diff options
| author | deraadt <> | 2017-03-27 23:59:08 +0000 |
|---|---|---|
| committer | deraadt <> | 2017-03-27 23:59:08 +0000 |
| commit | 96b98dd5daa1ee031a31498ad339b94ff699a0bb (patch) | |
| tree | bd5ce8728caffc5c41de70f256ba77f45f703a2e | |
| parent | f1eb8de2723639aca0b0ee12614678932d45296b (diff) | |
| download | openbsd-96b98dd5daa1ee031a31498ad339b94ff699a0bb.tar.gz openbsd-96b98dd5daa1ee031a31498ad339b94ff699a0bb.tar.bz2 openbsd-96b98dd5daa1ee031a31498ad339b94ff699a0bb.zip | |
repair knf & whitespace that jumped out of the screen during review
ok beck
| -rw-r--r-- | src/usr.sbin/ocspcheck/ocspcheck.c | 41 |
1 files changed, 18 insertions, 23 deletions
diff --git a/src/usr.sbin/ocspcheck/ocspcheck.c b/src/usr.sbin/ocspcheck/ocspcheck.c index 3917515f64..a923024055 100644 --- a/src/usr.sbin/ocspcheck/ocspcheck.c +++ b/src/usr.sbin/ocspcheck/ocspcheck.c | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | /* $OpenBSD: ocspcheck.c,v 1.19 2017/03/27 18:26:53 beck Exp $ */ | 1 | /* $OpenBSD: ocspcheck.c,v 1.20 2017/03/27 23:59:08 deraadt Exp $ */ |
| 2 | |||
| 2 | /* | 3 | /* |
| 3 | * Copyright (c) 2017 Bob Beck <beck@openbsd.org> | 4 | * Copyright (c) 2017 Bob Beck <beck@openbsd.org> |
| 4 | * | 5 | * |
| @@ -42,7 +43,7 @@ | |||
| 42 | 43 | ||
| 43 | typedef struct ocsp_request { | 44 | typedef struct ocsp_request { |
| 44 | STACK_OF(X509) *fullchain; | 45 | STACK_OF(X509) *fullchain; |
| 45 | OCSP_REQUEST * req; | 46 | OCSP_REQUEST *req; |
| 46 | char *url; | 47 | char *url; |
| 47 | unsigned char *data; | 48 | unsigned char *data; |
| 48 | size_t size; | 49 | size_t size; |
| @@ -73,7 +74,6 @@ host_dns(const char *s, struct addr vec[MAX_SERVERS_DNS]) | |||
| 73 | memset(&hints, 0, sizeof(hints)); | 74 | memset(&hints, 0, sizeof(hints)); |
| 74 | hints.ai_family = PF_UNSPEC; | 75 | hints.ai_family = PF_UNSPEC; |
| 75 | hints.ai_socktype = SOCK_DGRAM; /* DUMMY */ | 76 | hints.ai_socktype = SOCK_DGRAM; /* DUMMY */ |
| 76 | /* ntpd MUST NOT use AI_ADDRCONFIG here */ | ||
| 77 | 77 | ||
| 78 | error = getaddrinfo(s, NULL, &hints, &res0); | 78 | error = getaddrinfo(s, NULL, &hints, &res0); |
| 79 | 79 | ||
| @@ -82,12 +82,11 @@ host_dns(const char *s, struct addr vec[MAX_SERVERS_DNS]) | |||
| 82 | error == EAI_NODATA || | 82 | error == EAI_NODATA || |
| 83 | #endif | 83 | #endif |
| 84 | error == EAI_NONAME) | 84 | error == EAI_NONAME) |
| 85 | return(0); | 85 | return 0; |
| 86 | 86 | ||
| 87 | if (error) { | 87 | if (error) { |
| 88 | warnx("%s: parse error: %s", | 88 | warnx("%s: parse error: %s", s, gai_strerror(error)); |
| 89 | s, gai_strerror(error)); | 89 | return -1; |
| 90 | return(-1); | ||
| 91 | } | 90 | } |
| 92 | 91 | ||
| 93 | for (vecsz = 0, res = res0; | 92 | for (vecsz = 0, res = res0; |
| @@ -117,7 +116,7 @@ host_dns(const char *s, struct addr vec[MAX_SERVERS_DNS]) | |||
| 117 | } | 116 | } |
| 118 | 117 | ||
| 119 | freeaddrinfo(res0); | 118 | freeaddrinfo(res0); |
| 120 | return(vecsz); | 119 | return vecsz; |
| 121 | } | 120 | } |
| 122 | 121 | ||
| 123 | /* | 122 | /* |
| @@ -253,7 +252,7 @@ read_fullchain(const char *file, int *count) | |||
| 253 | for (i = 0; i < sk_X509_INFO_num(xis); i++) { | 252 | for (i = 0; i < sk_X509_INFO_num(xis); i++) { |
| 254 | xi = sk_X509_INFO_value(xis, i); | 253 | xi = sk_X509_INFO_value(xis, i); |
| 255 | if (xi->x509 == NULL) | 254 | if (xi->x509 == NULL) |
| 256 | continue; | 255 | continue; |
| 257 | if (!sk_X509_push(rv, xi->x509)) { | 256 | if (!sk_X509_push(rv, xi->x509)) { |
| 258 | warnx("unable to build x509 chain"); | 257 | warnx("unable to build x509 chain"); |
| 259 | sk_X509_pop_free(rv, X509_free); | 258 | sk_X509_pop_free(rv, X509_free); |
| @@ -315,8 +314,7 @@ ocsp_request_new_from_cert(char *file, int nonce) | |||
| 315 | if (request->fullchain == NULL) | 314 | if (request->fullchain == NULL) |
| 316 | return NULL; | 315 | return NULL; |
| 317 | if (count <= 1) { | 316 | if (count <= 1) { |
| 318 | warnx("File %s does not contain a cert chain", | 317 | warnx("File %s does not contain a cert chain", file); |
| 319 | file); | ||
| 320 | return NULL; | 318 | return NULL; |
| 321 | } | 319 | } |
| 322 | if ((cert = cert_from_chain(request->fullchain)) == NULL) { | 320 | if ((cert = cert_from_chain(request->fullchain)) == NULL) { |
| @@ -340,7 +338,7 @@ ocsp_request_new_from_cert(char *file, int nonce) | |||
| 340 | cert_id_md = EVP_sha1(); /* XXX. This sucks but OCSP is poopy */ | 338 | cert_id_md = EVP_sha1(); /* XXX. This sucks but OCSP is poopy */ |
| 341 | if ((id = OCSP_cert_to_id(cert_id_md, cert, issuer)) == NULL) { | 339 | if ((id = OCSP_cert_to_id(cert_id_md, cert, issuer)) == NULL) { |
| 342 | warnx("Unable to get certificate id from cert in %s", file); | 340 | warnx("Unable to get certificate id from cert in %s", file); |
| 343 | return NULL; | 341 | return NULL; |
| 344 | } | 342 | } |
| 345 | if (OCSP_request_add0_id(request->req, id) == NULL) { | 343 | if (OCSP_request_add0_id(request->req, id) == NULL) { |
| 346 | warnx("Unable to add certificate id to request"); | 344 | warnx("Unable to add certificate id to request"); |
| @@ -360,7 +358,7 @@ ocsp_request_new_from_cert(char *file, int nonce) | |||
| 360 | warnx("Unable to allocte memory"); | 358 | warnx("Unable to allocte memory"); |
| 361 | return NULL; | 359 | return NULL; |
| 362 | } | 360 | } |
| 363 | return(request); | 361 | return (request); |
| 364 | } | 362 | } |
| 365 | 363 | ||
| 366 | 364 | ||
| @@ -382,13 +380,12 @@ validate_response(char *buf, size_t size, ocsp_request *request, | |||
| 382 | return 0; | 380 | return 0; |
| 383 | } | 381 | } |
| 384 | if ((issuer = issuer_from_chain(request->fullchain)) == NULL) { | 382 | if ((issuer = issuer_from_chain(request->fullchain)) == NULL) { |
| 385 | warnx("Unable to find certificate issuer for cert in %s", | 383 | warnx("Unable to find certificate issuer for cert in %s", file); |
| 386 | file); | ||
| 387 | return 0; | 384 | return 0; |
| 388 | } | 385 | } |
| 389 | if ((cid = OCSP_cert_to_id(NULL, cert, issuer)) == NULL) { | 386 | if ((cid = OCSP_cert_to_id(NULL, cert, issuer)) == NULL) { |
| 390 | warnx("Unable to get issuer cert/CID in %s", file); | 387 | warnx("Unable to get issuer cert/CID in %s", file); |
| 391 | return(0); | 388 | return 0; |
| 392 | } | 389 | } |
| 393 | 390 | ||
| 394 | if ((resp = d2i_OCSP_RESPONSE(NULL, p, size)) == NULL) { | 391 | if ((resp = d2i_OCSP_RESPONSE(NULL, p, size)) == NULL) { |
| @@ -398,7 +395,7 @@ validate_response(char *buf, size_t size, ocsp_request *request, | |||
| 398 | 395 | ||
| 399 | if ((bresp = OCSP_response_get1_basic(resp)) == NULL) { | 396 | if ((bresp = OCSP_response_get1_basic(resp)) == NULL) { |
| 400 | warnx("Failed to load OCSP response from %s", host); | 397 | warnx("Failed to load OCSP response from %s", host); |
| 401 | return(0); | 398 | return 0; |
| 402 | } | 399 | } |
| 403 | 400 | ||
| 404 | if (OCSP_basic_verify(bresp, request->fullchain, store, | 401 | if (OCSP_basic_verify(bresp, request->fullchain, store, |
| @@ -412,7 +409,7 @@ validate_response(char *buf, size_t size, ocsp_request *request, | |||
| 412 | if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) { | 409 | if (status != OCSP_RESPONSE_STATUS_SUCCESSFUL) { |
| 413 | warnx("OCSP Failure: code %d (%s) from host %s", | 410 | warnx("OCSP Failure: code %d (%s) from host %s", |
| 414 | status, OCSP_response_status_str(status), host); | 411 | status, OCSP_response_status_str(status), host); |
| 415 | return(0); | 412 | return 0; |
| 416 | } | 413 | } |
| 417 | dspew("OCSP response status %d from host %s\n", status, host); | 414 | dspew("OCSP response status %d from host %s\n", status, host); |
| 418 | 415 | ||
| @@ -551,8 +548,7 @@ main(int argc, char **argv) | |||
| 551 | staplefd = open(outfile, O_WRONLY|O_CREAT, | 548 | staplefd = open(outfile, O_WRONLY|O_CREAT, |
| 552 | S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH); | 549 | S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH); |
| 553 | if (staplefd < 0) | 550 | if (staplefd < 0) |
| 554 | err(1, "Unable to open output file %s", | 551 | err(1, "Unable to open output file %s", outfile); |
| 555 | outfile); | ||
| 556 | } | 552 | } |
| 557 | 553 | ||
| 558 | if (pledge("stdio inet rpath dns", NULL) == -1) | 554 | if (pledge("stdio inet rpath dns", NULL) == -1) |
| @@ -598,7 +594,6 @@ main(int argc, char **argv) | |||
| 598 | * routines and parsing untrusted input from someone's OCSP | 594 | * routines and parsing untrusted input from someone's OCSP |
| 599 | * server. | 595 | * server. |
| 600 | */ | 596 | */ |
| 601 | |||
| 602 | if (pledge("stdio", NULL) == -1) | 597 | if (pledge("stdio", NULL) == -1) |
| 603 | err(1, "pledge"); | 598 | err(1, "pledge"); |
| 604 | 599 | ||
| @@ -618,7 +613,7 @@ main(int argc, char **argv) | |||
| 618 | */ | 613 | */ |
| 619 | OPENSSL_add_all_algorithms_noconf(); | 614 | OPENSSL_add_all_algorithms_noconf(); |
| 620 | if (!validate_response(hget->bodypart, hget->bodypartsz, | 615 | if (!validate_response(hget->bodypart, hget->bodypartsz, |
| 621 | request, castore, host, certfile)) | 616 | request, castore, host, certfile)) |
| 622 | exit(1); | 617 | exit(1); |
| 623 | 618 | ||
| 624 | /* | 619 | /* |
| @@ -627,7 +622,7 @@ main(int argc, char **argv) | |||
| 627 | */ | 622 | */ |
| 628 | if (staplefd >= 0) { | 623 | if (staplefd >= 0) { |
| 629 | (void) ftruncate(staplefd, 0); | 624 | (void) ftruncate(staplefd, 0); |
| 630 | w = 0 ; | 625 | w = 0; |
| 631 | written = 0; | 626 | written = 0; |
| 632 | while (written < hget->bodypartsz) { | 627 | while (written < hget->bodypartsz) { |
| 633 | w = write(staplefd, hget->bodypart + written, | 628 | w = write(staplefd, hget->bodypart + written, |