Skip to content
Permalink
Browse files
Whitespace cleanups
Remove trailing blanks; put whitespace around operators as
appropriate.

Signed-off-by: Nick Andrew <nick@nick-andrew.net>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
  • Loading branch information
nickandrew authored and David Woodhouse committed Apr 9, 2009
1 parent 7b9dfa8 commit 222d1451221c96a2f683abe92aab72b2589f89ae
Showing with 115 additions and 112 deletions.
  1. +1 −1 COPYING.LGPL
  2. +1 −1 README.SecurID
  3. +14 −14 cstp.c
  4. +15 −15 dtls.c
  5. +22 −21 http.c
  6. +9 −7 main.c
  7. +2 −2 mainloop.c
  8. +26 −26 nm-auth-dialog.c
  9. +1 −1 openconnect.h
  10. +11 −11 ssl.c
  11. +9 −9 tun.c
  12. +1 −1 version.sh
  13. +3 −3 xml.c
@@ -146,7 +146,7 @@ such a program is covered only if its contents constitute a work based
on the Library (independent of the use of the Library in a tool for
writing it). Whether that is true depends on what the Library does
and what the program that uses the Library does.

1. You may copy and distribute verbatim copies of the Library's
complete source code as you receive it, in any medium, provided that
you conspicuously and appropriately publish on each copy an
@@ -28,7 +28,7 @@ shouldn't be particularly hard. We already know how the 64-bit tokens
work: http://seclists.org/bugtraq/2000/Dec/0459.html

For the 128-bit tokens, they just use a standard AES algorithm instead
of their own 'speshul' hash. A basic description of it can be found at
of their own 'speshul' hash. A basic description of it can be found at
http://www.velocityreviews.com/forums/t367596-aes-securid-token.html

If we just work out how the input bits are fed into the hash, and work
28 cstp.c
@@ -35,7 +35,7 @@

/*
* Data packets are encapsulated in the SSL stream as follows:
*
*
* 0000: Magic "STF\x1"
* 0004: Big-endian 16-bit length (not including 8-byte header)
* 0006: Byte packet type (see openconnect.h)
@@ -109,7 +109,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
if (!retried) {
retried = 1;
openconnect_close_https(vpninfo);

if (openconnect_open_https(vpninfo)) {
vpninfo->progress(vpninfo, PRG_ERR,
"Failed to open HTTPS connection to %s\n",
@@ -125,7 +125,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
if (!strncmp(buf, "HTTP/1.1 503 ", 13)) {
/* "Service Unavailable. Why? */
char *reason = "<unknown>";
while ((i=openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) {
while ((i = openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) {
if (!strncmp(buf, "X-Reason: ", 10)) {
reason = buf + 10;
break;
@@ -135,7 +135,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
reason);
return -EINVAL;
}
vpninfo->progress(vpninfo, PRG_ERR,
vpninfo->progress(vpninfo, PRG_ERR,
"Got inappropriate HTTP CONNECT response: %s\n",
buf);
if (!strncmp(buf, "HTTP/1.1 401 ", 13))
@@ -149,7 +149,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
/* We may have advertised it, but we only do it if the server agrees */
vpninfo->deflate = 0;

while ((i=openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) {
while ((i = openconnect_SSL_gets(vpninfo->https_ssl, buf, sizeof(buf)))) {
struct vpn_option *new_option;
char *colon = strchr(buf, ':');
if (!colon)
@@ -198,7 +198,7 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
if (!strcmp(colon, "deflate"))
vpninfo->deflate = 1;
else {
vpninfo->progress(vpninfo, PRG_ERR,
vpninfo->progress(vpninfo, PRG_ERR,
"Unknown CSTP-Content-Encoding %s\n",
colon);
return -EINVAL;
@@ -275,8 +275,8 @@ static int start_cstp_connection(struct openconnect_info *vpninfo)
vpninfo->progress(vpninfo, PRG_INFO, "CSTP connected. DPD %d, Keepalive %d\n",
vpninfo->ssl_times.dpd, vpninfo->ssl_times.keepalive);

BIO_set_nbio(SSL_get_rbio(vpninfo->https_ssl),1);
BIO_set_nbio(SSL_get_wbio(vpninfo->https_ssl),1);
BIO_set_nbio(SSL_get_rbio(vpninfo->https_ssl), 1);
BIO_set_nbio(SSL_get_wbio(vpninfo->https_ssl), 1);

fcntl(vpninfo->ssl_fd, F_SETFL, fcntl(vpninfo->ssl_fd, F_GETFL) | O_NONBLOCK);
if (vpninfo->select_nfds <= vpninfo->ssl_fd)
@@ -294,7 +294,7 @@ int make_cstp_connection(struct openconnect_info *vpninfo)
{
int ret;

if (!vpninfo->https_ssl && (ret=openconnect_open_https(vpninfo)))
if (!vpninfo->https_ssl && (ret = openconnect_open_https(vpninfo)))
return ret;

if (vpninfo->deflate) {
@@ -328,7 +328,7 @@ static int cstp_reconnect(struct openconnect_info *vpninfo)
int ret;
int timeout;
int interval;

timeout = vpninfo->reconnect_timeout;
interval = vpninfo->reconnect_interval;

@@ -377,7 +377,7 @@ static int inflate_and_queue_packet(struct openconnect_info *vpninfo, int type,
vpninfo->inflate_adler32 = adler32(vpninfo->inflate_adler32,
new->data, new->len);

if (vpninfo->inflate_adler32 != ntohl( *(uint32_t *)(buf + len - 4))) {
if (vpninfo->inflate_adler32 != ntohl( *(uint32_t *) (buf + len - 4) )) {
vpninfo->quit_reason = "Compression (inflate) adler32 failure";
}

@@ -484,7 +484,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout)


/* If SSL_write() fails we are expected to try again. With exactly
the same data, at exactly the same location. So we keep the
the same data, at exactly the same location. So we keep the
packet we had before.... */
if (vpninfo->current_ssl_pkt) {
handle_outgoing:
@@ -548,7 +548,7 @@ int cstp_mainloop(struct openconnect_info *vpninfo, int *timeout)
vpninfo->progress(vpninfo, PRG_ERR, "CSTP Dead Peer Detection detected dead peer!\n");
openconnect_close_https(vpninfo);

/* It's already deflated in the old stream. Extremely
/* It's already deflated in the old stream. Extremely
non-trivial to reconstitute it; just throw it away */
if (vpninfo->current_ssl_pkt == vpninfo->deflate_pkt)
vpninfo->current_ssl_pkt = NULL;
@@ -657,7 +657,7 @@ int cstp_bye(struct openconnect_info *vpninfo, char *reason)
bye_pkt = malloc(reason_len + 8);
if (!bye_pkt)
return -ENOMEM;

memcpy(bye_pkt, data_hdr, 8);
memcpy(bye_pkt + 8, reason, reason_len);

30 dtls.c
@@ -51,7 +51,7 @@ int RAND_pseudo_bytes(char *buf, int len)
memset(buf, 0x5a, len);
printf("FAKE PSEUDO RANDOM!\n");
return 1;

}
int RAND_bytes(char *buf, int len)
{
@@ -73,8 +73,8 @@ int RAND_bytes(char *buf, int len)
* was in OpenSSL 0.9.8e -- it includes backports of some later
* OpenSSL patches.
*
* The openssl/ directory of this source tree should contain both a
* small patch against OpenSSL 0.9.8e to make it support Cisco's
* The openssl/ directory of this source tree should contain both a
* small patch against OpenSSL 0.9.8e to make it support Cisco's
* snapshot of the protocol, and a larger patch against newer OpenSSL
* which gives us an option to use the old protocol again.
*
@@ -86,7 +86,7 @@ int RAND_bytes(char *buf, int len)
* number when calculating the MAC, the server still seems to be ignoring
* my subsequent data packets. So we use the old protocol, which is what
* their clients use anyway.
*/
*/

static unsigned char nybble(unsigned char n)
{
@@ -114,15 +114,15 @@ int connect_dtls_socket(struct openconnect_info *vpninfo)
perror("Open UDP socket for DTLS:");
return -EINVAL;
}

if (connect(dtls_fd, vpninfo->peer_addr, vpninfo->peer_addrlen)) {
perror("UDP (DTLS) connect:\n");
close(dtls_fd);
return -EINVAL;
}

fcntl(dtls_fd, F_SETFD, FD_CLOEXEC);

https_cipher = SSL_get_current_cipher(vpninfo->https_ssl);

if (!vpninfo->dtls_ctx) {
@@ -144,7 +144,7 @@ int connect_dtls_socket(struct openconnect_info *vpninfo)
if (!vpninfo->dtls_session) {
vpninfo->progress(vpninfo, PRG_ERR, "Initialise DTLSv1 session failed\n");
return -EINVAL;
}
}
vpninfo->dtls_session->ssl_version = 0x0100; // DTLS1_BAD_VER

vpninfo->dtls_session->master_key_length = sizeof(vpninfo->dtls_secret);
@@ -185,14 +185,14 @@ int connect_dtls_socket(struct openconnect_info *vpninfo)
SSL_set_options(dtls_ssl, SSL_OP_CISCO_ANYCONNECT);

/* Set non-blocking */
BIO_set_nbio(SSL_get_rbio(dtls_ssl),1);
BIO_set_nbio(SSL_get_wbio(dtls_ssl),1);
BIO_set_nbio(SSL_get_rbio(dtls_ssl), 1);
BIO_set_nbio(SSL_get_wbio(dtls_ssl), 1);

fcntl(dtls_fd, F_SETFL, fcntl(dtls_fd, F_GETFL) | O_NONBLOCK);

vpninfo->new_dtls_fd = dtls_fd;
vpninfo->new_dtls_ssl = dtls_ssl;

if (vpninfo->select_nfds <= dtls_fd)
vpninfo->select_nfds = dtls_fd + 1;

@@ -311,7 +311,7 @@ int setup_dtls(struct openconnect_info *vpninfo)
} else if (!strcmp(dtls_opt->option + 7, "Rekey-Time")) {
vpninfo->dtls_times.rekey = atol(dtls_opt->value);
}

dtls_opt = dtls_opt->next;
}
if (!sessid_found || !dtls_port)
@@ -329,7 +329,7 @@ int setup_dtls(struct openconnect_info *vpninfo)
return -EINVAL;
}


if (connect_dtls_socket(vpninfo))
return -EINVAL;

@@ -383,7 +383,7 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
"Unknown DTLS packet type %02x, len %d\n", buf[0], len);
if (1) {
/* Some versions of OpenSSL have bugs with receiving out-of-order
* packets. Not only do they wrongly decide to drop packets if
* packets. Not only do they wrongly decide to drop packets if
* two packets get swapped in transit, but they also _fail_ to
* drop the packet in non-blocking mode; instead they return
* the appropriate length of garbage. So don't abort... for now. */
@@ -452,15 +452,15 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)

/* One byte of header */
this->hdr[7] = AC_PKT_DATA;

ret = SSL_write(vpninfo->dtls_ssl, &this->hdr[7], this->len + 1);
if (ret <= 0) {
ret = SSL_get_error(vpninfo->dtls_ssl, ret);

/* If it's a real error, kill the DTLS connection and
requeue the packet to be sent over SSL */
if (ret != SSL_ERROR_WANT_READ && ret != SSL_ERROR_WANT_WRITE) {
vpninfo->progress(vpninfo, PRG_ERR,
vpninfo->progress(vpninfo, PRG_ERR,
"DTLS got write error %d. Falling back to SSL\n", ret);
ERR_print_errors_fp(stderr);
dtls_restart(vpninfo);

0 comments on commit 222d145

Please sign in to comment.