diff options
| author |   deraadt <deraadt@openbsd.org> | 2016-09-13 17:13:37 +0000 |
|---|---|---|
| committer | deraadt <deraadt@openbsd.org> | 2016-09-13 17:13:37 +0000 |
| commit | 55599e8772e67e3aa682ac9ecfa27e9e42d99a90 (patch) | |
| tree | 2f916aa868ff66c0d3dc8ff7f78fec83efc392c2 | |
| parent | spelling; from Frank Schoep (diff) | |
| download | wireguard-openbsd-55599e8772e67e3aa682ac9ecfa27e9e42d99a90.tar.xz wireguard-openbsd-55599e8772e67e3aa682ac9ecfa27e9e42d99a90.zip | |
A small amount more KNF to make this easier on our eyes. Not going further
than this.
ok florian
| -rw-r--r-- | usr.sbin/acme-client/acctproc.c | 16 | ||||
| -rw-r--r-- | usr.sbin/acme-client/certproc.c | 7 | ||||
| -rw-r--r-- | usr.sbin/acme-client/chngproc.c | 7 | ||||
| -rw-r--r-- | usr.sbin/acme-client/dbg.c | 4 | ||||
| -rw-r--r-- | usr.sbin/acme-client/dnsproc.c | 12 | ||||
| -rw-r--r-- | usr.sbin/acme-client/fileproc.c | 17 | ||||
| -rw-r--r-- | usr.sbin/acme-client/http.c | 80 | ||||
| -rw-r--r-- | usr.sbin/acme-client/json.c | 88 | ||||
| -rw-r--r-- | usr.sbin/acme-client/keyproc.c | 21 | ||||
| -rw-r--r-- | usr.sbin/acme-client/main.c | 26 | ||||
| -rw-r--r-- | usr.sbin/acme-client/netproc.c | 36 | ||||
| -rw-r--r-- | usr.sbin/acme-client/revokeproc.c | 40 | ||||
| -rw-r--r-- | usr.sbin/acme-client/util.c | 10 |
13 files changed, 167 insertions, 197 deletions
diff --git a/usr.sbin/acme-client/acctproc.c b/usr.sbin/acme-client/acctproc.c index 31dff740ba9..ccadd8c77a6 100644 --- a/usr.sbin/acme-client/acctproc.c +++ b/usr.sbin/acme-client/acctproc.c @@ -1,4 +1,4 @@ -/* $Id: acctproc.c,v 1.8 2016/09/13 16:49:28 deraadt Exp $ */ +/* $Id: acctproc.c,v 1.9 2016/09/13 17:13:37 deraadt Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -127,13 +127,13 @@ op_thumbprint(int fd, EVP_PKEY *pkey) } else if (NULL == (ctx = EVP_MD_CTX_create())) { warnx("EVP_MD_CTX_create"); goto out; - } else if ( ! EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)) { + } else if (!EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)) { warnx("EVP_SignInit_ex"); goto out; - } else if ( ! EVP_DigestUpdate(ctx, thumb, strlen(thumb))) { + } else if (!EVP_DigestUpdate(ctx, thumb, strlen(thumb))) { warnx("EVP_SignUpdate"); goto out; - } else if ( ! EVP_DigestFinal_ex(ctx, dig, &digsz)) { + } else if (!EVP_DigestFinal_ex(ctx, dig, &digsz)) { warnx("EVP_SignFinal"); goto out; } else if (NULL == (dig64 = base64buf_url((char *)dig, digsz))) { @@ -218,7 +218,7 @@ op_sign(int fd, EVP_PKEY *pkey) switch (EVP_PKEY_type(pkey->type)) { case EVP_PKEY_RSA: - if ( ! op_sign_rsa(&head, &prot, pkey, nonce)) + if (!op_sign_rsa(&head, &prot, pkey, nonce)) goto out; break; default: @@ -255,13 +255,13 @@ op_sign(int fd, EVP_PKEY *pkey) if (NULL == (ctx = EVP_MD_CTX_create())) { warnx("EVP_MD_CTX_create"); goto out; - } else if ( ! EVP_SignInit_ex(ctx, EVP_sha256(), NULL)) { + } else if (!EVP_SignInit_ex(ctx, EVP_sha256(), NULL)) { warnx("EVP_SignInit_ex"); goto out; - } else if ( ! EVP_SignUpdate(ctx, sign, strlen(sign))) { + } else if (!EVP_SignUpdate(ctx, sign, strlen(sign))) { warnx("EVP_SignUpdate"); goto out; - } else if ( ! EVP_SignFinal(ctx, dig, &digsz, pkey)) { + } else if (!EVP_SignFinal(ctx, dig, &digsz, pkey)) { warnx("EVP_SignFinal"); goto out; } else if (NULL == (dig64 = base64buf_url((char *)dig, digsz))) { diff --git a/usr.sbin/acme-client/certproc.c b/usr.sbin/acme-client/certproc.c index b2f33bf00ba..02aa74d455f 100644 --- a/usr.sbin/acme-client/certproc.c +++ b/usr.sbin/acme-client/certproc.c @@ -1,4 +1,4 @@ -/* $Id: certproc.c,v 1.6 2016/09/13 16:49:28 deraadt Exp $ */ +/* $Id: certproc.c,v 1.7 2016/09/13 17:13:37 deraadt Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -47,7 +47,7 @@ x509buf(X509 *x, size_t *sz) if (NULL == (bio = BIO_new(BIO_s_mem()))) { warnx("BIO_new"); return (NULL); - } else if ( ! PEM_write_bio_X509(bio, x)) { + } else if (!PEM_write_bio_X509(bio, x)) { warnx("PEM_write_bio_X509"); BIO_free(bio); return (NULL); @@ -195,8 +195,7 @@ certproc(int netsock, int filesock) if (chainsz <= strlen(MARKER) || strncmp(chain, MARKER, strlen(MARKER))) { chaincp = (u_char *)chain; - chainx = d2i_X509(NULL, - (const u_char **)&chaincp, chainsz); + chainx = d2i_X509(NULL, (const u_char **)&chaincp, chainsz); if (NULL == chainx) { warnx("d2i_X509"); goto out; diff --git a/usr.sbin/acme-client/chngproc.c b/usr.sbin/acme-client/chngproc.c index e9fd0474786..4cb7f330f5a 100644 --- a/usr.sbin/acme-client/chngproc.c +++ b/usr.sbin/acme-client/chngproc.c @@ -1,4 +1,4 @@ -/* $Id: chngproc.c,v 1.6 2016/09/13 16:49:28 deraadt Exp $ */ +/* $Id: chngproc.c,v 1.7 2016/09/13 17:13:37 deraadt Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -107,7 +107,7 @@ chngproc(int netsock, const char *root, int remote) puts("RUN THIS IN THE CHALLENGE DIRECTORY"); puts("YOU HAVE 20 SECONDS..."); printf("doas sh -c \"echo %s > %s\"\n", - fmt, fs[fsz - 1]); + fmt, fs[fsz - 1]); sleep(20); puts("TIME'S UP."); } else { @@ -116,8 +116,7 @@ chngproc(int netsock, const char *root, int remote) * Note: we use file descriptors instead of FILE * because we want to minimise our pledges. */ - fd = open(fs[fsz - 1], - O_WRONLY|O_EXCL|O_CREAT, 0444); + fd = open(fs[fsz - 1], O_WRONLY|O_EXCL|O_CREAT, 0444); if (-1 == fd) { warn("%s", fs[fsz - 1]); goto out; diff --git a/usr.sbin/acme-client/dbg.c b/usr.sbin/acme-client/dbg.c index 2012529124f..787c6e195ed 100644 --- a/usr.sbin/acme-client/dbg.c +++ b/usr.sbin/acme-client/dbg.c @@ -1,4 +1,4 @@ -/* $Id: dbg.c,v 1.3 2016/09/01 00:35:21 florian Exp $ */ +/* $Id: dbg.c,v 1.4 2016/09/13 17:13:37 deraadt Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -39,7 +39,7 @@ dodbg(const char *fmt, ...) { va_list ap; - if ( ! verbose) + if (!verbose) return; va_start(ap, fmt); diff --git a/usr.sbin/acme-client/dnsproc.c b/usr.sbin/acme-client/dnsproc.c index 6f102dce553..22a588e04ed 100644 --- a/usr.sbin/acme-client/dnsproc.c +++ b/usr.sbin/acme-client/dnsproc.c @@ -1,4 +1,4 @@ -/* $Id: dnsproc.c,v 1.5 2016/09/13 16:49:28 deraadt Exp $ */ +/* $Id: dnsproc.c,v 1.6 2016/09/13 17:13:37 deraadt Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -80,8 +80,8 @@ host_dns(const char *s, struct addr *vec) } for (vecsz = 0, res = res0; - NULL != res && vecsz < MAX_SERVERS_DNS; - res = res->ai_next) { + NULL != res && vecsz < MAX_SERVERS_DNS; + res = res->ai_next) { if (res->ai_family != AF_INET && res->ai_family != AF_INET6) continue; @@ -91,13 +91,13 @@ host_dns(const char *s, struct addr *vec) if (AF_INET == res->ai_family) { vec[vecsz].family = 4; inet_ntop(AF_INET, - &(((struct sockaddr_in *)sa)->sin_addr), + &(((struct sockaddr_in *)sa)->sin_addr), vec[vecsz].ip, INET6_ADDRSTRLEN); } else { vec[vecsz].family = 6; inet_ntop(AF_INET6, - &(((struct sockaddr_in6 *)sa)->sin6_addr), - vec[vecsz].ip, INET6_ADDRSTRLEN); + &(((struct sockaddr_in6 *)sa)->sin6_addr), + vec[vecsz].ip, INET6_ADDRSTRLEN); } dodbg("%s: DNS: %s", s, vec[vecsz].ip); diff --git a/usr.sbin/acme-client/fileproc.c b/usr.sbin/acme-client/fileproc.c index 2fc80e4627c..e7dd2273409 100644 --- a/usr.sbin/acme-client/fileproc.c +++ b/usr.sbin/acme-client/fileproc.c @@ -1,4 +1,4 @@ -/* $Id: fileproc.c,v 1.5 2016/09/13 16:49:28 deraadt Exp $ */ +/* $Id: fileproc.c,v 1.6 2016/09/13 17:13:37 deraadt Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -125,8 +125,7 @@ fileproc(int certsock, int backup, const char *certdir) warnx("%s/%s", certdir, CERT_PEM); goto out; } else - dodbg("%s/%s: linked to %s", - certdir, CERT_PEM, file); + dodbg("%s/%s: linked to %s", certdir, CERT_PEM, file); snprintf(file, sizeof(file), "chain-%llu.pem", (unsigned long long)t); @@ -134,8 +133,7 @@ fileproc(int certsock, int backup, const char *certdir) warnx("%s/%s", certdir, CHAIN_PEM); goto out; } else - dodbg("%s/%s: linked to %s", - certdir, CHAIN_PEM, file); + dodbg("%s/%s: linked to %s", certdir, CHAIN_PEM, file); snprintf(file, sizeof(file), "fullchain-%llu.pem", (unsigned long long)t); @@ -143,8 +141,7 @@ fileproc(int certsock, int backup, const char *certdir) warnx("%s/%s", certdir, FCHAIN_PEM); goto out; } else - dodbg("%s/%s: linked to %s", - certdir, FCHAIN_PEM, file); + dodbg("%s/%s: linked to %s", certdir, FCHAIN_PEM, file); } /* @@ -185,7 +182,7 @@ fileproc(int certsock, int backup, const char *certdir) if (NULL == (ch = readbuf(certsock, COMM_CHAIN, &chsz))) goto out; - if ( ! serialise(CHAIN_BAK, CHAIN_PEM, ch, chsz, NULL, 0)) + if (!serialise(CHAIN_BAK, CHAIN_PEM, ch, chsz, NULL, 0)) goto out; dodbg("%s/%s: created", certdir, CHAIN_PEM); @@ -199,7 +196,7 @@ fileproc(int certsock, int backup, const char *certdir) if (NULL == (csr = readbuf(certsock, COMM_CSR, &csz))) goto out; - if ( ! serialise(CERT_BAK, CERT_PEM, csr, csz, NULL, 0)) + if (!serialise(CERT_BAK, CERT_PEM, csr, csz, NULL, 0)) goto out; dodbg("%s/%s: created", certdir, CERT_PEM); @@ -211,7 +208,7 @@ fileproc(int certsock, int backup, const char *certdir) * on-file certificates were changed. */ - if ( ! serialise(FCHAIN_BAK, FCHAIN_PEM, csr, csz, ch, chsz)) + if (!serialise(FCHAIN_BAK, FCHAIN_PEM, csr, csz, ch, chsz)) goto out; dodbg("%s/%s: created", certdir, FCHAIN_PEM); diff --git a/usr.sbin/acme-client/http.c b/usr.sbin/acme-client/http.c index 358a71a18f8..2df273f975a 100644 --- a/usr.sbin/acme-client/http.c +++ b/usr.sbin/acme-client/http.c @@ -1,4 +1,4 @@ -/* $Id: http.c,v 1.7 2016/09/01 00:35:21 florian Exp $ */ +/* $Id: http.c,v 1.8 2016/09/13 17:13:37 deraadt Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -95,9 +95,8 @@ dotlsread(char *buf, size_t sz, const struct http *http) } while (TLS_WANT_POLLIN == rc || TLS_WANT_POLLOUT == rc); if (rc < 0) - warnx("%s: tls_read: %s", - http->src.ip, - tls_error(http->ctx)); + warnx("%s: tls_read: %s", http->src.ip, + tls_error(http->ctx)); return (rc); } @@ -111,9 +110,8 @@ dotlswrite(const void *buf, size_t sz, const struct http *http) } while (TLS_WANT_POLLIN == rc || TLS_WANT_POLLOUT == rc); if (rc < 0) - warnx("%s: tls_write: %s", - http->src.ip, - tls_error(http->ctx)); + warnx("%s: tls_write: %s", http->src.ip, + tls_error(http->ctx)); return (rc); } @@ -164,9 +162,8 @@ http_disconnect(struct http *http) if (NULL != http->ctx) { /* TLS connection. */ if (-1 == tls_close(http->ctx)) - warnx("%s: tls_close: %s", - http->src.ip, - tls_error(http->ctx)); + warnx("%s: tls_close: %s", http->src.ip, + tls_error(http->ctx)); if (NULL != http->ctx) tls_free(http->ctx); #if ! defined(TLS_READ_AGAIN) && ! defined(TLS_WRITE_AGAIN) @@ -200,7 +197,7 @@ http_free(struct http *http) struct http * http_alloc(const struct source *addrs, size_t addrsz, - const char *host, short port, const char *path) + const char *host, short port, const char *path) { struct sockaddr_storage ss; int family, fd, c; @@ -223,14 +220,14 @@ again: ((struct sockaddr_in *)&ss)->sin_family = AF_INET; ((struct sockaddr_in *)&ss)->sin_port = htons(port); c = inet_pton(AF_INET, addrs[cur].ip, - &((struct sockaddr_in *)&ss)->sin_addr); + &((struct sockaddr_in *)&ss)->sin_addr); len = sizeof(struct sockaddr_in); } else if (6 == addrs[cur].family) { family = PF_INET6; ((struct sockaddr_in6 *)&ss)->sin6_family = AF_INET6; ((struct sockaddr_in6 *)&ss)->sin6_port = htons(port); c = inet_pton(AF_INET6, addrs[cur].ip, - &((struct sockaddr_in6 *)&ss)->sin6_addr); + &((struct sockaddr_in6 *)&ss)->sin6_addr); len = sizeof(struct sockaddr_in6); } else { warnx("%s: unknown family", addrs[cur].ip); @@ -271,9 +268,7 @@ again: http->src.ip = strdup(addrs[cur].ip); http->host = strdup(host); http->path = strdup(path); - if (NULL == http->src.ip || - NULL == http->host || - NULL == http->path) { + if (NULL == http->src.ip || NULL == http->host || NULL == http->path) { warn("strdup"); goto err; } @@ -317,11 +312,9 @@ again: goto err; } - if (0 != tls_connect_socket - (http->ctx, http->fd, http->host)) { - warnx("%s: tls_connect_socket: %s, %s", - http->src.ip, http->host, - tls_error(http->ctx)); + if (0 != tls_connect_socket(http->ctx, http->fd, http->host)) { + warnx("%s: tls_connect_socket: %s, %s", http->src.ip, + http->host, tls_error(http->ctx)); goto err; } @@ -340,22 +333,22 @@ http_open(const struct http *http, const void *p, size_t psz) if (NULL == p) { c = asprintf(&req, - "GET %s HTTP/1.0\r\n" - "Host: %s\r\n" - "\r\n", - http->path, http->host); + "GET %s HTTP/1.0\r\n" + "Host: %s\r\n" + "\r\n", + http->path, http->host); } else { c = asprintf(&req, - "POST %s HTTP/1.0\r\n" - "Host: %s\r\n" - "Content-Length: %zu\r\n" - "\r\n", - http->path, http->host, psz); + "POST %s HTTP/1.0\r\n" + "Host: %s\r\n" + "Content-Length: %zu\r\n" + "\r\n", + http->path, http->host, psz); } if (-1 == c) { warn("asprintf"); return (NULL); - } else if ( ! http_write(req, c, http)) { + } else if (!http_write(req, c, http)) { free(req); return (NULL); } else if (NULL != p && ! http_write(p, psz, http)) { @@ -392,8 +385,7 @@ http_close(struct httpxfer *x) * You must not free the returned pointer. */ char * -http_body_read(const struct http *http, - struct httpxfer *trans, size_t *sz) +http_body_read(const struct http *http, struct httpxfer *trans, size_t *sz) { char buf[BUFSIZ]; ssize_t ssz; @@ -453,8 +445,7 @@ http_head_get(const char *v, struct httphead *h, size_t hsz) * This will return -1 on failure, otherwise the code. */ int -http_head_status(const struct http *http, - struct httphead *h, size_t sz) +http_head_status(const struct http *http, struct httphead *h, size_t sz) { int rc; unsigned int code; @@ -470,8 +461,7 @@ http_head_status(const struct http *http, warn("sscanf"); return (-1); } else if (1 != rc) { - warnx("%s: cannot convert status header", - http->src.ip); + warnx("%s: cannot convert status header", http->src.ip); return (-1); } return (code); @@ -490,8 +480,7 @@ http_head_status(const struct http *http, * internally, this returns NULL. */ struct httphead * -http_head_parse(const struct http *http, - struct httpxfer *trans, size_t *sz) +http_head_parse(const struct http *http, struct httpxfer *trans, size_t *sz) { size_t hsz, szp; struct httphead *h; @@ -556,8 +545,7 @@ http_head_parse(const struct http *http, /* Skip bad headers. */ if (NULL == (ccp = strchr(cp, ':'))) { - warnx("%s: header without separator", - http->src.ip); + warnx("%s: header without separator", http->src.ip); continue; } @@ -582,8 +570,7 @@ http_head_parse(const struct http *http, * You must not free the returned pointer. */ char * -http_head_read(const struct http *http, - struct httpxfer *trans, size_t *sz) +http_head_read(const struct http *http, struct httpxfer *trans, size_t *sz) { char buf[BUFSIZ]; ssize_t ssz; @@ -679,9 +666,8 @@ http_get_free(struct httpget *g) } struct httpget * -http_get(const struct source *addrs, size_t addrsz, - const char *domain, short port, const char *path, - const void *post, size_t postsz) +http_get(const struct source *addrs, size_t addrsz, const char *domain, + short port, const char *path, const void *post, size_t postsz) { struct http *h; struct httpxfer *x; @@ -765,7 +751,7 @@ main(void) g = http_get(addrs, addrsz, "localhost", 80, "/index.html"); #else g = http_get(addrs, addrsz, "www.google.ch", 80, "/index.html", - NULL, 0); + NULL, 0); #endif if (NULL == g) diff --git a/usr.sbin/acme-client/json.c b/usr.sbin/acme-client/json.c index 1cf68a6e84a..a26f9097c72 100644 --- a/usr.sbin/acme-client/json.c +++ b/usr.sbin/acme-client/json.c @@ -1,4 +1,4 @@ -/* $Id: json.c,v 1.4 2016/09/13 16:04:51 deraadt Exp $ */ +/* $Id: json.c,v 1.5 2016/09/13 17:13:37 deraadt Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -69,7 +69,7 @@ struct parse { */ static ssize_t build(struct parse *parse, struct jsmnn **np, - jsmntok_t *t, const char *js, size_t sz) + jsmntok_t *t, const char *js, size_t sz) { size_t i, j; struct jsmnn *n; @@ -350,8 +350,7 @@ json_parse_challenge(struct jsmnn *n, struct chng *p) continue; p->uri = json_getstr(obj, "uri"); p->token = json_getstr(obj, "token"); - return (NULL != p->uri && - NULL != p->token); + return (NULL != p->uri && NULL != p->token); } return (0); @@ -373,10 +372,8 @@ json_parse_capaths(struct jsmnn *n, struct capaths *p) p->newreg = json_getstr(n, "new-reg"); p->revokecert = json_getstr(n, "revoke-cert"); - return (NULL != p->newauthz && - NULL != p->newcert && - NULL != p->newreg && - NULL != p->revokecert); + return (NULL != p->newauthz && NULL != p->newcert && + NULL != p->newreg && NULL != p->revokecert); } /* @@ -447,9 +444,10 @@ json_fmt_newreg(const char *license) char *p; c = asprintf(&p, "{" - "\"resource\": \"new-reg\", " - "\"agreement\": \"%s\"" - "}", license); + "\"resource\": \"new-reg\", " + "\"agreement\": \"%s\"" + "}", + license); if (-1 == c) { warn("asprintf"); p = NULL; @@ -467,10 +465,11 @@ json_fmt_newauthz(const char *domain) char *p; c = asprintf(&p, "{" - "\"resource\": \"new-authz\", " - "\"identifier\": " - "{\"type\": \"dns\", \"value\": \"%s\"}" - "}", domain); + "\"resource\": \"new-authz\", " + "\"identifier\": " + "{\"type\": \"dns\", \"value\": \"%s\"}" + "}", + domain); if (-1 == c) { warn("asprintf"); p = NULL; @@ -488,9 +487,10 @@ json_fmt_challenge(const char *token, const char *thumb) char *p; c = asprintf(&p, "{" - "\"resource\": \"challenge\", " - "\"keyAuthorization\": \"%s.%s\"" - "}", token, thumb); + "\"resource\": \"challenge\", " + "\"keyAuthorization\": \"%s.%s\"" + "}", + token, thumb); if (-1 == c) { warn("asprintf"); p = NULL; @@ -508,9 +508,10 @@ json_fmt_revokecert(const char *cert) char *p; c = asprintf(&p, "{" - "\"resource\": \"revoke-cert\", " - "\"certificate\": \"%s\"" - "}", cert); + "\"resource\": \"revoke-cert\", " + "\"certificate\": \"%s\"" + "}", + cert); if (-1 == c) { warn("asprintf"); p = NULL; @@ -528,9 +529,10 @@ json_fmt_newcert(const char *cert) char *p; c = asprintf(&p, "{" - "\"resource\": \"new-cert\", " - "\"csr\": \"%s\"" - "}", cert); + "\"resource\": \"new-cert\", " + "\"csr\": \"%s\"" + "}", + cert); if (-1 == c) { warn("asprintf"); p = NULL; @@ -548,10 +550,11 @@ json_fmt_header_rsa(const char *exp, const char *mod) char *p; c = asprintf(&p, "{" - "\"alg\": \"RS256\", " - "\"jwk\": " - "{\"e\": \"%s\", \"kty\": \"RSA\", \"n\": \"%s\"}" - "}", exp, mod); + "\"alg\": \"RS256\", " + "\"jwk\": " + "{\"e\": \"%s\", \"kty\": \"RSA\", \"n\": \"%s\"}" + "}", + exp, mod); if (-1 == c) { warn("asprintf"); p = NULL; @@ -569,11 +572,12 @@ json_fmt_protected_rsa(const char *exp, const char *mod, const char *nce) char *p; c = asprintf(&p, "{" - "\"alg\": \"RS256\", " - "\"jwk\": " - "{\"e\": \"%s\", \"kty\": \"RSA\", \"n\": \"%s\"}, " - "\"nonce\": \"%s\"" - "}", exp, mod, nce); + "\"alg\": \"RS256\", " + "\"jwk\": " + "{\"e\": \"%s\", \"kty\": \"RSA\", \"n\": \"%s\"}, " + "\"nonce\": \"%s\"" + "}", + exp, mod, nce); if (-1 == c) { warn("asprintf"); p = NULL; @@ -586,17 +590,18 @@ json_fmt_protected_rsa(const char *exp, const char *mod, const char *nce) */ char * json_fmt_signed(const char *header, const char *protected, - const char *payload, const char *digest) + const char *payload, const char *digest) { int c; char *p; c = asprintf(&p, "{" - "\"header\": %s, " - "\"protected\": \"%s\", " - "\"payload\": \"%s\", " - "\"signature\": \"%s\"" - "}", header, protected, payload, digest); + "\"header\": %s, " + "\"protected\": \"%s\", " + "\"payload\": \"%s\", " + "\"signature\": \"%s\"" + "}", + header, protected, payload, digest); if (-1 == c) { warn("asprintf"); p = NULL; @@ -618,9 +623,8 @@ json_fmt_thumb_rsa(const char *exp, const char *mod) /*NOTE: WHITESPACE IS IMPORTANT. */ - c = asprintf(&p, - "{\"e\":\"%s\",\"kty\":\"RSA\",\"n\":\"%s\"}", - exp, mod); + c = asprintf(&p, "{\"e\":\"%s\",\"kty\":\"RSA\",\"n\":\"%s\"}", + exp, mod); if (-1 == c) { warn("asprintf"); p = NULL; diff --git a/usr.sbin/acme-client/keyproc.c b/usr.sbin/acme-client/keyproc.c index 19debdbb2b3..232670e933b 100644 --- a/usr.sbin/acme-client/keyproc.c +++ b/usr.sbin/acme-client/keyproc.c @@ -1,4 +1,4 @@ -/* $Id: keyproc.c,v 1.6 2016/09/13 16:49:28 deraadt Exp $ */ +/* $Id: keyproc.c,v 1.7 2016/09/13 17:13:37 deraadt Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -75,7 +75,7 @@ add_ext(STACK_OF(X509_EXTENSION) *sk, int nid, const char *value) */ int keyproc(int netsock, const char *keyfile, - const char **alts, size_t altsz, int newkey) + const char **alts, size_t altsz, int newkey) { char *der64 = NULL, *der = NULL, *dercp; char *sans = NULL, *san = NULL; @@ -134,7 +134,7 @@ keyproc(int netsock, const char *keyfile, if (NULL == (x = X509_REQ_new())) { warnx("X509_new"); goto out; - } else if ( ! X509_REQ_set_pubkey(x, pkey)) { + } else if (!X509_REQ_set_pubkey(x, pkey)) { warnx("X509_set_pubkey"); goto out; } @@ -144,11 +144,11 @@ keyproc(int netsock, const char *keyfile, if (NULL == (name = X509_NAME_new())) { warnx("X509_NAME_new"); goto out; - } else if ( ! X509_NAME_add_entry_by_txt(name, "CN", + } else if (!X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (u_char *)alts[0], -1, -1, 0)) { warnx("X509_NAME_add_entry_by_txt: CN=%s", alts[0]); goto out; - } else if ( ! X509_REQ_set_subject_name(x, name)) { + } else if (!X509_REQ_set_subject_name(x, name)) { warnx("X509_req_set_issuer_name"); goto out; } @@ -182,7 +182,7 @@ keyproc(int netsock, const char *keyfile, for (i = 1; i < altsz; i++) { cc = asprintf(&san, "%sDNS:%s", - i > 1 ? "," : "", alts[i]); + i > 1 ? "," : "", alts[i]); if (-1 == cc) { warn("asprintf"); goto out; @@ -199,20 +199,19 @@ keyproc(int netsock, const char *keyfile, san = NULL; } - if ( ! add_ext(exts, nid, sans)) { + if (!add_ext(exts, nid, sans)) { warnx("add_ext"); goto out; - } else if ( ! X509_REQ_add_extensions(x, exts)) { + } else if (!X509_REQ_add_extensions(x, exts)) { warnx("X509_REQ_add_extensions"); goto out; } - sk_X509_EXTENSION_pop_free - (exts, X509_EXTENSION_free); + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); } /* Sign the X509 request using SHA256. */ - if ( ! X509_REQ_sign(x, pkey, EVP_sha256())) { + if (!X509_REQ_sign(x, pkey, EVP_sha256())) { warnx("X509_sign"); goto out; } diff --git a/usr.sbin/acme-client/main.c b/usr.sbin/acme-client/main.c index 5231230b468..42cfc84114f 100644 --- a/usr.sbin/acme-client/main.c +++ b/usr.sbin/acme-client/main.c @@ -1,4 +1,4 @@ -/* $Id: main.c,v 1.12 2016/09/13 16:49:28 deraadt Exp $ */ +/* $Id: main.c,v 1.13 2016/09/13 17:13:37 deraadt Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -53,7 +53,7 @@ static int domain_valid(const char *cp) { - for ( ; '\0' != *cp; cp++) + for (; '\0' != *cp; cp++) if (!('.' == *cp || '-' == *cp || '_' == *cp || isalnum((int)*cp))) return (0); @@ -183,7 +183,7 @@ main(int argc, char *argv[]) argc--; argv++; - if ( getuid() != 0) + if (getuid() != 0) errx(EXIT_FAILURE, "must be run as root"); /* @@ -228,12 +228,11 @@ main(int argc, char *argv[]) ne++; } - if ( ! newkey && -1 == access(keyfile, R_OK)) { + if (!newkey && -1 == access(keyfile, R_OK)) { warnx("%s: -k file must exist", keyfile); ne++; } else if (newkey && -1 != access(keyfile, R_OK)) { - dodbg("%s: domain key exists " - "(not creating)", keyfile); + dodbg("%s: domain key exists (not creating)", keyfile); newkey = 0; } @@ -242,12 +241,11 @@ main(int argc, char *argv[]) ne++; } - if ( ! newacct && -1 == access(acctkey, R_OK)) { + if (!newacct && -1 == access(acctkey, R_OK)) { warnx("%s: -f file must exist", acctkey); ne++; } else if (newacct && -1 != access(acctkey, R_OK)) { - dodbg("%s: account key exists " - "(not creating)", acctkey); + dodbg("%s: account key exists (not creating)", acctkey); newacct = 0; } @@ -330,7 +328,7 @@ main(int argc, char *argv[]) close(file_fds[0]); close(file_fds[1]); c = keyproc(key_fds[0], keyfile, - (const char **)alts, altsz, newkey); + (const char **)alts, altsz, newkey); free(alts); exit(c ? EXIT_SUCCESS : EXIT_FAILURE); } @@ -409,8 +407,7 @@ main(int argc, char *argv[]) * This is different from the other processes in that it * can return 2 if the certificates were updated. */ - exit(c > 1 ? 2 : - (c ? EXIT_SUCCESS : EXIT_FAILURE)); + exit(c > 1 ? 2 : (c ? EXIT_SUCCESS : EXIT_FAILURE)); } close(file_fds[1]); @@ -437,9 +434,8 @@ main(int argc, char *argv[]) if (0 == pids[COMP_REVOKE]) { proccomp = COMP_REVOKE; - c = revokeproc(rvk_fds[0], certdir, - force, revocate, - (const char *const *)alts, altsz); + c = revokeproc(rvk_fds[0], certdir, force, revocate, + (const char *const *)alts, altsz); free(alts); exit(c ? EXIT_SUCCESS : EXIT_FAILURE); } diff --git a/usr.sbin/acme-client/netproc.c b/usr.sbin/acme-client/netproc.c index 793fcf8ed4e..dc27456d244 100644 --- a/usr.sbin/acme-client/netproc.c +++ b/usr.sbin/acme-client/netproc.c @@ -1,4 +1,4 @@ -/* $Id: netproc.c,v 1.7 2016/09/13 16:49:28 deraadt Exp $ */ +/* $Id: netproc.c,v 1.8 2016/09/13 17:13:37 deraadt Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -76,7 +76,7 @@ buf_dump(const struct buf *buf) i--; } else nbuf[j++] = isprint((int)buf->buf[i]) ? - buf->buf[i] : '?'; + buf->buf[i] : '?'; dodbg("transfer buffer: [%.*s] (%zu bytes)", j, nbuf, buf->sz); free(nbuf); } @@ -294,8 +294,7 @@ sreq(struct conn *c, const char *addr, const char *req) return (-1); } - g = http_get(src, (size_t)ssz, host, - port, path, reqsn, strlen(reqsn)); + g = http_get(src, (size_t)ssz, host, port, path, reqsn, strlen(reqsn)); free(host); free(path); @@ -325,8 +324,7 @@ sreq(struct conn *c, const char *addr, const char *req) * Returns non-zero on success. */ static int -donewreg(struct conn *c, const char *agreement, - const struct capaths *p) +donewreg(struct conn *c, const char *agreement, const struct capaths *p) { int rc = 0; char *req; @@ -357,8 +355,8 @@ donewreg(struct conn *c, const char *agreement, * On non-zero exit, fills in "chng" with the challenge. */ static int -dochngreq(struct conn *c, const char *alt, - struct chng *chng, const struct capaths *p) +dochngreq(struct conn *c, const char *alt, struct chng *chng, + const struct capaths *p) { int rc = 0; char *req; @@ -375,7 +373,7 @@ dochngreq(struct conn *c, const char *alt, warnx("%s: bad HTTP: %ld", p->newauthz, lc); else if (NULL == (j = json_parse(c->buf.buf, c->buf.sz))) warnx("%s: bad JSON object", p->newauthz); - else if ( ! json_parse_challenge(j, chng)) + else if (!json_parse_challenge(j, chng)) warnx("%s: bad challenge", p->newauthz); else rc = 1; @@ -526,7 +524,7 @@ dodirs(struct conn *c, const char *addr, struct capaths *paths) warnx("%s: bad HTTP: %ld", addr, lc); else if (NULL == (j = json_parse(c->buf.buf, c->buf.sz))) warnx("json_parse"); - else if ( ! json_parse_capaths(j, paths)) + else if (!json_parse_capaths(j, paths)) warnx("%s: bad CA paths", addr); else rc = 1; @@ -567,8 +565,8 @@ dofullchain(struct conn *c, const char *addr) */ int netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd, - int newacct, int revocate, int authority, - const char *const *alts, size_t altsz, const char *agreement) + int newacct, int revocate, int authority, const char *const *alts, + size_t altsz, const char *agreement) { int rc = 0; size_t i; @@ -642,7 +640,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd, * We'll use this ourselves instead of having libcurl do the DNS * resolution itself. */ - if ( ! dodirs(&c, c.na, &paths)) + if (!dodirs(&c, c.na, &paths)) goto out; /* @@ -655,7 +653,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd, if (revocate) { if (NULL == (cert = readstr(rfd, COMM_CSR))) goto out; - if ( ! dorevoke(&c, paths.revokecert, cert)) + if (!dorevoke(&c, paths.revokecert, cert)) goto out; else if (writeop(cfd, COMM_CSR_OP, CERT_REVOKE) > 0) rc = 1; @@ -670,7 +668,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd, /* Pre-authorise all domains with CA server. */ for (i = 0; i < altsz; i++) - if ( ! dochngreq(&c, alts[i], &chngs[i], &paths)) + if (!dochngreq(&c, alts[i], &chngs[i], &paths)) goto out; /* @@ -702,7 +700,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd, /* Write to the CA that it's ready. */ - if ( ! dochngresp(&c, &chngs[i], thumb)) + if (!dochngresp(&c, &chngs[i], thumb)) goto out; } @@ -723,7 +721,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd, /* Sleep before every attempt. */ sleep(RETRY_DELAY); - if ( ! dochngcheck(&c, &chngs[i])) + if (!dochngcheck(&c, &chngs[i])) goto out; } @@ -745,7 +743,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd, * copy, and ship that into the certificate process for copying. */ - if ( ! docert(&c, paths.newcert, cert)) + if (!docert(&c, paths.newcert, cert)) goto out; else if (writeop(cfd, COMM_CSR_OP, CERT_UPDATE) <= 0) goto out; @@ -760,7 +758,7 @@ netproc(int kfd, int afd, int Cfd, int cfd, int dfd, int rfd, if (NULL == (url = readstr(cfd, COMM_ISSUER))) goto out; - else if ( ! dofullchain(&c, url)) + else if (!dofullchain(&c, url)) goto out; else if (writebuf(cfd, COMM_CHAIN, c.buf.buf, c.buf.sz) <= 0) goto out; diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c index d9e7e0c7ec4..f137cba6bf3 100644 --- a/usr.sbin/acme-client/revokeproc.c +++ b/usr.sbin/acme-client/revokeproc.c @@ -1,4 +1,4 @@ -/* $Id: revokeproc.c,v 1.7 2016/09/13 16:49:28 deraadt Exp $ */ +/* $Id: revokeproc.c,v 1.8 2016/09/13 17:13:37 deraadt Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -59,9 +59,7 @@ X509expires(X509 *x) warnx("invalid ASN1_TIME"); return ((time_t)-1); } - t.tm_year = - (str[0] - '0') * 10 + - (str[1] - '0'); + t.tm_year = (str[0] - '0') * 10 + (str[1] - '0'); if (t.tm_year < 70) t.tm_year += 100; i = 2; @@ -70,11 +68,8 @@ X509expires(X509 *x) warnx("invalid ASN1_TIME"); return ((time_t)-1); } - t.tm_year = - (str[0] - '0') * 1000 + - (str[1] - '0') * 100 + - (str[2] - '0') * 10 + - (str[3] - '0'); + t.tm_year = (str[0] - '0') * 1000 + (str[1] - '0') * 100 + + (str[2] - '0') * 10 + (str[3] - '0'); t.tm_year -= 1900; i = 4; } @@ -97,7 +92,7 @@ X509expires(X509 *x) int revokeproc(int fd, const char *certdir, int force, int revocate, - const char *const *alts, size_t altsz) + const char *const *alts, size_t altsz) { char *path = NULL, *der = NULL, *dercp, *der64 = NULL; char *san = NULL, *str, *tok; @@ -145,8 +140,7 @@ revokeproc(int fd, const char *certdir, int force, int revocate, */ if (NULL == f && revocate) { - warnx("%s/%s: no certificate found", - certdir, CERT_PEM); + warnx("%s/%s: no certificate found", certdir, CERT_PEM); (void)writeop(fd, COMM_REVOKE_RESP, REVOKE_OK); goto out; } else if (NULL == f && ! revocate) { @@ -179,8 +173,7 @@ revokeproc(int fd, const char *certdir, int force, int revocate, /* Scan til we find the SAN NID. */ for (i = 0; i < extsz; i++) { - ex = sk_X509_EXTENSION_value - (x->cert_info->extensions, i); + ex = sk_X509_EXTENSION_value(x->cert_info->extensions, i); assert(NULL != ex); obj = X509_EXTENSION_get_object(ex); assert(NULL != obj); @@ -188,8 +181,7 @@ revokeproc(int fd, const char *certdir, int force, int revocate, continue; if (NULL != san) { - warnx("%s/%s: two SAN entries", - certdir, CERT_PEM); + warnx("%s/%s: two SAN entries", certdir, CERT_PEM); goto out; } @@ -197,7 +189,7 @@ revokeproc(int fd, const char *certdir, int force, int revocate, if (NULL == bio) { warnx("BIO_new"); goto out; - } else if ( ! X509V3_EXT_print(bio, ex, 0, 0)) { + } else if (!X509V3_EXT_print(bio, ex, 0, 0)) { warnx("X509V3_EXT_print"); goto out; } else if (NULL == (san = calloc(1, bio->num_write + 1))) { @@ -242,12 +234,12 @@ revokeproc(int fd, const char *certdir, int force, int revocate, break; if (j == altsz) { warnx("%s/%s: unknown SAN entry: %s", - certdir, CERT_PEM, tok); + certdir, CERT_PEM, tok); goto out; } if (found[j]++) { warnx("%s/%s: duplicate SAN entry: %s", - certdir, CERT_PEM, tok); + certdir, CERT_PEM, tok); goto out; } } @@ -256,7 +248,7 @@ revokeproc(int fd, const char *certdir, int force, int revocate, if (found[j]) continue; warnx("%s/%s: domain not listed: %s", - certdir, CERT_PEM, alts[j]); + certdir, CERT_PEM, alts[j]); goto out; } @@ -302,12 +294,12 @@ revokeproc(int fd, const char *certdir, int force, int revocate, if (REVOKE_EXP == rop) dodbg("%s/%s: certificate renewable: %lld days left", - certdir, CERT_PEM, - (long long)(t - time(NULL)) / 24 / 60 / 60); + certdir, CERT_PEM, + (long long)(t - time(NULL)) / 24 / 60 / 60); else dodbg("%s/%s: certificate valid: %lld days left", - certdir, CERT_PEM, - (long long)(t - time(NULL)) / 24 / 60 / 60); + certdir, CERT_PEM, + (long long)(t - time(NULL)) / 24 / 60 / 60); if (REVOKE_OK == rop && force) { warnx("%s/%s: forcing renewal", certdir, CERT_PEM); diff --git a/usr.sbin/acme-client/util.c b/usr.sbin/acme-client/util.c index 43834d61385..608740d1277 100644 --- a/usr.sbin/acme-client/util.c +++ b/usr.sbin/acme-client/util.c @@ -1,4 +1,4 @@ -/* $Id: util.c,v 1.4 2016/09/13 16:49:28 deraadt Exp $ */ +/* $Id: util.c,v 1.5 2016/09/13 17:13:37 deraadt Exp $ */ /* * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> * @@ -255,11 +255,11 @@ checkexit(pid_t pid, enum comp comp) if (-1 == waitpid(pid, &c, 0)) { warn("waitpid"); return (0); - } else if ( ! WIFEXITED(c) && WIFSIGNALED(c)) { + } else if (!WIFEXITED(c) && WIFSIGNALED(c)) { cp = strsignal(WTERMSIG(c)); warnx("signal: %s(%u): %s", comps[comp], pid, cp); return (0); - } else if ( ! WIFEXITED(c)) { + } else if (!WIFEXITED(c)) { warnx("did not exit: %s(%u)", comps[comp], pid); return (0); } else if (EXIT_SUCCESS != WEXITSTATUS(c)) { @@ -290,11 +290,11 @@ checkexit_ext(int *rc, pid_t pid, enum comp comp) return (0); } - if ( ! WIFEXITED(c) && WIFSIGNALED(c)) { + if (!WIFEXITED(c) && WIFSIGNALED(c)) { cp = strsignal(WTERMSIG(c)); warnx("signal: %s(%u): %s", comps[comp], pid, cp); return (0); - } else if ( ! WIFEXITED(c)) { + } else if (!WIFEXITED(c)) { warnx("did not exit: %s(%u)", comps[comp], pid); return (0); } |