added 'const' to function prototype vars where possible

Added the 'const' qualifier to function prototype variables where possible.
In addition, reduced some functions to file-scope with 'static' where possible.

Also made a few minor changes to remove extra whitespace, and fixed a bug
in create_fwknoprc() to ensure the new fwknoprc filehandle is closed.

diff --git a/client/config_init.c b/client/config_init.c
index dd48992..f823160 100644 (file)
--- a/client/config_init.c
+++ b/client/config_init.c
@@ -36,7 +36,7 @@
 /* Convert a digest_type string to its intger value.
 */
 static int
-digest_strtoint(char *dt_str)
+digest_strtoint(const char *dt_str)
 {
     if(strcasecmp(dt_str, "md5") == 0)
         return(FKO_DIGEST_MD5);
@@ -55,26 +55,26 @@ digest_strtoint(char *dt_str)
 /* Convert a protocol string to its intger value.
 */
 static int
-proto_strtoint(char *pr_str)
+proto_strtoint(const char *pr_str)
 {
-    if (strcasecmp(optarg, "udp") == 0)
+    if (strcasecmp(pr_str, "udp") == 0)
         return(FKO_PROTO_UDP);
-    else if (strcasecmp(optarg, "tcpraw") == 0)
+    else if (strcasecmp(pr_str, "tcpraw") == 0)
         return(FKO_PROTO_TCP_RAW);
-    else if (strcasecmp(optarg, "tcp") == 0)
+    else if (strcasecmp(pr_str, "tcp") == 0)
         return(FKO_PROTO_TCP);
-    else if (strcasecmp(optarg, "icmp") == 0)
+    else if (strcasecmp(pr_str, "icmp") == 0)
         return(FKO_PROTO_ICMP);
-    else if (strcasecmp(optarg, "http") == 0)
+    else if (strcasecmp(pr_str, "http") == 0)
         return(FKO_PROTO_HTTP);
-    else 
+    else
         return(-1);
 }
 
 /* Parse any time offset from the command line
 */
 static int
-parse_time_offset(char *offset_str)
+parse_time_offset(const char *offset_str)
 {
     int i, j;
     int offset      = 0;
@@ -122,7 +122,7 @@ parse_time_offset(char *offset_str)
 }
 
 static int
-create_fwknoprc(char *rcfile)
+create_fwknoprc(const char *rcfile)
 {
     FILE    *rc;
 
@@ -208,11 +208,13 @@ create_fwknoprc(char *rcfile)
         "###EOF###\n"
     );
 
+    fclose(rc);
+
     return(0);
 }
 
 static int
-parse_rc_param(fko_cli_options_t *options, char *var, char * val)
+parse_rc_param(fko_cli_options_t *options, const char *var, char * val)
 {
     int     tmpint;
 

diff --git a/client/fwknop.c b/client/fwknop.c
index 2befb0f..4f1bbd0 100644 (file)
--- a/client/fwknop.c
+++ b/client/fwknop.c
@@ -36,16 +36,16 @@
 
 /* prototypes
 */
-char* get_user_pw(fko_cli_options_t *options, int crypt_op);
+static char * get_user_pw(fko_cli_options_t *options, const int crypt_op);
 static void display_ctx(fko_ctx_t ctx);
-void errmsg(char *msg, int err);
+static void errmsg(const char *msg, const int err);
 static void show_last_command(void);
 static void save_args(int argc, char **argv);
 static void run_last_args(fko_cli_options_t *options);
 static int set_message_type(fko_ctx_t ctx, fko_cli_options_t *options);
 static int set_nat_access(fko_ctx_t ctx, fko_cli_options_t *options);
 static int get_rand_port(fko_ctx_t ctx);
-static void dump_transmit_options(fko_cli_options_t *options);
+static void dump_transmit_options(const fko_cli_options_t *options);
 
 int resolve_ip_http(fko_cli_options_t *options);
 
@@ -371,7 +371,7 @@ main(int argc, char **argv)
 }
 
 static void
-print_proto(int proto)
+print_proto(const int proto)
 {
     switch (proto) {
         case FKO_PROTO_UDP:
@@ -426,7 +426,7 @@ get_rand_port(fko_ctx_t ctx)
 }
 
 static void
-dump_transmit_options(fko_cli_options_t *options)
+dump_transmit_options(const fko_cli_options_t *options)
 {
     printf("Generating SPA packet:\n    protocol: ");
     print_proto(options->spa_proto),
@@ -450,12 +450,12 @@ ipv4_str_has_port(char *str)
     /* Check format and values.
     */
     if((sscanf(str, "%u.%u.%u.%u,%u", &o1, &o2, &o3, &o4, &p)) == 5
-               && o1 >= 0 && o1 <= 255
-               && o2 >= 0 && o2 <= 255
-               && o3 >= 0 && o3 <= 255
-               && o4 >= 0 && o4 <= 255
+        && o1 >= 0 && o1 <= 255
+        && o2 >= 0 && o2 <= 255
+        && o3 >= 0 && o3 <= 255
+        && o4 >= 0 && o4 <= 255
         && p  >  0 && p  <  65536)
-       {
+    {
         return 1;
     }
 
@@ -702,8 +702,8 @@ set_message_type(fko_ctx_t ctx, fko_cli_options_t *options)
 
 /* Prompt for and receive a user password.
 */
-char*
-get_user_pw(fko_cli_options_t *options, int crypt_op)
+static char*
+get_user_pw(fko_cli_options_t *options, const int crypt_op)
 {
     char        *pw_ptr = NULL;
     static char *no_pw  = "";
@@ -755,7 +755,7 @@ get_user_pw(fko_cli_options_t *options, int crypt_op)
 /* Display an FKO error message.
 */
 void
-errmsg(char *msg, int err) {
+errmsg(const char *msg, const int err) {
     fprintf(stderr, "%s: %s: Error %i - %s\n",
         MY_NAME, msg, err, fko_errstr(err));
 }

diff --git a/client/getpasswd.c b/client/getpasswd.c
index 0d9e0e5..e1cec86 100644 (file)
--- a/client/getpasswd.c
+++ b/client/getpasswd.c
@@ -48,12 +48,12 @@ char*
 getpasswd(const char *prompt)
 {
     static char     pwbuf[MAX_PASS_LEN + 1] = {0};
-    char           *ptr;    
+    char           *ptr;
     int             c;
 
 #ifndef WIN32
     FILE           *fp;
-       sigset_t        sig, old_sig;
+    sigset_t        sig, old_sig;
     struct termios  ts, old_ts;
 
     if((fp = fopen(ctermid(NULL), "r+")) == NULL)

diff --git a/client/spa_comm.c b/client/spa_comm.c
index f446494..0eea300 100644 (file)
--- a/client/spa_comm.c
+++ b/client/spa_comm.c
@@ -79,8 +79,9 @@ static int is_ip(char *str)
 
 /* Send the SPA data via UDP packet.
 */
-int
-send_spa_packet_tcp_or_udp(char *spa_data, int sd_len, fko_cli_options_t *options)
+static int
+send_spa_packet_tcp_or_udp(const char *spa_data, const int sd_len,
+    const fko_cli_options_t *options)
 {
     int     sock, res=0, error;
     struct  addrinfo *result, *rp, hints;
@@ -171,9 +172,10 @@ send_spa_packet_tcp_or_udp(char *spa_data, int sd_len, fko_cli_options_t *option
 
 /* Send the SPA data via raw TCP packet.
 */
-int
-send_spa_packet_tcp_raw(char *spa_data, int sd_len, struct sockaddr_in *saddr,
-    struct sockaddr_in *daddr, fko_cli_options_t *options)
+static int
+send_spa_packet_tcp_raw(const char *spa_data, const int sd_len,
+    const struct sockaddr_in *saddr, const struct sockaddr_in *daddr,
+    const fko_cli_options_t *options)
 {
 #ifdef WIN32
     fprintf(stderr,
@@ -283,9 +285,10 @@ send_spa_packet_tcp_raw(char *spa_data, int sd_len, struct sockaddr_in *saddr,
 
 /* Send the SPA data via ICMP packet.
 */
-int
-send_spa_packet_icmp(char *spa_data, int sd_len, struct sockaddr_in *saddr,
-    struct sockaddr_in *daddr, fko_cli_options_t *options)
+static int
+send_spa_packet_icmp(const char *spa_data, const int sd_len,
+    const struct sockaddr_in *saddr, const struct sockaddr_in *daddr,
+    const fko_cli_options_t *options)
 {
 #ifdef WIN32
     fprintf(stderr, "send_spa_packet_icmp: raw packets are not yet supported.\n");
@@ -379,8 +382,9 @@ send_spa_packet_icmp(char *spa_data, int sd_len, struct sockaddr_in *saddr,
 
 /* Send the SPA data packet via an HTTP request
 */
-int
-send_spa_packet_http(char *spa_data, int sd_len, fko_cli_options_t *options)
+static int
+send_spa_packet_http(const char *spa_data, const int sd_len,
+    fko_cli_options_t *options)
 {
     char http_buf[HTTP_MAX_REQUEST_LEN], *spa_data_copy = NULL;
     char *ndx = options->http_proxy;
@@ -575,7 +579,7 @@ send_spa_packet(fko_ctx_t ctx, fko_cli_options_t *options)
 
 /* Function to write SPA packet data to the filesystem
 */
-int write_spa_packet_data(fko_ctx_t ctx, fko_cli_options_t *options)
+int write_spa_packet_data(fko_ctx_t ctx, const fko_cli_options_t *options)
 {
     FILE   *fp;
     char   *spa_data;

diff --git a/client/spa_comm.h b/client/spa_comm.h
index 0ad7235..142ed8a 100644 (file)
--- a/client/spa_comm.h
+++ b/client/spa_comm.h
@@ -37,6 +37,6 @@
 /* Function Prototypes
 */
 int send_spa_packet(fko_ctx_t ctx, fko_cli_options_t *options);
-int write_spa_packet_data(fko_ctx_t ctx, fko_cli_options_t *options);
+int write_spa_packet_data(fko_ctx_t ctx, const fko_cli_options_t *options);
 
 #endif  /* SPA_COMM_H */

diff --git a/client/utils.c b/client/utils.c
index 655fd6f..5a60528 100644 (file)
--- a/client/utils.c
+++ b/client/utils.c
@@ -35,7 +35,7 @@
 /* Generic hex dump function.
 */
 void
-hex_dump(unsigned char *data, int size)
+hex_dump(const unsigned char *data, const int size)
 {
     int ln, i, j = 0;
     char ascii_str[17] = {0};

diff --git a/client/utils.h b/client/utils.h
index 637dcf7..df618ae 100644 (file)
--- a/client/utils.h
+++ b/client/utils.h
@@ -34,7 +34,7 @@
 
 /* Prototypes
 */
-void hex_dump(unsigned char *data, int size);
+void hex_dump(const unsigned char *data, const int size);
 size_t strlcat(char *dst, const char *src, size_t siz);
 size_t strlcpy(char *dst, const char *src, size_t siz);
 

diff --git a/lib/base64.c b/lib/base64.c
index 59ec31a..824a519 100644 (file)
--- a/lib/base64.c
+++ b/lib/base64.c
@@ -47,7 +47,7 @@ static unsigned char map2[] =
 };
 
 int
-b64_decode(char *in, unsigned char *out, int out_len)
+b64_decode(const char *in, unsigned char *out)
 {
     int i, v;
     unsigned char *dst = out;

diff --git a/lib/base64.h b/lib/base64.h
index 420c4fc..85ab1f6 100644 (file)
--- a/lib/base64.h
+++ b/lib/base64.h
@@ -36,7 +36,7 @@
 /* Prototypes
 */
 int b64_encode(unsigned char *in, char *out, int in_len);
-int b64_decode(char *in, unsigned char *out, int out_len);
+int b64_decode(const char *in, unsigned char *out);
 void strip_b64_eq(char *data);
 
 #endif /* BASE64_H */

diff --git a/lib/cipher_funcs.c b/lib/cipher_funcs.c
index 48b9a03..c0d573f 100644 (file)
--- a/lib/cipher_funcs.c
+++ b/lib/cipher_funcs.c
@@ -50,10 +50,10 @@
 
 /* Get random data.
 */
-void
-get_random_data(unsigned char *data, size_t len)
+static void
+get_random_data(unsigned char *data, const size_t len)
 {
-       uint32_t                i;
+    uint32_t    i;
 #ifdef WIN32
        int                             rnum;
        struct _timeb   tb;
@@ -114,8 +114,8 @@ get_random_data(unsigned char *data, size_t len)
  * (iv).  This is is done to be compatible with the data produced via
  * the Perl Crypt::CBC module's use of Rijndael.
 */
-void
-rij_salt_and_iv(RIJNDAEL_context *ctx, char *pass, unsigned char *data)
+static void
+rij_salt_and_iv(RIJNDAEL_context *ctx, const char *pass, const unsigned char *data)
 {
     char            pw_buf[16];
     unsigned char   tmp_buf[64];    /* How big does this need to be? */
@@ -136,7 +136,7 @@ rij_salt_and_iv(RIJNDAEL_context *ctx, char *pass, unsigned char *data)
     }
     else
         strncpy(pw_buf, pass, 16);
-          
+
     /* If we are decrypting, data will contain the salt. Otherwise,
      * for encryption, we generate a random salt.
     */
@@ -180,8 +180,8 @@ rij_salt_and_iv(RIJNDAEL_context *ctx, char *pass, unsigned char *data)
 
 /* Initialization entry point.
 */
-void
-rijndael_init(RIJNDAEL_context *ctx, char *pass, unsigned char *data)
+static void
+rijndael_init(RIJNDAEL_context *ctx, const char *pass, const unsigned char *data)
 {
 
     /* Use ECB mode to be compatible with the Crypt::CBC perl module.
@@ -201,7 +201,7 @@ rijndael_init(RIJNDAEL_context *ctx, char *pass, unsigned char *data)
  * module would.
 */
 size_t
-rij_encrypt(unsigned char *in, size_t in_len, char *pass, unsigned char *out)
+rij_encrypt(unsigned char *in, size_t in_len, const char *pass, unsigned char *out)
 {
     RIJNDAEL_context    ctx;
     unsigned char       plaintext[16];
@@ -255,7 +255,7 @@ rij_encrypt(unsigned char *in, size_t in_len, char *pass, unsigned char *out)
 /* Decrypt the given data.
 */
 size_t
-rij_decrypt(unsigned char *in, size_t in_len, char *pass, unsigned char *out)
+rij_decrypt(unsigned char *in, size_t in_len, const char *pass, unsigned char *out)
 {
     RIJNDAEL_context    ctx;
     unsigned char       plaintext[16];
@@ -307,7 +307,7 @@ rij_decrypt(unsigned char *in, size_t in_len, char *pass, unsigned char *out)
             if(*(pad_s+i) != pad_val)
                 pad_err++;
         }
-            
+
         if(pad_err == 0)
             ondx -= pad_val;
     }

diff --git a/lib/cipher_funcs.h b/lib/cipher_funcs.h
index 65e5555..07edace 100644 (file)
--- a/lib/cipher_funcs.h
+++ b/lib/cipher_funcs.h
@@ -47,8 +47,8 @@
 */
 #define PREDICT_ENCSIZE(x) (1+(x>>4)+(x&0xf?1:0))<<4
 
-size_t rij_encrypt(unsigned char *in, size_t len, char *key, unsigned char *out);
-size_t rij_decrypt(unsigned char *in, size_t len, char *key, unsigned char *out);
+size_t rij_encrypt(unsigned char *in, size_t len, const char *key, unsigned char *out);
+size_t rij_decrypt(unsigned char *in, size_t len, const char *key, unsigned char *out);
 
 #endif /* CIPHER_FUNCS_H */
 

diff --git a/lib/digest.c b/lib/digest.c
index 3e0e93a..e16b58b 100644 (file)
--- a/lib/digest.c
+++ b/lib/digest.c
@@ -33,8 +33,8 @@
 
 /* Convert a raw digest into its hex string representation.
 */
-void
-digest_to_hex(char *out, unsigned char *in, size_t size)
+static void
+digest_to_hex(char *out, const unsigned char *in, const size_t size)
 {
     size_t i;
 

diff --git a/lib/fko.h b/lib/fko.h
index 9c6a3b4..9dadcc3 100644 (file)
--- a/lib/fko.h
+++ b/lib/fko.h
@@ -189,35 +189,35 @@ enum {
 /* General api calls
 */
 DLL_API int fko_new(fko_ctx_t *ctx);
-DLL_API int fko_new_with_data(fko_ctx_t *ctx, char *enc_msg, char *dec_key);
+DLL_API int fko_new_with_data(fko_ctx_t *ctx, const char *enc_msg, const char *dec_key);
 DLL_API void fko_destroy(fko_ctx_t ctx);
-DLL_API int fko_spa_data_final(fko_ctx_t ctx, char *enc_key);
+DLL_API int fko_spa_data_final(fko_ctx_t ctx, const char *enc_key);
 
 
 /* Set context data functions
 */
 DLL_API int fko_set_rand_value(fko_ctx_t ctx, const char *val);
 DLL_API int fko_set_username(fko_ctx_t ctx, const char *spoof_user);
-DLL_API int fko_set_timestamp(fko_ctx_t ctx, int offset);
-DLL_API int fko_set_spa_message_type(fko_ctx_t ctx, short msg_type);
+DLL_API int fko_set_timestamp(fko_ctx_t ctx, const int offset);
+DLL_API int fko_set_spa_message_type(fko_ctx_t ctx, const short msg_type);
 DLL_API int fko_set_spa_message(fko_ctx_t ctx, const char *msg_string);
 DLL_API int fko_set_spa_nat_access(fko_ctx_t ctx, const char *nat_access);
 DLL_API int fko_set_spa_server_auth(fko_ctx_t ctx, const char *server_auth);
-DLL_API int fko_set_spa_client_timeout(fko_ctx_t ctx, int timeout);
-DLL_API int fko_set_spa_digest_type(fko_ctx_t ctx, short digest_type);
+DLL_API int fko_set_spa_client_timeout(fko_ctx_t ctx, const int timeout);
+DLL_API int fko_set_spa_digest_type(fko_ctx_t ctx, const short digest_type);
 DLL_API int fko_set_spa_digest(fko_ctx_t ctx);
-DLL_API int fko_set_spa_encryption_type(fko_ctx_t ctx, short encrypt_type);
-DLL_API int fko_set_spa_data(fko_ctx_t ctx, char *enc_msg);
+DLL_API int fko_set_spa_encryption_type(fko_ctx_t ctx, const short encrypt_type);
+DLL_API int fko_set_spa_data(fko_ctx_t ctx, const char *enc_msg);
 
 /* Data processing and misc utility functions
 */
-DLL_API const char* fko_errstr(int err_code);
-DLL_API int fko_encryption_type(char *enc_data);
+DLL_API const char* fko_errstr(const int err_code);
+DLL_API int fko_encryption_type(const char *enc_data);
 
 DLL_API int fko_encode_spa_data(fko_ctx_t ctx);
 DLL_API int fko_decode_spa_data(fko_ctx_t ctx);
-DLL_API int fko_encrypt_spa_data(fko_ctx_t ctx, char *enc_key);
-DLL_API int fko_decrypt_spa_data(fko_ctx_t ctx, char *dec_key);
+DLL_API int fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key);
+DLL_API int fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key);
 
 DLL_API int fko_get_encoded_data(fko_ctx_t ctx, char **enc_data);
 
@@ -252,9 +252,9 @@ DLL_API int fko_get_gpg_home_dir(fko_ctx_t ctx, char **gpg_home_dir);
 
 DLL_API const char* fko_gpg_errstr(fko_ctx_t ctx);
 
-DLL_API int fko_set_gpg_signature_verify(fko_ctx_t ctx, unsigned char val);
+DLL_API int fko_set_gpg_signature_verify(fko_ctx_t ctx, const unsigned char val);
 DLL_API int fko_get_gpg_signature_verify(fko_ctx_t ctx, unsigned char *val);
-DLL_API int fko_set_gpg_ignore_verify_error(fko_ctx_t ctx, unsigned char val);
+DLL_API int fko_set_gpg_ignore_verify_error(fko_ctx_t ctx, const unsigned char val);
 DLL_API int fko_get_gpg_ignore_verify_error(fko_ctx_t ctx, unsigned char *val);
 
 DLL_API int fko_get_gpg_signature_id(fko_ctx_t ctx, char **sig_id);

diff --git a/lib/fko_client_timeout.c b/lib/fko_client_timeout.c
index 40376fc..abfe49b 100644 (file)
--- a/lib/fko_client_timeout.c
+++ b/lib/fko_client_timeout.c
@@ -34,7 +34,7 @@
 /* Set the SPA Client Timeout data
 */
 int
-fko_set_spa_client_timeout(fko_ctx_t ctx, int timeout)
+fko_set_spa_client_timeout(fko_ctx_t ctx, const int timeout)
 {
     int     old_msg_type = ctx->message_type;
 
@@ -62,7 +62,7 @@ fko_set_spa_client_timeout(fko_ctx_t ctx, int timeout)
             case FKO_ACCESS_MSG:
                 ctx->message_type = FKO_CLIENT_TIMEOUT_ACCESS_MSG;
                 break;
-            
+
             case FKO_NAT_ACCESS_MSG:
                 ctx->message_type = FKO_CLIENT_TIMEOUT_NAT_ACCESS_MSG;
                 break;
@@ -94,7 +94,7 @@ fko_set_spa_client_timeout(fko_ctx_t ctx, int timeout)
         ctx->state |= FKO_SPA_MSG_TYPE_MODIFIED;
 
     return(FKO_SUCCESS);
-} 
+}
 
 /* Return the SPA message data.
 */

diff --git a/lib/fko_decode.c b/lib/fko_decode.c
index 63c31a6..f73b664 100644 (file)
--- a/lib/fko_decode.c
+++ b/lib/fko_decode.c
@@ -93,7 +93,7 @@ fko_decode_spa_data(fko_ctx_t ctx)
     ctx->digest = strdup(ndx);
     if(ctx->digest == NULL)
         return(FKO_ERROR_MEMORY_ALLOCATION);
-    
+
     /* Zero out the rest of the encoded_msg bucket...
     */
     bzero((ndx-1), t_size);
@@ -129,7 +129,7 @@ fko_decode_spa_data(fko_ctx_t ctx)
             sha512_base64(tbuf, (unsigned char*)ctx->encoded_msg, strlen(ctx->encoded_msg));
             break;
 
-    } 
+    }
 
     /* We give up here if the computed digest does not match the
      * digest in the message data.
@@ -171,7 +171,7 @@ fko_decode_spa_data(fko_ctx_t ctx)
     }
 
     strlcpy(tbuf, ndx, t_size+1);
-    
+
     ctx->username = malloc(t_size+1); /* Yes, more than we need */
     if(ctx->username == NULL)
     {
@@ -179,7 +179,7 @@ fko_decode_spa_data(fko_ctx_t ctx)
         return(FKO_ERROR_MEMORY_ALLOCATION);
     }
 
-    b64_decode(tbuf, (unsigned char*)ctx->username, t_size);
+    b64_decode(tbuf, (unsigned char*)ctx->username);
 
     /* Extract the timestamp value.
     */
@@ -202,14 +202,14 @@ fko_decode_spa_data(fko_ctx_t ctx)
         free(tbuf);
         return(FKO_ERROR_INVALID_DATA);
     }
- 
+
     ctx->version = malloc(t_size+1);
     if(ctx->version == NULL)
     {
         free(tbuf);
         return(FKO_ERROR_MEMORY_ALLOCATION);
     }
-    
+
     strlcpy(ctx->version, ndx, t_size+1);
 
     /* Extract the message type value.
@@ -235,7 +235,7 @@ fko_decode_spa_data(fko_ctx_t ctx)
     }
 
     strlcpy(tbuf, ndx, t_size+1);
-    
+
     ctx->message = malloc(t_size+1); /* Yes, more than we need */
     if(ctx->message == NULL)
     {
@@ -243,7 +243,7 @@ fko_decode_spa_data(fko_ctx_t ctx)
         return(FKO_ERROR_MEMORY_ALLOCATION);
     }
 
-    b64_decode(tbuf, (unsigned char*)ctx->message, t_size);
+    b64_decode(tbuf, (unsigned char*)ctx->message);
 
     /* Extract nat_access string if the message_type indicates so.
     */
@@ -260,7 +260,7 @@ fko_decode_spa_data(fko_ctx_t ctx)
         }
 
         strlcpy(tbuf, ndx, t_size+1);
-    
+
         ctx->nat_access = malloc(t_size+1); /* Yes, more than we need */
         if(ctx->nat_access == NULL)
         {
@@ -268,7 +268,7 @@ fko_decode_spa_data(fko_ctx_t ctx)
             return(FKO_ERROR_MEMORY_ALLOCATION);
         }
 
-        b64_decode(tbuf, (unsigned char*)ctx->nat_access, t_size);
+        b64_decode(tbuf, (unsigned char*)ctx->nat_access);
     }
 
     /* Now look for a server_auth string.
@@ -285,7 +285,7 @@ fko_decode_spa_data(fko_ctx_t ctx)
           && ctx->message_type != FKO_CLIENT_TIMEOUT_LOCAL_NAT_ACCESS_MSG)
         {
             strlcpy(tbuf, ndx, t_size+1);
-    
+
             ctx->server_auth = malloc(t_size+1); /* Yes, more than we need */
             if(ctx->server_auth == NULL)
             {
@@ -293,8 +293,8 @@ fko_decode_spa_data(fko_ctx_t ctx)
                 return(FKO_ERROR_MEMORY_ALLOCATION);
             }
 
-            b64_decode(tbuf, (unsigned char*)ctx->server_auth, t_size);
- 
+            b64_decode(tbuf, (unsigned char*)ctx->server_auth);
+
             /* At this point we should be done.
             */
             free(tbuf);
@@ -306,7 +306,7 @@ fko_decode_spa_data(fko_ctx_t ctx)
 
             return(FKO_SUCCESS);
         }
- 
+
         /* If we are here then we may still have a server_auth string,
          * or a timeout, or both. So we look for a ':' delimiter.  If
          * it is there we have both, if not we check the message_type
@@ -319,7 +319,7 @@ fko_decode_spa_data(fko_ctx_t ctx)
             /* Looks like we have both, so assume this is the 
             */
             strlcpy(tbuf, ndx, t_size+1);
-    
+
             ctx->server_auth = malloc(t_size+1); /* Yes, more than we need */
             if(ctx->server_auth == NULL)
             {
@@ -327,11 +327,11 @@ fko_decode_spa_data(fko_ctx_t ctx)
                 return(FKO_ERROR_MEMORY_ALLOCATION);
             }
 
-            b64_decode(tbuf, (unsigned char*)ctx->server_auth, t_size);
+            b64_decode(tbuf, (unsigned char*)ctx->server_auth);
 
             ndx += t_size + 1;
         }
- 
+
         /* Now we look for a timeout value if one is supposed to be there.
         */
         if(  ctx->message_type == FKO_CLIENT_TIMEOUT_ACCESS_MSG

diff --git a/lib/fko_digest.c b/lib/fko_digest.c
index d7f628d..6eaf126 100644 (file)
--- a/lib/fko_digest.c
+++ b/lib/fko_digest.c
@@ -37,7 +37,7 @@
 /* Set the SPA digest type.
 */
 int
-fko_set_spa_digest_type(fko_ctx_t ctx, short digest_type)
+fko_set_spa_digest_type(fko_ctx_t ctx, const short digest_type)
 {
     /* Must be initialized
     */
@@ -90,46 +90,46 @@ fko_set_spa_digest(fko_ctx_t ctx)
             md = malloc(MD_HEX_SIZE(MD5_DIGEST_LENGTH)+1);
             if(md == NULL)
                 return(FKO_ERROR_MEMORY_ALLOCATION);
-            
+
             md5_base64(md,
                 (unsigned char*)ctx->encoded_msg, strlen(ctx->encoded_msg));
-            break;    
+            break;
 
         case FKO_DIGEST_SHA1:
             md = malloc(MD_HEX_SIZE(SHA1_DIGEST_LENGTH)+1);
             if(md == NULL)
                 return(FKO_ERROR_MEMORY_ALLOCATION);
-            
+
             sha1_base64(md,
                 (unsigned char*)ctx->encoded_msg, strlen(ctx->encoded_msg));
-            break;    
+            break;
 
         case FKO_DIGEST_SHA256:
             md = malloc(MD_HEX_SIZE(SHA256_DIGEST_LENGTH)+1);
             if(md == NULL)
                 return(FKO_ERROR_MEMORY_ALLOCATION);
-            
+
             sha256_base64(md,
                 (unsigned char*)ctx->encoded_msg, strlen(ctx->encoded_msg));
-            break;    
+            break;
 
         case FKO_DIGEST_SHA384:
             md = malloc(MD_HEX_SIZE(SHA384_DIGEST_LENGTH)+1);
             if(md == NULL)
                 return(FKO_ERROR_MEMORY_ALLOCATION);
-            
+
             sha384_base64(md,
                 (unsigned char*)ctx->encoded_msg, strlen(ctx->encoded_msg));
-            break;    
+            break;
 
         case FKO_DIGEST_SHA512:
             md = malloc(MD_HEX_SIZE(SHA512_DIGEST_LENGTH)+1);
             if(md == NULL)
                 return(FKO_ERROR_MEMORY_ALLOCATION);
-            
+
             sha512_base64(md,
                 (unsigned char*)ctx->encoded_msg, strlen(ctx->encoded_msg));
-            break;    
+            break;
 
         default:
             return(FKO_ERROR_INVALID_DIGEST_TYPE);
@@ -144,7 +144,7 @@ fko_set_spa_digest(fko_ctx_t ctx)
     ctx->digest = md;
 
     return(FKO_SUCCESS);
-} 
+}
 
 int
 fko_get_spa_digest(fko_ctx_t ctx, char **md)

diff --git a/lib/fko_encode.c b/lib/fko_encode.c
index 3281621..a24c091 100644 (file)
--- a/lib/fko_encode.c
+++ b/lib/fko_encode.c
@@ -38,7 +38,7 @@
 /* Take a given string, base64-encode it and append it to the given
  * buffer.
 */
-int
+static int
 append_b64(char* tbuf, char *str)
 {
     int   len = strlen(str);
@@ -92,7 +92,7 @@ fko_encode_spa_data(fko_ctx_t ctx)
         if(ctx->nat_access == NULL || strlen(ctx->nat_access) == 0)
             return(FKO_ERROR_INCOMPLETE_SPA_DATA);
     }
- 
+
     /* Allocate our initial tmp buffer.
     */
     tbuf = calloc(1, FKO_ENCODE_TMP_BUF_SIZE);
@@ -111,7 +111,7 @@ fko_encode_spa_data(fko_ctx_t ctx)
         free(tbuf);
         return(res);
     }
-    
+
     /* Add the timestamp.
     */
     offset = strlen(tbuf);
@@ -136,7 +136,7 @@ fko_encode_spa_data(fko_ctx_t ctx)
     */
     offset = strlen(tbuf);
     sprintf(((char*)tbuf+offset), ":%i:", ctx->message_type);
- 
+
     /* Add the base64-encoded SPA message.
     */
     if((res = append_b64(tbuf, ctx->message)) != FKO_SUCCESS)
@@ -144,7 +144,7 @@ fko_encode_spa_data(fko_ctx_t ctx)
         free(tbuf);
         return(res);
     }
-    
+
     /* If a nat_access message was given, add it to the SPA
      * message.
     */
@@ -157,7 +157,7 @@ fko_encode_spa_data(fko_ctx_t ctx)
                 return(res);
         }
     }
- 
+
     /* If we have a server_auth field set.  Add it here.
      *
     */
@@ -206,7 +206,7 @@ fko_encode_spa_data(fko_ctx_t ctx)
     /* Here we can clear the modified flags on the SPA data fields.
     */
     FKO_CLEAR_SPA_DATA_MODIFIED(ctx);
- 
+
     free(tbuf);
 
     return(FKO_SUCCESS);
@@ -222,7 +222,7 @@ fko_get_encoded_data(fko_ctx_t ctx, char **enc_msg)
     if(!CTX_INITIALIZED(ctx))
         return(FKO_ERROR_CTX_NOT_INITIALIZED);
 
-    *enc_msg = ctx->encoded_msg; 
+    *enc_msg = ctx->encoded_msg;
 
     return(FKO_SUCCESS);
 }

diff --git a/lib/fko_encryption.c b/lib/fko_encryption.c
index 05db362..4b81a41 100644 (file)
--- a/lib/fko_encryption.c
+++ b/lib/fko_encryption.c
@@ -42,8 +42,8 @@
 
 /* Prep and encrypt using Rijndael
 */
-int
-_rijndael_encrypt(fko_ctx_t ctx, char *enc_key)
+static int
+_rijndael_encrypt(fko_ctx_t ctx, const char *enc_key)
 {
     char           *plain;
     char           *b64cipher;
@@ -79,7 +79,7 @@ _rijndael_encrypt(fko_ctx_t ctx, char *enc_key)
     strip_b64_eq(b64cipher);
 
     ctx->encrypted_msg = strdup(b64cipher);
-    
+
     /* Clean-up
     */
     free(plain);
@@ -94,11 +94,11 @@ _rijndael_encrypt(fko_ctx_t ctx, char *enc_key)
 
 /* Decode, decrypt, and parse SPA data into the context.
 */
-int
-_rijndael_decrypt(fko_ctx_t ctx, char *dec_key)
+static int
+_rijndael_decrypt(fko_ctx_t ctx, const char *dec_key)
 {
     char           *tbuf;
-       unsigned char  *ndx;
+    unsigned char  *ndx;
     unsigned char  *cipher;
     int             cipher_len, pt_len, i, err = 0;
 
@@ -133,8 +133,8 @@ _rijndael_decrypt(fko_ctx_t ctx, char *dec_key)
     cipher = malloc(strlen(ctx->encrypted_msg));
     if(cipher == NULL)
         return(FKO_ERROR_MEMORY_ALLOCATION);
- 
-    cipher_len = b64_decode(ctx->encrypted_msg, cipher, b64_len);
+
+    cipher_len = b64_decode(ctx->encrypted_msg, cipher);
 
     /* Create a bucket for the plaintext data and decrypt the message
      * data into it.
@@ -144,7 +144,7 @@ _rijndael_decrypt(fko_ctx_t ctx, char *dec_key)
         return(FKO_ERROR_MEMORY_ALLOCATION);
 
     pt_len = rij_decrypt(cipher, cipher_len, dec_key, (unsigned char*)ctx->encoded_msg);
- 
+
     /* Done with cipher...
     */
     free(cipher);
@@ -166,7 +166,7 @@ _rijndael_decrypt(fko_ctx_t ctx, char *dec_key)
 
     if(err > 0 || *ndx != ':')
         return(FKO_ERROR_DECRYPTION_FAILURE);
-    
+
     /* Call fko_decode and return the results.
     */
     return(fko_decode_spa_data(ctx));
@@ -177,8 +177,8 @@ _rijndael_decrypt(fko_ctx_t ctx, char *dec_key)
 
 /* Prep and encrypt using gpgme
 */
-int
-gpg_encrypt(fko_ctx_t ctx, char *enc_key)
+static int
+gpg_encrypt(fko_ctx_t ctx, const char *enc_key)
 {
     int             res;
     char           *plain;
@@ -242,8 +242,8 @@ gpg_encrypt(fko_ctx_t ctx, char *enc_key)
 
 /* Prep and decrypt using gpgme
 */
-int
-gpg_decrypt(fko_ctx_t ctx, char *dec_key)
+static int
+gpg_decrypt(fko_ctx_t ctx, const char *dec_key)
 {
     char           *tbuf;
     unsigned char  *cipher;
@@ -281,8 +281,8 @@ gpg_decrypt(fko_ctx_t ctx, char *dec_key)
     cipher = malloc(strlen(ctx->encrypted_msg));
     if(cipher == NULL)
         return(FKO_ERROR_MEMORY_ALLOCATION);
- 
-    cipher_len = b64_decode(ctx->encrypted_msg, cipher, strlen(ctx->encrypted_msg));
+
+    cipher_len = b64_decode(ctx->encrypted_msg, cipher);
 
     /* Create a bucket for the plaintext data and decrypt the message
      * data into it.
@@ -297,7 +297,7 @@ gpg_decrypt(fko_ctx_t ctx, char *dec_key)
     res = gpgme_decrypt(ctx, cipher, cipher_len,
         dec_key,  (unsigned char**)&ctx->encoded_msg, &cipher_len
     );
- 
+
     /* Done with cipher...
     */
     free(cipher);
@@ -319,7 +319,7 @@ gpg_decrypt(fko_ctx_t ctx, char *dec_key)
 /* Set the SPA encryption type.
 */
 int
-fko_set_spa_encryption_type(fko_ctx_t ctx, short encrypt_type)
+fko_set_spa_encryption_type(fko_ctx_t ctx, const short encrypt_type)
 {
     /* Must be initialized
     */
@@ -354,7 +354,7 @@ fko_get_spa_encryption_type(fko_ctx_t ctx, short *enc_type)
 /* Encrypt the encoded SPA data.
 */
 int
-fko_encrypt_spa_data(fko_ctx_t ctx, char *enc_key)
+fko_encrypt_spa_data(fko_ctx_t ctx, const char *enc_key)
 {
     int             res = 0;
 
@@ -402,7 +402,7 @@ fko_encrypt_spa_data(fko_ctx_t ctx, char *enc_key)
 /* Decode, decrypt, and parse SPA data into the context.
 */
 int
-fko_decrypt_spa_data(fko_ctx_t ctx, char *dec_key)
+fko_decrypt_spa_data(fko_ctx_t ctx, const char *dec_key)
 {
     int     enc_type, res;
 
@@ -436,7 +436,7 @@ fko_decrypt_spa_data(fko_ctx_t ctx, char *dec_key)
 /* Return the assumed encryption type based on the raw encrypted data.
 */
 int
-fko_encryption_type(char *enc_data)
+fko_encryption_type(const char *enc_data)
 {
     int enc_data_len;
 
@@ -445,8 +445,8 @@ fko_encryption_type(char *enc_data)
     if(enc_data == NULL)
         return(FKO_ENCRYPTION_INVALID_DATA);
 
-    /* Determine type of encryption used.  For know, we are using the
-     * size of the message.  
+    /* Determine type of encryption used.  For now, we are using the
+     * size of the message.
      *
      * XXX: We will want to come up with a more reliable method of
      *      identifying the encryption type.
@@ -472,7 +472,7 @@ fko_set_gpg_recipient(fko_ctx_t ctx, const char *recip)
 #if HAVE_LIBGPGME
     int             res;
     gpgme_key_t     key     = NULL;
-    
+
     /* Must be initialized
     */
     if(!CTX_INITIALIZED(ctx))
@@ -524,7 +524,7 @@ fko_set_gpg_exe(fko_ctx_t ctx, const char *gpg_exe)
     if(stat(gpg_exe, &st) != 0)
         return(FKO_ERROR_GPGME_BAD_GPG_EXE);
 
-    if(!S_ISREG(st.st_mode) && !S_ISLNK(st.st_mode)) 
+    if(!S_ISREG(st.st_mode) && !S_ISLNK(st.st_mode))
         return(FKO_ERROR_GPGME_BAD_GPG_EXE);
 
     ctx->gpg_exe = strdup(gpg_exe);
@@ -583,7 +583,7 @@ fko_set_gpg_signer(fko_ctx_t ctx, const char *signer)
 #if HAVE_LIBGPGME
     int             res;
     gpgme_key_t     key     = NULL;
-    
+
     /* Must be initialized
     */
     if(!CTX_INITIALIZED(ctx))
@@ -653,7 +653,7 @@ fko_set_gpg_home_dir(fko_ctx_t ctx, const char *gpg_home_dir)
     if(stat(gpg_home_dir, &st) != 0)
         return(FKO_ERROR_GPGME_BAD_HOME_DIR);
 
-    if(!S_ISDIR(st.st_mode)) 
+    if(!S_ISDIR(st.st_mode))
         return(FKO_ERROR_GPGME_BAD_HOME_DIR);
 
     ctx->gpg_home_dir = strdup(gpg_home_dir);
@@ -686,7 +686,7 @@ fko_get_gpg_home_dir(fko_ctx_t ctx, char **home_dir)
 }
 
 int
-fko_set_gpg_signature_verify(fko_ctx_t ctx, unsigned char val)
+fko_set_gpg_signature_verify(fko_ctx_t ctx, const unsigned char val)
 {
 #if HAVE_LIBGPGME
     /* Must be initialized
@@ -720,7 +720,7 @@ fko_get_gpg_signature_verify(fko_ctx_t ctx, unsigned char *val)
 }
 
 int
-fko_set_gpg_ignore_verify_error(fko_ctx_t ctx, unsigned char val)
+fko_set_gpg_ignore_verify_error(fko_ctx_t ctx, const unsigned char val)
 {
 #if HAVE_LIBGPGME
     /* Must be initialized

diff --git a/lib/fko_error.c b/lib/fko_error.c
index 53f4080..ed9efce 100644 (file)
--- a/lib/fko_error.c
+++ b/lib/fko_error.c
@@ -36,7 +36,7 @@
 #endif
 
 const char*
-fko_errstr(int err_code)
+fko_errstr(const int err_code)
 {
     switch (err_code)
     {

diff --git a/lib/fko_funcs.c b/lib/fko_funcs.c
index fe361c9..4a74438 100644 (file)
--- a/lib/fko_funcs.c
+++ b/lib/fko_funcs.c
@@ -64,7 +64,7 @@ fko_new(fko_ctx_t *r_ctx)
         free(ctx);
         return(FKO_ERROR_MEMORY_ALLOCATION);
     }
-    
+
     ctx->version = ver;
 
     /* Rand value.
@@ -149,14 +149,14 @@ fko_new(fko_ctx_t *r_ctx)
     *r_ctx = ctx;
 
     return(FKO_SUCCESS);
-} 
+}
 
 /* Initialize an fko context with external (encrypted/encoded) data.
  * This is used to create a context with the purpose of decoding
  * and parsing the provided data into the context data.
 */
 int
-fko_new_with_data(fko_ctx_t *r_ctx, char *enc_msg, char *dec_key)
+fko_new_with_data(fko_ctx_t *r_ctx, const char *enc_msg, const char *dec_key)
 {
     fko_ctx_t   ctx;
     int         res = FKO_SUCCESS; /* Are we optimistic or what? */
@@ -261,12 +261,12 @@ fko_destroy(fko_ctx_t ctx)
         {
             gpgme_key_unref(ctx->recipient_key);
         }
-        
+
         if(ctx->signer_key != NULL)
         {
             gpgme_key_unref(ctx->signer_key);
         }
-        
+
         if(ctx->gpg_ctx != NULL)
             gpgme_release(ctx->gpg_ctx);
 
@@ -310,7 +310,7 @@ fko_get_version(fko_ctx_t ctx, char **version)
  * set.
 */
 int
-fko_spa_data_final(fko_ctx_t ctx, char *enc_key)
+fko_spa_data_final(fko_ctx_t ctx, const char *enc_key)
 {
     /* Must be initialized
     */
@@ -335,7 +335,7 @@ fko_get_spa_data(fko_ctx_t ctx, char **spa_data)
     if(ctx->encrypted_msg == NULL || (strlen(ctx->encrypted_msg) < 1))
         return(FKO_ERROR_MISSING_ENCODED_DATA);
 
-    *spa_data = ctx->encrypted_msg; 
+    *spa_data = ctx->encrypted_msg;
 
     /* Notice we omit the first 10 bytes if Rijndael encryption is
      * used (to eliminate the consistent 'Salted__' string), and
@@ -353,7 +353,7 @@ fko_get_spa_data(fko_ctx_t ctx, char **spa_data)
 /* Set the fko SPA encrypted data.
 */
 int
-fko_set_spa_data(fko_ctx_t ctx, char *enc_msg)
+fko_set_spa_data(fko_ctx_t ctx, const char *enc_msg)
 {
     /* Must be initialized
     */
@@ -366,7 +366,7 @@ fko_set_spa_data(fko_ctx_t ctx, char *enc_msg)
     if(ctx->encrypted_msg == NULL)
         return(FKO_ERROR_MEMORY_ALLOCATION);
 
-    return(FKO_SUCCESS); 
+    return(FKO_SUCCESS);
 }
 
 /***EOF***/

diff --git a/lib/fko_message.c b/lib/fko_message.c
index 018d58d..fcb3ac2 100644 (file)
--- a/lib/fko_message.c
+++ b/lib/fko_message.c
@@ -44,7 +44,7 @@ int got_allow_ip(const char *msg);
 /* Set the SPA message type.
 */
 int
-fko_set_spa_message_type(fko_ctx_t ctx, short msg_type)
+fko_set_spa_message_type(fko_ctx_t ctx, const short msg_type)
 {
     /* Must be initialized
     */
@@ -137,7 +137,7 @@ fko_set_spa_message(fko_ctx_t ctx, const char *msg)
         return(FKO_ERROR_MEMORY_ALLOCATION);
 
     return(FKO_SUCCESS);
-} 
+}
 
 /* Return the SPA message data.
 */
@@ -162,7 +162,7 @@ validate_cmd_msg(const char *msg)
     const char   *ndx;
     int     res         = FKO_SUCCESS;
     int     startlen    = strlen(msg);
-    
+
 
     /* Should have a valid allow IP.
     */
@@ -176,7 +176,7 @@ validate_cmd_msg(const char *msg)
     ndx = strchr(msg, ',');
     if(ndx == NULL || (1+(ndx - msg)) >= startlen)
         return(FKO_ERROR_INVALID_SPA_COMMAND_MSG);
-    
+
     return(FKO_SUCCESS);
 }
 
@@ -198,7 +198,7 @@ validate_access_msg(const char *msg)
     ndx = strchr(msg, ',');
     if(ndx == NULL || (1+(ndx - msg)) >= startlen)
         return(FKO_ERROR_INVALID_SPA_ACCESS_MSG);
- 
+
     /* Look for a comma to see if this is a multi-part access request.
     */
     do {

diff --git a/lib/fko_nat_access.c b/lib/fko_nat_access.c
index d7dd7b5..42959ef 100644 (file)
--- a/lib/fko_nat_access.c
+++ b/lib/fko_nat_access.c
@@ -80,7 +80,7 @@ fko_set_spa_nat_access(fko_ctx_t ctx, const char *msg)
             ctx->message_type = FKO_NAT_ACCESS_MSG;
 
     return(FKO_SUCCESS);
-} 
+}
 
 /* Return the SPA message data.
 */

diff --git a/lib/fko_rand_value.c b/lib/fko_rand_value.c
index 60bc3c8..25380a1 100644 (file)
--- a/lib/fko_rand_value.c
+++ b/lib/fko_rand_value.c
@@ -58,7 +58,7 @@ fko_set_rand_value(fko_ctx_t ctx, const char *new_val)
     size_t          amt_read;
 #endif
     unsigned long   seed;
-       char           *tmp_buf;
+    char           *tmp_buf;
 
     /* Context must be initialized.
     */
@@ -132,7 +132,7 @@ fko_set_rand_value(fko_ctx_t ctx, const char *new_val)
     ctx->state |= FKO_DATA_MODIFIED;
 
     return(FKO_SUCCESS);
-} 
+}
 
 /* Return the current rand value.
 */

diff --git a/lib/fko_server_auth.c b/lib/fko_server_auth.c
index c40902d..435c5b1 100644 (file)
--- a/lib/fko_server_auth.c
+++ b/lib/fko_server_auth.c
@@ -80,7 +80,7 @@ fko_set_spa_server_auth(fko_ctx_t ctx, const char *msg)
         return(FKO_ERROR_MEMORY_ALLOCATION);
 
     return(FKO_SUCCESS);
-} 
+}
 
 /* Return the SPA message data.
 */

diff --git a/lib/fko_timestamp.c b/lib/fko_timestamp.c
index bb1ca12..66b0b52 100644 (file)
--- a/lib/fko_timestamp.c
+++ b/lib/fko_timestamp.c
@@ -35,7 +35,7 @@
 /* Set the timestamp.
 */
 int
-fko_set_timestamp(fko_ctx_t ctx, int offset)
+fko_set_timestamp(fko_ctx_t ctx, const int offset)
 {
     time_t ts;
 
@@ -48,13 +48,13 @@ fko_set_timestamp(fko_ctx_t ctx, int offset)
 
     if(ts < 0)
         return(FKO_ERROR_INVALID_DATA);
- 
+
     ctx->timestamp = ts;
 
     ctx->state |= FKO_DATA_MODIFIED;
 
     return(FKO_SUCCESS);
-} 
+}
 
 /* Return the current timestamp.
 */

diff --git a/lib/gpgme_funcs.c b/lib/gpgme_funcs.c
index 0695df5..4236388 100644 (file)
--- a/lib/gpgme_funcs.c
+++ b/lib/gpgme_funcs.c
@@ -180,7 +180,7 @@ process_sigs(fko_ctx_t fko_ctx, gpgme_verify_result_t vres)
 /* Get the GPG key for the given name or ID.
 */
 int
-get_gpg_key(fko_ctx_t fko_ctx, gpgme_key_t *mykey, int signer)
+get_gpg_key(fko_ctx_t fko_ctx, gpgme_key_t *mykey, const int signer)
 {
     int             res;
     const char     *name;

diff --git a/lib/gpgme_funcs.h b/lib/gpgme_funcs.h
index 3410ad5..557a968 100644 (file)
--- a/lib/gpgme_funcs.h
+++ b/lib/gpgme_funcs.h
@@ -37,7 +37,7 @@
 int gpgme_encrypt(fko_ctx_t ctx, unsigned char *in, size_t len, const char *pw, unsigned char **out, size_t *out_len);
 int gpgme_decrypt(fko_ctx_t ctx, unsigned char *in, size_t len, const char *pw, unsigned char **out, size_t *out_len);
 #if HAVE_LIBGPGME
-  int get_gpg_key(fko_ctx_t fko_ctx, gpgme_key_t *mykey, int signer);
+  int get_gpg_key(fko_ctx_t fko_ctx, gpgme_key_t *mykey, const int signer);
 #endif
 
 #endif /* GPGME_FUNCS_H */

diff --git a/lib/rijndael.c b/lib/rijndael.c
index 1059e7a..2374fd4 100644 (file)
--- a/lib/rijndael.c
+++ b/lib/rijndael.c
@@ -38,137 +38,137 @@
    and four XOR's per column of state.  They were generated by the
    makertbls.pl script. */
 uint32_t dtbl[] = {
-    0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6, 
-    0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591, 
-    0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56, 
-    0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec, 
-    0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa, 
-    0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb, 
-    0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45, 
-    0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b, 
-    0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c, 
-    0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83, 
-    0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9, 
-    0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a, 
-    0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d, 
-    0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f, 
-    0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df, 
-    0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea, 
-    0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34, 
-    0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b, 
-    0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d, 
-    0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413, 
-    0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1, 
-    0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6, 
-    0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972, 
-    0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85, 
-    0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed, 
-    0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511, 
-    0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe, 
-    0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b, 
-    0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05, 
-    0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1, 
-    0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142, 
-    0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf, 
-    0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3, 
-    0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e, 
-    0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a, 
-    0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6, 
-    0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3, 
-    0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b, 
-    0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428, 
-    0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad, 
-    0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14, 
-    0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8, 
-    0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4, 
-    0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2, 
-    0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda, 
-    0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949, 
-    0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf, 
-    0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810, 
-    0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c, 
-    0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697, 
-    0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e, 
-    0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f, 
-    0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc, 
-    0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c, 
-    0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969, 
-    0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27, 
-    0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122, 
-    0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433, 
-    0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9, 
-    0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5, 
-    0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a, 
-    0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0, 
-    0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e, 
-    0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c, 
+    0xa56363c6, 0x847c7cf8, 0x997777ee, 0x8d7b7bf6,
+    0x0df2f2ff, 0xbd6b6bd6, 0xb16f6fde, 0x54c5c591,
+    0x50303060, 0x03010102, 0xa96767ce, 0x7d2b2b56,
+    0x19fefee7, 0x62d7d7b5, 0xe6abab4d, 0x9a7676ec,
+    0x45caca8f, 0x9d82821f, 0x40c9c989, 0x877d7dfa,
+    0x15fafaef, 0xeb5959b2, 0xc947478e, 0x0bf0f0fb,
+    0xecadad41, 0x67d4d4b3, 0xfda2a25f, 0xeaafaf45,
+    0xbf9c9c23, 0xf7a4a453, 0x967272e4, 0x5bc0c09b,
+    0xc2b7b775, 0x1cfdfde1, 0xae93933d, 0x6a26264c,
+    0x5a36366c, 0x413f3f7e, 0x02f7f7f5, 0x4fcccc83,
+    0x5c343468, 0xf4a5a551, 0x34e5e5d1, 0x08f1f1f9,
+    0x937171e2, 0x73d8d8ab, 0x53313162, 0x3f15152a,
+    0x0c040408, 0x52c7c795, 0x65232346, 0x5ec3c39d,
+    0x28181830, 0xa1969637, 0x0f05050a, 0xb59a9a2f,
+    0x0907070e, 0x36121224, 0x9b80801b, 0x3de2e2df,
+    0x26ebebcd, 0x6927274e, 0xcdb2b27f, 0x9f7575ea,
+    0x1b090912, 0x9e83831d, 0x742c2c58, 0x2e1a1a34,
+    0x2d1b1b36, 0xb26e6edc, 0xee5a5ab4, 0xfba0a05b,
+    0xf65252a4, 0x4d3b3b76, 0x61d6d6b7, 0xceb3b37d,
+    0x7b292952, 0x3ee3e3dd, 0x712f2f5e, 0x97848413,
+    0xf55353a6, 0x68d1d1b9, 0x00000000, 0x2cededc1,
+    0x60202040, 0x1ffcfce3, 0xc8b1b179, 0xed5b5bb6,
+    0xbe6a6ad4, 0x46cbcb8d, 0xd9bebe67, 0x4b393972,
+    0xde4a4a94, 0xd44c4c98, 0xe85858b0, 0x4acfcf85,
+    0x6bd0d0bb, 0x2aefefc5, 0xe5aaaa4f, 0x16fbfbed,
+    0xc5434386, 0xd74d4d9a, 0x55333366, 0x94858511,
+    0xcf45458a, 0x10f9f9e9, 0x06020204, 0x817f7ffe,
+    0xf05050a0, 0x443c3c78, 0xba9f9f25, 0xe3a8a84b,
+    0xf35151a2, 0xfea3a35d, 0xc0404080, 0x8a8f8f05,
+    0xad92923f, 0xbc9d9d21, 0x48383870, 0x04f5f5f1,
+    0xdfbcbc63, 0xc1b6b677, 0x75dadaaf, 0x63212142,
+    0x30101020, 0x1affffe5, 0x0ef3f3fd, 0x6dd2d2bf,
+    0x4ccdcd81, 0x140c0c18, 0x35131326, 0x2fececc3,
+    0xe15f5fbe, 0xa2979735, 0xcc444488, 0x3917172e,
+    0x57c4c493, 0xf2a7a755, 0x827e7efc, 0x473d3d7a,
+    0xac6464c8, 0xe75d5dba, 0x2b191932, 0x957373e6,
+    0xa06060c0, 0x98818119, 0xd14f4f9e, 0x7fdcdca3,
+    0x66222244, 0x7e2a2a54, 0xab90903b, 0x8388880b,
+    0xca46468c, 0x29eeeec7, 0xd3b8b86b, 0x3c141428,
+    0x79dedea7, 0xe25e5ebc, 0x1d0b0b16, 0x76dbdbad,
+    0x3be0e0db, 0x56323264, 0x4e3a3a74, 0x1e0a0a14,
+    0xdb494992, 0x0a06060c, 0x6c242448, 0xe45c5cb8,
+    0x5dc2c29f, 0x6ed3d3bd, 0xefacac43, 0xa66262c4,
+    0xa8919139, 0xa4959531, 0x37e4e4d3, 0x8b7979f2,
+    0x32e7e7d5, 0x43c8c88b, 0x5937376e, 0xb76d6dda,
+    0x8c8d8d01, 0x64d5d5b1, 0xd24e4e9c, 0xe0a9a949,
+    0xb46c6cd8, 0xfa5656ac, 0x07f4f4f3, 0x25eaeacf,
+    0xaf6565ca, 0x8e7a7af4, 0xe9aeae47, 0x18080810,
+    0xd5baba6f, 0x887878f0, 0x6f25254a, 0x722e2e5c,
+    0x241c1c38, 0xf1a6a657, 0xc7b4b473, 0x51c6c697,
+    0x23e8e8cb, 0x7cdddda1, 0x9c7474e8, 0x211f1f3e,
+    0xdd4b4b96, 0xdcbdbd61, 0x868b8b0d, 0x858a8a0f,
+    0x907070e0, 0x423e3e7c, 0xc4b5b571, 0xaa6666cc,
+    0xd8484890, 0x05030306, 0x01f6f6f7, 0x120e0e1c,
+    0xa36161c2, 0x5f35356a, 0xf95757ae, 0xd0b9b969,
+    0x91868617, 0x58c1c199, 0x271d1d3a, 0xb99e9e27,
+    0x38e1e1d9, 0x13f8f8eb, 0xb398982b, 0x33111122,
+    0xbb6969d2, 0x70d9d9a9, 0x898e8e07, 0xa7949433,
+    0xb69b9b2d, 0x221e1e3c, 0x92878715, 0x20e9e9c9,
+    0x49cece87, 0xff5555aa, 0x78282850, 0x7adfdfa5,
+    0x8f8c8c03, 0xf8a1a159, 0x80898909, 0x170d0d1a,
+    0xdabfbf65, 0x31e6e6d7, 0xc6424284, 0xb86868d0,
+    0xc3414182, 0xb0999929, 0x772d2d5a, 0x110f0f1e,
+    0xcbb0b07b, 0xfc5454a8, 0xd6bbbb6d, 0x3a16162c,
 };
 
 uint32_t itbl[] = {
-    0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a, 
-    0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b, 
-    0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5, 
-    0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5, 
-    0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d, 
-    0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b, 
-    0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295, 
-    0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e, 
-    0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927, 
-    0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d, 
-    0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362, 
-    0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9, 
-    0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52, 
-    0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566, 
-    0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3, 
-    0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed, 
-    0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e, 
-    0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4, 
-    0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4, 
-    0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd, 
-    0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d, 
-    0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060, 
-    0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967, 
-    0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879, 
-    0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000, 
-    0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c, 
-    0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36, 
-    0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624, 
-    0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b, 
-    0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c, 
-    0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12, 
-    0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14, 
-    0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3, 
-    0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b, 
-    0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8, 
-    0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684, 
-    0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7, 
-    0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177, 
-    0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947, 
-    0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322, 
-    0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498, 
-    0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f, 
-    0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54, 
-    0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382, 
-    0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf, 
-    0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb, 
-    0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83, 
-    0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef, 
-    0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029, 
-    0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235, 
-    0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733, 
-    0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117, 
-    0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4, 
-    0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546, 
-    0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb, 
-    0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d, 
-    0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb, 
-    0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a, 
-    0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773, 
-    0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478, 
-    0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2, 
-    0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff, 
-    0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664, 
-    0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0, 
+    0x50a7f451, 0x5365417e, 0xc3a4171a, 0x965e273a,
+    0xcb6bab3b, 0xf1459d1f, 0xab58faac, 0x9303e34b,
+    0x55fa3020, 0xf66d76ad, 0x9176cc88, 0x254c02f5,
+    0xfcd7e54f, 0xd7cb2ac5, 0x80443526, 0x8fa362b5,
+    0x495ab1de, 0x671bba25, 0x980eea45, 0xe1c0fe5d,
+    0x02752fc3, 0x12f04c81, 0xa397468d, 0xc6f9d36b,
+    0xe75f8f03, 0x959c9215, 0xeb7a6dbf, 0xda595295,
+    0x2d83bed4, 0xd3217458, 0x2969e049, 0x44c8c98e,
+    0x6a89c275, 0x78798ef4, 0x6b3e5899, 0xdd71b927,
+    0xb64fe1be, 0x17ad88f0, 0x66ac20c9, 0xb43ace7d,
+    0x184adf63, 0x82311ae5, 0x60335197, 0x457f5362,
+    0xe07764b1, 0x84ae6bbb, 0x1ca081fe, 0x942b08f9,
+    0x58684870, 0x19fd458f, 0x876cde94, 0xb7f87b52,
+    0x23d373ab, 0xe2024b72, 0x578f1fe3, 0x2aab5566,
+    0x0728ebb2, 0x03c2b52f, 0x9a7bc586, 0xa50837d3,
+    0xf2872830, 0xb2a5bf23, 0xba6a0302, 0x5c8216ed,
+    0x2b1ccf8a, 0x92b479a7, 0xf0f207f3, 0xa1e2694e,
+    0xcdf4da65, 0xd5be0506, 0x1f6234d1, 0x8afea6c4,
+    0x9d532e34, 0xa055f3a2, 0x32e18a05, 0x75ebf6a4,
+    0x39ec830b, 0xaaef6040, 0x069f715e, 0x51106ebd,
+    0xf98a213e, 0x3d06dd96, 0xae053edd, 0x46bde64d,
+    0xb58d5491, 0x055dc471, 0x6fd40604, 0xff155060,
+    0x24fb9819, 0x97e9bdd6, 0xcc434089, 0x779ed967,
+    0xbd42e8b0, 0x888b8907, 0x385b19e7, 0xdbeec879,
+    0x470a7ca1, 0xe90f427c, 0xc91e84f8, 0x00000000,
+    0x83868009, 0x48ed2b32, 0xac70111e, 0x4e725a6c,
+    0xfbff0efd, 0x5638850f, 0x1ed5ae3d, 0x27392d36,
+    0x64d90f0a, 0x21a65c68, 0xd1545b9b, 0x3a2e3624,
+    0xb1670a0c, 0x0fe75793, 0xd296eeb4, 0x9e919b1b,
+    0x4fc5c080, 0xa220dc61, 0x694b775a, 0x161a121c,
+    0x0aba93e2, 0xe52aa0c0, 0x43e0223c, 0x1d171b12,
+    0x0b0d090e, 0xadc78bf2, 0xb9a8b62d, 0xc8a91e14,
+    0x8519f157, 0x4c0775af, 0xbbdd99ee, 0xfd607fa3,
+    0x9f2601f7, 0xbcf5725c, 0xc53b6644, 0x347efb5b,
+    0x7629438b, 0xdcc623cb, 0x68fcedb6, 0x63f1e4b8,
+    0xcadc31d7, 0x10856342, 0x40229713, 0x2011c684,
+    0x7d244a85, 0xf83dbbd2, 0x1132f9ae, 0x6da129c7,
+    0x4b2f9e1d, 0xf330b2dc, 0xec52860d, 0xd0e3c177,
+    0x6c16b32b, 0x99b970a9, 0xfa489411, 0x2264e947,
+    0xc48cfca8, 0x1a3ff0a0, 0xd82c7d56, 0xef903322,
+    0xc74e4987, 0xc1d138d9, 0xfea2ca8c, 0x360bd498,
+    0xcf81f5a6, 0x28de7aa5, 0x268eb7da, 0xa4bfad3f,
+    0xe49d3a2c, 0x0d927850, 0x9bcc5f6a, 0x62467e54,
+    0xc2138df6, 0xe8b8d890, 0x5ef7392e, 0xf5afc382,
+    0xbe805d9f, 0x7c93d069, 0xa92dd56f, 0xb31225cf,
+    0x3b99acc8, 0xa77d1810, 0x6e639ce8, 0x7bbb3bdb,
+    0x097826cd, 0xf418596e, 0x01b79aec, 0xa89a4f83,
+    0x656e95e6, 0x7ee6ffaa, 0x08cfbc21, 0xe6e815ef,
+    0xd99be7ba, 0xce366f4a, 0xd4099fea, 0xd67cb029,
+    0xafb2a431, 0x31233f2a, 0x3094a5c6, 0xc066a235,
+    0x37bc4e74, 0xa6ca82fc, 0xb0d090e0, 0x15d8a733,
+    0x4a9804f1, 0xf7daec41, 0x0e50cd7f, 0x2ff69117,
+    0x8dd64d76, 0x4db0ef43, 0x544daacc, 0xdf0496e4,
+    0xe3b5d19e, 0x1b886a4c, 0xb81f2cc1, 0x7f516546,
+    0x04ea5e9d, 0x5d358c01, 0x737487fa, 0x2e410bfb,
+    0x5a1d67b3, 0x52d2db92, 0x335610e9, 0x1347d66d,
+    0x8c61d79a, 0x7a0ca137, 0x8e14f859, 0x893c13eb,
+    0xee27a9ce, 0x35c961b7, 0xede51ce1, 0x3cb1477a,
+    0x59dfd29c, 0x3f73f255, 0x79ce1418, 0xbf37c773,
+    0xeacdf753, 0x5baafd5f, 0x146f3ddf, 0x86db4478,
+    0x81f3afca, 0x3ec468b9, 0x2c342438, 0x5f40a3c2,
+    0x72c31d16, 0x0c25e2bc, 0x8b493c28, 0x41950dff,
+    0x7101a839, 0xdeb30c08, 0x9ce4b4d8, 0x90c15664,
+    0x6184cb7b, 0x70b632d5, 0x745c6c48, 0x4257b8d0,
 };
 
 
@@ -185,11 +185,11 @@ uint8_t sbox[256] = {
     188, 182, 218,  33,  16, 255, 243, 210, 205,  12,  19, 236,  95, 151,  68,
     23, 196, 167, 126,  61, 100,  93,  25, 115, 96, 129,  79, 220,  34,  42,
     144, 136,  70, 238, 184,  20, 222,  94,  11, 219, 224,  50,  58,  10,  73,
-    6,  36,  92, 194, 211, 172,  98, 145, 149, 228, 121, 231, 200,  55, 109, 
+    6,  36,  92, 194, 211, 172,  98, 145, 149, 228, 121, 231, 200,  55, 109,
     141, 213,  78, 169, 108,  86, 244, 234, 101, 122, 174,   8, 186, 120,  37,
     46,  28, 166, 180, 198, 232, 221, 116,  31,  75, 189, 139, 138, 112,  62,
     181, 102,  72,   3, 246,  14,  97,  53,  87, 185, 134, 193,  29, 158, 225,
-    248, 152,  17, 105, 217, 142, 148, 155,  30, 135, 233, 206,  85,  40, 223, 
+    248, 152,  17, 105, 217, 142, 148, 155,  30, 135, 233, 206,  85,  40, 223,
     140, 161, 137,  13, 191, 230,  66, 104,  65, 153,  45,  15, 176,  84, 187,
     22, 
 };
@@ -232,12 +232,12 @@ uint8_t Logtable[256] = {
     96, 177, 134,  59,  82, 161, 108, 170,  85,  41, 157, 151, 178, 135, 144,
     97, 190, 220, 252, 188, 149, 207, 205,  55,  63,  91, 209, 83,  57, 132,
     60,  65, 162, 109,  71,  20,  42, 158,  93,  86, 242, 211, 171, 68,  17,
-    146, 217,  35,  32,  46, 137, 180, 124, 184,  38, 119, 153, 227, 165, 103,  
-    74, 237, 222, 197,  49, 254,  24,  13,  99, 140, 128, 192, 247, 112,   7, 
+    146, 217,  35,  32,  46, 137, 180, 124, 184,  38, 119, 153, 227, 165, 103,
+    74, 237, 222, 197,  49, 254,  24,  13,  99, 140, 128, 192, 247, 112,   7,
 };
 
 uint8_t Alogtable[256] = {
-    1,   3,   5,  15,  17,  51,  85, 255,  26,  46, 114, 150, 161, 248,  19, 
+    1,   3,   5,  15,  17,  51,  85, 255,  26,  46, 114, 150, 161, 248,  19,
     53, 95, 225,  56,  72, 216, 115, 149, 164, 247,   2,   6,  10,  30,  34,
     102, 170, 229,  52,  92, 228,  55,  89, 235,  38, 106, 190, 217, 112, 144,
     171, 230,  49,  83, 245,   4,  12,  20,  60,  68, 204,  79, 209, 104, 184,
@@ -253,7 +253,7 @@ uint8_t Alogtable[256] = {
     99, 165, 244,   7,   9,  27,  45, 119, 153, 176, 203,  70, 202,  69, 207,
     74, 222, 121, 139, 134, 145, 168, 227,  62,  66, 198,  81, 243,  14,  18,
     54,  90, 238,  41, 123, 141, 140, 143, 138, 133, 148, 167, 242,  13,  23,
-    57,  75, 221, 124, 132, 151, 162, 253,  28,  36, 108, 180, 199,  82, 246, 1, 
+    57,  75, 221, 124, 132, 151, 162, 253,  28,  36, 108, 180, 199,  82, 246, 1,
 };
 
 #define ROTBYTE(x) (((x) >> 8) | (((x) & 0xff) << 24))

diff --git a/server/access.c b/server/access.c
index cfbfe03..f9be30c 100644 (file)
--- a/server/access.c
+++ b/server/access.c
@@ -43,8 +43,8 @@
 
 /* Add an access string entry
 */
-void
-add_acc_string(char **var, char *val)
+static void
+add_acc_string(char **var, const char *val)
 {
     if((*var = strdup(val)) == NULL)
     {
@@ -58,7 +58,7 @@ add_acc_string(char **var, char *val)
 /* Add an access int entry
 */
 static int
-add_acc_int(int *var, char *val)
+add_acc_int(int *var, const char *val)
 {
     return(*var = atoi(val));
 }
@@ -66,7 +66,7 @@ add_acc_int(int *var, char *val)
 /* Add an access bool entry (unsigned char of 1 or 0)
 */
 static unsigned char
-add_acc_bool(unsigned char *var, char *val)
+add_acc_bool(unsigned char *var, const char *val)
 {
     return(*var = (strncasecmp(val, "Y", 1) == 0) ? 1 : 0);
 }
@@ -75,7 +75,7 @@ add_acc_bool(unsigned char *var, char *val)
  * comparisons of incoming source IPs against this mask.
 */
 static void
-add_source_mask(acc_stanza_t *acc, char *ip)
+add_source_mask(acc_stanza_t *acc, const char *ip)
 {
     char                *ndx;
     char                ip_str[16] = {0};
@@ -215,7 +215,7 @@ parse_proto_and_port(char *pstr, int *proto, int *port)
         *proto = PROTO_TCP;
     else if(strcasecmp(proto_str, "udp") == 0)
         *proto = PROTO_UDP;
-    else 
+    else
     {
         log_msg(LOG_ERR,
             "Invalid protocol in access port entry: %s", pstr);
@@ -275,7 +275,7 @@ add_port_list_ent(acc_port_list_t **plist, char *port_str)
 /* Add a string list entry to the given acc_string_list.
 */
 static void
-add_string_list_ent(acc_string_list_t **stlist, char *str_str)
+add_string_list_ent(acc_string_list_t **stlist, const char *str_str)
 {
     acc_string_list_t   *last_stlist, *new_stlist, *tmp_stlist;
 
@@ -304,7 +304,7 @@ add_string_list_ent(acc_string_list_t **stlist, char *str_str)
 
         last_stlist->next = new_stlist;
     }
-    
+
     new_stlist->str = strdup(str_str);
 
     if(new_stlist->str == NULL)
@@ -511,7 +511,7 @@ expand_acc_ent_lists(fko_srv_options_t *opts)
         */
         if(acc->gpg_remote_id != NULL && strlen(acc->gpg_remote_id))
             expand_acc_string_list(&(acc->gpg_remote_id_list), acc->gpg_remote_id);
- 
+
         acc = acc->next;
     }
 }
@@ -607,8 +607,8 @@ set_acc_defaults(fko_srv_options_t *opts)
 
 /* Perform some sanity checks on an acc stanza data.
 */
-int
-acc_data_is_valid(acc_stanza_t *acc)
+static int
+acc_data_is_valid(const acc_stanza_t *acc)
 {
     if((acc->key == NULL || !strlen(acc->key))
       && (acc->gpg_decrypt_pw == NULL || !strlen(acc->gpg_decrypt_pw)))
@@ -774,8 +774,8 @@ parse_access_file(fko_srv_options_t *opts)
             {
                 fprintf(stderr, "Unable to determine UID for CMD_EXEC_USER: %s.\n",
                     errno ? strerror(errno) : "Not a user on this system");
-                exit(EXIT_FAILURE); 
-            } 
+                exit(EXIT_FAILURE);
+            }
 
             curr_acc->cmd_exec_uid = pw->pw_uid;
         }
@@ -908,7 +908,7 @@ acc_check_source(fko_srv_options_t *opts, uint32_t ip)
  * match in the access port_list.
 */
 static int
-compare_port_list(acc_port_list_t *in, acc_port_list_t *ac, int match_any)
+compare_port_list(acc_port_list_t *in, acc_port_list_t *ac, const int match_any)
 {
     int a_cnt = 0;
     int i_cnt = 0;
@@ -1003,7 +1003,7 @@ cleanup_and_bail:
  * Return 1 if we are allowed
 */
 int
-acc_check_gpg_remote_id(acc_stanza_t *acc, char *gpg_id)
+acc_check_gpg_remote_id(acc_stanza_t *acc, const char *gpg_id)
 {
     acc_string_list_t *ndx;
 
@@ -1017,7 +1017,7 @@ acc_check_gpg_remote_id(acc_stanza_t *acc, char *gpg_id)
 /* Dump the configuration
 */
 void
-dump_access_list(fko_srv_options_t *opts)
+dump_access_list(const fko_srv_options_t *opts)
 {
     int             i = 0;
 

diff --git a/server/access.h b/server/access.h
index b9adcdc..210fd93 100644 (file)
--- a/server/access.h
+++ b/server/access.h
@@ -39,8 +39,8 @@
 void parse_access_file(fko_srv_options_t *opts);
 acc_stanza_t* acc_check_source(fko_srv_options_t *opts, uint32_t ip);
 int acc_check_port_access(acc_stanza_t *acc, char *port_str);
-int acc_check_gpg_remote_id(acc_stanza_t *acc, char *gpg_id);
-void dump_access_list(fko_srv_options_t *opts);
+int acc_check_gpg_remote_id(acc_stanza_t *acc, const char *gpg_id);
+void dump_access_list(const fko_srv_options_t *opts);
 void expand_acc_port_list(acc_port_list_t **plist, char *plist_str);
 void free_acc_port_list(acc_port_list_t *plist);
 

diff --git a/server/config_init.c b/server/config_init.c
index c0a7e9f..5e38282 100644 (file)
--- a/server/config_init.c
+++ b/server/config_init.c
@@ -37,8 +37,8 @@
 /* Take an index and a string value. malloc the space for the value
  * and assign it to the array at the specified index.
 */
-void
-set_config_entry(fko_srv_options_t *opts, int var_ndx, char *value)
+static void
+set_config_entry(fko_srv_options_t *opts, const int var_ndx, const char *value)
 {
     int space_needed;
 
@@ -77,21 +77,21 @@ set_config_entry(fko_srv_options_t *opts, int var_ndx, char *value)
     }
 
     strlcpy(opts->config[var_ndx], value, space_needed);
- 
+
     return;
 }
 
 /* Given a config parameter name, return its index or -1 if not found.
 */
-int
-config_entry_index(fko_srv_options_t *opts, char *var)
+static int
+config_entry_index(const fko_srv_options_t *opts, const char *var)
 {
     int i;
 
     for(i=0; i<NUMBER_OF_CONFIG_ENTRIES; i++)
         if(opts->config[i] != NULL && CONF_VAR_IS(var, config_map[i]))
             return(i);
- 
+
     return(-1);
 }
 
@@ -110,7 +110,7 @@ free_configs(fko_srv_options_t *opts)
 /* Parse the config file...
 */
 static void
-parse_config_file(fko_srv_options_t *opts, char *config_file)
+parse_config_file(fko_srv_options_t *opts, const char *config_file)
 {
     FILE           *cfile_ptr;
     unsigned int    numLines = 0;
@@ -731,7 +731,7 @@ config_init(fko_srv_options_t *opts, int argc, char **argv)
 /* Dump the configuration
 */
 void
-dump_config(fko_srv_options_t *opts)
+dump_config(const fko_srv_options_t *opts)
 {
     int i;
 
@@ -782,8 +782,11 @@ usage(void)
       " -S, --status            - Display the status of any running fwknopd process.\n"
       " -v, --verbose           - Set verbose mode.\n"
       " -V, --version           - Print version number.\n"
-      "     --fw-list           - List add firewall rules that fwknop has created\n"
+      "     --fw-list           - List all firewall rules that fwknop has created\n"
       "                           and then exit.\n"
+      "     --fw-list-all       - List all firewall rules in the complete policy,\n"
+      "                           including those that have nothing to with fwknop.\n"
+      "     --fw-flush          - Flush all firewall rules created by fwknop.\n"
       "\n"
     );
 

diff --git a/server/config_init.h b/server/config_init.h
index 0378dc4..7cf979e 100644 (file)
--- a/server/config_init.h
+++ b/server/config_init.h
@@ -37,7 +37,7 @@
 /* Function Prototypes
 */
 void config_init(fko_srv_options_t *opts, int argc, char **argv);
-void dump_config(fko_srv_options_t *opts);
+void dump_config(const fko_srv_options_t *opts);
 void clear_configs(fko_srv_options_t *opts);
 void free_configs(fko_srv_options_t *opts);
 void usage(void);

diff --git a/server/extcmd.c b/server/extcmd.c
index 1afeb47..fd9e4f6 100644 (file)
--- a/server/extcmd.c
+++ b/server/extcmd.c
@@ -89,8 +89,8 @@ alarm_handler(int sig)
  * Note: XXX: We are not using the timeout parameter at present. We still need
  *       to implement a reliable timeout mechanism.
 */
-int
-_run_extcmd(uid_t user_uid, char *cmd, char *so_buf, size_t so_buf_sz, int timeout)
+static int
+_run_extcmd(uid_t user_uid, const char *cmd, char *so_buf, const size_t so_buf_sz, const int timeout)
 {
     FILE   *ipt;
     int     retval = 0;
@@ -379,7 +379,7 @@ _run_extcmd(uid_t user_uid, char *cmd, char *so_buf, size_t so_buf_sz, int timeo
 /* Run an external command.  This is wrapper around _run_extcmd()
 */
 int
-run_extcmd(char *cmd, char *so_buf, size_t so_buf_sz, int timeout)
+run_extcmd(const char *cmd, char *so_buf, const size_t so_buf_sz, const int timeout)
 {
     return _run_extcmd(0, cmd, so_buf, so_buf_sz, timeout);
 }
@@ -387,7 +387,7 @@ run_extcmd(char *cmd, char *so_buf, size_t so_buf_sz, int timeout)
 /* Run an external command as the specified user.  This is wrapper around _run_extcmd()
 */
 int
-run_extcmd_as(uid_t user_uid, char *cmd, char *so_buf, size_t so_buf_sz, int timeout)
+run_extcmd_as(uid_t user_uid, const char *cmd, char *so_buf, const size_t so_buf_sz, const int timeout)
 {
     return _run_extcmd(user_uid, cmd, so_buf, so_buf_sz, timeout);
 }

diff --git a/server/extcmd.h b/server/extcmd.h
index 5f07eec..6754035 100644 (file)
--- a/server/extcmd.h
+++ b/server/extcmd.h
@@ -71,8 +71,8 @@ enum {
 
 /* Function prototypes
 */
-int run_extcmd(char *cmd, char *so_buf, size_t so_buf_sz, int timeout);
-int run_extcmd_as(uid_t uid, char *cmd, char *so_buf, size_t so_buf_sz, int timeout);
+int run_extcmd(const char *cmd, char *so_buf, const size_t so_buf_sz, const int timeout);
+int run_extcmd_as(uid_t uid, const char *cmd, char *so_buf, const size_t so_buf_sz, const int timeout);
 
 #endif /* EXTCMD_H */
 

diff --git a/server/fw_util.h b/server/fw_util.h
index bc360fe..7045719 100644 (file)
--- a/server/fw_util.h
+++ b/server/fw_util.h
@@ -59,11 +59,11 @@
  *       fw_util_<fw-type>.c files.
 */
 void fw_config_init(fko_srv_options_t *opts);
-void fw_initialize(fko_srv_options_t *opts);
+void fw_initialize(const fko_srv_options_t *opts);
 int fw_cleanup(void);
-void check_firewall_rules(fko_srv_options_t *opts);
-int fw_dump_rules(fko_srv_options_t *opts);
-int process_spa_request(fko_srv_options_t *opts, spa_data_t *spdat);
+void check_firewall_rules(const fko_srv_options_t *opts);
+int fw_dump_rules(const fko_srv_options_t *opts);
+int process_spa_request(const fko_srv_options_t *opts, spa_data_t *spdat);
 
 #endif /* FW_UTIL_H */
 

diff --git a/server/fw_util_ipf.c b/server/fw_util_ipf.c
index 51a53a5..56a7ea5 100644 (file)
--- a/server/fw_util_ipf.c
+++ b/server/fw_util_ipf.c
@@ -47,7 +47,7 @@ static char   cmd_out[STANDARD_CMD_OUT_BUFSIZE];
  * daemon to stdout.
 */
 int
-fw_dump_rules(fko_srv_options_t *opts)
+fw_dump_rules(const fko_srv_options_t *opts)
 {
     int     i;
     int     res, got_err = 0;
@@ -82,7 +82,7 @@ fw_config_init(fko_srv_options_t *opts)
 }
 
 void
-fw_initialize(fko_srv_options_t *opts)
+fw_initialize(const fko_srv_options_t *opts)
 {
     int res = 0;
 
@@ -109,7 +109,7 @@ fw_cleanup(void)
 /* Rule Processing - Create an access request...
 */
 int
-process_spa_request(fko_srv_options_t *opts, spa_data_t *spadat)
+process_spa_request(const fko_srv_options_t *opts, spa_data_t *spadat)
 {
     /* TODO: Implement me */
 
@@ -156,7 +156,7 @@ process_spa_request(fko_srv_options_t *opts, spa_data_t *spadat)
  * firewall rules.
 */
 void
-check_firewall_rules(fko_srv_options_t *opts)
+check_firewall_rules(const fko_srv_options_t *opts)
 {
 
     /* TODO: Implement me */

diff --git a/server/fw_util_ipfw.c b/server/fw_util_ipfw.c
index 7768887..2811e32 100644 (file)
--- a/server/fw_util_ipfw.c
+++ b/server/fw_util_ipfw.c
@@ -92,7 +92,7 @@ ipfw_set_exists(const char *fw_command, const unsigned short set_num)
  * daemon to stdout.
 */
 int
-fw_dump_rules(fko_srv_options_t *opts)
+fw_dump_rules(const fko_srv_options_t *opts)
 {
     int     res, got_err = 0;
 
@@ -189,7 +189,7 @@ fw_config_init(fko_srv_options_t *opts)
 }
 
 void
-fw_initialize(fko_srv_options_t *opts)
+fw_initialize(const fko_srv_options_t *opts)
 {
     int             res = 0;
     unsigned short  curr_rule;
@@ -385,7 +385,7 @@ fw_cleanup(void)
 /* Rule Processing - Create an access request...
 */
 int
-process_spa_request(fko_srv_options_t *opts, spa_data_t *spadat)
+process_spa_request(const fko_srv_options_t *opts, spa_data_t *spadat)
 {
     unsigned short   rule_num;
 
@@ -507,7 +507,7 @@ process_spa_request(fko_srv_options_t *opts, spa_data_t *spadat)
  * firewall rules.
 */
 void
-check_firewall_rules(fko_srv_options_t *opts)
+check_firewall_rules(const fko_srv_options_t *opts)
 {
     char            exp_str[12];
     char            rule_num_str[6];
@@ -597,7 +597,7 @@ check_firewall_rules(fko_srv_options_t *opts)
                 if(*rn_start == '\n')
                     break;
             }
-            
+
             if(*rn_start == '\n')
             {
                 rn_start++;
@@ -631,7 +631,7 @@ check_firewall_rules(fko_srv_options_t *opts)
 
                 break;
             }
-             
+
             strlcpy(rule_num_str, rn_start, (rn_end - rn_start)+1);
 
             curr_rule = atoi(rule_num_str);
@@ -689,7 +689,7 @@ check_firewall_rules(fko_srv_options_t *opts)
  * corresponding dynamic rules.
 */
 void
-ipfw_purge_expired_rules(fko_srv_options_t *opts)
+ipfw_purge_expired_rules(const fko_srv_options_t *opts)
 {
     char           *ndx, *co_end;
 

diff --git a/server/fw_util_ipfw.h b/server/fw_util_ipfw.h
index b3029e8..d574ce9 100644 (file)
--- a/server/fw_util_ipfw.h
+++ b/server/fw_util_ipfw.h
@@ -53,7 +53,7 @@ enum {
 #define IPFW_LIST_EXP_SET_RULES_ARGS "-S set %u list"
 #define IPFW_LIST_SET_DYN_RULES_ARGS "-d set %u list"
 
-void ipfw_purge_expired_rules(fko_srv_options_t *opts);
+void ipfw_purge_expired_rules(const fko_srv_options_t *opts);
 
 #endif /* FW_UTIL_IPFW_H */
 

diff --git a/server/fw_util_iptables.c b/server/fw_util_iptables.c
index eb2f561..d4e0799 100644 (file)
--- a/server/fw_util_iptables.c
+++ b/server/fw_util_iptables.c
@@ -53,7 +53,7 @@ zero_cmd_buffers(void)
 }
 
 static int
-add_jump_rule(int chain_num)
+add_jump_rule(const int chain_num)
 {
     int res = 0;
 
@@ -81,7 +81,7 @@ add_jump_rule(int chain_num)
 }
 
 static int
-jump_rule_exists(int chain_num)
+jump_rule_exists(const int chain_num)
 {
     int     num, pos = 0;
     char    cmd_buf[CMD_BUFSIZE] = {0};
@@ -131,7 +131,7 @@ jump_rule_exists(int chain_num)
  * daemon to stdout.
 */
 int
-fw_dump_rules(fko_srv_options_t *opts)
+fw_dump_rules(const fko_srv_options_t *opts)
 {
     int     i;
     int     res, got_err = 0;
@@ -308,7 +308,7 @@ create_fw_chains(void)
 
 
 static void
-set_fw_chain_conf(int type, char *conf_str)
+set_fw_chain_conf(const int type, char *conf_str)
 {
     int i, j;
     char tbuf[1024]     = {0};
@@ -338,7 +338,7 @@ set_fw_chain_conf(int type, char *conf_str)
                 tbuf[i++] = *ndx;
         }
         ndx++;
-    } 
+    }
 
     /* Sanity check - j should be the number of chain fields
      * (excluding the type).
@@ -428,7 +428,7 @@ fw_config_init(fko_srv_options_t *opts)
 }
 
 void
-fw_initialize(fko_srv_options_t *opts)
+fw_initialize(const fko_srv_options_t *opts)
 {
     int res;
 
@@ -459,7 +459,7 @@ fw_cleanup(void)
 /* Rule Processing - Create an access request...
 */
 int
-process_spa_request(fko_srv_options_t *opts, spa_data_t *spadat)
+process_spa_request(const fko_srv_options_t *opts, spa_data_t *spadat)
 {
     char             nat_ip[16] = {0};
     char             snat_target[SNAT_TARGET_BUFSIZE] = {0};
@@ -780,7 +780,7 @@ process_spa_request(fko_srv_options_t *opts, spa_data_t *spadat)
  * firewall rules.
 */
 void
-check_firewall_rules(fko_srv_options_t *opts)
+check_firewall_rules(const fko_srv_options_t *opts)
 {
     char             exp_str[12];
     char             rule_num_str[6];

diff --git a/server/fw_util_pf.c b/server/fw_util_pf.c
index 9f0c372..ac26c00 100644 (file)
--- a/server/fw_util_pf.c
+++ b/server/fw_util_pf.c
@@ -56,7 +56,7 @@ zero_cmd_buffers(void)
  * daemon to stdout.
 */
 int
-fw_dump_rules(fko_srv_options_t *opts)
+fw_dump_rules(const fko_srv_options_t *opts)
 {
     int     res, got_err = 0;
 
@@ -88,7 +88,7 @@ fw_dump_rules(fko_srv_options_t *opts)
  * any rules added/deleted by fwknopd will have no effect on real traffic.
 */
 static int
-anchor_active(fko_srv_options_t *opts)
+anchor_active(const fko_srv_options_t *opts)
 {
     int    res = 0;
     char  *ndx = NULL;
@@ -176,7 +176,7 @@ fw_config_init(fko_srv_options_t *opts)
 }
 
 void
-fw_initialize(fko_srv_options_t *opts)
+fw_initialize(const fko_srv_options_t *opts)
 {
 
     if (! anchor_active(opts))
@@ -204,7 +204,7 @@ fw_cleanup(void)
 /* Rule Processing - Create an access request...
 */
 int
-process_spa_request(fko_srv_options_t *opts, spa_data_t *spadat)
+process_spa_request(const fko_srv_options_t *opts, spa_data_t *spadat)
 {
     char             new_rule[MAX_PF_NEW_RULE_LEN];
     char             write_cmd[CMD_BUFSIZE];
@@ -354,7 +354,7 @@ process_spa_request(fko_srv_options_t *opts, spa_data_t *spadat)
  * firewall rules.
 */
 void
-check_firewall_rules(fko_srv_options_t *opts)
+check_firewall_rules(const fko_srv_options_t *opts)
 {
     char            exp_str[12];
     char            anchor_rules_copy[STANDARD_CMD_OUT_BUFSIZE];

diff --git a/server/fwknopd.c b/server/fwknopd.c
index 6fcd956..bae1431 100644 (file)
--- a/server/fwknopd.c
+++ b/server/fwknopd.c
@@ -42,11 +42,11 @@
 
 /* Prototypes
 */
-static void check_dir_path(const char *path, const char *path_name, unsigned char use_basename);
+static void check_dir_path(const char *path, const char *path_name, const unsigned char use_basename);
 static int make_dir_path(const char *path);
 static void daemonize_process(fko_srv_options_t *opts);
 static int write_pid_file(fko_srv_options_t *opts);
-static pid_t get_running_pid(fko_srv_options_t *opts);
+static pid_t get_running_pid(const fko_srv_options_t *opts);
 
 int
 main(int argc, char **argv)
@@ -382,7 +382,7 @@ main(int argc, char **argv)
 /* Ensure the specified directory exists.  If not, create it or die.
 */
 static void
-check_dir_path(const char *filepath, const char *fp_desc, unsigned char use_basename)
+check_dir_path(const char *filepath, const char *fp_desc, const unsigned char use_basename)
 {
     struct stat     st;
     int             res = 0;
@@ -659,7 +659,7 @@ write_pid_file(fko_srv_options_t *opts)
 }
 
 static pid_t
-get_running_pid(fko_srv_options_t *opts)
+get_running_pid(const fko_srv_options_t *opts)
 {
     int     op_fd;
     char    buf[PID_BUFLEN] = {0};

diff --git a/server/fwknopd_errors.c b/server/fwknopd_errors.c
index 777f15a..bc0542d 100644 (file)
--- a/server/fwknopd_errors.c
+++ b/server/fwknopd_errors.c
@@ -31,23 +31,10 @@
 #include "fwknopd_common.h"
 #include "fwknopd_errors.h"
 
-/* Attempt to determine the error code type and send the appropriate
- * response. Basically assume it is a libfko error if it is not an fwknopd
- * error code.
-*/
-const char*
-get_errstr(int err_code)
-{
-    if(! IS_FWKNOPD_ERROR(err_code))
-        return(fko_errstr(err_code));
-
-    return(fwknopd_errstr(err_code));
-}
-
 /* Return a string describing the meaning of the given error code.
 */
-const char*
-fwknopd_errstr(int err_code)
+static const char*
+fwknopd_errstr(const int err_code)
 {
     switch (err_code)
     {
@@ -106,5 +93,17 @@ fwknopd_errstr(int err_code)
     return("Undefined/unknown fwknopd Error");
 }
 
+/* Attempt to determine the error code type and send the appropriate
+ * response. Basically assume it is a libfko error if it is not an fwknopd
+ * error code.
+*/
+const char*
+get_errstr(const int err_code)
+{
+    if(! IS_FWKNOPD_ERROR(err_code))
+        return(fko_errstr(err_code));
+
+    return(fwknopd_errstr(err_code));
+}
 
 /***EOF***/

diff --git a/server/fwknopd_errors.h b/server/fwknopd_errors.h
index 8d603ed..1c55730 100644 (file)
--- a/server/fwknopd_errors.h
+++ b/server/fwknopd_errors.h
@@ -68,9 +68,7 @@ enum {
 
 /* Function prototypes
 */
-const char* fwknopd_errstr(int err_code);
-const char* get_errstr(int err_code);
-
+const char* get_errstr(const int err_code);
 
 #endif /* FWKNOPD_ERRORS_H */
 

diff --git a/server/incoming_spa.c b/server/incoming_spa.c
index 380f223..37f6ad1 100644 (file)
--- a/server/incoming_spa.c
+++ b/server/incoming_spa.c
@@ -48,7 +48,7 @@
  * error code value if there is any indication the data is not valid spa data.
 */
 static int
-preprocess_spa_data(fko_srv_options_t *opts, char *src_ip)
+preprocess_spa_data(fko_srv_options_t *opts, const char *src_ip)
 {
     spa_pkt_info_t *spa_pkt = &(opts->spa_pkt);
 
@@ -344,7 +344,7 @@ incoming_spa(fko_srv_options_t *opts)
         }
 
         if(opts->verbose)
-        log_msg(LOG_INFO, "Incoming SPA data signed by '%s'.", gpg_id);
+            log_msg(LOG_INFO, "Incoming SPA data signed by '%s'.", gpg_id);
 
         if(acc->gpg_remote_id != NULL && !acc_check_gpg_remote_id(acc, gpg_id))
         {
@@ -523,7 +523,7 @@ incoming_spa(fko_srv_options_t *opts)
 
         res = SPA_MSG_ACCESS_DENIED;
 
-        goto clean_and_bail;       
+        goto clean_and_bail;
     }
 
     /* At this point, we can process the SPA request.

diff --git a/server/process_packet.c b/server/process_packet.c
index c8c692c..eae10be 100644 (file)
--- a/server/process_packet.c
+++ b/server/process_packet.c
@@ -183,12 +183,12 @@ process_packet(unsigned char *args, const struct pcap_pkthdr *packet_header,
     /* Put the data in our 1-entry queue.
     */
     strlcpy((char *)opts->spa_pkt.packet_data, (char *)pkt_data, pkt_data_len+1);
-    opts->spa_pkt.packet_data_len = pkt_data_len; 
-    opts->spa_pkt.packet_proto    = proto; 
-    opts->spa_pkt.packet_src_ip   = src_ip; 
-    opts->spa_pkt.packet_dst_ip   = dst_ip; 
-    opts->spa_pkt.packet_src_port = src_port; 
-    opts->spa_pkt.packet_dst_port = dst_port; 
+    opts->spa_pkt.packet_data_len = pkt_data_len;
+    opts->spa_pkt.packet_proto    = proto;
+    opts->spa_pkt.packet_src_ip   = src_ip;
+    opts->spa_pkt.packet_dst_ip   = dst_ip;
+    opts->spa_pkt.packet_src_port = src_port;
+    opts->spa_pkt.packet_dst_port = dst_port;
 
     return;
 }

diff --git a/server/tcp_server.c b/server/tcp_server.c
index 31f9699..1cab2bc 100644 (file)
--- a/server/tcp_server.c
+++ b/server/tcp_server.c
@@ -98,10 +98,10 @@ run_tcp_server(fko_srv_options_t *opts)
             strerror(errno));
         exit(EXIT_FAILURE);
     }
-      
+
     /* So that we can re-bind to it without TIME_WAIT problems
     */
-       setsockopt(s_sock, SOL_SOCKET, SO_REUSEADDR, &reuse_addr, sizeof(reuse_addr));
+    setsockopt(s_sock, SOL_SOCKET, SO_REUSEADDR, &reuse_addr, sizeof(reuse_addr));
 
     /* Make our main socket non-blocking so we don't have to be stuck on
      * listening for incoming connections.

diff --git a/server/utils.c b/server/utils.c
index b24b038..49a070c 100644 (file)
--- a/server/utils.c
+++ b/server/utils.c
@@ -34,7 +34,7 @@
 /* Generic hex dump function.
 */
 void
-hex_dump(unsigned char *data, int size)
+hex_dump(const unsigned char *data, const int size)
 {
     int ln, i, j = 0;
     char ascii_str[17] = {0};

diff --git a/server/utils.h b/server/utils.h
index 47b633c..4ddf26b 100644 (file)
--- a/server/utils.h
+++ b/server/utils.h
@@ -58,7 +58,7 @@
 
 /* Prototypes
 */
-void hex_dump(unsigned char *data, int size);
+void hex_dump(const unsigned char *data, const int size);
 char* dump_ctx(fko_ctx_t ctx);
 int is_valid_dir(const char *path);