatot(ac->authKeyID.ptr, ac->authKeyID.len, ':'
+                               , buf, BUF_LEN);
+                       whack_log(RC_COMMENT, "       authkey:   %s", buf);
+               }
+               if (ac->authKeySerialNumber.ptr != NULL)
+               {
+                       datatot(ac->authKeySerialNumber.ptr, ac->authKeySerialNumber.len, ':'
+                               , buf, BUF_LEN);
+                       whack_log(RC_COMMENT, "       aserial:   %s", buf);
+               }
+
+               ac = ac->next;
+       }
 }
 
 /*
@@ -973,34 +973,34 @@ list_acerts(bool utc)
 void
 list_groups(bool utc)
 {
-    ietfAttrList_t *list = ietfAttributes;
-    
-    if (list != NULL)
-    {
-       whack_log(RC_COMMENT, " ");
-       whack_log(RC_COMMENT, "List of Group Attributes:");
-       whack_log(RC_COMMENT, " ");
-    }
-
-    while (list != NULL)
-    {
-       ietfAttr_t *attr = list->attr;
-
-       whack_log(RC_COMMENT, "%T, count: %d", &attr->installed, utc, attr->count);
+       ietfAttrList_t *list = ietfAttributes;
        
-       switch (attr->kind)
+       if (list != NULL)
        {
-       case IETF_ATTRIBUTE_OCTETS:
-       case IETF_ATTRIBUTE_STRING:
-           whack_log(RC_COMMENT, "       %.*s", (int)attr->value.len, attr->value.ptr);
-           break;
-       case IETF_ATTRIBUTE_OID:
-           whack_log(RC_COMMENT, "       OID");
-           break;
-       default:
-           break;
-        }
-
-       list = list->next;
-    }
+               whack_log(RC_COMMENT, " ");
+               whack_log(RC_COMMENT, "List of Group Attributes:");
+               whack_log(RC_COMMENT, " ");
+       }
+
+       while (list != NULL)
+       {
+               ietfAttr_t *attr = list->attr;
+
+               whack_log(RC_COMMENT, "%T, count: %d", &attr->installed, utc, attr->count);
+               
+               switch (attr->kind)
+               {
+               case IETF_ATTRIBUTE_OCTETS:
+               case IETF_ATTRIBUTE_STRING:
+                       whack_log(RC_COMMENT, "       %.*s", (int)attr->value.len, attr->value.ptr);
+                       break;
+               case IETF_ATTRIBUTE_OID:
+                       whack_log(RC_COMMENT, "       OID");
+                       break;
+               default:
+                       break;
+               }
+
+               list = list->next;
+       }
 }
index 158c71b..1100052 100644 (file)
@@ -1,7 +1,7 @@
 /* Support of X.509 attribute certificates
  * Copyright (C) 2002 Ueli Galizzi, Ariane Seiler
  * Copyright (C) 2003 Martin Berner, Lukas Suter
+
  *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
@@ -22,9 +22,9 @@
 /* definition of ietfAttribute kinds */
 
 typedef enum {
-    IETF_ATTRIBUTE_OCTETS =    0,
-    IETF_ATTRIBUTE_OID =       1,
-    IETF_ATTRIBUTE_STRING =    2
+       IETF_ATTRIBUTE_OCTETS =     0,
+       IETF_ATTRIBUTE_OID =        1,
+       IETF_ATTRIBUTE_STRING =     2
 } ietfAttribute_t;
 
 /* access structure for an ietfAttribute */
@@ -32,17 +32,17 @@ typedef enum {
 typedef struct ietfAttr ietfAttr_t;
 
 struct ietfAttr {
-  time_t          installed;
-  int             count;
+  time_t           installed;
+  int              count;
   ietfAttribute_t  kind;
-  chunk_t         value;
+  chunk_t          value;
 };
 
 typedef struct ietfAttrList ietfAttrList_t;
 
 struct ietfAttrList {
   ietfAttrList_t   *next;
-  ietfAttr_t      *attr;
+  ietfAttr_t       *attr;
 };
 
 
@@ -52,31 +52,31 @@ typedef struct x509acert x509acert_t;
 
 struct x509acert {
   x509acert_t    *next;
-  time_t        installed;
-  chunk_t       certificate;
-  chunk_t         certificateInfo;
-  u_int                     version;
-               /*   holder */
-               /*     baseCertificateID */
-  chunk_t               holderIssuer;
-  chunk_t               holderSerial;
-  chunk_t               entityName;
-                /*   v2Form */
-  chunk_t             issuerName;
-                /*   signature */
+  time_t         installed;
+  chunk_t        certificate;
+  chunk_t          certificateInfo;
+  u_int              version;
+                               /*   holder */
+                               /*     baseCertificateID */
+  chunk_t                holderIssuer;
+  chunk_t                holderSerial;
+  chunk_t                entityName;
+                               /*   v2Form */
+  chunk_t              issuerName;
+                               /*   signature */
   int                  sigAlg;
-  chunk_t           serialNumber;
-                /*   attrCertValidityPeriod */
+  chunk_t            serialNumber;
+                               /*   attrCertValidityPeriod */
   time_t               notBefore;
   time_t               notAfter;
-               /*   attributes */
+                               /*   attributes */
   ietfAttrList_t       *charging;
   ietfAttrList_t       *groups;
-               /*   extensions */
+                               /*   extensions */
   chunk_t              authKeyID;
   chunk_t              authKeySerialNumber;
-  bool                noRevAvail;
-               /* signatureAlgorithm */
+  bool                 noRevAvail;
+                               /* signatureAlgorithm */
   int                algorithm;
   chunk_t          signature;
 };
@@ -88,7 +88,7 @@ extern void unshare_ietfAttrList(ietfAttrList_t **listp);
 extern void free_ietfAttrList(ietfAttrList_t *list);
 extern void decode_groups(char *groups, ietfAttrList_t **listp);
 extern bool group_membership(const ietfAttrList_t *my_list
-    , const char *conn, const ietfAttrList_t *conn_list);
+       , const char *conn, const ietfAttrList_t *conn_list);
 extern bool parse_ac(chunk_t blob, x509acert_t *ac);
 extern bool verify_x509acert(x509acert_t *ac, bool strict);
 extern x509acert_t* get_x509acert(chunk_t issuer, chunk_t serial);
index 637207f..97971ff 100644 (file)
@@ -14,7 +14,7 @@
  * RCSID $Id$
  */
 
-#ifndef USE_LWRES      /* whole file! */
+#ifndef USE_LWRES       /* whole file! */
 
 /* This program executes as multiple processes.  The Master process
  * receives queries (struct adns_query messages) from Pluto and distributes
@@ -58,7 +58,7 @@
 #include <netinet/in.h>
 #include <arpa/nameser.h>
 #include <resolv.h>
-#include <netdb.h>     /* ??? for h_errno */
+#include <netdb.h>      /* ??? for h_errno */
 
 #include <freeswan.h>
 
 #endif
 
 #include "constants.h"
-#include "adns.h"      /* needs <resolv.h> */
+#include "adns.h"       /* needs <resolv.h> */
 
 /* shared by all processes */
 
-static const char *name;       /* program name, for messages */
+static const char *name;        /* program name, for messages */
 
 static bool debug = FALSE;
 
@@ -88,43 +88,43 @@ static bool debug = FALSE;
 static enum helper_exit_status
 read_pipe(int fd, unsigned char *stuff, size_t minlen, size_t maxlen)
 {
-    size_t n = 0;
-    size_t goal = minlen;
+       size_t n = 0;
+       size_t goal = minlen;
 
-    do {
-       ssize_t m = read(fd, stuff + n, goal - n);
+       do {
+               ssize_t m = read(fd, stuff + n, goal - n);
 
-       if (m == -1)
-       {
-           if (errno != EINTR)
-           {
-               syslog(LOG_ERR, "Input error on pipe: %s", strerror(errno));
-               return HES_IO_ERROR_IN;
-           }
-       }
-       else if (m == 0)
-       {
-           return HES_OK;      /* treat empty message as EOF */
-       }
-       else
-       {
-           n += m;
-           if (n >= sizeof(size_t))
-           {
-               goal = *(size_t *)(void *)stuff;
-               if (goal < minlen || maxlen < goal)
+               if (m == -1)
                {
-                   if (debug)
-                       fprintf(stderr, "%lu : [%lu, %lu]\n"
-                           , (unsigned long)goal
-                           , (unsigned long)minlen, (unsigned long)maxlen);
-                   return HES_BAD_LEN;
+                       if (errno != EINTR)
+                       {
+                               syslog(LOG_ERR, "Input error on pipe: %s", strerror(errno));
+                               return HES_IO_ERROR_IN;
+                       }
                }
-           }
-       }
-    } while (n < goal);
+               else if (m == 0)
+               {
+                       return HES_OK;      /* treat empty message as EOF */
+               }
+               else
+               {
+                       n += m;
+                       if (n >= sizeof(size_t))
+                       {
+                               goal = *(size_t *)(void *)stuff;
+                               if (goal < minlen || maxlen < goal)
+                               {
+                                       if (debug)
+                                               fprintf(stderr, "%lu : [%lu, %lu]\n"
+                                                       , (unsigned long)goal
+                                                       , (unsigned long)minlen, (unsigned long)maxlen);
+                                       return HES_BAD_LEN;
+                               }
+                       }
+               }
+       } while (n < goal);
 
-    return HES_CONTINUE;
+       return HES_CONTINUE;
 }
 
 /* Write a variable-length record to a pipe.
@@ -135,27 +135,27 @@ read_pipe(int fd, unsigned char *stuff, size_t minlen, size_t maxlen)
 static enum helper_exit_status
 write_pipe(int fd, const unsigned char *stuff)
 {
-    size_t len = *(const size_t *)(const void *)stuff;
-    size_t n = 0;
+       size_t len = *(const size_t *)(const void *)stuff;
+       size_t n = 0;
 
-    do {
-       ssize_t m = write(fd, stuff + n, len - n);
+       do {
+               ssize_t m = write(fd, stuff + n, len - n);
 
-       if (m == -1)
-       {
-           /* error, but ignore and retry if EINTR */
-           if (errno != EINTR)
-           {
-               syslog(LOG_ERR, "Output error from master: %s", strerror(errno));
-               return HES_IO_ERROR_OUT;
-           }
-       }
-       else
-       {
-           n += m;
-       }
-    } while (n != len);
-    return HES_CONTINUE;
+               if (m == -1)
+               {
+                       /* error, but ignore and retry if EINTR */
+                       if (errno != EINTR)
+                       {
+                               syslog(LOG_ERR, "Output error from master: %s", strerror(errno));
+                               return HES_IO_ERROR_OUT;
+                       }
+               }
+               else
+               {
+                       n += m;
+               }
+       } while (n != len);
+       return HES_CONTINUE;
 }
 
 /**************** worker process ****************/
@@ -171,14 +171,14 @@ write_pipe(int fd, const unsigned char *stuff)
  */
 
 #if (__RES) <= 19960801
-# define OLD_RESOLVER  1
+# define OLD_RESOLVER   1
 #endif
 
 #ifdef OLD_RESOLVER
 
 # define res_ninit(statp) res_init()
 # define res_nquery(statp, dname, class, type, answer, anslen) \
-    res_query(dname, class, type, answer, anslen)
+       res_query(dname, class, type, answer, anslen)
 # define res_nclose(statp) res_close()
 
 static struct __res_state *statp = &_res;
@@ -193,75 +193,75 @@ static res_state statp = &my_res_state;
 static int
 worker(int qfd, int afd)
 {
-    {
-       int r = res_ninit(statp);
-
-       if (r != 0)
        {
-           syslog(LOG_ERR, "cannot initialize resolver");
-           return HES_RES_INIT;
-       }
+               int r = res_ninit(statp);
+
+               if (r != 0)
+               {
+                       syslog(LOG_ERR, "cannot initialize resolver");
+                       return HES_RES_INIT;
+               }
 #ifndef OLD_RESOLVER
-       statp->options |= RES_ROTATE;
+               statp->options |= RES_ROTATE;
 #endif
-       statp->options |= RES_DEBUG;
-    }
+               statp->options |= RES_DEBUG;
+       }
 
-    for (;;)
-    {
-       struct adns_query q;
-       struct adns_answer a;
+       for (;;)
+       {
+               struct adns_query q;
+               struct adns_answer a;
 
-       enum helper_exit_status r = read_pipe(qfd, (unsigned char *)&q
-           , sizeof(q), sizeof(q));
+               enum helper_exit_status r = read_pipe(qfd, (unsigned char *)&q
+                       , sizeof(q), sizeof(q));
 
-       if (r != HES_CONTINUE)
-           return r;   /* some kind of exit */
+               if (r != HES_CONTINUE)
+                       return r;   /* some kind of exit */
 
-       if (q.qmagic != ADNS_Q_MAGIC)
-       {
-           syslog(LOG_ERR, "error in input from master: bad magic");
-           return HES_BAD_MAGIC;
-       }
+               if (q.qmagic != ADNS_Q_MAGIC)
+               {
+                       syslog(LOG_ERR, "error in input from master: bad magic");
+                       return HES_BAD_MAGIC;
+               }
 
-       a.amagic = ADNS_A_MAGIC;
-       a.serial = q.serial;
+               a.amagic = ADNS_A_MAGIC;
+               a.serial = q.serial;
 
-       a.result = res_nquery(statp, q.name_buf, C_IN, q.type, a.ans, sizeof(a.ans));
-       a.h_errno_val = h_errno;
+               a.result = res_nquery(statp, q.name_buf, C_IN, q.type, a.ans, sizeof(a.ans));
+               a.h_errno_val = h_errno;
 
-       a.len = offsetof(struct adns_answer, ans) + (a.result < 0? 0 : a.result);
+               a.len = offsetof(struct adns_answer, ans) + (a.result < 0? 0 : a.result);
 
 #ifdef DEBUG
-       if (((q.debugging & IMPAIR_DELAY_ADNS_KEY_ANSWER) && q.type == T_KEY)
-       || ((q.debugging & IMPAIR_DELAY_ADNS_TXT_ANSWER) && q.type == T_TXT))
-           sleep(30);  /* delay the answer */
+               if (((q.debugging & IMPAIR_DELAY_ADNS_KEY_ANSWER) && q.type == T_KEY)
+               || ((q.debugging & IMPAIR_DELAY_ADNS_TXT_ANSWER) && q.type == T_TXT))
+                       sleep(30);  /* delay the answer */
 #endif
 
-       /* write answer, possibly a bit at a time */
-       r = write_pipe(afd, (const unsigned char *)&a);
+               /* write answer, possibly a bit at a time */
+               r = write_pipe(afd, (const unsigned char *)&a);
 
-       if (r != HES_CONTINUE)
-           return r;   /* some kind of exit */
-    }
+               if (r != HES_CONTINUE)
+                       return r;   /* some kind of exit */
+       }
 }
 
 /**************** master process ****************/
 
 bool eof_from_pluto = FALSE;
-#define PLUTO_QFD      0       /* queries come on stdin */
-#define PLUTO_AFD      1       /* answers go out on stdout */
+#define PLUTO_QFD       0       /* queries come on stdin */
+#define PLUTO_AFD       1       /* answers go out on stdout */
 
 #ifndef MAX_WORKERS
-# define MAX_WORKERS 10        /* number of in-flight queries */
+# define MAX_WORKERS 10 /* number of in-flight queries */
 #endif
 
 struct worker_info {
-    int qfd;   /* query pipe's file descriptor */
-    int afd;   /* answer pipe's file descriptor */
-    pid_t pid;
-    bool busy;
-    void *continuation;        /* of outstanding request */
+       int qfd;    /* query pipe's file descriptor */
+       int afd;    /* answer pipe's file descriptor */
+       pid_t pid;
+       bool busy;
+       void *continuation; /* of outstanding request */
 };
 
 static struct worker_info wi[MAX_WORKERS];
@@ -270,300 +270,300 @@ static struct worker_info *wi_roof = wi;
 /* request FIFO */
 
 struct query_list {
-    struct query_list *next;
-    struct adns_query aq;
+       struct query_list *next;
+       struct adns_query aq;
 };
 
 static struct query_list *oldest_query = NULL;
-static struct query_list *newest_query;        /* undefined when oldest == NULL */
+static struct query_list *newest_query; /* undefined when oldest == NULL */
 static struct query_list *free_queries = NULL;
 
 static bool
 spawn_worker(void)
 {
-    int qfds[2];
-    int afds[2];
-    pid_t p;
-
-    if (pipe(qfds) != 0 || pipe(afds) != 0)
-    {
-       syslog(LOG_ERR, "pipe(2) failed: %s", strerror(errno));
-       exit(HES_PIPE);
-    }
-
-    wi_roof->qfd = qfds[1];    /* write end of query pipe */
-    wi_roof->afd = afds[0];    /* read end of answer pipe */
-
-    p = fork();
-    if (p == -1)
-    {
-       /* fork failed: ignore if at least one worker exists */
-       if (wi_roof == wi)
+       int qfds[2];
+       int afds[2];
+       pid_t p;
+
+       if (pipe(qfds) != 0 || pipe(afds) != 0)
+       {
+               syslog(LOG_ERR, "pipe(2) failed: %s", strerror(errno));
+               exit(HES_PIPE);
+       }
+
+       wi_roof->qfd = qfds[1];     /* write end of query pipe */
+       wi_roof->afd = afds[0];     /* read end of answer pipe */
+
+       p = fork();
+       if (p == -1)
+       {
+               /* fork failed: ignore if at least one worker exists */
+               if (wi_roof == wi)
+               {
+                       syslog(LOG_ERR, "fork(2) error creating first worker: %s", strerror(errno));
+                       exit(HES_FORK);
+               }
+               close(qfds[0]);
+               close(qfds[1]);
+               close(afds[0]);
+               close(afds[1]);
+               return FALSE;
+       }
+       else if (p == 0)
        {
-           syslog(LOG_ERR, "fork(2) error creating first worker: %s", strerror(errno));
-           exit(HES_FORK);
+               /* child */
+               struct worker_info *w;
+
+               close(PLUTO_QFD);
+               close(PLUTO_AFD);
+               /* close all master pipes, including ours */
+               for (w = wi; w <= wi_roof; w++)
+               {
+                       close(w->qfd);
+                       close(w->afd);
+               }
+               exit(worker(qfds[0], afds[1]));
        }
-       close(qfds[0]);
-       close(qfds[1]);
-       close(afds[0]);
-       close(afds[1]);
-       return FALSE;
-    }
-    else if (p == 0)
-    {
-       /* child */
-       struct worker_info *w;
-
-       close(PLUTO_QFD);
-       close(PLUTO_AFD);
-       /* close all master pipes, including ours */
-       for (w = wi; w <= wi_roof; w++)
+       else
        {
-           close(w->qfd);
-           close(w->afd);
+               /* parent */
+               struct worker_info *w = wi_roof++;
+
+               w->pid = p;
+               w->busy = FALSE;
+               close(qfds[0]);
+               close(afds[1]);
+               return TRUE;
        }
-       exit(worker(qfds[0], afds[1]));
-    }
-    else
-    {
-       /* parent */
-       struct worker_info *w = wi_roof++;
-
-       w->pid = p;
-       w->busy = FALSE;
-       close(qfds[0]);
-       close(afds[1]);
-       return TRUE;
-    }
 }
 
 static void
 send_eof(struct worker_info *w)
 {
-    pid_t p;
-    int status;
+       pid_t p;
+       int status;
 
-    close(w->qfd);
-    w->qfd = NULL_FD;
+       close(w->qfd);
+       w->qfd = NULL_FD;
 
-    close(w->afd);
-    w->afd = NULL_FD;
+       close(w->afd);
+       w->afd = NULL_FD;
 
-    /* reap child */
-    p = waitpid(w->pid, &status, 0);
-    /* ignore result -- what could we do with it? */
+       /* reap child */
+       p = waitpid(w->pid, &status, 0);
+       /* ignore result -- what could we do with it? */
 }
 
 static void
 forward_query(struct worker_info *w)
 {
-    struct query_list *q = oldest_query;
-
-    if (q == NULL)
-    {
-       if (eof_from_pluto)
-           send_eof(w);
-    }
-    else
-    {
-       enum helper_exit_status r
-           = write_pipe(w->qfd, (const unsigned char *) &q->aq);
-
-       if (r != HES_CONTINUE)
-           exit(r);
-
-       w->busy = TRUE;
-
-       oldest_query = q->next;
-       q->next = free_queries;
-       free_queries = q;
-    }
+       struct query_list *q = oldest_query;
+
+       if (q == NULL)
+       {
+               if (eof_from_pluto)
+                       send_eof(w);
+       }
+       else
+       {
+               enum helper_exit_status r
+                       = write_pipe(w->qfd, (const unsigned char *) &q->aq);
+
+               if (r != HES_CONTINUE)
+                       exit(r);
+
+               w->busy = TRUE;
+
+               oldest_query = q->next;
+               q->next = free_queries;
+               free_queries = q;
+       }
 }
 
 static void
 query(void)
 {
-    struct query_list *q = free_queries;
-    enum helper_exit_status r;
+       struct query_list *q = free_queries;
+       enum helper_exit_status r;
 
-    /* find an unused queue entry */
-    if (q == NULL)
-    {
-       q = malloc(sizeof(*q));
+       /* find an unused queue entry */
        if (q == NULL)
        {
-           syslog(LOG_ERR, "malloc(3) failed");
-           exit(HES_MALLOC);
+               q = malloc(sizeof(*q));
+               if (q == NULL)
+               {
+                       syslog(LOG_ERR, "malloc(3) failed");
+                       exit(HES_MALLOC);
+               }
        }
-    }
-    else
-    {
-       free_queries = q->next;
-    }
-
-    r = read_pipe(PLUTO_QFD, (unsigned char *)&q->aq
-       , sizeof(q->aq), sizeof(q->aq));
-
-    if (r == HES_OK)
-    {
-       /* EOF: we're done, except for unanswered queries */
-       struct worker_info *w;
-
-       eof_from_pluto = TRUE;
-       q->next = free_queries;
-       free_queries = q;
-
-       /* Send bye-bye to unbusy processes.
-        * Note that if there are queued queries, there won't be
-        * any non-busy workers.
-        */
-       for (w = wi; w != wi_roof; w++)
-           if (!w->busy)
-               send_eof(w);
-    }
-    else if (r != HES_CONTINUE)
-    {
-       exit(r);
-    }
-    else if (q->aq.qmagic != ADNS_Q_MAGIC)
-    {
-       syslog(LOG_ERR, "error in query from Pluto: bad magic");
-       exit(HES_BAD_MAGIC);
-    }
-    else
-    {
-       struct worker_info *w;
-
-       /* got a query */
-
-       /* add it to FIFO */
-       q->next = NULL;
-       if (oldest_query == NULL)
-           oldest_query = q;
        else
-           newest_query->next = q;
-       newest_query = q;
+       {
+               free_queries = q->next;
+       }
+
+       r = read_pipe(PLUTO_QFD, (unsigned char *)&q->aq
+               , sizeof(q->aq), sizeof(q->aq));
 
-       /* See if any worker available */
-       for (w = wi; ; w++)
+       if (r == HES_OK)
        {
-           if (w == wi_roof)
-           {
-               /* no free worker */
-               if (w == wi + MAX_WORKERS)
-                   break;      /* no more to be created */
-               /* make a new one */
-               if (!spawn_worker())
-                   break;      /* cannot create one at this time */
-           }
-           if (!w->busy)
-           {
-               /* assign first to free worker */
-               forward_query(w);
-               break;
-           }
+               /* EOF: we're done, except for unanswered queries */
+               struct worker_info *w;
+
+               eof_from_pluto = TRUE;
+               q->next = free_queries;
+               free_queries = q;
+
+               /* Send bye-bye to unbusy processes.
+                * Note that if there are queued queries, there won't be
+                * any non-busy workers.
+                */
+               for (w = wi; w != wi_roof; w++)
+                       if (!w->busy)
+                               send_eof(w);
+       }
+       else if (r != HES_CONTINUE)
+       {
+               exit(r);
+       }
+       else if (q->aq.qmagic != ADNS_Q_MAGIC)
+       {
+               syslog(LOG_ERR, "error in query from Pluto: bad magic");
+               exit(HES_BAD_MAGIC);
+       }
+       else
+       {
+               struct worker_info *w;
+
+               /* got a query */
+
+               /* add it to FIFO */
+               q->next = NULL;
+               if (oldest_query == NULL)
+                       oldest_query = q;
+               else
+                       newest_query->next = q;
+               newest_query = q;
+
+               /* See if any worker available */
+               for (w = wi; ; w++)
+               {
+                       if (w == wi_roof)
+                       {
+                               /* no free worker */
+                               if (w == wi + MAX_WORKERS)
+                                       break;      /* no more to be created */
+                               /* make a new one */
+                               if (!spawn_worker())
+                                       break;      /* cannot create one at this time */
+                       }
+                       if (!w->busy)
+                       {
+                               /* assign first to free worker */
+                               forward_query(w);
+                               break;
+                       }
+               }
        }
-    }
-    return;
+       return;
 }
 
 static void
 answer(struct worker_info *w)
 {
-    struct adns_answer a;
-    enum helper_exit_status r = read_pipe(w->afd, (unsigned char *)&a
-       , offsetof(struct adns_answer, ans), sizeof(a));
-
-    if (r == HES_OK)
-    {
-       /* unexpected EOF */
-       syslog(LOG_ERR, "unexpected EOF from worker");
-       exit(HES_IO_ERROR_IN);
-    }
-    else if (r != HES_CONTINUE)
-    {
-       exit(r);
-    }
-    else if (a.amagic != ADNS_A_MAGIC)
-    {
-       syslog(LOG_ERR, "Input from worker error: bad magic");
-       exit(HES_BAD_MAGIC);
-    }
-    else if (a.continuation != w->continuation)
-    {
-       /* answer doesn't match query */
-       syslog(LOG_ERR, "Input from worker error: continuation mismatch");
-       exit(HES_SYNC);
-    }
-    else
-    {
-       /* pass the answer on to Pluto */
-       enum helper_exit_status r
-           = write_pipe(PLUTO_AFD, (const unsigned char *) &a);
-
-       if (r != HES_CONTINUE)
-           exit(r);
-       w->busy = FALSE;
-       forward_query(w);
-    }
+       struct adns_answer a;
+       enum helper_exit_status r = read_pipe(w->afd, (unsigned char *)&a
+               , offsetof(struct adns_answer, ans), sizeof(a));
+
+       if (r == HES_OK)
+       {
+               /* unexpected EOF */
+               syslog(LOG_ERR, "unexpected EOF from worker");
+               exit(HES_IO_ERROR_IN);
+       }
+       else if (r != HES_CONTINUE)
+       {
+               exit(r);
+       }
+       else if (a.amagic != ADNS_A_MAGIC)
+       {
+               syslog(LOG_ERR, "Input from worker error: bad magic");
+               exit(HES_BAD_MAGIC);
+       }
+       else if (a.continuation != w->continuation)
+       {
+               /* answer doesn't match query */
+               syslog(LOG_ERR, "Input from worker error: continuation mismatch");
+               exit(HES_SYNC);
+       }
+       else
+       {
+               /* pass the answer on to Pluto */
+               enum helper_exit_status r
+                       = write_pipe(PLUTO_AFD, (const unsigned char *) &a);
+
+               if (r != HES_CONTINUE)
+                       exit(r);
+               w->busy = FALSE;
+               forward_query(w);
+       }
 }
 
 /* assumption: input limited; accept blocking on output */
 static int
 master(void)
 {
-    for (;;)
-    {
-       fd_set readfds;
-       int maxfd = PLUTO_QFD;          /* approximate lower bound */
-       int ndes = 0;
-       struct worker_info *w;
-
-       FD_ZERO(&readfds);
-       if (!eof_from_pluto)
+       for (;;)
        {
-           FD_SET(PLUTO_QFD, &readfds);
-           ndes++;
-       }
-       for (w = wi; w != wi_roof; w++)
-       {
-           if (w->busy)
-           {
-               FD_SET(w->afd, &readfds);
-               ndes++;
-               if (maxfd < w->afd)
-                   maxfd = w->afd;
-           }
-       }
+               fd_set readfds;
+               int maxfd = PLUTO_QFD;          /* approximate lower bound */
+               int ndes = 0;
+               struct worker_info *w;
+
+               FD_ZERO(&readfds);
+               if (!eof_from_pluto)
+               {
+                       FD_SET(PLUTO_QFD, &readfds);
+                       ndes++;
+               }
+               for (w = wi; w != wi_roof; w++)
+               {
+                       if (w->busy)
+                       {
+                               FD_SET(w->afd, &readfds);
+                               ndes++;
+                               if (maxfd < w->afd)
+                                       maxfd = w->afd;
+                       }
+               }
 
-       if (ndes == 0)
-           return HES_OK;      /* done! */
+               if (ndes == 0)
+                       return HES_OK;      /* done! */
 
-       do {
-           ndes = select(maxfd + 1, &readfds, NULL, NULL, NULL);
-       } while (ndes == -1 && errno == EINTR);
-       if (ndes == -1)
-       {
-           syslog(LOG_ERR, "select(2) error: %s", strerror(errno));
-           exit(HES_IO_ERROR_SELECT);
-       }
-       else if (ndes > 0)
-       {
-           if (FD_ISSET(PLUTO_QFD, &readfds))
-           {
-               query();
-               ndes--;
-           }
-           for (w = wi; ndes > 0 && w != wi_roof; w++)
-           {
-               if (w->busy && FD_ISSET(w->afd, &readfds))
+               do {
+                       ndes = select(maxfd + 1, &readfds, NULL, NULL, NULL);
+               } while (ndes == -1 && errno == EINTR);
+               if (ndes == -1)
+               {
+                       syslog(LOG_ERR, "select(2) error: %s", strerror(errno));
+                       exit(HES_IO_ERROR_SELECT);
+               }
+               else if (ndes > 0)
                {
-                   answer(w);
-                   ndes--;
+                       if (FD_ISSET(PLUTO_QFD, &readfds))
+                       {
+                               query();
+                               ndes--;
+                       }
+                       for (w = wi; ndes > 0 && w != wi_roof; w++)
+                       {
+                               if (w->busy && FD_ISSET(w->afd, &readfds))
+                               {
+                                       answer(w);
+                                       ndes--;
+                               }
+                       }
                }
-           }
        }
-    }
 }
 
 /* Not to be invoked by strangers -- user hostile.
@@ -574,42 +574,42 @@ master(void)
 static void
 adns_usage(const char *fmt, const char *arg)
 {
-    const char **sp = ipsec_copyright_notice();
+       const char **sp = ipsec_copyright_notice();
 
-    fprintf(stderr, "INTERNAL TO PLUTO: DO NOT EXECUTE\n");
+       fprintf(stderr, "INTERNAL TO PLUTO: DO NOT EXECUTE\n");
 
-    fprintf(stderr, fmt, arg);
-    fprintf(stderr, "\n%s\n", ipsec_version_string());
+       fprintf(stderr, fmt, arg);
+       fprintf(stderr, "\n%s\n", ipsec_version_string());
 
-    for (; *sp != NULL; sp++)
-       fprintf(stderr, "%s\n", *sp);
+       for (; *sp != NULL; sp++)
+               fprintf(stderr, "%s\n", *sp);
 
-    syslog(LOG_ERR, fmt, arg);
-    exit(HES_INVOCATION);
+       syslog(LOG_ERR, fmt, arg);
+       exit(HES_INVOCATION);
 }
 
 int
 main(int argc UNUSED, char **argv)
 {
-    int i = 1;
+       int i = 1;
 
-    name = argv[0];
+       name = argv[0];
 
-    while (i < argc)
-    {
-       if (streq(argv[i], "-d"))
+       while (i < argc)
        {
-           i++;
-           debug = TRUE;
-       }
-       else
-       {
-           adns_usage("unexpected argument \"%s\"", argv[i]);
-           /*NOTREACHED*/
+               if (streq(argv[i], "-d"))
+               {
+                       i++;
+                       debug = TRUE;
+               }
+               else
+               {
+                       adns_usage("unexpected argument \"%s\"", argv[i]);
+                       /*NOTREACHED*/
+               }
        }
-    }
 
-    return master();
+       return master();
 }
 
 #endif /* !USE_LWRES */
index e5be969..69b0fc9 100644 (file)
@@ -14,7 +14,7 @@
  * RCSID $Id$
  */
 
-#ifndef USE_LWRES      /* whole file! */
+#ifndef USE_LWRES       /* whole file! */
 
 /* The interface in RHL6.x and BIND distribution 8.2.2 are different,
  * so we build some of our own :-(
  */
 
 struct adns_query {
-    size_t len;
-    unsigned int qmagic;
-    unsigned long serial;
-    lset_t debugging;  /* only used #ifdef DEBUG, but don't want layout to change */
-    u_char name_buf[NS_MAXDNAME + 2];
-    int type;  /* T_KEY or T_TXT */
+       size_t len;
+       unsigned int qmagic;
+       unsigned long serial;
+       lset_t debugging;   /* only used #ifdef DEBUG, but don't want layout to change */
+       u_char name_buf[NS_MAXDNAME + 2];
+       int type;   /* T_KEY or T_TXT */
 };
 
 struct adns_answer {
-    size_t len;
-    unsigned int amagic;
-    unsigned long serial;
-    struct adns_continuation *continuation;
-    int result;
-    int h_errno_val;
-    u_char ans[NS_PACKETSZ * 10];   /* very probably bigger than necessary */
+       size_t len;
+       unsigned int amagic;
+       unsigned long serial;
+       struct adns_continuation *continuation;
+       int result;
+       int h_errno_val;
+       u_char ans[NS_PACKETSZ * 10];   /* very probably bigger than necessary */
 };
 
 enum helper_exit_status {
-    HES_CONTINUE = -1, /* not an exit */
-    HES_OK = 0,        /* all's well that ends well (perhaps EOF) */
-    HES_INVOCATION,    /* improper invocation */
-    HES_IO_ERROR_SELECT,       /* IO error in select() */
-    HES_MALLOC,        /* malloc failed */
-    HES_IO_ERROR_IN,   /* error reading pipe */
-    HES_IO_ERROR_OUT,  /* error reading pipe */
-    HES_PIPE,  /* pipe(2) failed */
-    HES_SYNC,  /* answer from worker doesn't match query */
-    HES_FORK,  /* fork(2) failed */
-    HES_RES_INIT,      /* resolver initialization failed */
-    HES_BAD_LEN,       /* implausible .len field */
-    HES_BAD_MAGIC,     /* .magic field wrong */
+       HES_CONTINUE = -1,  /* not an exit */
+       HES_OK = 0, /* all's well that ends well (perhaps EOF) */
+       HES_INVOCATION,     /* improper invocation */
+       HES_IO_ERROR_SELECT,        /* IO error in select() */
+       HES_MALLOC, /* malloc failed */
+       HES_IO_ERROR_IN,    /* error reading pipe */
+       HES_IO_ERROR_OUT,   /* error reading pipe */
+       HES_PIPE,   /* pipe(2) failed */
+       HES_SYNC,   /* answer from worker doesn't match query */
+       HES_FORK,   /* fork(2) failed */
+       HES_RES_INIT,       /* resolver initialization failed */
+       HES_BAD_LEN,        /* implausible .len field */
+       HES_BAD_MAGIC,      /* .magic field wrong */
 };
 
 #endif /* !USE_LWRES */
index 3f56fb1..cd09165 100644 (file)
 int
 alg_info_esp_aa2sadb(int auth)
 {
-    int sadb_aalg = 0;
-
-    switch(auth) {
-       case AUTH_ALGORITHM_HMAC_MD5:
-       case AUTH_ALGORITHM_HMAC_SHA1:
-           sadb_aalg = auth + 1;
-           break;
-       case AUTH_ALGORITHM_HMAC_SHA2_256:
-       case AUTH_ALGORITHM_HMAC_SHA2_384:
-       case AUTH_ALGORITHM_HMAC_SHA2_512:
-       case AUTH_ALGORITHM_HMAC_RIPEMD:
-           sadb_aalg = auth;
-           break;
-       default:
-           /* loose ... */
-           sadb_aalg = auth;
-    }
-    return sadb_aalg;
+       int sadb_aalg = 0;
+
+       switch(auth) {
+               case AUTH_ALGORITHM_HMAC_MD5:
+               case AUTH_ALGORITHM_HMAC_SHA1:
+                       sadb_aalg = auth + 1;
+                       break;
+               case AUTH_ALGORITHM_HMAC_SHA2_256:
+               case AUTH_ALGORITHM_HMAC_SHA2_384:
+               case AUTH_ALGORITHM_HMAC_SHA2_512:
+               case AUTH_ALGORITHM_HMAC_RIPEMD:
+                       sadb_aalg = auth;
+                       break;
+               default:
+                       /* loose ... */
+                       sadb_aalg = auth;
+       }
+       return sadb_aalg;
 }
 
 int /* __attribute__ ((unused)) */
 alg_info_esp_sadb2aa(int sadb_aalg)
 {
-    int auth = 0;
-
-    switch(sadb_aalg) {
-       case SADB_AALG_MD5HMAC:
-       case SADB_AALG_SHA1HMAC:
-           auth = sadb_aalg - 1;
-           break;
-       /* since they are the same ...  :)  */
-       case AUTH_ALGORITHM_HMAC_SHA2_256:
-       case AUTH_ALGORITHM_HMAC_SHA2_384:
-       case AUTH_ALGORITHM_HMAC_SHA2_512:
-       case AUTH_ALGORITHM_HMAC_RIPEMD:
-           auth = sadb_aalg;
-           break;
-       default:
-           /* loose ... */
-           auth = sadb_aalg;
-    }
-    return auth;
+       int auth = 0;
+
+       switch(sadb_aalg) {
+               case SADB_AALG_MD5HMAC:
+               case SADB_AALG_SHA1HMAC:
+                       auth = sadb_aalg - 1;
+                       break;
+               /* since they are the same ...  :)  */
+               case AUTH_ALGORITHM_HMAC_SHA2_256:
+               case AUTH_ALGORITHM_HMAC_SHA2_384:
+               case AUTH_ALGORITHM_HMAC_SHA2_512:
+               case AUTH_ALGORITHM_HMAC_RIPEMD:
+                       auth = sadb_aalg;
+                       break;
+               default:
+                       /* loose ... */
+                       auth = sadb_aalg;
+       }
+       return auth;
 }
 
 /*
@@ -97,21 +97,21 @@ alg_info_esp_sadb2aa(int sadb_aalg)
 static int
 enum_search_prefix (enum_names *ed, const char *prefix, const char *str, int strlen)
 {
-    char buf[64];
-    char *ptr;
-    int ret;
-    int len = sizeof(buf) - 1; /* reserve space for final \0 */
-
-    for (ptr = buf; *prefix; *ptr++ = *prefix++, len--);
-    while (strlen-- && len-- && *str) *ptr++ = toupper(*str++);
-    *ptr = 0;
-
-    DBG(DBG_CRYPT,
-       DBG_log("enum_search_prefix () calling enum_search(%p, \"%s\")"
-           , ed, buf)
-    )
-    ret = enum_search(ed, buf);
-    return ret;
+       char buf[64];
+       char *ptr;
+       int ret;
+       int len = sizeof(buf) - 1;  /* reserve space for final \0 */
+
+       for (ptr = buf; *prefix; *ptr++ = *prefix++, len--);
+       while (strlen-- && len-- && *str) *ptr++ = toupper(*str++);
+       *ptr = 0;
+
+       DBG(DBG_CRYPT,
+               DBG_log("enum_search_prefix () calling enum_search(%p, \"%s\")"
+                       , ed, buf)
+       )
+       ret = enum_search(ed, buf);
+       return ret;
 }
 
 /*
@@ -120,99 +120,99 @@ enum_search_prefix (enum_names *ed, const char *prefix, const char *str, int str
 static int
 enum_search_ppfix (enum_names *ed, const char *prefix, const char *postfix, const char *str, int strlen)
 {
-    char buf[64];
-    char *ptr;
-    int ret;
-    int len = sizeof(buf) - 1; /* reserve space for final \0 */
-
-    for (ptr = buf; *prefix; *ptr++ = *prefix++, len--);
-    while (strlen-- && len-- && *str) *ptr++ = toupper(*str++);
-    while (len-- && *postfix) *ptr++ = *postfix++;
-    *ptr = 0;
-
-    DBG(DBG_CRYPT,
-       DBG_log("enum_search_ppfixi () calling enum_search(%p, \"%s\")"
-           , ed, buf)
-    )
-    ret = enum_search(ed, buf);
-    return ret;
+       char buf[64];
+       char *ptr;
+       int ret;
+       int len = sizeof(buf) - 1;  /* reserve space for final \0 */
+
+       for (ptr = buf; *prefix; *ptr++ = *prefix++, len--);
+       while (strlen-- && len-- && *str) *ptr++ = toupper(*str++);
+       while (len-- && *postfix) *ptr++ = *postfix++;
+       *ptr = 0;
+
+       DBG(DBG_CRYPT,
+               DBG_log("enum_search_ppfixi () calling enum_search(%p, \"%s\")"
+                       , ed, buf)
+       )
+       ret = enum_search(ed, buf);
+       return ret;
 }
 
 /*
  * Search esp_transformid_names for a match, eg:
- *     "3des" <=> "ESP_3DES"
+ *      "3des" <=> "ESP_3DES"
  */
 #define ESP_MAGIC_ID 0x00ffff01
 
 static int
 ealg_getbyname_esp(const char *const str, int len)
 {
-    if (!str || !*str)
-    {
-       return -1;
-    }
-
-    /* leave special case for eg:  "id248" string */
-    if (streq("id", str))
-    {
-       return ESP_MAGIC_ID;
-    }
-    return enum_search_prefix(&esp_transformid_names, "ESP_", str, len);
+       if (!str || !*str)
+       {
+               return -1;
+       }
+
+       /* leave special case for eg:  "id248" string */
+       if (streq("id", str))
+       {
+               return ESP_MAGIC_ID;
+       }
+       return enum_search_prefix(&esp_transformid_names, "ESP_", str, len);
 }
 
 /*
  * Search auth_alg_names for a match, eg:
- *     "md5" <=> "AUTH_ALGORITHM_HMAC_MD5"
+ *      "md5" <=> "AUTH_ALGORITHM_HMAC_MD5"
  */
 static int
 aalg_getbyname_esp(const char *const str, int len)
 {
-    int ret;
-    unsigned num;
+       int ret;
+       unsigned num;
 
-    if (!str || !*str)
-       return -1;
+       if (!str || !*str)
+               return -1;
 
-    /* interpret 'SHA' as 'SHA1' */
-    if (strncasecmp("SHA", str, len) == 0)
-       return AUTH_ALGORITHM_HMAC_SHA1;
+       /* interpret 'SHA' as 'SHA1' */
+       if (strncasecmp("SHA", str, len) == 0)
+               return AUTH_ALGORITHM_HMAC_SHA1;
 
-    /* interpret 'AESXCBC' as 'AES_XCBC_MAC' */
-    if (strncasecmp("AESXCBC", str, len) == 0)
-       return AUTH_ALGORITHM_AES_XCBC_MAC;
+       /* interpret 'AESXCBC' as 'AES_XCBC_MAC' */
+       if (strncasecmp("AESXCBC", str, len) == 0)
+               return AUTH_ALGORITHM_AES_XCBC_MAC;
 
-    ret = enum_search_prefix(&auth_alg_names,"AUTH_ALGORITHM_HMAC_", str ,len);
-    if (ret >= 0)
-       return ret;
+       ret = enum_search_prefix(&auth_alg_names,"AUTH_ALGORITHM_HMAC_", str ,len);
+       if (ret >= 0)
+               return ret;
 
-    ret = enum_search_prefix(&auth_alg_names,"AUTH_ALGORITHM_", str, len);
-    if (ret >= 0)
-       return ret;
+       ret = enum_search_prefix(&auth_alg_names,"AUTH_ALGORITHM_", str, len);
+       if (ret >= 0)
+               return ret;
 
-    sscanf(str, "id%d%n", &ret, &num);
-    return (ret >= 0 && num != strlen(str))? -1 : ret;
+       sscanf(str, "id%d%n", &ret, &num);
+       return (ret >= 0 && num != strlen(str))? -1 : ret;
 }
 
 static int
 modp_getbyname_esp(const char *const str, int len)
 {
-    int ret;
+       int ret;
 
-    if (!str || !*str)
-       return -1;
-    
-    ret = enum_search_prefix(&oakley_group_names,"OAKLEY_GROUP_", str, len);
-    if (ret >= 0)
-       return ret;
+       if (!str || !*str)
+               return -1;
+       
+       ret = enum_search_prefix(&oakley_group_names,"OAKLEY_GROUP_", str, len);
+       if (ret >= 0)
+               return ret;
 
-    ret = enum_search_ppfix(&oakley_group_names, "OAKLEY_GROUP_", " (extension)", str, len);
-    return ret;
+       ret = enum_search_ppfix(&oakley_group_names, "OAKLEY_GROUP_", " (extension)", str, len);
+       return ret;
 }
 
 void 
 alg_info_free(struct alg_info *alg_info)
 {
-    free(alg_info);
+       free(alg_info);
 }
 
 /*
@@ -221,36 +221,36 @@ alg_info_free(struct alg_info *alg_info)
 static void
 __alg_info_esp_add (struct alg_info_esp *alg_info, int ealg_id, unsigned ek_bits, int aalg_id, unsigned ak_bits)
 {
-    struct esp_info *esp_info = alg_info->esp;
-    unsigned cnt = alg_info->alg_info_cnt, i;
-
-    /* check for overflows */
-    passert(cnt < countof(alg_info->esp));
-
-    /* dont add duplicates */
-    for (i = 0; i < cnt; i++)
-    {
-       if (esp_info[i].esp_ealg_id == ealg_id
-       && (!ek_bits || esp_info[i].esp_ealg_keylen == ek_bits)
-       && esp_info[i].esp_aalg_id == aalg_id
-       && (!ak_bits || esp_info[i].esp_aalg_keylen == ak_bits))
-           return;
-    }
-
-    esp_info[cnt].esp_ealg_id = ealg_id;
-    esp_info[cnt].esp_ealg_keylen = ek_bits;
-    esp_info[cnt].esp_aalg_id = aalg_id;
-    esp_info[cnt].esp_aalg_keylen = ak_bits;
-
-    /* sadb values */
-    esp_info[cnt].encryptalg = ealg_id;
-    esp_info[cnt].authalg = alg_info_esp_aa2sadb(aalg_id);
-    alg_info->alg_info_cnt++;
-
-    DBG(DBG_CRYPT,
-       DBG_log("__alg_info_esp_add() ealg=%d aalg=%d cnt=%d"
-           , ealg_id, aalg_id, alg_info->alg_info_cnt)
-    )
+       struct esp_info *esp_info = alg_info->esp;
+       unsigned cnt = alg_info->alg_info_cnt, i;
+
+       /* check for overflows */
+       passert(cnt < countof(alg_info->esp));
+
+       /* dont add duplicates */
+       for (i = 0; i < cnt; i++)
+       {
+               if (esp_info[i].esp_ealg_id == ealg_id
+               && (!ek_bits || esp_info[i].esp_ealg_keylen == ek_bits)
+               && esp_info[i].esp_aalg_id == aalg_id
+               && (!ak_bits || esp_info[i].esp_aalg_keylen == ak_bits))
+                       return;
+       }
+
+       esp_info[cnt].esp_ealg_id = ealg_id;
+       esp_info[cnt].esp_ealg_keylen = ek_bits;
+       esp_info[cnt].esp_aalg_id = aalg_id;
+       esp_info[cnt].esp_aalg_keylen = ak_bits;
+
+       /* sadb values */
+       esp_info[cnt].encryptalg = ealg_id;
+       esp_info[cnt].authalg = alg_info_esp_aa2sadb(aalg_id);
+       alg_info->alg_info_cnt++;
+
+       DBG(DBG_CRYPT,
+               DBG_log("__alg_info_esp_add() ealg=%d aalg=%d cnt=%d"
+                       , ealg_id, aalg_id, alg_info->alg_info_cnt)
+       )
 }
 
 /*
@@ -259,138 +259,138 @@ __alg_info_esp_add (struct alg_info_esp *alg_info, int ealg_id, unsigned ek_bits
 static void
 alg_info_esp_add (struct alg_info *alg_info, int ealg_id, int ek_bits, int aalg_id, int ak_bits)
 {
-    /* Policy: default to 3DES */
-    if (ealg_id == 0)
-       ealg_id = ESP_3DES;
+       /* Policy: default to 3DES */
+       if (ealg_id == 0)
+               ealg_id = ESP_3DES;
 
-    if (ealg_id > 0)
-    {
+       if (ealg_id > 0)
+       {
 #ifndef NO_PLUTO
-       if (aalg_id > 0)
+               if (aalg_id > 0)
 #else
-       /* Allow no auth for manual conns (from spi.c) */
-       if (aalg_id >= 0)
+               /* Allow no auth for manual conns (from spi.c) */
+               if (aalg_id >= 0)
 #endif
-           __alg_info_esp_add((struct alg_info_esp *)alg_info,
-                               ealg_id, ek_bits,
-                               aalg_id, ak_bits);
-       else
-       {
-           /* Policy: default to MD5 and SHA1 */
-           __alg_info_esp_add((struct alg_info_esp *)alg_info,
-                               ealg_id, ek_bits,
-                               AUTH_ALGORITHM_HMAC_MD5, ak_bits);
-           __alg_info_esp_add((struct alg_info_esp *)alg_info,
-                               ealg_id, ek_bits,
-                               AUTH_ALGORITHM_HMAC_SHA1, ak_bits);
+                       __alg_info_esp_add((struct alg_info_esp *)alg_info,
+                                                               ealg_id, ek_bits,
+                                                               aalg_id, ak_bits);
+               else
+               {
+                       /* Policy: default to MD5 and SHA1 */
+                       __alg_info_esp_add((struct alg_info_esp *)alg_info,
+                                                               ealg_id, ek_bits,
+                                                               AUTH_ALGORITHM_HMAC_MD5, ak_bits);
+                       __alg_info_esp_add((struct alg_info_esp *)alg_info,
+                                                               ealg_id, ek_bits,
+                                                               AUTH_ALGORITHM_HMAC_SHA1, ak_bits);
+               }
        }
-    }
 }
 
 #ifndef NO_PLUTO
 /**************************************
  *
- *     IKE alg
+ *      IKE alg
  *
  *************************************/
 /*
  * Search oakley_enc_names for a match, eg:
- *     "3des_cbc" <=> "OAKLEY_3DES_CBC"
+ *      "3des_cbc" <=> "OAKLEY_3DES_CBC"
  */
 static int
 ealg_getbyname_ike(const char *const str, int len)
 {
-    int ret;
+       int ret;
 
-    if (!str || !*str)
-       return -1;
+       if (!str || !*str)
+               return -1;
 
-    ret = enum_search_prefix(&oakley_enc_names,"OAKLEY_", str, len);
-    if (ret >= 0)
-       return ret;
+       ret = enum_search_prefix(&oakley_enc_names,"OAKLEY_", str, len);
+       if (ret >= 0)
+               return ret;
 
-    ret = enum_search_ppfix(&oakley_enc_names, "OAKLEY_", "_CBC", str, len);
-    return ret;
+       ret = enum_search_ppfix(&oakley_enc_names, "OAKLEY_", "_CBC", str, len);
+       return ret;
 }
 
 /*
  * Search  oakley_hash_names for a match, eg:
- *     "md5" <=> "OAKLEY_MD5"
+ *      "md5" <=> "OAKLEY_MD5"
  */
 static int
 aalg_getbyname_ike(const char *const str, int len)
 {
-    int ret;
-    unsigned num;
+       int ret;
+       unsigned num;
 
-    if (!str || !*str)
-       return -1;
+       if (!str || !*str)
+               return -1;
 
-    /* interpret 'SHA1' as 'SHA' */
-    if (strncasecmp("SHA1", str, len) == 0)
-       return enum_search(&oakley_hash_names, "OAKLEY_SHA");
+       /* interpret 'SHA1' as 'SHA' */
+       if (strncasecmp("SHA1", str, len) == 0)
+               return enum_search(&oakley_hash_names, "OAKLEY_SHA");
 
-    ret = enum_search_prefix(&oakley_hash_names,"OAKLEY_", str, len);
-    if (ret >= 0)
-       return ret;
+       ret = enum_search_prefix(&oakley_hash_names,"OAKLEY_", str, len);
+       if (ret >= 0)
+               return ret;
 
-    sscanf(str, "id%d%n", &ret, &num);
-    return (ret >=0 && num != strlen(str))? -1 : ret;
+       sscanf(str, "id%d%n", &ret, &num);
+       return (ret >=0 && num != strlen(str))? -1 : ret;
 }
 
 /*
  * Search oakley_group_names for a match, eg:
- *     "modp1024" <=> "OAKLEY_GROUP_MODP1024"
+ *      "modp1024" <=> "OAKLEY_GROUP_MODP1024"
  */
 static int
 modp_getbyname_ike(const char *const str, int len)
 {
-    int ret;
+       int ret;
 
-    if (!str || !*str)
-       return -1;
+       if (!str || !*str)
+               return -1;
 
-    ret = enum_search_prefix(&oakley_group_names,"OAKLEY_GROUP_", str, len);
-    if (ret >= 0)
-       return ret;
+       ret = enum_search_prefix(&oakley_group_names,"OAKLEY_GROUP_", str, len);
+       if (ret >= 0)
+               return ret;
 
-    ret = enum_search_ppfix(&oakley_group_names, "OAKLEY_GROUP_", " (extension)", str, len);
-    return ret;
+       ret = enum_search_ppfix(&oakley_group_names, "OAKLEY_GROUP_", " (extension)", str, len);
+       return ret;
 }
 
 static void
 __alg_info_ike_add (struct alg_info_ike *alg_info, int ealg_id, unsigned ek_bits, int aalg_id, unsigned ak_bits, int modp_id)
 {
-    struct ike_info *ike_info = alg_info->ike;
-    unsigned cnt = alg_info->alg_info_cnt;
-    unsigned i;
+       struct ike_info *ike_info = alg_info->ike;
+       unsigned cnt = alg_info->alg_info_cnt;
+       unsigned i;
 
-    /* check for overflows */
-    passert(cnt < countof(alg_info->ike));
+       /* check for overflows */
+       passert(cnt < countof(alg_info->ike));
 
-    /* dont add duplicates */
+       /* dont add duplicates */
    for (i = 0;i < cnt; i++)
    {
-       if (ike_info[i].ike_ealg == ealg_id
-       && (!ek_bits || ike_info[i].ike_eklen == ek_bits)
-       &&  ike_info[i].ike_halg == aalg_id
-       && (!ak_bits || ike_info[i].ike_hklen == ak_bits)
-       &&  ike_info[i].ike_modp==modp_id)
-           return;
-    }
-
-    ike_info[cnt].ike_ealg = ealg_id;
-    ike_info[cnt].ike_eklen = ek_bits;
-    ike_info[cnt].ike_halg = aalg_id;
-    ike_info[cnt].ike_hklen = ak_bits;
-    ike_info[cnt].ike_modp = modp_id;
-    alg_info->alg_info_cnt++;
-
-    DBG(DBG_CRYPT,
-       DBG_log("__alg_info_ike_add() ealg=%d aalg=%d modp_id=%d, cnt=%d"
-               , ealg_id, aalg_id, modp_id
-               , alg_info->alg_info_cnt)
-    )
+               if (ike_info[i].ike_ealg == ealg_id
+               && (!ek_bits || ike_info[i].ike_eklen == ek_bits)
+               &&  ike_info[i].ike_halg == aalg_id
+               && (!ak_bits || ike_info[i].ike_hklen == ak_bits)
+               &&  ike_info[i].ike_modp==modp_id)
+                       return;
+       }
+
+       ike_info[cnt].ike_ealg = ealg_id;
+       ike_info[cnt].ike_eklen = ek_bits;
+       ike_info[cnt].ike_halg = aalg_id;
+       ike_info[cnt].ike_hklen = ak_bits;
+       ike_info[cnt].ike_modp = modp_id;
+       alg_info->alg_info_cnt++;
+
+       DBG(DBG_CRYPT,
+               DBG_log("__alg_info_ike_add() ealg=%d aalg=%d modp_id=%d, cnt=%d"
+                               , ealg_id, aalg_id, modp_id
+                               , alg_info->alg_info_cnt)
+       )
 }
 
 /*
@@ -399,318 +399,318 @@ __alg_info_ike_add (struct alg_info_ike *alg_info, int ealg_id, unsigned ek_bits
  */
 
 static int default_ike_groups[] = { 
-    OAKLEY_GROUP_MODP1536,
-    OAKLEY_GROUP_MODP1024
+       OAKLEY_GROUP_MODP1536,
+       OAKLEY_GROUP_MODP1024
 };
 
-/*     
- *     Add IKE alg info _with_ logic (policy):
+/*      
+ *      Add IKE alg info _with_ logic (policy):
  */
 static void
 alg_info_ike_add (struct alg_info *alg_info, int ealg_id, int ek_bits, int aalg_id, int ak_bits, int modp_id)
 {
-    int i = 0;
-    int n_groups = countof(default_ike_groups);
-
-    /* if specified modp_id avoid loop over default_ike_groups */
-    if (modp_id)
-    {
-       n_groups=0;
-       goto in_loop;
-    }
-       
-    for (; n_groups--; i++)
-    {
-       modp_id = default_ike_groups[i];
-in_loop:
-       /* Policy: default to 3DES */
-       if (ealg_id == 0)
-           ealg_id = OAKLEY_3DES_CBC;
+       int i = 0;
+       int n_groups = countof(default_ike_groups);
 
-       if (ealg_id > 0)
+       /* if specified modp_id avoid loop over default_ike_groups */
+       if (modp_id)
+       {
+               n_groups=0;
+               goto in_loop;
+       }
+               
+       for (; n_groups--; i++)
        {
-           if (aalg_id > 0)
-               __alg_info_ike_add((struct alg_info_ike *)alg_info,
-                                  ealg_id, ek_bits,
-                                  aalg_id, ak_bits,
-                                  modp_id);
-           else
-           {
-               /* Policy: default to MD5 and SHA */
-               __alg_info_ike_add((struct alg_info_ike *)alg_info,
-                                  ealg_id, ek_bits,
-                                  OAKLEY_MD5, ak_bits,
-                                  modp_id);
-               __alg_info_ike_add((struct alg_info_ike *)alg_info,
-                                  ealg_id, ek_bits,
-                                  OAKLEY_SHA, ak_bits,
-                                  modp_id);
-           }
+               modp_id = default_ike_groups[i];
+in_loop:
+               /* Policy: default to 3DES */
+               if (ealg_id == 0)
+                       ealg_id = OAKLEY_3DES_CBC;
+
+               if (ealg_id > 0)
+               {
+                       if (aalg_id > 0)
+                               __alg_info_ike_add((struct alg_info_ike *)alg_info,
+                                                                  ealg_id, ek_bits,
+                                                                  aalg_id, ak_bits,
+                                                                  modp_id);
+                       else
+                       {
+                               /* Policy: default to MD5 and SHA */
+                               __alg_info_ike_add((struct alg_info_ike *)alg_info,
+                                                                  ealg_id, ek_bits,
+                                                                  OAKLEY_MD5, ak_bits,
+                                                                  modp_id);
+                               __alg_info_ike_add((struct alg_info_ike *)alg_info,
+                                                                  ealg_id, ek_bits,
+                                                                  OAKLEY_SHA, ak_bits,
+                                                                  modp_id);
+                       }
+               }
        }
-    }
 }
 #endif /* NO_PLUTO */
 
-/*     
- *     Creates a new alg_info by parsing passed string         
+/*      
+ *      Creates a new alg_info by parsing passed string         
  */
 enum parser_state_esp {
-    ST_INI,
-    ST_EA,             /* encrypt algo   */
-    ST_EA_END,
-    ST_EK,             /* enc. key length */
-    ST_EK_END,
-    ST_AA,             /* auth algo */
-    ST_AA_END,
-    ST_AK,             /* auth. key length */
-    ST_AK_END,
-    ST_MODP,   /* modp spec */
-    ST_FLAG_STRICT,
-    ST_END,
-    ST_EOF,
-    ST_ERR
+       ST_INI,
+       ST_EA,              /* encrypt algo   */
+       ST_EA_END,
+       ST_EK,              /* enc. key length */
+       ST_EK_END,
+       ST_AA,              /* auth algo */
+       ST_AA_END,
+       ST_AK,              /* auth. key length */
+       ST_AK_END,
+       ST_MODP,    /* modp spec */
+       ST_FLAG_STRICT,
+       ST_END,
+       ST_EOF,
+       ST_ERR
 };
 
 static const char *parser_state_esp_names[] = {
-    "ST_INI",
-    "ST_EA",
-    "ST_EA_END",
-    "ST_EK",
-    "ST_EK_END",
-    "ST_AA",
-    "ST_AA_END",
-    "ST_AK",
-    "ST_AK_END",
-    "ST_MOPD",
-    "ST_FLAG_STRICT",
-    "ST_END",
-    "ST_EOF",
-    "ST_ERR"
+       "ST_INI",
+       "ST_EA",
+       "ST_EA_END",
+       "ST_EK",
+       "ST_EK_END",
+       "ST_AA",
+       "ST_AA_END",
+       "ST_AK",
+       "ST_AK_END",
+       "ST_MOPD",
+       "ST_FLAG_STRICT",
+       "ST_END",
+       "ST_EOF",
+       "ST_ERR"
 };
 
 static const char*
 parser_state_name_esp(enum parser_state_esp state)
 {
-    return parser_state_esp_names[state];
+       return parser_state_esp_names[state];
 }
 
 /* XXX:jjo to implement different parser for ESP and IKE */
 struct parser_context {
-    unsigned state, old_state;
-    unsigned protoid;
-    char ealg_buf[16];
-    char aalg_buf[16];
-    char modp_buf[16];
-    int (*ealg_getbyname)(const char *const str, int len);
-    int (*aalg_getbyname)(const char *const str, int len);
-    int (*modp_getbyname)(const char *const str, int len);
-    char *ealg_str;
-    char *aalg_str;
-    char *modp_str;
-    int eklen;
-    int aklen;
-    int ch;
-    const char *err;
+       unsigned state, old_state;
+       unsigned protoid;
+       char ealg_buf[16];
+       char aalg_buf[16];
+       char modp_buf[16];
+       int (*ealg_getbyname)(const char *const str, int len);
+       int (*aalg_getbyname)(const char *const str, int len);
+       int (*modp_getbyname)(const char *const str, int len);
+       char *ealg_str;
+       char *aalg_str;
+       char *modp_str;
+       int eklen;
+       int aklen;
+       int ch;
+       const char *err;
 };
 
 static inline void 
 parser_set_state(struct parser_context *p_ctx, enum parser_state_esp state)
 {
-    if (state != p_ctx->state)
-    {
-       p_ctx->old_state = p_ctx->state;
-       p_ctx->state = state;
-    }
+       if (state != p_ctx->state)
+       {
+               p_ctx->old_state = p_ctx->state;
+               p_ctx->state = state;
+       }
 }
 
 static int 
 parser_machine(struct parser_context *p_ctx)
 {
-    int ch = p_ctx->ch;
-
-    /* special 'absolute' cases */
-    p_ctx->err = "No error.";
-
-    /* chars that end algo strings */
-    switch (ch){
-    case 0:    /* end-of-string */
-    case '!':  /* flag as strict algo list */
-    case ',':  /* algo string separator */
+       int ch = p_ctx->ch;
+
+       /* special 'absolute' cases */
+       p_ctx->err = "No error.";
+
+       /* chars that end algo strings */
+       switch (ch){
+       case 0:     /* end-of-string */
+       case '!':   /* flag as strict algo list */
+       case ',':   /* algo string separator */
+               switch (p_ctx->state) {
+               case ST_EA:
+               case ST_EK:
+               case ST_AA:
+               case ST_AK:
+               case ST_MODP:
+               case ST_FLAG_STRICT:
+                       {
+                               enum parser_state_esp next_state = 0;
+
+                               switch (ch) {
+                               case 0:
+                                       next_state = ST_EOF;
+                                       break;
+                               case ',':
+                                       next_state = ST_END;
+                                       break;
+                               case '!':
+                                       next_state = ST_FLAG_STRICT;
+                                       break;
+                               }
+                               /* ch? parser_set_state(p_ctx, ST_END) : parser_set_state(p_ctx, ST_EOF) ; */
+                               parser_set_state(p_ctx, next_state);
+                               goto out;
+                       }
+               default:
+                       p_ctx->err = "String ended with invalid char";
+                       goto err;
+               }
+       }
+re_eval:
        switch (p_ctx->state) {
+       case ST_INI:
+               if (isspace(ch))
+                       break;
+               if (isalnum(ch))
+               {
+                       *(p_ctx->ealg_str++) = ch;
+                       parser_set_state(p_ctx, ST_EA);
+                       break;
+               }
+               p_ctx->err = "No alphanum. char initially found";
+               goto err;
        case ST_EA:
+               if (isalpha(ch) || ch == '_')
+               {
+                       *(p_ctx->ealg_str++) = ch;
+                       break;
+               }
+               if (isdigit(ch))
+               {
+                       /* bravely switch to enc keylen */
+                       *(p_ctx->ealg_str) = 0;
+                       parser_set_state(p_ctx, ST_EK);
+                       goto re_eval;
+               }
+               if (ch == '-')
+               {
+                       *(p_ctx->ealg_str) = 0;
+                       parser_set_state(p_ctx, ST_EA_END);
+                       break;
+               }
+               p_ctx->err = "No valid char found after enc alg string";
+               goto err;
+       case ST_EA_END:
+               if (isdigit(ch))
+               {
+                       /* bravely switch to enc keylen */
+                       parser_set_state(p_ctx, ST_EK);
+                       goto re_eval;
+               }
+               if (isalpha(ch))
+               {
+                       parser_set_state(p_ctx, ST_AA);
+                       goto re_eval;
+               }
+               p_ctx->err = "No alphanum char found after enc alg separator";
+               goto err;
        case ST_EK:
+               if (ch == '-')
+               {
+                       parser_set_state(p_ctx, ST_EK_END);
+                       break;
+               }
+               if (isdigit(ch))
+               {
+                       p_ctx->eklen = p_ctx->eklen*10 + ch - '0';
+                       break;
+               }
+               p_ctx->err = "Non digit or valid separator found while reading enc keylen";
+               goto err;
+       case ST_EK_END:
+               if (isalpha(ch))
+               {
+                       parser_set_state(p_ctx, ST_AA);
+                       goto re_eval;
+               }
+               p_ctx->err = "Non alpha char found after enc keylen end separator";
+               goto err;
        case ST_AA:
+               if (ch == '-')
+               {
+                       *(p_ctx->aalg_str++) = 0;
+                       parser_set_state(p_ctx, ST_AA_END);
+                       break;
+               }
+               if (isalnum(ch) || ch == '_')
+               {
+                       *(p_ctx->aalg_str++) = ch;
+                       break;
+               }
+               p_ctx->err = "Non alphanum or valid separator found in auth string";
+               goto err;
+       case ST_AA_END:
+               if (isdigit(ch))
+               {
+                       parser_set_state(p_ctx, ST_AK);
+                       goto re_eval;
+               }
+               /* Only allow modpXXXX string if we have a modp_getbyname method */
+               if ((p_ctx->modp_getbyname) && isalpha(ch))
+               {
+                       parser_set_state(p_ctx, ST_MODP);
+                       goto re_eval;
+               }
+               p_ctx->err = "Non initial digit found for auth keylen";
+               goto err;
        case ST_AK:
+               if (ch=='-')
+               {
+                       parser_set_state(p_ctx, ST_AK_END);
+                       break;
+               }
+               if (isdigit(ch))
+               {
+                       p_ctx->aklen = p_ctx->aklen*10 + ch - '0';
+                       break;
+               }
+               p_ctx->err = "Non digit found for auth keylen";
+               goto err;
+       case ST_AK_END:
+               /* Only allow modpXXXX string if we have a modp_getbyname method */
+               if ((p_ctx->modp_getbyname) && isalpha(ch))
+               {
+                       parser_set_state(p_ctx, ST_MODP);
+                       goto re_eval;
+               }
+               p_ctx->err = "Non alpha char found after auth keylen";
+               goto err;
        case ST_MODP:
+               if (isalnum(ch))
+               {
+                       *(p_ctx->modp_str++) = ch;
+                       break;
+               }
+               p_ctx->err = "Non alphanum char found after in modp string";
+               goto err;
        case ST_FLAG_STRICT:
-           {
-               enum parser_state_esp next_state = 0;
-
-               switch (ch) {
-               case 0:
-                   next_state = ST_EOF;
-                   break;
-               case ',':
-                   next_state = ST_END;
-                   break;
-               case '!':
-                   next_state = ST_FLAG_STRICT;
-                   break;
-               }
-               /* ch? parser_set_state(p_ctx, ST_END) : parser_set_state(p_ctx, ST_EOF) ; */
-               parser_set_state(p_ctx, next_state);
-               goto out;
-           }
-       default:
-           p_ctx->err = "String ended with invalid char";
-           goto err;
-       }
-    }
-re_eval:
-    switch (p_ctx->state) {
-    case ST_INI:
-       if (isspace(ch))
-           break;
-       if (isalnum(ch))
-       {
-           *(p_ctx->ealg_str++) = ch;
-           parser_set_state(p_ctx, ST_EA);
-           break;
-       }
-       p_ctx->err = "No alphanum. char initially found";
-       goto err;
-    case ST_EA:
-       if (isalpha(ch) || ch == '_')
-       {
-           *(p_ctx->ealg_str++) = ch;
-           break;
-       }
-       if (isdigit(ch))
-       {
-           /* bravely switch to enc keylen */
-           *(p_ctx->ealg_str) = 0;
-           parser_set_state(p_ctx, ST_EK);
-           goto re_eval;
-       }
-       if (ch == '-')
-       {
-           *(p_ctx->ealg_str) = 0;
-           parser_set_state(p_ctx, ST_EA_END);
-           break;
-       }
-       p_ctx->err = "No valid char found after enc alg string";
-       goto err;
-    case ST_EA_END:
-       if (isdigit(ch))
-       {
-           /* bravely switch to enc keylen */
-           parser_set_state(p_ctx, ST_EK);
-           goto re_eval;
-       }
-       if (isalpha(ch))
-       {
-           parser_set_state(p_ctx, ST_AA);
-           goto re_eval;
-       }
-       p_ctx->err = "No alphanum char found after enc alg separator";
-       goto err;
-    case ST_EK:
-       if (ch == '-')
-       {
-           parser_set_state(p_ctx, ST_EK_END);
-           break;
-       }
-       if (isdigit(ch))
-       {
-           p_ctx->eklen = p_ctx->eklen*10 + ch - '0';
-           break;
-       }
-       p_ctx->err = "Non digit or valid separator found while reading enc keylen";
-       goto err;
-    case ST_EK_END:
-       if (isalpha(ch))
-       {
-           parser_set_state(p_ctx, ST_AA);
-           goto re_eval;
-       }
-       p_ctx->err = "Non alpha char found after enc keylen end separator";
-       goto err;
-    case ST_AA:
-       if (ch == '-')
-       {
-           *(p_ctx->aalg_str++) = 0;
-           parser_set_state(p_ctx, ST_AA_END);
-           break;
-       }
-       if (isalnum(ch) || ch == '_')
-       {
-           *(p_ctx->aalg_str++) = ch;
-           break;
-       }
-       p_ctx->err = "Non alphanum or valid separator found in auth string";
-       goto err;
-    case ST_AA_END:
-       if (isdigit(ch))
-       {
-           parser_set_state(p_ctx, ST_AK);
-           goto re_eval;
-       }
-       /* Only allow modpXXXX string if we have a modp_getbyname method */
-       if ((p_ctx->modp_getbyname) && isalpha(ch))
-       {
-           parser_set_state(p_ctx, ST_MODP);
-           goto re_eval;
-       }
-       p_ctx->err = "Non initial digit found for auth keylen";
-       goto err;
-    case ST_AK:
-       if (ch=='-')
-       {
-           parser_set_state(p_ctx, ST_AK_END);
-           break;
-       }
-       if (isdigit(ch))
-       {
-           p_ctx->aklen = p_ctx->aklen*10 + ch - '0';
-           break;
-       }
-       p_ctx->err = "Non digit found for auth keylen";
-       goto err;
-    case ST_AK_END:
-       /* Only allow modpXXXX string if we have a modp_getbyname method */
-       if ((p_ctx->modp_getbyname) && isalpha(ch))
-       {
-           parser_set_state(p_ctx, ST_MODP);
-           goto re_eval;
-       }
-       p_ctx->err = "Non alpha char found after auth keylen";
-       goto err;
-    case ST_MODP:
-       if (isalnum(ch))
-       {
-           *(p_ctx->modp_str++) = ch;
-           break;
+               if (ch == 0)
+                       parser_set_state(p_ctx, ST_END);
+               p_ctx->err = "Flags character(s) must be at end of whole string";
+               goto err;
+
+       /* XXX */
+       case ST_END:
+       case ST_EOF:
+       case ST_ERR:
+               break;
+       /* XXX */
        }
-       p_ctx->err = "Non alphanum char found after in modp string";
-       goto err;
-    case ST_FLAG_STRICT:
-       if (ch == 0)
-           parser_set_state(p_ctx, ST_END);
-       p_ctx->err = "Flags character(s) must be at end of whole string";
-       goto err;
-
-    /* XXX */
-    case ST_END:
-    case ST_EOF:
-    case ST_ERR:
-       break;
-    /* XXX */
-    }
 out:
-    return p_ctx->state;
+       return p_ctx->state;
 err:
-    parser_set_state(p_ctx, ST_ERR);
-    return ST_ERR;
+       parser_set_state(p_ctx, ST_ERR);
+       return ST_ERR;
 }
 
 /*
@@ -720,470 +720,470 @@ err:
 static void
 parser_init(struct parser_context *p_ctx, unsigned protoid)
 {
-    memset(p_ctx, 0, sizeof (*p_ctx));
-    p_ctx->protoid = protoid; /* XXX: jjo */
-    p_ctx->protoid = PROTO_IPSEC_ESP;
-    p_ctx->ealg_str = p_ctx->ealg_buf;
-    p_ctx->aalg_str = p_ctx->aalg_buf;
-    p_ctx->modp_str = p_ctx->modp_buf;
-    p_ctx->state = ST_INI;
-
-    switch (protoid) {
+       memset(p_ctx, 0, sizeof (*p_ctx));
+       p_ctx->protoid = protoid; /* XXX: jjo */
+       p_ctx->protoid = PROTO_IPSEC_ESP;
+       p_ctx->ealg_str = p_ctx->ealg_buf;
+       p_ctx->aalg_str = p_ctx->aalg_buf;
+       p_ctx->modp_str = p_ctx->modp_buf;
+       p_ctx->state = ST_INI;
+
+       switch (protoid) {
 #ifndef NO_PLUTO
-    case PROTO_ISAKMP:
-       p_ctx->ealg_getbyname = ealg_getbyname_ike;
-       p_ctx->aalg_getbyname = aalg_getbyname_ike;
-       p_ctx->modp_getbyname = modp_getbyname_ike;
-       break;
+       case PROTO_ISAKMP:
+               p_ctx->ealg_getbyname = ealg_getbyname_ike;
+               p_ctx->aalg_getbyname = aalg_getbyname_ike;
+               p_ctx->modp_getbyname = modp_getbyname_ike;
+               break;
 #endif
-    case PROTO_IPSEC_ESP:
-       p_ctx->ealg_getbyname = ealg_getbyname_esp;
-       p_ctx->aalg_getbyname = aalg_getbyname_esp;
-       break;
-    }
+       case PROTO_IPSEC_ESP:
+               p_ctx->ealg_getbyname = ealg_getbyname_esp;
+               p_ctx->aalg_getbyname = aalg_getbyname_esp;
+               break;
+       }
 }
 
 static int
 parser_alg_info_add(struct parser_context *p_ctx, struct alg_info *alg_info)
 {
-    int ealg_id = 0;
-    int aalg_id = 0;
-    int modp_id = 0;
+       int ealg_id = 0;
+       int aalg_id = 0;
+       int modp_id = 0;
 #ifndef NO_PLUTO
-    const struct oakley_group_desc *gd;
+       const struct oakley_group_desc *gd;
 #endif
 
-    if (*p_ctx->ealg_buf)
-    {
-       ealg_id = p_ctx->ealg_getbyname(p_ctx->ealg_buf, strlen(p_ctx->ealg_buf));
-       if (ealg_id == ESP_MAGIC_ID)
+       if (*p_ctx->ealg_buf)
        {
-           ealg_id = p_ctx->eklen;
-           p_ctx->eklen = 0;
-       }
-       if (ealg_id < 0)
-       {
-           p_ctx->err = "enc_alg not found";
-           return -1;
+               ealg_id = p_ctx->ealg_getbyname(p_ctx->ealg_buf, strlen(p_ctx->ealg_buf));
+               if (ealg_id == ESP_MAGIC_ID)
+               {
+                       ealg_id = p_ctx->eklen;
+                       p_ctx->eklen = 0;
+               }
+               if (ealg_id < 0)
+               {
+                       p_ctx->err = "enc_alg not found";
+                       return -1;
+               }
+               DBG(DBG_CRYPT,
+                       DBG_log("parser_alg_info_add() ealg_getbyname(\"%s\")=%d"
+                               , p_ctx->ealg_buf
+                               , ealg_id)
+               )
        }
-       DBG(DBG_CRYPT,
-           DBG_log("parser_alg_info_add() ealg_getbyname(\"%s\")=%d"
-               , p_ctx->ealg_buf
-               , ealg_id)
-       )
-    }
-    if (*p_ctx->aalg_buf)
-    {
-       aalg_id = p_ctx->aalg_getbyname(p_ctx->aalg_buf, strlen(p_ctx->aalg_buf));
-       if (aalg_id < 0)
+       if (*p_ctx->aalg_buf)
        {
-           p_ctx->err = "hash_alg not found";
-           return -1;
+               aalg_id = p_ctx->aalg_getbyname(p_ctx->aalg_buf, strlen(p_ctx->aalg_buf));
+               if (aalg_id < 0)
+               {
+                       p_ctx->err = "hash_alg not found";
+                       return -1;
+               }
+               DBG(DBG_CRYPT,
+                       DBG_log("parser_alg_info_add() aalg_getbyname(\"%s\")=%d"
+                               , p_ctx->aalg_buf
+                               , aalg_id)
+               )
        }
-       DBG(DBG_CRYPT,
-           DBG_log("parser_alg_info_add() aalg_getbyname(\"%s\")=%d"
-               , p_ctx->aalg_buf
-               , aalg_id)
-       )
-    }
-    if (p_ctx->modp_getbyname && *p_ctx->modp_buf)
-    {
-       modp_id = p_ctx->modp_getbyname(p_ctx->modp_buf, strlen(p_ctx->modp_buf));
-       if (modp_id < 0)
+       if (p_ctx->modp_getbyname && *p_ctx->modp_buf)
        {
-           p_ctx->err = "modp group not found";
-           return -1;
+               modp_id = p_ctx->modp_getbyname(p_ctx->modp_buf, strlen(p_ctx->modp_buf));
+               if (modp_id < 0)
+               {
+                       p_ctx->err = "modp group not found";
+                       return -1;
+               }
+               DBG(DBG_CRYPT,
+                       DBG_log("parser_alg_info_add() modp_getbyname(\"%s\")=%d"
+                               , p_ctx->modp_buf
+                               , modp_id)
+               )
        }
-       DBG(DBG_CRYPT,
-           DBG_log("parser_alg_info_add() modp_getbyname(\"%s\")=%d"
-               , p_ctx->modp_buf
-               , modp_id)
-       )
-    }
-    switch (alg_info->alg_info_protoid) {
-    case PROTO_IPSEC_ESP:
-       alg_info_esp_add(alg_info,
-                        ealg_id, p_ctx->eklen,
-                        aalg_id, p_ctx->aklen);
-       break;
+       switch (alg_info->alg_info_protoid) {
+       case PROTO_IPSEC_ESP:
+               alg_info_esp_add(alg_info,
+                                                ealg_id, p_ctx->eklen,
+                                                aalg_id, p_ctx->aklen);
+               break;
 #ifndef NO_PLUTO
-    case PROTO_ISAKMP:
-       if (modp_id && !(gd = lookup_group(modp_id)))
-       {
-           p_ctx->err = "found modp group id, but not supported";
-           return -1;
-       }
-       alg_info_ike_add(alg_info,
-                        ealg_id, p_ctx->eklen,
-                        aalg_id, p_ctx->aklen,
-                        modp_id);
-       break;
+       case PROTO_ISAKMP:
+               if (modp_id && !(gd = lookup_group(modp_id)))
+               {
+                       p_ctx->err = "found modp group id, but not supported";
+                       return -1;
+               }
+               alg_info_ike_add(alg_info,
+                                                ealg_id, p_ctx->eklen,
+                                                aalg_id, p_ctx->aklen,
+                                                modp_id);
+               break;
 #endif
-    default:
-       return -1;
-    }
-    return 0;
+       default:
+               return -1;
+       }
+       return 0;
 }
 
 static int
 alg_info_parse_str (struct alg_info *alg_info, const char *alg_str, const char **err_p)
 {
-    struct parser_context ctx;
-    int ret;
-    const char *ptr;
-    static char err_buf[256];
-
-    *err_buf = 0;
-    parser_init(&ctx, alg_info->alg_info_protoid);
-    if (err_p)
-       *err_p = NULL;
-
-    /* use default if nul esp string */
-    if (!*alg_str)
-    {
-       switch (alg_info->alg_info_protoid) {
+       struct parser_context ctx;
+       int ret;
+       const char *ptr;
+       static char err_buf[256];
+
+       *err_buf = 0;
+       parser_init(&ctx, alg_info->alg_info_protoid);
+       if (err_p)
+               *err_p = NULL;
+
+       /* use default if nul esp string */
+       if (!*alg_str)
+       {
+               switch (alg_info->alg_info_protoid) {
 #ifndef NO_PLUTO
-       case PROTO_ISAKMP:
-           alg_info_ike_add(alg_info, 0, 0, 0, 0, 0);
-           return 0;
+               case PROTO_ISAKMP:
+                       alg_info_ike_add(alg_info, 0, 0, 0, 0, 0);
+                       return 0;
 #endif
-       case PROTO_IPSEC_ESP:
-           alg_info_esp_add(alg_info, 0, 0, 0, 0);
-           return 0;
-       default:
-           /* IMPOSSIBLE */
-           passert(alg_info->alg_info_protoid);
+               case PROTO_IPSEC_ESP:
+                       alg_info_esp_add(alg_info, 0, 0, 0, 0);
+                       return 0;
+               default:
+                       /* IMPOSSIBLE */
+                       passert(alg_info->alg_info_protoid);
+               }
        }
-    }
 
-    for (ret = 0, ptr = alg_str; ret < ST_EOF;)
-    {
-       ctx.ch = *ptr++;
-       ret = parser_machine(&ctx);
-               
-       switch (ret) {
-       case ST_FLAG_STRICT:
-           alg_info->alg_info_flags |= ALG_INFO_F_STRICT;
-           break;
-       case ST_END:
-       case ST_EOF:
-           DBG(DBG_CRYPT,
-               DBG_log("alg_info_parse_str() ealg_buf=%s aalg_buf=%s"
-                       "eklen=%d  aklen=%d",
-                       ctx.ealg_buf, ctx.aalg_buf,
-                       ctx.eklen, ctx.aklen)
-           )
-           if (parser_alg_info_add(&ctx, alg_info) < 0)
-           {
-               snprintf(err_buf, sizeof(err_buf),
-                   "%s, enc_alg=\"%s\", auth_alg=\"%s\", modp=\"%s\"",
-                   ctx.err,
-                   ctx.ealg_buf,
-                   ctx.aalg_buf,
-                   ctx.modp_buf);
-               goto err;
-           }
-           /* zero out for next run (ST_END) */
-           parser_init(&ctx, alg_info->alg_info_protoid);
-           break;
-       case ST_ERR:
-           snprintf(err_buf, sizeof(err_buf),
-               "%s, just after \"%.*s\" (old_state=%s)",
-               ctx.err,
-               (int)(ptr-alg_str-1), alg_str ,
-               parser_state_name_esp(ctx.old_state));
-           goto err;
-       default:
-           if (!ctx.ch)
-               break;
+       for (ret = 0, ptr = alg_str; ret < ST_EOF;)
+       {
+               ctx.ch = *ptr++;
+               ret = parser_machine(&ctx);
+                               
+               switch (ret) {
+               case ST_FLAG_STRICT:
+                       alg_info->alg_info_flags |= ALG_INFO_F_STRICT;
+                       break;
+               case ST_END:
+               case ST_EOF:
+                       DBG(DBG_CRYPT,
+                               DBG_log("alg_info_parse_str() ealg_buf=%s aalg_buf=%s"
+                                               "eklen=%d  aklen=%d",
+                                               ctx.ealg_buf, ctx.aalg_buf,
+                                               ctx.eklen, ctx.aklen)
+                       )
+                       if (parser_alg_info_add(&ctx, alg_info) < 0)
+                       {
+                               snprintf(err_buf, sizeof(err_buf),
+                                       "%s, enc_alg=\"%s\", auth_alg=\"%s\", modp=\"%s\"",
+                                       ctx.err,
+                                       ctx.ealg_buf,
+                                       ctx.aalg_buf,
+                                       ctx.modp_buf);
+                               goto err;
+                       }
+                       /* zero out for next run (ST_END) */
+                       parser_init(&ctx, alg_info->alg_info_protoid);
+                       break;
+               case ST_ERR:
+                       snprintf(err_buf, sizeof(err_buf),
+                               "%s, just after \"%.*s\" (old_state=%s)",
+                               ctx.err,
+                               (int)(ptr-alg_str-1), alg_str ,
+                               parser_state_name_esp(ctx.old_state));
+                       goto err;
+               default:
+                       if (!ctx.ch)
+                               break;
+               }
        }
-    }
-    return 0;
+       return 0;
 err:
-    if (err_p)
-       *err_p=err_buf;
-    return -1;
+       if (err_p)
+               *err_p=err_buf;
+       return -1;
 }
 
 struct alg_info_esp *
 alg_info_esp_create_from_str (const char *alg_str, const char **err_p)
 {
-    struct alg_info_esp *alg_info_esp;
-    char esp_buf[256];
-    static char err_buf[256];
-    char *pfs_name;
-    int ret = 0;
-    /*
-     * alg_info storage should be sized dynamically
-     * but this may require 2passes to know
-     * transform count in advance.
-     */
-    alg_info_esp = malloc_thing (struct alg_info_esp);
-    zero(alg_info_esp);
-
-    pfs_name=index (alg_str, ';');
-    if (pfs_name)
-    {
-       memcpy(esp_buf, alg_str, pfs_name-alg_str);
-       esp_buf[pfs_name-alg_str] = 0;
-       alg_str = esp_buf;
-       pfs_name++;
-
-       /* if pfs strings AND first char is not '0' */
-       if (*pfs_name && pfs_name[0] != '0')
+       struct alg_info_esp *alg_info_esp;
+       char esp_buf[256];
+       static char err_buf[256];
+       char *pfs_name;
+       int ret = 0;
+       /*
+        * alg_info storage should be sized dynamically
+        * but this may require 2passes to know
+        * transform count in advance.
+        */
+       alg_info_esp = malloc_thing (struct alg_info_esp);
+       zero(alg_info_esp);
+
+       pfs_name=index (alg_str, ';');
+       if (pfs_name)
        {
-           ret = modp_getbyname_esp(pfs_name, strlen(pfs_name));
-           if (ret < 0)
-           {
-               /* Bomb if pfsgroup not found */
-               DBG(DBG_CRYPT,
-                   DBG_log("alg_info_esp_create_from_str(): pfsgroup \"%s\" not found"
-                       , pfs_name)
-               )
-               if (*err_p)
-               {
-                   snprintf(err_buf, sizeof(err_buf),
-                       "pfsgroup \"%s\" not found",
-                       pfs_name);
+               memcpy(esp_buf, alg_str, pfs_name-alg_str);
+               esp_buf[pfs_name-alg_str] = 0;
+               alg_str = esp_buf;
+               pfs_name++;
 
-                   *err_p = err_buf;
+               /* if pfs strings AND first char is not '0' */
+               if (*pfs_name && pfs_name[0] != '0')
+               {
+                       ret = modp_getbyname_esp(pfs_name, strlen(pfs_name));
+                       if (ret < 0)
+                       {
+                               /* Bomb if pfsgroup not found */
+                               DBG(DBG_CRYPT,
+                                       DBG_log("alg_info_esp_create_from_str(): pfsgroup \"%s\" not found"
+                                               , pfs_name)
+                               )
+                               if (*err_p)
+                               {
+                                       snprintf(err_buf, sizeof(err_buf),
+                                               "pfsgroup \"%s\" not found",
+                                               pfs_name);
+
+                                       *err_p = err_buf;
+                               }
+                               goto out;
+                       }
+                       alg_info_esp->esp_pfsgroup = ret;
                }
-               goto out;
-           }
-           alg_info_esp->esp_pfsgroup = ret;
        }
-    }
-    else
-       alg_info_esp->esp_pfsgroup = 0;
-               
-    alg_info_esp->alg_info_protoid = PROTO_IPSEC_ESP;
-    ret = alg_info_parse_str((struct alg_info *)alg_info_esp, alg_str, err_p) ;
+       else
+               alg_info_esp->esp_pfsgroup = 0;
+                               
+       alg_info_esp->alg_info_protoid = PROTO_IPSEC_ESP;
+       ret = alg_info_parse_str((struct alg_info *)alg_info_esp, alg_str, err_p) ;
 out:
-    if (ret < 0)
-    {
-       free(alg_info_esp);
-       alg_info_esp = NULL;
-    }
-    return alg_info_esp;
+       if (ret < 0)
+       {
+               free(alg_info_esp);
+               alg_info_esp = NULL;
+       }
+       return alg_info_esp;
 }
 
 #ifndef NO_PLUTO
 struct alg_info_ike *
 alg_info_ike_create_from_str (const char *alg_str, const char **err_p)
 {
-    struct alg_info_ike *alg_info_ike;
-    /*
-     * alg_info storage should be sized dynamically
-     * but this may require 2passes to know
-     * transform count in advance.
-     */
-    alg_info_ike = malloc_thing (struct alg_info_ike);
-    zero(alg_info_ike);
-    alg_info_ike->alg_info_protoid = PROTO_ISAKMP;
-
-    if (alg_info_parse_str((struct alg_info *)alg_info_ike, alg_str, err_p) < 0)
-    {
-       free(alg_info_ike);
-       return NULL;
-    }
-    return alg_info_ike;
+       struct alg_info_ike *alg_info_ike;
+       /*
+        * alg_info storage should be sized dynamically
+        * but this may require 2passes to know
+        * transform count in advance.
+        */
+       alg_info_ike = malloc_thing (struct alg_info_ike);
+       zero(alg_info_ike);
+       alg_info_ike->alg_info_protoid = PROTO_ISAKMP;
+
+       if (alg_info_parse_str((struct alg_info *)alg_info_ike, alg_str, err_p) < 0)
+       {
+               free(alg_info_ike);
+               return NULL;
+       }
+       return alg_info_ike;
 }
 #endif
 
 /*
- *     alg_info struct can be shared by
- *     several connections instances,
- *     handle free() with ref_cnts
+ *      alg_info struct can be shared by
+ *      several connections instances,
+ *      handle free() with ref_cnts
  */
 void 
 alg_info_addref(struct alg_info *alg_info)
 {
-    if (alg_info != NULL)
-    {
-       alg_info->ref_cnt++;
-       DBG(DBG_CRYPT,
-           DBG_log("alg_info_addref() alg_info->ref_cnt=%d"
-               , alg_info->ref_cnt)
-       )
-    }
+       if (alg_info != NULL)
+       {
+               alg_info->ref_cnt++;
+               DBG(DBG_CRYPT,
+                       DBG_log("alg_info_addref() alg_info->ref_cnt=%d"
+                               , alg_info->ref_cnt)
+               )
+       }
 }
 
 void
 alg_info_delref(struct alg_info **alg_info_p)
 {
-    struct alg_info *alg_info = *alg_info_p;
+       struct alg_info *alg_info = *alg_info_p;
 
-    if (alg_info != NULL)
-    {
-       passert(alg_info->ref_cnt != 0);
-       alg_info->ref_cnt--;
-       DBG(DBG_CRYPT,
-           DBG_log("alg_info_delref() alg_info->ref_cnt=%d"
-               , alg_info->ref_cnt)
-       )
-       if (alg_info->ref_cnt == 0)
+       if (alg_info != NULL)
        {
-           DBG(DBG_CRYPT,
-               DBG_log("alg_info_delref() freeing alg_info")
-           )
-           alg_info_free(alg_info);
+               passert(alg_info->ref_cnt != 0);
+               alg_info->ref_cnt--;
+               DBG(DBG_CRYPT,
+                       DBG_log("alg_info_delref() alg_info->ref_cnt=%d"
+                               , alg_info->ref_cnt)
+               )
+               if (alg_info->ref_cnt == 0)
+               {
+                       DBG(DBG_CRYPT,
+                               DBG_log("alg_info_delref() freeing alg_info")
+                       )
+                       alg_info_free(alg_info);
+               }
+               *alg_info_p = NULL;
        }
-       *alg_info_p = NULL;
-    }
 }
 
 /* snprint already parsed transform list (alg_info) */
 int
 alg_info_snprint(char *buf, int buflen, struct alg_info *alg_info)
 {
-    char *ptr = buf;
-    int np = 0;
-    struct esp_info *esp_info;
+       char *ptr = buf;
+       int np = 0;
+       struct esp_info *esp_info;
 #ifndef NO_PLUTO
-    struct ike_info *ike_info;
+       struct ike_info *ike_info;
 #endif
-    int cnt;
-       
-    switch (alg_info->alg_info_protoid) {
-    case PROTO_IPSEC_ESP:
-       {
-           struct alg_info_esp *alg_info_esp = (struct alg_info_esp *)alg_info;
-
-           ALG_INFO_ESP_FOREACH(alg_info_esp, esp_info, cnt)
-           {
-               np = snprintf(ptr, buflen, "%d_%03d-%d, "
-                       , esp_info->esp_ealg_id
-                       , (int)esp_info->esp_ealg_keylen
-                       , esp_info->esp_aalg_id);
-               ptr += np;
-               buflen -= np;
-               if (buflen < 0)
-                   goto out;
-           }
-           if (alg_info_esp->esp_pfsgroup)
-           {
-               np = snprintf(ptr, buflen, "; pfsgroup=%d; "
-                       , alg_info_esp->esp_pfsgroup);
+       int cnt;
+               
+       switch (alg_info->alg_info_protoid) {
+       case PROTO_IPSEC_ESP:
+               {
+                       struct alg_info_esp *alg_info_esp = (struct alg_info_esp *)alg_info;
+
+                       ALG_INFO_ESP_FOREACH(alg_info_esp, esp_info, cnt)
+                       {
+                               np = snprintf(ptr, buflen, "%d_%03d-%d, "
+                                               , esp_info->esp_ealg_id
+                                               , (int)esp_info->esp_ealg_keylen
+                                               , esp_info->esp_aalg_id);
+                               ptr += np;
+                               buflen -= np;
+                               if (buflen < 0)
+                                       goto out;
+                       }
+                       if (alg_info_esp->esp_pfsgroup)
+                       {
+                               np = snprintf(ptr, buflen, "; pfsgroup=%d; "
+                                               , alg_info_esp->esp_pfsgroup);
+                               ptr += np;
+                               buflen -= np;
+                               if (buflen < 0)
+                                       goto out;
+                       }
+                       break;
+               }
+#ifndef NO_PLUTO
+       case PROTO_ISAKMP:
+               ALG_INFO_IKE_FOREACH((struct alg_info_ike *)alg_info, ike_info, cnt)
+               {
+                       np = snprintf(ptr, buflen, "%d_%03d-%d-%d, "
+                                       , ike_info->ike_ealg
+                                       , (int)ike_info->ike_eklen
+                                       , ike_info->ike_halg
+                                       , ike_info->ike_modp);
+                       ptr += np;
+                       buflen -= np;
+                       if (buflen < 0)
+                               goto out;
+               }
+               break;
+#endif
+       default:
+               np = snprintf(buf, buflen, "INVALID protoid=%d\n"
+                               , alg_info->alg_info_protoid);
                ptr += np;
                buflen -= np;
-               if (buflen < 0)
-                   goto out;
-           }
-           break;
-       }
-#ifndef NO_PLUTO
-    case PROTO_ISAKMP:
-       ALG_INFO_IKE_FOREACH((struct alg_info_ike *)alg_info, ike_info, cnt)
-       {
-           np = snprintf(ptr, buflen, "%d_%03d-%d-%d, "
-                   , ike_info->ike_ealg
-                   , (int)ike_info->ike_eklen
-                   , ike_info->ike_halg
-                   , ike_info->ike_modp);
-           ptr += np;
-           buflen -= np;
-           if (buflen < 0)
                goto out;
-       }
-       break;
-#endif
-    default:
-       np = snprintf(buf, buflen, "INVALID protoid=%d\n"
-               , alg_info->alg_info_protoid);
-       ptr += np;
-       buflen -= np;
-       goto out;
    }
 
    np = snprintf(ptr, buflen, "%s"
-           , alg_info->alg_info_flags & ALG_INFO_F_STRICT?
-           "strict":"");
+                       , alg_info->alg_info_flags & ALG_INFO_F_STRICT?
+                       "strict":"");
    ptr += np;
    buflen -= np;
 out:
-    if (buflen < 0)
-    {
-       loglog(RC_LOG_SERIOUS
-           , "buffer space exhausted in alg_info_snprint_ike(), buflen=%d"
-           , buflen);
-    }
-       
-    return ptr - buf;
+       if (buflen < 0)
+       {
+               loglog(RC_LOG_SERIOUS
+                       , "buffer space exhausted in alg_info_snprint_ike(), buflen=%d"
+                       , buflen);
+       }
+               
+       return ptr - buf;
 }
 
 #ifndef NO_PLUTO
 int
 alg_info_snprint_esp(char *buf, int buflen, struct alg_info_esp *alg_info)
 {
-    char *ptr = buf;
+       char *ptr = buf;
 
-    int cnt = alg_info->alg_info_cnt;
-    struct esp_info *esp_info = alg_info->esp;
+       int cnt = alg_info->alg_info_cnt;
+       struct esp_info *esp_info = alg_info->esp;
 
-    while (cnt--)
-    {
-       if (kernel_alg_esp_enc_ok(esp_info->esp_ealg_id, 0, NULL)
-       &&  kernel_alg_esp_auth_ok(esp_info->esp_aalg_id, NULL))
+       while (cnt--)
        {
-           u_int eklen = (esp_info->esp_ealg_keylen)
-                   ? esp_info->esp_ealg_keylen
-                   : kernel_alg_esp_enc_keylen(esp_info->esp_ealg_id)
-                           * BITS_PER_BYTE;
-
-           u_int aklen = esp_info->esp_aalg_keylen
-                   ? esp_info->esp_aalg_keylen
-                   : kernel_alg_esp_auth_keylen(esp_info->esp_aalg_id)
-                           * BITS_PER_BYTE;
-
-           int ret = snprintf(ptr, buflen, "%d_%03d-%d_%03d, ",
-                          esp_info->esp_ealg_id, eklen,
-                          esp_info->esp_aalg_id, aklen);
-           ptr += ret;
-           buflen -= ret;
-           if (buflen < 0)
-               break;
+               if (kernel_alg_esp_enc_ok(esp_info->esp_ealg_id, 0, NULL)
+               &&  kernel_alg_esp_auth_ok(esp_info->esp_aalg_id, NULL))
+               {
+                       u_int eklen = (esp_info->esp_ealg_keylen)
+                                       ? esp_info->esp_ealg_keylen
+                                       : kernel_alg_esp_enc_keylen(esp_info->esp_ealg_id)
+                                                       * BITS_PER_BYTE;
+
+                       u_int aklen = esp_info->esp_aalg_keylen
+                                       ? esp_info->esp_aalg_keylen
+                                       : kernel_alg_esp_auth_keylen(esp_info->esp_aalg_id)
+                                                       * BITS_PER_BYTE;
+
+                       int ret = snprintf(ptr, buflen, "%d_%03d-%d_%03d, ",
+                                                  esp_info->esp_ealg_id, eklen,
+                                                  esp_info->esp_aalg_id, aklen);
+                       ptr += ret;
+                       buflen -= ret;
+                       if (buflen < 0)
+                               break;
+               }
+               esp_info++;
        }
-       esp_info++;
-    }
-    return ptr - buf;
+       return ptr - buf;
 }
 
 int
 alg_info_snprint_ike(char *buf, int buflen, struct alg_info_ike *alg_info)
 {
-    char *ptr = buf;
-
-    int cnt = alg_info->alg_info_cnt;
-    struct ike_info *ike_info = alg_info->ike;
+       char *ptr = buf;
 
-    while (cnt--)
-    {
-       struct encrypt_desc *enc_desc = ike_alg_get_encrypter(ike_info->ike_ealg);
-       struct hash_desc *hash_desc = ike_alg_get_hasher(ike_info->ike_halg);
+       int cnt = alg_info->alg_info_cnt;
+       struct ike_info *ike_info = alg_info->ike;
 
-       if (enc_desc != NULL &&  hash_desc != NULL
-       && lookup_group(ike_info->ike_modp))
+       while (cnt--)
        {
+               struct encrypt_desc *enc_desc = ike_alg_get_encrypter(ike_info->ike_ealg);
+               struct hash_desc *hash_desc = ike_alg_get_hasher(ike_info->ike_halg);
 
-           u_int eklen = (ike_info->ike_eklen)
-                       ? ike_info->ike_eklen
-                       : enc_desc->keydeflen;
-
-           u_int aklen = (ike_info->ike_hklen)
-                       ? ike_info->ike_hklen
-                       : hash_desc->hash_digest_size * BITS_PER_BYTE;
-
-           int ret = snprintf(ptr, buflen, "%d_%03d-%d_%03d-%d, ",
-                          ike_info->ike_ealg, eklen,
-                          ike_info->ike_halg, aklen,
-                          ike_info->ike_modp);
-           ptr += ret;
-           buflen -= ret;
-           if (buflen < 0)
-               break;
+               if (enc_desc != NULL &&  hash_desc != NULL
+               && lookup_group(ike_info->ike_modp))
+               {
+
+                       u_int eklen = (ike_info->ike_eklen)
+                                               ? ike_info->ike_eklen
+                                               : enc_desc->keydeflen;
+
+                       u_int aklen = (ike_info->ike_hklen)
+                                               ? ike_info->ike_hklen
+                                               : hash_desc->hash_digest_size * BITS_PER_BYTE;
+
+                       int ret = snprintf(ptr, buflen, "%d_%03d-%d_%03d-%d, ",
+                                                  ike_info->ike_ealg, eklen,
+                                                  ike_info->ike_halg, aklen,
+                                                  ike_info->ike_modp);
+                       ptr += ret;
+                       buflen -= ret;
+                       if (buflen < 0)
+                               break;
+               }
+               ike_info++;
        }
-       ike_info++;
-    }
-    return ptr - buf;
+       return ptr - buf;
 }
 #endif /* NO_PLUTO */
index 59894a4..0a5a54a 100644 (file)
 #define ALG_INFO_H
 
 struct esp_info {
-       u_int8_t transid;       /* ESP transform */
-       u_int16_t auth;         /* AUTH */
-       size_t enckeylen;       /* keylength for ESP transform */
-       size_t authkeylen;      /* keylength for AUTH */
-       u_int8_t encryptalg;    /* normally  encryptalg=transid */
-       u_int8_t authalg;       /* normally  authalg=auth+1 */
+               u_int8_t transid;       /* ESP transform */
+               u_int16_t auth;         /* AUTH */
+               size_t enckeylen;       /* keylength for ESP transform */
+               size_t authkeylen;      /* keylength for AUTH */
+               u_int8_t encryptalg;    /* normally  encryptalg=transid */
+               u_int8_t authalg;       /* normally  authalg=auth+1 */
 };
 
 struct ike_info {
-       u_int16_t ike_ealg;     /* high 16 bit nums for reserved */
-       u_int8_t ike_halg;
-       size_t ike_eklen;
-       size_t ike_hklen;
-       u_int16_t ike_modp;
+               u_int16_t ike_ealg;     /* high 16 bit nums for reserved */
+               u_int8_t ike_halg;
+               size_t ike_eklen;
+               size_t ike_hklen;
+               u_int16_t ike_modp;
 };
 
 #define ALG_INFO_COMMON \
-       int alg_info_cnt;               \
-       int ref_cnt;                    \
-       unsigned alg_info_flags;        \
-       unsigned alg_info_protoid
+               int alg_info_cnt;               \
+               int ref_cnt;                    \
+               unsigned alg_info_flags;        \
+               unsigned alg_info_protoid
 
 struct alg_info {
-       ALG_INFO_COMMON;
+               ALG_INFO_COMMON;
 };
 
 struct alg_info_esp {
-       ALG_INFO_COMMON;
-       struct esp_info esp[64];
-       int esp_pfsgroup;
+               ALG_INFO_COMMON;
+               struct esp_info esp[64];
+               int esp_pfsgroup;
 };
 
 struct alg_info_ike {
-       ALG_INFO_COMMON;
-       struct ike_info ike[64];
+               ALG_INFO_COMMON;
+               struct ike_info ike[64];
 };
 #define esp_ealg_id transid
 #define esp_aalg_id auth
-#define esp_ealg_keylen enckeylen      /* bits */
-#define esp_aalg_keylen authkeylen     /* bits */
+#define esp_ealg_keylen enckeylen       /* bits */
+#define esp_aalg_keylen authkeylen      /* bits */
 
-/*     alg_info_flags bits */
-#define ALG_INFO_F_STRICT      0x01
+/*      alg_info_flags bits */
+#define ALG_INFO_F_STRICT       0x01
 
 extern int alg_info_esp_aa2sadb(int auth);
 extern int alg_info_esp_sadb2aa(int sadb_aalg);
@@ -68,18 +68,18 @@ extern void alg_info_free(struct alg_info *alg_info);
 extern void alg_info_addref(struct alg_info *alg_info);
 extern void alg_info_delref(struct alg_info **alg_info);
 extern struct alg_info_esp* alg_info_esp_create_from_str(const char *alg_str
-    , const char **err_p);
+       , const char **err_p);
 extern struct alg_info_ike* alg_info_ike_create_from_str(const char *alg_str
-    , const char **err_p);
+       , const char **err_p);
 extern int alg_info_parse(const char *str);
 extern int alg_info_snprint(char *buf, int buflen
-    , struct alg_info *alg_info);
+       , struct alg_info *alg_info);
 extern int alg_info_snprint_esp(char *buf, int buflen
-    , struct alg_info_esp *alg_info);
+       , struct alg_info_esp *alg_info);
 extern int alg_info_snprint_ike(char *buf, int buflen
-    , struct alg_info_ike *alg_info);
+       , struct alg_info_ike *alg_info);
 #define ALG_INFO_ESP_FOREACH(ai, ai_esp, i) \
-       for (i=(ai)->alg_info_cnt,ai_esp=(ai)->esp; i--; ai_esp++) 
+               for (i=(ai)->alg_info_cnt,ai_esp=(ai)->esp; i--; ai_esp++) 
 #define ALG_INFO_IKE_FOREACH(ai, ai_ike, i) \
-       for (i=(ai)->alg_info_cnt,ai_ike=(ai)->ike; i--; ai_ike++) 
+               for (i=(ai)->alg_info_cnt,ai_ike=(ai)->ike; i--; ai_ike++) 
 #endif /* ALG_INFO_H */
index 3d4852c..fa0b4e7 100644 (file)
@@ -40,33 +40,33 @@ const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str);
 /* some popular algorithmIdentifiers */
 
 static u_char ASN1_md5_id_str[] = {
-    0x30, 0x0C,
-          0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,
-         0x05, 0x00
+       0x30, 0x0C,
+                 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,
+                 0x05, 0x00
 };
 
 static u_char ASN1_sha1_id_str[] = {
-    0x30, 0x09,
-         0x06, 0x05, 0x2B, 0x0E,0x03, 0x02, 0x1A,
-         0x05, 0x00
+       0x30, 0x09,
+                 0x06, 0x05, 0x2B, 0x0E,0x03, 0x02, 0x1A,
+                 0x05, 0x00
 };
 
 static u_char ASN1_md5WithRSA_id_str[] = {
-    0x30, 0x0D,
-         0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04,
-         0x05, 0x00
+       0x30, 0x0D,
+                 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x04,
+                 0x05, 0x00
 };
 
 static u_char ASN1_sha1WithRSA_id_str[] = {
-    0x30, 0x0D,
-         0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
-         0x05, 0x00
+       0x30, 0x0D,
+                 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x05,
+                 0x05, 0x00
 };
 
 static u_char ASN1_rsaEncryption_id_str[] = {
-    0x30, 0x0D,
-         0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
-         0x05, 0x00
+       0x30, 0x0D,
+                 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
+                 0x05, 0x00
 };
 
 const chunk_t ASN1_md5_id = chunk_from_buf(ASN1_md5_id_str);
@@ -78,16 +78,16 @@ const chunk_t ASN1_sha1WithRSA_id = chunk_from_buf(ASN1_sha1WithRSA_id_str);
 /* ASN.1 definition of an algorithmIdentifier */
 
 static const asn1Object_t algorithmIdentifierObjects[] = {
-  { 0, "algorithmIdentifier",  ASN1_SEQUENCE,  ASN1_NONE }, /* 0 */
-  { 1,   "algorithm",          ASN1_OID,       ASN1_BODY }, /* 1 */
-  { 1,   "parameters",         ASN1_EOC,       ASN1_OPT |
-                                               ASN1_RAW  }, /* 2 */
-  { 1,   "end opt",            ASN1_EOC,       ASN1_END  }  /* 3 */
+  { 0, "algorithmIdentifier",   ASN1_SEQUENCE,  ASN1_NONE }, /* 0 */
+  { 1,   "algorithm",           ASN1_OID,       ASN1_BODY }, /* 1 */
+  { 1,   "parameters",          ASN1_EOC,       ASN1_OPT |
+                                                                                               ASN1_RAW  }, /* 2 */
+  { 1,   "end opt",             ASN1_EOC,       ASN1_END  }  /* 3 */
 };
 
-#define ALGORITHM_ID_ALG               1
-#define ALGORITHM_ID_PARAMETERS                2
-#define ALGORITHM_ID_ROOF              4
+#define ALGORITHM_ID_ALG                1
+#define ALGORITHM_ID_PARAMETERS         2
+#define ALGORITHM_ID_ROOF               4
 
 /*
  * return the ASN.1 encoded algorithm identifier
@@ -95,21 +95,21 @@ static const asn1Object_t algorithmIdentifierObjects[] = {
 chunk_t
 asn1_algorithmIdentifier(int oid)
 {
-    switch (oid)
-    {
-    case OID_RSA_ENCRYPTION:
-       return ASN1_rsaEncryption_id;
-    case OID_MD5_WITH_RSA:
-       return ASN1_md5WithRSA_id;
-    case OID_SHA1_WITH_RSA:
-       return ASN1_sha1WithRSA_id;
-    case OID_MD5:
-       return ASN1_md5_id;
+       switch (oid)
+       {
+       case OID_RSA_ENCRYPTION:
+               return ASN1_rsaEncryption_id;
+       case OID_MD5_WITH_RSA:
+               return ASN1_md5WithRSA_id;
+       case OID_SHA1_WITH_RSA:
+               return ASN1_sha1WithRSA_id;
+       case OID_MD5:
+               return ASN1_md5_id;
    case OID_SHA1:
-       return ASN1_sha1_id;
+               return ASN1_sha1_id;
    default:
-       return chunk_empty;
-    }
+               return chunk_empty;
+       }
 }
 
 /*  If the oid is listed in the oid_names table then the corresponding
@@ -118,34 +118,34 @@ asn1_algorithmIdentifier(int oid)
 int
 asn1_known_oid(chunk_t object)
 {
-    int oid = 0;
+       int oid = 0;
 
-    while (object.len)
-    {
-       if (oid_names[oid].octet == *object.ptr)
+       while (object.len)
        {
-           if (--object.len == 0 || oid_names[oid].down == 0)
-           {
-               return oid;          /* found terminal symbol */
-           }
-           else
-           {
-               object.ptr++; oid++; /* advance to next hex octet */
-           }
+               if (oid_names[oid].octet == *object.ptr)
+               {
+                       if (--object.len == 0 || oid_names[oid].down == 0)
+                       {
+                               return oid;          /* found terminal symbol */
+                       }
+                       else
+                       {
+                               object.ptr++; oid++; /* advance to next hex octet */
+                       }
+               }
+               else
+               {
+                       if (oid_names[oid].next)
+                       {
+                               oid = oid_names[oid].next;
+                       }
+                       else
+                       {
+                               return OID_UNKNOWN;
+                       }
+               }
        }
-       else
-       {
-           if (oid_names[oid].next)
-           {
-               oid = oid_names[oid].next;
-           }
-           else
-           {
-               return OID_UNKNOWN;
-           }
-       }
-    }
-    return -1;
+       return -1;
 }
 
 /*
@@ -154,32 +154,32 @@ asn1_known_oid(chunk_t object)
 chunk_t
 asn1_build_known_oid(int n)
 {
-    chunk_t oid;
-    int i;
-       
-    if (n < 0 || n >= OID_MAX)
-    {
-       return chunk_empty;
-    }
-       
-    i = oid_names[n].level + 1;
-    oid.ptr = malloc(2 + i);
-    oid.len = i;
-    oid.ptr[0] = ASN1_OID;
-    oid.ptr[1] = i;
-
-    do
-    {
-       if (oid_names[n].level >= i)
-       {
-           n--;
-           continue;
-       }
-       oid.ptr[--i + 2] = oid_names[n--].octet;
-    }
-    while (i > 0);
-       
-    return oid;
+       chunk_t oid;
+       int i;
+               
+       if (n < 0 || n >= OID_MAX)
+       {
+               return chunk_empty;
+       }
+               
+       i = oid_names[n].level + 1;
+       oid.ptr = malloc(2 + i);
+       oid.len = i;
+       oid.ptr[0] = ASN1_OID;
+       oid.ptr[1] = i;
+
+       do
+       {
+               if (oid_names[n].level >= i)
+               {
+                       n--;
+                       continue;
+               }
+               oid.ptr[--i + 2] = oid_names[n--].octet;
+       }
+       while (i > 0);
+               
+       return oid;
 }
 
 /*
@@ -188,48 +188,48 @@ asn1_build_known_oid(int n)
 u_int
 asn1_length(chunk_t *blob)
 {
-    u_char n;
-    size_t len;
+       u_char n;
+       size_t len;
 
-    /* advance from tag field on to length field */
-    blob->ptr++;
-    blob->len--;
+       /* advance from tag field on to length field */
+       blob->ptr++;
+       blob->len--;
 
-    /* read first octet of length field */
-    n = *blob->ptr++;
-    blob->len--;
+       /* read first octet of length field */
+       n = *blob->ptr++;
+       blob->len--;
 
-    if ((n & 0x80) == 0) /* single length octet */
-       return n;
+       if ((n & 0x80) == 0) /* single length octet */
+               return n;
 
-    /* composite length, determine number of length octets */
-    n &= 0x7f;
+       /* composite length, determine number of length octets */
+       n &= 0x7f;
 
-    if (n > blob->len)
-    {
-       DBG(DBG_PARSING,
-           DBG_log("number of length octets is larger than ASN.1 object")
-       )
-       return ASN1_INVALID_LENGTH;
-    }
+       if (n > blob->len)
+       {
+               DBG(DBG_PARSING,
+                       DBG_log("number of length octets is larger than ASN.1 object")
+               )
+               return ASN1_INVALID_LENGTH;
+       }
 
-    if (n > sizeof(len))
-    {
-       DBG(DBG_PARSING,
-           DBG_log("number of length octets is larger than limit of %d octets"
-               , (int)sizeof(len))
-       )
-       return ASN1_INVALID_LENGTH;
-    }
-
-    len = 0;
-    
-    while (n-- > 0)
-    {
-       len = 256*len + *blob->ptr++;
-       blob->len--;
-    }
-    return len;
+       if (n > sizeof(len))
+       {
+               DBG(DBG_PARSING,
+                       DBG_log("number of length octets is larger than limit of %d octets"
+                               , (int)sizeof(len))
+               )
+               return ASN1_INVALID_LENGTH;
+       }
+
+       len = 0;
+       
+       while (n-- > 0)
+       {
+               len = 256*len + *blob->ptr++;
+               blob->len--;
+       }
+       return len;
 }
 
 /*
@@ -238,32 +238,32 @@ asn1_length(chunk_t *blob)
 void
 code_asn1_length(size_t length, chunk_t *code)
 {
-    if (length < 128)
-    {
-       code->ptr[0] = length;
-       code->len = 1;
-    }
-    else if (length < 256)
-    {
-       code->ptr[0] = 0x81;
-       code->ptr[1] = (u_char) length;
-       code->len = 2;
-    }
-    else if (length < 65536)
-    {
-       code->ptr[0] = 0x82;
-       code->ptr[1] = length >> 8;
-       code->ptr[2] = length & 0x00ff;
-       code->len = 3;
-    }
-    else
-    {
-       code->ptr[0] = 0x83;
-       code->ptr[1] = length >> 16;
-       code->ptr[2] = (length >> 8) & 0x00ff;
-       code->ptr[3] = length & 0x0000ff;
-       code->len = 4;
-    }
+       if (length < 128)
+       {
+               code->ptr[0] = length;
+               code->len = 1;
+       }
+       else if (length < 256)
+       {
+               code->ptr[0] = 0x81;
+               code->ptr[1] = (u_char) length;
+               code->len = 2;
+       }
+       else if (length < 65536)
+       {
+               code->ptr[0] = 0x82;
+               code->ptr[1] = length >> 8;
+               code->ptr[2] = length & 0x00ff;
+               code->len = 3;
+       }
+       else
+       {
+               code->ptr[0] = 0x83;
+               code->ptr[1] = length >> 16;
+               code->ptr[2] = (length >> 8) & 0x00ff;
+               code->ptr[3] = length & 0x0000ff;
+               code->len = 4;
+       }
 }
 
 /*
@@ -272,23 +272,23 @@ code_asn1_length(size_t length, chunk_t *code)
 u_char*
 build_asn1_object(chunk_t *object, asn1_t type, size_t datalen)
 {
-    u_char length_buf[4];
-    chunk_t length = { length_buf, 0 };
-    u_char *pos;
+       u_char length_buf[4];
+       chunk_t length = { length_buf, 0 };
+       u_char *pos;
 
-    /* code the asn.1 length field */
-    code_asn1_length(datalen, &length);
+       /* code the asn.1 length field */
+       code_asn1_length(datalen, &length);
 
-    /* allocate memory for the asn.1 TLV object */
-    object->len = 1 + length.len + datalen;
-    object->ptr = malloc(object->len);
+       /* allocate memory for the asn.1 TLV object */
+       object->len = 1 + length.len + datalen;
+       object->ptr = malloc(object->len);
 
-    /* set position pointer at the start of the object */
-    pos = object->ptr;
+       /* set position pointer at the start of the object */
+       pos = object->ptr;
 
-    /* copy the asn.1 tag field and advance the pointer */
+       /* copy the asn.1 tag field and advance the pointer */
    *pos++ = type;
-   
+
    /* copy the asn.1 length field and advance the pointer */
    chunkcpy(pos, length);
 
@@ -301,12 +301,12 @@ build_asn1_object(chunk_t *object, asn1_t type, size_t datalen)
 chunk_t
 asn1_simple_object(asn1_t tag, chunk_t content)
 {
-    chunk_t object;
+       chunk_t object;
 
-    u_char *pos = build_asn1_object(&object, tag, content.len);
-    chunkcpy(pos, content);
+       u_char *pos = build_asn1_object(&object, tag, content.len);
+       chunkcpy(pos, content);
 
-    return object;
+       return object;
 }
 
 /* Build an ASN.1 object from a variable number of individual chunks.
@@ -315,44 +315,44 @@ asn1_simple_object(asn1_t tag, chunk_t content)
 chunk_t
 asn1_wrap(asn1_t type, const char *mode, ...)
 {
-    chunk_t construct;
-    va_list chunks;
-    u_char *pos;
-    int i;
-    int count = strlen(mode);
-       
-    /* sum up lengths of individual chunks */ 
-    va_start(chunks, mode);
-    construct.len = 0;
-    for (i = 0; i < count; i++)
-    {
-        chunk_t ch = va_arg(chunks, chunk_t);
-       construct.len += ch.len;
-    }
-    va_end(chunks);
-
-    /* allocate needed memory for construct */
-    pos = build_asn1_object(&construct, type, construct.len);
-
-    /* copy or move the chunks */
-    va_start(chunks, mode);
-    for (i = 0; i < count; i++)
-    {
-       chunk_t ch = va_arg(chunks, chunk_t);
-
-       switch (*mode++)
-       {
-       case 'm':
-           mv_chunk(&pos, ch);
-           break;
-       case 'c':
-       default:
-           chunkcpy(pos, ch);
+       chunk_t construct;
+       va_list chunks;
+       u_char *pos;
+       int i;
+       int count = strlen(mode);
+               
+       /* sum up lengths of individual chunks */ 
+       va_start(chunks, mode);
+       construct.len = 0;
+       for (i = 0; i < count; i++)
+       {
+               chunk_t ch = va_arg(chunks, chunk_t);
+               construct.len += ch.len;
        }
-    }
-    va_end(chunks);
+       va_end(chunks);
 
-    return construct;
+       /* allocate needed memory for construct */
+       pos = build_asn1_object(&construct, type, construct.len);
+
+       /* copy or move the chunks */
+       va_start(chunks, mode);
+       for (i = 0; i < count; i++)
+       {
+               chunk_t ch = va_arg(chunks, chunk_t);
+
+               switch (*mode++)
+               {
+               case 'm':
+                       mv_chunk(&pos, ch);
+                       break;
+               case 'c':
+               default:
+                       chunkcpy(pos, ch);
+               }
+       }
+       va_end(chunks);
+
+       return construct;
 }
 
 /*
@@ -361,11 +361,11 @@ asn1_wrap(asn1_t type, const char *mode, ...)
 chunk_t
 asn1_integer_from_mpz(const mpz_t value)
 {
-    size_t bits = mpz_sizeinbase(value, 2);  /* size in bits */
-    size_t size = 1 + bits / BITS_PER_BYTE;  /* size in bytes */
-    chunk_t n = mpz_to_n(value, size);
+       size_t bits = mpz_sizeinbase(value, 2);  /* size in bits */
+       size_t size = 1 + bits / BITS_PER_BYTE;  /* size in bytes */
+       chunk_t n = mpz_to_n(value, size);
 
-    return asn1_wrap(ASN1_INTEGER, "m", n);
+       return asn1_wrap(ASN1_INTEGER, "m", n);
 }
 
 /*
@@ -374,19 +374,19 @@ asn1_integer_from_mpz(const mpz_t value)
 bool
 is_printablestring(chunk_t str)
 {
-    const char printablestring_charset[] =
-       "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 '()+,-./:=?";
-    u_int i;
-
-    for (i = 0; i < str.len; i++)
-    {
-       if (strchr(printablestring_charset, str.ptr[i]) == NULL)
-           return FALSE;
-    }
-    return TRUE;
+       const char printablestring_charset[] =
+               "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 '()+,-./:=?";
+       u_int i;
+
+       for (i = 0; i < str.len; i++)
+       {
+               if (strchr(printablestring_charset, str.ptr[i]) == NULL)
+                       return FALSE;
+       }
+       return TRUE;
 }
 
-#define TIME_MAX       0x7fffffff
+#define TIME_MAX        0x7fffffff
 
 /*
  *  Converts ASN.1 UTCTIME or GENERALIZEDTIME into calender time
@@ -394,77 +394,77 @@ is_printablestring(chunk_t str)
 time_t
 asn1totime(const chunk_t *utctime, asn1_t type)
 {
-    struct tm t;
-    time_t tc, tz_offset;
-    u_char *eot = NULL;
-
-    if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL)
-    {
-       tz_offset = 0; /* Zulu time with a zero time zone offset */
-    }
-    else if ((eot = memchr(utctime->ptr, '+', utctime->len)) != NULL)
-    {
-       int tz_hour, tz_min;
-
-       sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
-       tz_offset = 3600*tz_hour + 60*tz_min;  /* positive time zone offset */
-    }
-    else if ((eot = memchr(utctime->ptr, '-', utctime->len)) != NULL)
-    {
-       int tz_hour, tz_min;
-
-       sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
-       tz_offset = -3600*tz_hour - 60*tz_min;  /* negative time zone offset */
-    }
-    else
-    {
-       return 0; /* error in time format */
-    }
-
-    /* parse ASN.1 time string */
-    {
-       const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
-                                                    "%4d%2d%2d%2d%2d";
-
-       sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday,
-                                    &t.tm_hour, &t.tm_min);
-    }
-
-    /* is there a seconds field? */
-    if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14))
-    {
-       sscanf(eot-2, "%2d", &t.tm_sec);
-    }
-    else
-    {
-       t.tm_sec = 0;
-    }
-
-    /* representation of year */
-    if (t.tm_year >= 1900)
-    {
-       t.tm_year -= 1900;
-    }
-    else if (t.tm_year >= 100)
-    {
-       return 0;
-    }
-    else if (t.tm_year < 50)
-    {
-       t.tm_year += 100;
-    }
-
-    /* representation of month 0..11*/
-    t.tm_mon--;
-
-    /* set daylight saving time to off */
-    t.tm_isdst = 0;
-
-    /* convert to time_t */
-    tc = mktime(&t);
-
-    /* if no conversion overflow occurred, compensate timezone */
-    return (tc == -1) ? TIME_MAX : (tc - timezone - tz_offset);
+       struct tm t;
+       time_t tc, tz_offset;
+       u_char *eot = NULL;
+
+       if ((eot = memchr(utctime->ptr, 'Z', utctime->len)) != NULL)
+       {
+               tz_offset = 0; /* Zulu time with a zero time zone offset */
+       }
+       else if ((eot = memchr(utctime->ptr, '+', utctime->len)) != NULL)
+       {
+               int tz_hour, tz_min;
+
+               sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
+               tz_offset = 3600*tz_hour + 60*tz_min;  /* positive time zone offset */
+       }
+       else if ((eot = memchr(utctime->ptr, '-', utctime->len)) != NULL)
+       {
+               int tz_hour, tz_min;
+
+               sscanf(eot+1, "%2d%2d", &tz_hour, &tz_min);
+               tz_offset = -3600*tz_hour - 60*tz_min;  /* negative time zone offset */
+       }
+       else
+       {
+               return 0; /* error in time format */
+       }
+
+       /* parse ASN.1 time string */
+       {
+               const char* format = (type == ASN1_UTCTIME)? "%2d%2d%2d%2d%2d":
+                                                                                                        "%4d%2d%2d%2d%2d";
+
+               sscanf(utctime->ptr, format, &t.tm_year, &t.tm_mon, &t.tm_mday,
+                                                                        &t.tm_hour, &t.tm_min);
+       }
+
+       /* is there a seconds field? */
+       if ((eot - utctime->ptr) == ((type == ASN1_UTCTIME)?12:14))
+       {
+               sscanf(eot-2, "%2d", &t.tm_sec);
+       }
+       else
+       {
+               t.tm_sec = 0;
+       }
+
+       /* representation of year */
+       if (t.tm_year >= 1900)
+       {
+               t.tm_year -= 1900;
+       }
+       else if (t.tm_year >= 100)
+       {
+               return 0;
+       }
+       else if (t.tm_year < 50)
+       {
+               t.tm_year += 100;
+       }
+
+       /* representation of month 0..11*/
+       t.tm_mon--;
+
+       /* set daylight saving time to off */
+       t.tm_isdst = 0;
+
+       /* convert to time_t */
+       tc = mktime(&t);
+
+       /* if no conversion overflow occurred, compensate timezone */
+       return (tc == -1) ? TIME_MAX : (tc - timezone - tz_offset);
 }
 
 /*
@@ -473,27 +473,27 @@ asn1totime(const chunk_t *utctime, asn1_t type)
 chunk_t
 timetoasn1(const time_t *time, asn1_t type)
 {
-    int offset;
-    const char *format;
-    char buf[TIMETOA_BUF];
-    chunk_t formatted_time;
-    struct tm *t = gmtime(time);
-
-    if (type == ASN1_GENERALIZEDTIME)
-    {
-       format = "%04d%02d%02d%02d%02d%02dZ";
-       offset = 1900;
-    }
-    else /* ASN1_UTCTIME */
-    {
-       format = "%02d%02d%02d%02d%02d%02dZ";
-       offset = (t->tm_year < 100)? 0 : -100;
-    }
-    sprintf(buf, format, t->tm_year + offset, t->tm_mon + 1, t->tm_mday
-                      , t->tm_hour, t->tm_min, t->tm_sec);
-    formatted_time.ptr = buf;
-    formatted_time.len = strlen(buf);
-    return asn1_simple_object(type, formatted_time);
+       int offset;
+       const char *format;
+       char buf[TIMETOA_BUF];
+       chunk_t formatted_time;
+       struct tm *t = gmtime(time);
+
+       if (type == ASN1_GENERALIZEDTIME)
+       {
+               format = "%04d%02d%02d%02d%02d%02dZ";
+               offset = 1900;
+       }
+       else /* ASN1_UTCTIME */
+       {
+               format = "%02d%02d%02d%02d%02d%02dZ";
+               offset = (t->tm_year < 100)? 0 : -100;
+       }
+       sprintf(buf, format, t->tm_year + offset, t->tm_mon + 1, t->tm_mday
+                                          , t->tm_hour, t->tm_min, t->tm_sec);
+       formatted_time.ptr = buf;
+       formatted_time.len = strlen(buf);
+       return asn1_simple_object(type, formatted_time);
 }
 
 
@@ -502,13 +502,13 @@ timetoasn1(const time_t *time, asn1_t type)
  */
 void
 asn1_init(asn1_ctx_t *ctx, chunk_t blob, u_int level0,
-       bool implicit, u_int cond)
+               bool implicit, u_int cond)
 {
-    ctx->blobs[0] = blob;
-    ctx->level0   = level0;
-    ctx->implicit = implicit;
-    ctx->cond     = cond;
-    memset(ctx->loopAddr, '\0', sizeof(ctx->loopAddr));
+       ctx->blobs[0] = blob;
+       ctx->level0   = level0;
+       ctx->implicit = implicit;
+       ctx->cond     = cond;
+       memset(ctx->loopAddr, '\0', sizeof(ctx->loopAddr));
 }
 
 /*
@@ -517,42 +517,42 @@ asn1_init(asn1_ctx_t *ctx, chunk_t blob, u_int level0,
 static void
 debug_asn1_simple_object(chunk_t object, asn1_t type, u_int cond)
 {
-    int oid;
-
-    switch (type)
-    {
-    case ASN1_OID:
-       oid = asn1_known_oid(object);
-       if (oid != OID_UNKNOWN)
-       {
-           DBG(DBG_PARSING,
-               DBG_log("  '%s'",oid_names[oid].name);
-           )
-           return;
-       }
-       break;
-    case ASN1_UTF8STRING:
-    case ASN1_IA5STRING:
-    case ASN1_PRINTABLESTRING:
-    case ASN1_T61STRING:
-    case ASN1_VISIBLESTRING:
-       DBG(DBG_PARSING,
-           DBG_log("  '%.*s'", (int)object.len, object.ptr);
-       )
-       return;
-    case ASN1_UTCTIME:
-    case ASN1_GENERALIZEDTIME:
-       DBG(DBG_PARSING,
-           time_t time = asn1totime(&object, type);
-           DBG_log("  '%T'", &time, TRUE);
+       int oid;
+
+       switch (type)
+       {
+       case ASN1_OID:
+               oid = asn1_known_oid(object);
+               if (oid != OID_UNKNOWN)
+               {
+                       DBG(DBG_PARSING,
+                               DBG_log("  '%s'",oid_names[oid].name);
+                       )
+                       return;
+               }
+               break;
+       case ASN1_UTF8STRING:
+       case ASN1_IA5STRING:
+       case ASN1_PRINTABLESTRING:
+       case ASN1_T61STRING:
+       case ASN1_VISIBLESTRING:
+               DBG(DBG_PARSING,
+                       DBG_log("  '%.*s'", (int)object.len, object.ptr);
+               )
+               return;
+       case ASN1_UTCTIME:
+       case ASN1_GENERALIZEDTIME:
+               DBG(DBG_PARSING,
+                       time_t time = asn1totime(&object, type);
+                       DBG_log("  '%T'", &time, TRUE);
+               )
+               return;
+       default:
+                break;
+       }
+       DBG(cond,
+               DBG_dump_chunk("", object);
        )
-       return;
-    default:
-        break;
-    }
-    DBG(cond,
-       DBG_dump_chunk("", object);
-    )
 }
 
 /*
@@ -560,149 +560,149 @@ debug_asn1_simple_object(chunk_t object, asn1_t type, u_int cond)
  */
 bool
 extract_object(asn1Object_t const *objects,
-       u_int *objectID, chunk_t *object, u_int *level, asn1_ctx_t *ctx)
+               u_int *objectID, chunk_t *object, u_int *level, asn1_ctx_t *ctx)
 {
-    asn1Object_t obj = objects[*objectID];
-    chunk_t *blob;
-    chunk_t *blob1;
-    u_char *start_ptr;
+       asn1Object_t obj = objects[*objectID];
+       chunk_t *blob;
+       chunk_t *blob1;
+       u_char *start_ptr;
 
-    *object = chunk_empty;
+       *object = chunk_empty;
 
-    if (obj.flags & ASN1_END)  /* end of loop or option found */
-    {
-       if (ctx->loopAddr[obj.level] && ctx->blobs[obj.level+1].len > 0)
+       if (obj.flags & ASN1_END)  /* end of loop or option found */
        {
-           *objectID = ctx->loopAddr[obj.level]; /* another iteration */
-           obj = objects[*objectID];
+               if (ctx->loopAddr[obj.level] && ctx->blobs[obj.level+1].len > 0)
+               {
+                       *objectID = ctx->loopAddr[obj.level]; /* another iteration */
+                       obj = objects[*objectID];
+               }
+               else
+               {
+                       ctx->loopAddr[obj.level] = 0;         /* exit loop or option*/
+                       return TRUE;
+               }
        }
-       else
-       {
-           ctx->loopAddr[obj.level] = 0;         /* exit loop or option*/
-           return TRUE;
-       }
-    }
 
-    *level = ctx->level0 + obj.level;
-    blob = ctx->blobs + obj.level;
-    blob1 = blob + 1;
-    start_ptr = blob->ptr;
+       *level = ctx->level0 + obj.level;
+       blob = ctx->blobs + obj.level;
+       blob1 = blob + 1;
+       start_ptr = blob->ptr;
 
    /* handle ASN.1 defaults values */
 
-    if ((obj.flags & ASN1_DEF)
-    && (blob->len == 0 || *start_ptr != obj.type) )
-    {
-       /* field is missing */
-       DBG(DBG_PARSING,
-           DBG_log("L%d - %s:", *level, obj.name);
-       )
-       if (obj.type & ASN1_CONSTRUCTED)
+       if ((obj.flags & ASN1_DEF)
+       && (blob->len == 0 || *start_ptr != obj.type) )
        {
-           (*objectID)++ ;  /* skip context-specific tag */
+               /* field is missing */
+               DBG(DBG_PARSING,
+                       DBG_log("L%d - %s:", *level, obj.name);
+               )
+               if (obj.type & ASN1_CONSTRUCTED)
+               {
+                       (*objectID)++ ;  /* skip context-specific tag */
+               }
+               return TRUE;
        }
-       return TRUE;
-    }
 
-    /* handle ASN.1 options */
+       /* handle ASN.1 options */
 
-    if ((obj.flags & ASN1_OPT)
-    && (blob->len == 0 || *start_ptr != obj.type))
-    {
-        /* advance to end of missing option field */
-       do
-           (*objectID)++;
-       while (!((objects[*objectID].flags & ASN1_END)
-             && (objects[*objectID].level == obj.level)));
-       return TRUE;
-    }
+       if ((obj.flags & ASN1_OPT)
+       && (blob->len == 0 || *start_ptr != obj.type))
+       {
+               /* advance to end of missing option field */
+               do
+                       (*objectID)++;
+               while (!((objects[*objectID].flags & ASN1_END)
+                         && (objects[*objectID].level == obj.level)));
+               return TRUE;
+       }
 
-    /* an ASN.1 object must possess at least a tag and length field */
+       /* an ASN.1 object must possess at least a tag and length field */
 
-    if (blob->len < 2)
-    {
-       DBG(DBG_PARSING,
-           DBG_log("L%d - %s:  ASN.1 object smaller than 2 octets",
-                   *level, obj.name);
-       )
-       return FALSE;
-    }
+       if (blob->len < 2)
+       {
+               DBG(DBG_PARSING,
+                       DBG_log("L%d - %s:  ASN.1 object smaller than 2 octets",
+                                       *level, obj.name);
+               )
+               return FALSE;
+       }
 
-    blob1->len = asn1_length(blob);
+       blob1->len = asn1_length(blob);
 
-    if (blob1->len == ASN1_INVALID_LENGTH || blob->len < blob1->len)
-    {
-       DBG(DBG_PARSING,
-           DBG_log("L%d - %s:  length of ASN.1 object invalid or too large",
-                   *level, obj.name);
-       )
-       return FALSE;
-    }
+       if (blob1->len == ASN1_INVALID_LENGTH || blob->len < blob1->len)
+       {
+               DBG(DBG_PARSING,
+                       DBG_log("L%d - %s:  length of ASN.1 object invalid or too large",
+                                       *level, obj.name);
+               )
+               return FALSE;
+       }
 
-    blob1->ptr = blob->ptr;
-    blob->ptr += blob1->len;
-    blob->len -= blob1->len;
+       blob1->ptr = blob->ptr;
+       blob->ptr += blob1->len;
+       blob->len -= blob1->len;
 
-    /* return raw ASN.1 object without prior type checking */
+       /* return raw ASN.1 object without prior type checking */
 
-    if (obj.flags & ASN1_RAW)
-    {
-       DBG(DBG_PARSING,
-           DBG_log("L%d - %s:", *level, obj.name);
-        )
-       object->ptr = start_ptr;
-       object->len = (size_t)(blob->ptr - start_ptr);
-       return TRUE;
-    }
+       if (obj.flags & ASN1_RAW)
+       {
+               DBG(DBG_PARSING,
+                       DBG_log("L%d - %s:", *level, obj.name);
+               )
+               object->ptr = start_ptr;
+               object->len = (size_t)(blob->ptr - start_ptr);
+               return TRUE;
+       }
+
+       if (*start_ptr != obj.type && !(ctx->implicit && *objectID == 0))
+       {
+               DBG(DBG_PARSING,
+                       DBG_log("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
+                               *level, obj.name, obj.type, *start_ptr);
+                       DBG_dump("", start_ptr, (u_int)(blob->ptr - start_ptr));
+               )
+               return FALSE;
+       }
 
-    if (*start_ptr != obj.type && !(ctx->implicit && *objectID == 0))
-    {
        DBG(DBG_PARSING,
-           DBG_log("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
-               *level, obj.name, obj.type, *start_ptr);
-           DBG_dump("", start_ptr, (u_int)(blob->ptr - start_ptr));
+               DBG_log("L%d - %s:", ctx->level0+obj.level, obj.name);
        )
-       return FALSE;
-    }
 
-    DBG(DBG_PARSING,
-       DBG_log("L%d - %s:", ctx->level0+obj.level, obj.name);
-    )
+       /* In case of "SEQUENCE OF" or "SET OF" start a loop */
 
-    /* In case of "SEQUENCE OF" or "SET OF" start a loop */
+       if (obj.flags & ASN1_LOOP)
+       {
+               if (blob1->len > 0)
+               {
+                       /* at least one item, start the loop */
+                       ctx->loopAddr[obj.level] = *objectID + 1;
+               }
+               else
+               {
+                       /* no items, advance directly to end of loop */
+                       do
+                               (*objectID)++;
+                       while (!((objects[*objectID].flags & ASN1_END)
+                                 && (objects[*objectID].level == obj.level)));
+                       return TRUE;
+               }
+       }
 
-    if (obj.flags & ASN1_LOOP)
-    {
-       if (blob1->len > 0)
+       if (obj.flags & ASN1_OBJ)
        {
-           /* at least one item, start the loop */
-           ctx->loopAddr[obj.level] = *objectID + 1;
+               object->ptr = start_ptr;
+               object->len = (size_t)(blob->ptr - start_ptr);
+               DBG(ctx->cond,
+                       DBG_dump_chunk("", *object);
+               )
        }
-       else
+       else if (obj.flags & ASN1_BODY)
        {
-           /* no items, advance directly to end of loop */
-           do
-               (*objectID)++;
-           while (!((objects[*objectID].flags & ASN1_END)
-                 && (objects[*objectID].level == obj.level)));
-           return TRUE;
-       }
-    }
-
-    if (obj.flags & ASN1_OBJ)
-    {
-       object->ptr = start_ptr;
-       object->len = (size_t)(blob->ptr - start_ptr);
-       DBG(ctx->cond,
-           DBG_dump_chunk("", *object);
-       )
-    }
-    else if (obj.flags & ASN1_BODY)
-    {
-       *object = *blob1;
-       debug_asn1_simple_object(*object, obj.type, ctx->cond);
-    }
-    return TRUE;
+               *object = *blob1;
+               debug_asn1_simple_object(*object, obj.type, ctx->cond);
+       }
+       return TRUE;
 }
 
 /*
@@ -712,43 +712,43 @@ bool
 parse_asn1_simple_object(chunk_t *object, asn1_t type, u_int level
 , const char* name)
 {
-    size_t len;
+       size_t len;
 
-    /* an ASN.1 object must possess at least a tag and length field */
-    if (object->len < 2)
-    {
-       DBG(DBG_PARSING,
-           DBG_log("L%d - %s:  ASN.1 object smaller than 2 octets",
-                   level, name);
-       )
-       return FALSE;
-    }
+       /* an ASN.1 object must possess at least a tag and length field */
+       if (object->len < 2)
+       {
+               DBG(DBG_PARSING,
+                       DBG_log("L%d - %s:  ASN.1 object smaller than 2 octets",
+                                       level, name);
+               )
+               return FALSE;
+       }
 
-    if (*object->ptr != type)
-    {
-       DBG(DBG_PARSING,
-           DBG_log("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
-               level, name, type, *object->ptr);
-       )
-       return FALSE;
-    }
+       if (*object->ptr != type)
+       {
+               DBG(DBG_PARSING,
+                       DBG_log("L%d - %s: ASN1 tag 0x%02x expected, but is 0x%02x",
+                               level, name, type, *object->ptr);
+               )
+               return FALSE;
+       }
 
-    len = asn1_length(object);
+       len = asn1_length(object);
+
+       if (len == ASN1_INVALID_LENGTH || object->len < len)
+       {
+               DBG(DBG_PARSING,
+                       DBG_log("L%d - %s:  length of ASN.1 object invalid or too large",
+                                       level, name);
+               )
+               return FALSE;
+       }
 
-    if (len == ASN1_INVALID_LENGTH || object->len < len)
-    {
        DBG(DBG_PARSING,
-           DBG_log("L%d - %s:  length of ASN.1 object invalid or too large",
-                   level, name);
+               DBG_log("L%d - %s:", level, name);
        )
-       return FALSE;
-    }
-
-    DBG(DBG_PARSING,
-       DBG_log("L%d - %s:", level, name);
-    )
-    debug_asn1_simple_object(*object, type, DBG_RAW);
-    return TRUE;
+       debug_asn1_simple_object(*object, type, DBG_RAW);
+       return TRUE;
 }
 
 /*
@@ -757,34 +757,34 @@ parse_asn1_simple_object(chunk_t *object, asn1_t type, u_int level
 int
 parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters)
 {
-    asn1_ctx_t ctx;
-    chunk_t object;
-    u_int level;
-    int alg = OID_UNKNOWN;
-    int objectID = 0;
-
-    asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
-
-    while (objectID < ALGORITHM_ID_ROOF)
-    {
-       if (!extract_object(algorithmIdentifierObjects, &objectID, &object, &level, &ctx))
-            return alg;
-
-       switch (objectID)
-       {
-       case ALGORITHM_ID_ALG:
-           alg = asn1_known_oid(object);
-           break;
-       case ALGORITHM_ID_PARAMETERS:
-           if (parameters != NULL)
-               *parameters = object;
-           break;
-       default:
-           break;
+       asn1_ctx_t ctx;
+       chunk_t object;
+       u_int level;
+       int alg = OID_UNKNOWN;
+       int objectID = 0;
+
+       asn1_init(&ctx, blob, level0, FALSE, DBG_RAW);
+
+       while (objectID < ALGORITHM_ID_ROOF)
+       {
+               if (!extract_object(algorithmIdentifierObjects, &objectID, &object, &level, &ctx))
+                        return alg;
+
+               switch (objectID)
+               {
+               case ALGORITHM_ID_ALG:
+                       alg = asn1_known_oid(object);
+                       break;
+               case ALGORITHM_ID_PARAMETERS:
+                       if (parameters != NULL)
+                               *parameters = object;
+                       break;
+               default:
+                       break;
+               }
+               objectID++;
        }
-       objectID++;
-    }
-    return alg;
+       return alg;
  }
 
 /*
@@ -793,33 +793,33 @@ parse_algorithmIdentifier(chunk_t blob, int level0, chunk_t *parameters)
 bool
 is_asn1(chunk_t blob)
 {
-    u_int len;
-    u_char tag = *blob.ptr;
+       u_int len;
+       u_char tag = *blob.ptr;
 
-    if (tag != ASN1_SEQUENCE && tag != ASN1_SET)
-    {
-       DBG(DBG_PARSING,
-           DBG_log("  file content is not binary ASN.1");
-       )
-       return FALSE;
-    }
+       if (tag != ASN1_SEQUENCE && tag != ASN1_SET)
+       {
+               DBG(DBG_PARSING,
+                       DBG_log("  file content is not binary ASN.1");
+               )
+               return FALSE;
+       }
 
-    len = asn1_length(&blob);
-    /* exact match */
-    if (len == blob.len)
-    {
-       return TRUE;
-    }
+       len = asn1_length(&blob);
 
-    /* some websites append a surplus newline character to the blob */
-    if (len + 1 == blob.len && *(blob.ptr + len) == '\n')
-    {
-       return TRUE;
-    }
+       /* exact match */
+       if (len == blob.len)
+       {
+               return TRUE;
+       }
+
+       /* some websites append a surplus newline character to the blob */
+       if (len + 1 == blob.len && *(blob.ptr + len) == '\n')
+       {
+               return TRUE;
+       }
 
-    DBG(DBG_PARSING,
-       DBG_log("  file size does not match ASN.1 coded length");
-    )
-    return FALSE;
+       DBG(DBG_PARSING,
+               DBG_log("  file size does not match ASN.1 coded length");
+       )
+       return FALSE;
 }
index abbdf0f..cbc923b 100644 (file)
 /* Defines some primitive ASN1 types */
 
 typedef enum {
-    ASN1_EOC =                 0x00,
-    ASN1_BOOLEAN =             0x01,
-    ASN1_INTEGER =             0x02,
-    ASN1_BIT_STRING =          0x03,
-    ASN1_OCTET_STRING =        0x04,
-    ASN1_NULL =                0x05,
-    ASN1_OID =                 0x06,
-    ASN1_ENUMERATED =          0x0A,
-    ASN1_UTF8STRING =          0x0C,
-    ASN1_NUMERICSTRING =       0x12,
-    ASN1_PRINTABLESTRING =     0x13,
-    ASN1_T61STRING =           0x14,
-    ASN1_VIDEOTEXSTRING =      0x15,
-    ASN1_IA5STRING =           0x16,
-    ASN1_UTCTIME =             0x17,
-    ASN1_GENERALIZEDTIME =     0x18,
-    ASN1_GRAPHICSTRING =       0x19,
-    ASN1_VISIBLESTRING =       0x1A,
-    ASN1_GENERALSTRING =       0x1B,
-    ASN1_UNIVERSALSTRING =     0x1C,
-    ASN1_BMPSTRING =           0x1E,
-
-    ASN1_CONSTRUCTED =         0x20,
-
-    ASN1_SEQUENCE =            0x30,
-
-    ASN1_SET =                 0x31,
-
-    ASN1_CONTEXT_S_0 =         0x80,
-    ASN1_CONTEXT_S_1 =         0x81,
-    ASN1_CONTEXT_S_2 =         0x82,
-    ASN1_CONTEXT_S_3 =         0x83,
-    ASN1_CONTEXT_S_4 =         0x84,
-    ASN1_CONTEXT_S_5 =         0x85,
-    ASN1_CONTEXT_S_6 =         0x86,
-    ASN1_CONTEXT_S_7 =         0x87,
-    ASN1_CONTEXT_S_8 =         0x88,
-
-    ASN1_CONTEXT_C_0 =         0xA0,
-    ASN1_CONTEXT_C_1 =         0xA1,
-    ASN1_CONTEXT_C_2 =         0xA2,
-    ASN1_CONTEXT_C_3 =         0xA3,
-    ASN1_CONTEXT_C_4 =         0xA4,
-    ASN1_CONTEXT_C_5 =         0xA5
+       ASN1_EOC =                  0x00,
+       ASN1_BOOLEAN =              0x01,
+       ASN1_INTEGER =              0x02,
+       ASN1_BIT_STRING =           0x03,
+       ASN1_OCTET_STRING =         0x04,
+       ASN1_NULL =                 0x05,
+       ASN1_OID =                  0x06,
+       ASN1_ENUMERATED =           0x0A,
+       ASN1_UTF8STRING =           0x0C,
+       ASN1_NUMERICSTRING =        0x12,
+       ASN1_PRINTABLESTRING =      0x13,
+       ASN1_T61STRING =            0x14,
+       ASN1_VIDEOTEXSTRING =       0x15,
+       ASN1_IA5STRING =            0x16,
+       ASN1_UTCTIME =              0x17,
+       ASN1_GENERALIZEDTIME =      0x18,
+       ASN1_GRAPHICSTRING =        0x19,
+       ASN1_VISIBLESTRING =        0x1A,
+       ASN1_GENERALSTRING =        0x1B,
+       ASN1_UNIVERSALSTRING =      0x1C,
+       ASN1_BMPSTRING =            0x1E,
+
+       ASN1_CONSTRUCTED =          0x20,
+
+       ASN1_SEQUENCE =             0x30,
+
+       ASN1_SET =                  0x31,
+
+       ASN1_CONTEXT_S_0 =          0x80,
+       ASN1_CONTEXT_S_1 =          0x81,
+       ASN1_CONTEXT_S_2 =          0x82,
+       ASN1_CONTEXT_S_3 =          0x83,
+       ASN1_CONTEXT_S_4 =          0x84,
+       ASN1_CONTEXT_S_5 =          0x85,
+       ASN1_CONTEXT_S_6 =          0x86,
+       ASN1_CONTEXT_S_7 =          0x87,
+       ASN1_CONTEXT_S_8 =          0x88,
+
+       ASN1_CONTEXT_C_0 =          0xA0,
+       ASN1_CONTEXT_C_1 =          0xA1,
+       ASN1_CONTEXT_C_2 =          0xA2,
+       ASN1_CONTEXT_C_3 =          0xA3,
+       ASN1_CONTEXT_C_4 =          0xA4,
+       ASN1_CONTEXT_C_5 =          0xA5
 } asn1_t;
 
 /* Definition of ASN1 flags */
 
-#define ASN1_NONE      0x00
-#define ASN1_DEF       0x01
-#define ASN1_OPT       0x02
-#define ASN1_LOOP      0x04
-#define ASN1_END       0x08
-#define ASN1_OBJ       0x10
-#define ASN1_BODY      0x20
-#define ASN1_RAW       0x40
+#define ASN1_NONE       0x00
+#define ASN1_DEF        0x01
+#define ASN1_OPT        0x02
+#define ASN1_LOOP       0x04
+#define ASN1_END        0x08
+#define ASN1_OBJ        0x10
+#define ASN1_BODY       0x20
+#define ASN1_RAW        0x40
 
-#define ASN1_INVALID_LENGTH    0xffffffff
+#define ASN1_INVALID_LENGTH     0xffffffff
 
 /* definition of an ASN.1 object */
 
 typedef struct {
-    u_int   level;
-    const u_char  *name;
-    asn1_t  type;
-    u_char  flags;
+       u_int   level;
+       const u_char  *name;
+       asn1_t  type;
+       u_char  flags;
 } asn1Object_t;
 
-#define ASN1_MAX_LEVEL 10
+#define ASN1_MAX_LEVEL  10
 
 typedef struct {
-    bool  implicit;
-    u_int cond;
-    u_int level0;
-    u_int loopAddr[ASN1_MAX_LEVEL+1];
-    chunk_t  blobs[ASN1_MAX_LEVEL+2];
+       bool  implicit;
+       u_int cond;
+       u_int level0;
+       u_int loopAddr[ASN1_MAX_LEVEL+1];
+       chunk_t  blobs[ASN1_MAX_LEVEL+2];
 } asn1_ctx_t;
 
 /* some common prefabricated ASN.1 constants */
@@ -129,13 +129,13 @@ extern bool is_printablestring(chunk_t str);
 extern time_t asn1totime(const chunk_t *utctime, asn1_t type);
 extern chunk_t timetoasn1(const time_t *time, asn1_t type);
 extern void asn1_init(asn1_ctx_t *ctx, chunk_t blob
-    , u_int level0, bool implicit, u_int cond);
+       , u_int level0, bool implicit, u_int cond);
 extern bool extract_object(asn1Object_t const *objects
-    , u_int *objectID, chunk_t *object, u_int *level, asn1_ctx_t *ctx);
+       , u_int *objectID, chunk_t *object, u_int *level, asn1_ctx_t *ctx);
 extern bool parse_asn1_simple_object(chunk_t *object, asn1_t type, u_int level
-    , const char* name);
+       , const char* name);
 extern int parse_algorithmIdentifier(chunk_t blob, int level0
-    , chunk_t *parameters);
+       , chunk_t *parameters);
 extern bool is_asn1(chunk_t blob);
 
 #endif /* _ASN1_H */
index 72398a4..679d5fe 100644 (file)
 static x509cert_t *x509authcerts = NULL;
 
 const ca_info_t empty_ca_info = {
-      NULL       ,  /* next */
-      NULL       ,  /* name */
-    UNDEFINED_TIME,
-    { NULL, 0 }          ,  /* authName */
-    { NULL, 0 }          ,  /* authKeyID */
-    { NULL, 0 }          ,  /* authKey SerialNumber */
-      NULL       ,  /* ldaphost */
-      NULL       ,  /* ldapbase */
-      NULL       ,  /* ocspori */
-      NULL       ,  /* crluri */
-      FALSE         /* strictcrlpolicy */
+         NULL        ,  /* next */
+         NULL        ,  /* name */
+       UNDEFINED_TIME,
+       { NULL, 0 }   ,  /* authName */
+       { NULL, 0 }   ,  /* authKeyID */
+       { NULL, 0 }   ,  /* authKey SerialNumber */
+         NULL        ,  /* ldaphost */
+         NULL        ,  /* ldapbase */
+         NULL        ,  /* ocspori */
+         NULL        ,  /* crluri */
+         FALSE          /* strictcrlpolicy */
 };
 
 /* chained list of X.509 certification authority information records */
@@ -63,52 +63,52 @@ static ca_info_t *ca_infos = NULL;
 bool
 trusted_ca(chunk_t a, chunk_t b, int *pathlen)
 {
-    bool match = FALSE;
-
-    /* no CA b specified -> any CA a is accepted */
-    if (b.ptr == NULL)
-    {
-       *pathlen = (a.ptr == NULL)? 0 : MAX_CA_PATH_LEN;
-       return TRUE;
-    }
-
-    /* no CA a specified -> trust cannot be established */
-    if (a.ptr == NULL)
-    {
-       *pathlen = MAX_CA_PATH_LEN;
-       return FALSE;
-    }
+       bool match = FALSE;
+
+       /* no CA b specified -> any CA a is accepted */
+       if (b.ptr == NULL)
+       {
+               *pathlen = (a.ptr == NULL)? 0 : MAX_CA_PATH_LEN;
+               return TRUE;
+       }
+
+       /* no CA a specified -> trust cannot be established */
+       if (a.ptr == NULL)
+       {
+               *pathlen = MAX_CA_PATH_LEN;
+               return FALSE;
+       }
 
-    *pathlen = 0;
+       *pathlen = 0;
 
-    /* CA a equals CA b -> we have a match */
-    if (same_dn(a, b))
-       return TRUE;
+       /* CA a equals CA b -> we have a match */
+       if (same_dn(a, b))
+               return TRUE;
 
-    /* CA a might be a subordinate CA of b */
-    lock_authcert_list("trusted_ca");
+       /* CA a might be a subordinate CA of b */
+       lock_authcert_list("trusted_ca");
 
-    while ((*pathlen)++ < MAX_CA_PATH_LEN)
-    {
-       x509cert_t *cacert = get_authcert(a, chunk_empty, chunk_empty, AUTH_CA);
+       while ((*pathlen)++ < MAX_CA_PATH_LEN)
+       {
+               x509cert_t *cacert = get_authcert(a, chunk_empty, chunk_empty, AUTH_CA);
 
-       /* cacert not found or self-signed root cacert-> exit */
-       if (cacert == NULL || same_dn(cacert->issuer, a))
-           break;
+               /* cacert not found or self-signed root cacert-> exit */
+               if (cacert == NULL || same_dn(cacert->issuer, a))
+                       break;
 
-       /* does the issuer of CA a match CA b? */
-       match = same_dn(cacert->issuer, b);
+               /* does the issuer of CA a match CA b? */
+               match = same_dn(cacert->issuer, b);
 
-       /* we have a match and exit the loop */
-       if (match)
-           break;
+               /* we have a match and exit the loop */
+               if (match)
+                       break;
 
-       /* go one level up in the CA chain */
-       a = cacert->issuer;
-    }
-    
-    unlock_authcert_list("trusted_ca");
-    return match;
+               /* go one level up in the CA chain */
+               a = cacert->issuer;
+       }
+       
+       unlock_authcert_list("trusted_ca");
+       return match;
 }
 
 /*
@@ -117,36 +117,36 @@ trusted_ca(chunk_t a, chunk_t b, int *pathlen)
 bool
 match_requested_ca(generalName_t *requested_ca, chunk_t our_ca, int *our_pathlen)
 {
-    /* if no ca is requested than any ca will match */
-    if (requested_ca == NULL)
-    {
-       *our_pathlen = 0;
-       return TRUE;
-    }
-
-    *our_pathlen = MAX_CA_PATH_LEN + 1;
+       /* if no ca is requested than any ca will match */
+       if (requested_ca == NULL)
+       {
+               *our_pathlen = 0;
+               return TRUE;
+       }
 
-    while (requested_ca != NULL)
-    {
-       int pathlen;
+       *our_pathlen = MAX_CA_PATH_LEN + 1;
 
-       if (trusted_ca(our_ca, requested_ca->name, &pathlen)
-       && pathlen < *our_pathlen)
+       while (requested_ca != NULL)
        {
-           *our_pathlen = pathlen;
+               int pathlen;
+
+               if (trusted_ca(our_ca, requested_ca->name, &pathlen)
+               && pathlen < *our_pathlen)
+               {
+                       *our_pathlen = pathlen;
+               }
+               requested_ca = requested_ca->next;
        }
-       requested_ca = requested_ca->next;
-    }
 
-    if (*our_pathlen > MAX_CA_PATH_LEN)
-    {
-       *our_pathlen = MAX_CA_PATH_LEN;
-       return FALSE;
-    }
-    else
-    {
-       return TRUE;
-    }
+       if (*our_pathlen > MAX_CA_PATH_LEN)
+       {
+               *our_pathlen = MAX_CA_PATH_LEN;
+               return FALSE;
+       }
+       else
+       {
+               return TRUE;
+       }
 }
 
 /*
@@ -155,9 +155,9 @@ match_requested_ca(generalName_t *requested_ca, chunk_t our_ca, int *our_pathlen
 static void
 free_first_authcert(void)
 {
-    x509cert_t *first = x509authcerts;
-    x509authcerts = first->next;
-    free_x509cert(first);
+       x509cert_t *first = x509authcerts;
+       x509authcerts = first->next;
+       free_x509cert(first);
 }
 
 /*
@@ -166,12 +166,12 @@ free_first_authcert(void)
 void
 free_authcerts(void)
 {
-    lock_authcert_list("free_authcerts");
+       lock_authcert_list("free_authcerts");
 
-    while (x509authcerts != NULL)
-        free_first_authcert();
+       while (x509authcerts != NULL)
+               free_first_authcert();
 
-    unlock_authcert_list("free_authcerts");
+       unlock_authcert_list("free_authcerts");
 }
 
 /*
@@ -180,29 +180,29 @@ free_authcerts(void)
 x509cert_t*
 get_authcert(chunk_t subject, chunk_t serial, chunk_t keyid, u_char auth_flags)
 {
-    x509cert_t *cert = x509authcerts;
-    x509cert_t *prev_cert = NULL;
-
-    while (cert != NULL)
-    {
-       if (cert->authority_flags & auth_flags
-       && ((keyid.ptr != NULL) ? same_keyid(keyid, cert->subjectKeyID)
-           : (same_dn(subject, cert->subject)
-              && same_serial(serial, cert->serialNumber))))
+       x509cert_t *cert = x509authcerts;
+       x509cert_t *prev_cert = NULL;
+
+       while (cert != NULL)
        {
-           if (cert != x509authcerts)
-           {
-               /* bring the certificate up front */
-               prev_cert->next = cert->next;
-               cert->next = x509authcerts;
-               x509authcerts = cert;
-           }
-           return cert;
+               if (cert->authority_flags & auth_flags
+               && ((keyid.ptr != NULL) ? same_keyid(keyid, cert->subjectKeyID)
+                       : (same_dn(subject, cert->subject)
+                          && same_serial(serial, cert->serialNumber))))
+               {
+                       if (cert != x509authcerts)
+                       {
+                               /* bring the certificate up front */
+                               prev_cert->next = cert->next;
+                               cert->next = x509authcerts;
+                               x509authcerts = cert;
+                       }
+                       return cert;
+               }
+               prev_cert = cert;
+               cert = cert->next;
        }
-       prev_cert = cert;
-       cert = cert->next;
-    }
-    return NULL;
+       return NULL;
 }
 
 /*
@@ -211,49 +211,49 @@ get_authcert(chunk_t subject, chunk_t serial, chunk_t keyid, u_char auth_flags)
 x509cert_t*
 add_authcert(x509cert_t *cert, u_char auth_flags)
 {
-    x509cert_t *old_cert;
+       x509cert_t *old_cert;
 
-    /* set authority flags */
-    cert->authority_flags |= auth_flags;
+       /* set authority flags */
+       cert->authority_flags |= auth_flags;
 
-    lock_authcert_list("add_authcert");
+       lock_authcert_list("add_authcert");
 
-    old_cert = get_authcert(cert->subject, cert->serialNumber
-       , cert->subjectKeyID, auth_flags);
+       old_cert = get_authcert(cert->subject, cert->serialNumber
+               , cert->subjectKeyID, auth_flags);
 
-    if (old_cert != NULL)
-    {
-       if (same_x509cert(cert, old_cert))
+       if (old_cert != NULL)
        {
-           /* cert is already present, just add additional authority flags */
-           old_cert->authority_flags |= cert->authority_flags;
-           DBG(DBG_CONTROL | DBG_PARSING ,
-               DBG_log("  authcert is already present and identical")
-           )
-           unlock_authcert_list("add_authcert");
-
-           free_x509cert(cert);
-           return old_cert;
+               if (same_x509cert(cert, old_cert))
+               {
+                       /* cert is already present, just add additional authority flags */
+                       old_cert->authority_flags |= cert->authority_flags;
+                       DBG(DBG_CONTROL | DBG_PARSING ,
+                               DBG_log("  authcert is already present and identical")
+                       )
+                       unlock_authcert_list("add_authcert");
+
+                       free_x509cert(cert);
+                       return old_cert;
+               }
+               else
+               {
+                       /* cert is already present but will be replaced by new cert */
+                       free_first_authcert();
+                       DBG(DBG_CONTROL | DBG_PARSING ,
+                               DBG_log("  existing authcert deleted")
+                       )
+               }
        }
-       else
-       {
-           /* cert is already present but will be replaced by new cert */
-           free_first_authcert();
-           DBG(DBG_CONTROL | DBG_PARSING ,
-               DBG_log("  existing authcert deleted")
-           )
-       }
-    }
-
-    /* add new authcert to chained list */
-    cert->next = x509authcerts;
-    x509authcerts = cert;
-    share_x509cert(cert);  /* set count to one */
-    DBG(DBG_CONTROL | DBG_PARSING,
-       DBG_log("  authcert inserted")
-    )
-    unlock_authcert_list("add_authcert");
-    return cert;
+
+       /* add new authcert to chained list */
+       cert->next = x509authcerts;
+       x509authcerts = cert;
+       share_x509cert(cert);  /* set count to one */
+       DBG(DBG_CONTROL | DBG_PARSING,
+               DBG_log("  authcert inserted")
+       )
+       unlock_authcert_list("add_authcert");
+       return cert;
 }
 
 /*
@@ -262,41 +262,41 @@ add_authcert(x509cert_t *cert, u_char auth_flags)
 void
 load_authcerts(const char *type, const char *path, u_char auth_flags)
 {
-    struct dirent **filelist;
-    u_char buf[BUF_LEN];
-    u_char *save_dir;
-    int n;
-
-    /* change directory to specified path */
-    save_dir = getcwd(buf, BUF_LEN);
-
-    if (chdir(path))
-    {
-       plog("Could not change to directory '%s'", path);
-    }
-    else
-    {
-       plog("Changing to directory '%s'", path);
-       n = scandir(path, &filelist, file_select, alphasort);
-
-       if (n < 0)
-           plog("  scandir() error");
-       else
-       {
-           while (n--)
-           {
-               cert_t cert;
+       struct dirent **filelist;
+       u_char buf[BUF_LEN];
+       u_char *save_dir;
+       int n;
 
-               if (load_cert(filelist[n]->d_name, type, &cert))
-                   add_authcert(cert.u.x509, auth_flags);
+       /* change directory to specified path */
+       save_dir = getcwd(buf, BUF_LEN);
 
-               free(filelist[n]);
-           }
-           free(filelist);
+       if (chdir(path))
+       {
+               plog("Could not change to directory '%s'", path);
+       }
+       else
+       {
+               plog("Changing to directory '%s'", path);
+               n = scandir(path, &filelist, file_select, alphasort);
+
+               if (n < 0)
+                       plog("  scandir() error");
+               else
+               {
+                       while (n--)
+                       {
+                               cert_t cert;
+
+                               if (load_cert(filelist[n]->d_name, type, &cert))
+                                       add_authcert(cert.u.x509, auth_flags);
+
+                               free(filelist[n]);
+                       }
+                       free(filelist);
+               }
        }
-    }
-    /* restore directory path */
-    ignore_result(chdir(save_dir));
+       /* restore directory path */
+       ignore_result(chdir(save_dir));
 }
 
 /*
@@ -305,9 +305,9 @@ load_authcerts(const char *type, const char *path, u_char auth_flags)
 void
 list_authcerts(const char *caption, u_char auth_flags, bool utc)
 {
-    lock_authcert_list("list_authcerts");
-    list_x509cert_chain(caption, x509authcerts, auth_flags, utc);
-    unlock_authcert_list("list_authcerts");
+       lock_authcert_list("list_authcerts");
+       list_x509cert_chain(caption, x509authcerts, auth_flags, utc);
+       unlock_authcert_list("list_authcerts");
 }
 
 /*
@@ -315,19 +315,19 @@ list_authcerts(const char *caption, u_char auth_flags, bool utc)
  */
 static const x509cert_t*
 get_alt_cacert(chunk_t subject, chunk_t serial, chunk_t keyid
-    , const x509cert_t *cert)
+       , const x509cert_t *cert)
 {
-    while (cert != NULL)
-    {
-       if ((keyid.ptr != NULL) ? same_keyid(keyid, cert->subjectKeyID)
-           : (same_dn(subject, cert->subject)
-              && same_serial(serial, cert->serialNumber)))
+       while (cert != NULL)
        {
-           return cert;
+               if ((keyid.ptr != NULL) ? same_keyid(keyid, cert->subjectKeyID)
+                       : (same_dn(subject, cert->subject)
+                          && same_serial(serial, cert->serialNumber)))
+               {
+                       return cert;
+               }
+               cert = cert->next;
        }
-       cert = cert->next;
-    }
-    return NULL;
+       return NULL;
 }
 
 /* establish trust into a candidate authcert by going up the trust chain.
@@ -336,85 +336,85 @@ get_alt_cacert(chunk_t subject, chunk_t serial, chunk_t keyid
 bool
 trust_authcert_candidate(const x509cert_t *cert, const x509cert_t *alt_chain)
 {
-    int pathlen;
-
-    lock_authcert_list("trust_authcert_candidate");
-
-    for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++)
-    {
-       const x509cert_t *authcert = NULL;
-       u_char buf[BUF_LEN];
-
-       DBG(DBG_CONTROL,
-           dntoa(buf, BUF_LEN, cert->subject);
-           DBG_log("subject: '%s'",buf);
-           dntoa(buf, BUF_LEN, cert->issuer);
-           DBG_log("issuer:  '%s'",buf);
-           if (cert->authKeyID.ptr != NULL)
-           {
-               datatot(cert->authKeyID.ptr, cert->authKeyID.len, ':'
-                   , buf, BUF_LEN);
-               DBG_log("authkey:  %s", buf);
-           }
-       )
+       int pathlen;
 
-       /* search in alternative chain first */
-       authcert = get_alt_cacert(cert->issuer, cert->authKeySerialNumber
-           , cert->authKeyID, alt_chain);
+       lock_authcert_list("trust_authcert_candidate");
 
-       if (authcert != NULL)
+       for (pathlen = 0; pathlen < MAX_CA_PATH_LEN; pathlen++)
        {
-           DBG(DBG_CONTROL,
-               DBG_log("issuer cacert found in alternative chain")
-           )
-       }
-       else
-       {
-           /* search in trusted chain */
-           authcert = get_authcert(cert->issuer, cert->authKeySerialNumber
-               , cert->authKeyID, AUTH_CA);
+               const x509cert_t *authcert = NULL;
+               u_char buf[BUF_LEN];
 
-           if (authcert != NULL)
-           {
                DBG(DBG_CONTROL,
-                   DBG_log("issuer cacert found")
+                       dntoa(buf, BUF_LEN, cert->subject);
+                       DBG_log("subject: '%s'",buf);
+                       dntoa(buf, BUF_LEN, cert->issuer);
+                       DBG_log("issuer:  '%s'",buf);
+                       if (cert->authKeyID.ptr != NULL)
+                       {
+                               datatot(cert->authKeyID.ptr, cert->authKeyID.len, ':'
+                                       , buf, BUF_LEN);
+                               DBG_log("authkey:  %s", buf);
+                       }
                )
-           }
-           else
-           {
-               plog("issuer cacert not found");
-               unlock_authcert_list("trust_authcert_candidate");
-               return FALSE;
-           }
-       }
 
-       if (!check_signature(cert->tbsCertificate, cert->signature
-                          , cert->algorithm, cert->algorithm, authcert))
-       {
-           plog("certificate signature is invalid");
-           unlock_authcert_list("trust_authcert_candidate");
-           return FALSE;
-       }
-       DBG(DBG_CONTROL,
-           DBG_log("certificate signature is valid")
-       )
+               /* search in alternative chain first */
+               authcert = get_alt_cacert(cert->issuer, cert->authKeySerialNumber
+                       , cert->authKeyID, alt_chain);
+
+               if (authcert != NULL)
+               {
+                       DBG(DBG_CONTROL,
+                               DBG_log("issuer cacert found in alternative chain")
+                       )
+               }
+               else
+               {
+                       /* search in trusted chain */
+                       authcert = get_authcert(cert->issuer, cert->authKeySerialNumber
+                               , cert->authKeyID, AUTH_CA);
+
+                       if (authcert != NULL)
+                       {
+                               DBG(DBG_CONTROL,
+                                       DBG_log("issuer cacert found")
+                               )
+                       }
+                       else
+                       {
+                               plog("issuer cacert not found");
+                               unlock_authcert_list("trust_authcert_candidate");
+                               return FALSE;
+                       }
+               }
+
+               if (!check_signature(cert->tbsCertificate, cert->signature
+                                                  , cert->algorithm, cert->algorithm, authcert))
+               {
+                       plog("certificate signature is invalid");
+                       unlock_authcert_list("trust_authcert_candidate");
+                       return FALSE;
+               }
+               DBG(DBG_CONTROL,
+                       DBG_log("certificate signature is valid")
+               )
 
-       /* check if cert is a self-signed root ca */
-       if (pathlen > 0 && same_dn(cert->issuer, cert->subject))
-       {
-           DBG(DBG_CONTROL,
-               DBG_log("reached self-signed root ca")
-           )
-           unlock_authcert_list("trust_authcert_candidate");
-           return TRUE;
+               /* check if cert is a self-signed root ca */
+               if (pathlen > 0 && same_dn(cert->issuer, cert->subject))
+               {
+                       DBG(DBG_CONTROL,
+                               DBG_log("reached self-signed root ca")
+                       )
+                       unlock_authcert_list("trust_authcert_candidate");
+                       return TRUE;
+               }
+
+               /* go up one step in the trust chain */
+               cert = authcert;
        }
-
-       /* go up one step in the trust chain */
-       cert = authcert;
-    }
-    plog("maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN);
-    unlock_authcert_list("trust_authcert_candidate");
-    return FALSE;
+       plog("maximum ca path length of %d levels exceeded", MAX_CA_PATH_LEN);
+       unlock_authcert_list("trust_authcert_candidate");
+       return FALSE;
 }
 
 /*
@@ -423,19 +423,19 @@ trust_authcert_candidate(const x509cert_t *cert, const x509cert_t *alt_chain)
 ca_info_t*
 get_ca_info(chunk_t authname, chunk_t serial, chunk_t keyid)
 {
-    ca_info_t *ca= ca_infos;
+       ca_info_t *ca= ca_infos;
 
-    while (ca!= NULL)
-    {
-       if ((keyid.ptr != NULL) ? same_keyid(keyid, ca->authKeyID)
-           : (same_dn(authname, ca->authName)
-              && same_serial(serial, ca->authKeySerialNumber)))
+       while (ca!= NULL)
        {
-           return ca;
+               if ((keyid.ptr != NULL) ? same_keyid(keyid, ca->authKeyID)
+                       : (same_dn(authname, ca->authName)
+                          && same_serial(serial, ca->authKeySerialNumber)))
+               {
+                       return ca;
+               }
+               ca = ca->next;
        }
-       ca = ca->next;
-    }
-    return NULL;
+       return NULL;
 }
 
 
@@ -445,18 +445,18 @@ get_ca_info(chunk_t authname, chunk_t serial, chunk_t keyid)
 static void
 free_ca_info(ca_info_t* ca_info)
 {
-    if (ca_info == NULL)
-       return;
-
-    free(ca_info->name);
-    free(ca_info->ldaphost);
-    free(ca_info->ldapbase);
-    free(ca_info->ocspuri);
-    free(ca_info->authName.ptr);
-    free(ca_info->authKeyID.ptr);
-    free(ca_info->authKeySerialNumber.ptr);
-    free_generalNames(ca_info->crluri, TRUE);
-    free(ca_info);
+       if (ca_info == NULL)
+               return;
+
+       free(ca_info->name);
+       free(ca_info->ldaphost);
+       free(ca_info->ldapbase);
+       free(ca_info->ocspuri);
+       free(ca_info->authName.ptr);
+       free(ca_info->authKeyID.ptr);
+       free(ca_info->authKeySerialNumber.ptr);
+       free_generalNames(ca_info->crluri, TRUE);
+       free(ca_info);
 }
 
 /*
@@ -465,13 +465,13 @@ free_ca_info(ca_info_t* ca_info)
 void
 free_ca_infos(void)
 {
-    while (ca_infos != NULL)
-    {
-       ca_info_t *ca = ca_infos;
+       while (ca_infos != NULL)
+       {
+               ca_info_t *ca = ca_infos;
 
-       ca_infos = ca_infos->next;
-       free_ca_info(ca);
-    }
+               ca_infos = ca_infos->next;
+               free_ca_info(ca);
+       }
 }
 
 /*
@@ -480,28 +480,28 @@ free_ca_infos(void)
 bool
 find_ca_info_by_name(const char *name, bool delete)
 {
-    ca_info_t **ca_p = &ca_infos;
-    ca_info_t *ca = *ca_p;
+       ca_info_t **ca_p = &ca_infos;
+       ca_info_t *ca = *ca_p;
 
-    while (ca != NULL)
-    {
-       /* is there already an entry? */
-       if (streq(name, ca->name))
+       while (ca != NULL)
        {
-           if (delete)
-           {
-               lock_ca_info_list("find_ca_info_by_name");
-               *ca_p = ca->next;
-