Hi, On 30/11/2018 23:56, Gert Doering wrote:
[cut]
> diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
> index fa057cb2..9687d8c2 100644
> --- a/src/openvpn/cryptoapi.c
> +++ b/src/openvpn/cryptoapi.c
> @@ -159,7 +159,8 @@ ms_error_text(DWORD ms_err)
> /* trim to the left */
> if (rv)
> {
> - for (p = rv + strlen(rv) - 1; p >= rv; p--) {
> + for (p = rv + strlen(rv) - 1; p >= rv; p--)
> + {
> if (isspace(*p))
> {
> *p = '\0';
> @@ -198,7 +199,8 @@ err_put_ms_error(DWORD ms_err, int func, const char
> *file, int line)
> }
> /* since MS error codes are 32 bit, and the ones in the ERR_... system is
> * only 12, we must have a mapping table between them. */
> - for (i = 0; i < ERR_MAP_SZ; i++) {
> + for (i = 0; i < ERR_MAP_SZ; i++)
> + {
> if (err_map[i].ms_err == ms_err)
> {
> ERR_PUT_error(ERR_LIB_CRYPTOAPI, func, err_map[i].err, file,
> line);
> @@ -267,8 +269,8 @@ priv_enc_CNG(const CAPI_DATA *cd, const wchar_t
> *hash_algo, const unsigned char
> BCRYPT_PKCS1_PADDING_INFO padinfo = {hash_algo};
> DWORD status;
>
> - status = NCryptSignHash(hkey, padding? &padinfo : NULL, (BYTE*) from,
> flen,
> - to, tlen, &len, padding? BCRYPT_PAD_PKCS1 : 0);
> + status = NCryptSignHash(hkey, padding ? &padinfo : NULL, (BYTE *) from,
> flen,
> + to, tlen, &len, padding ? BCRYPT_PAD_PKCS1 : 0);
> if (status != ERROR_SUCCESS)
> {
> SetLastError(status);
> @@ -375,7 +377,7 @@ rsa_priv_enc(int flen, const unsigned char *from,
> unsigned char *to, RSA *rsa, i
> */
> static int
> rsa_sign_CNG(int type, const unsigned char *m, unsigned int m_len,
> - unsigned char *sig, unsigned int *siglen, const RSA *rsa)
> + unsigned char *sig, unsigned int *siglen, const RSA *rsa)
> {
> CAPI_DATA *cd = (CAPI_DATA *)
> RSA_meth_get0_app_data(RSA_get_method(rsa));
> const wchar_t *alg = NULL;
> @@ -419,6 +421,7 @@ rsa_sign_CNG(int type, const unsigned char *m, unsigned
> int m_len,
> /* No DigestInfo header is required -- set alg-name to NULL */
> alg = NULL;
> break;
> +
> default:
> msg(M_WARN, "cryptoapicert: Unknown hash type NID=0x%x", type);
> RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
> @@ -459,7 +462,7 @@ finish(RSA *rsa)
> return 0;
> }
> CAPI_DATA_free(cd);
> - RSA_meth_free((RSA_METHOD*) rsa_meth);
> + RSA_meth_free((RSA_METHOD *) rsa_meth);
> return 1;
> }
>
> @@ -586,7 +589,7 @@ ssl_ctx_set_eckey(SSL_CTX *ssl_ctx, CAPI_DATA *cd,
> EVP_PKEY *pkey)
> if (cd->key_spec != CERT_NCRYPT_KEY_SPEC)
> {
> msg(M_NONFATAL, "ERROR: cryptoapicert with only legacy private key
> handle available."
> - " EC certificate not supported.");
> + " EC certificate not supported.");
> goto err;
> }
> /* create a method struct with default callbacks filled in */
> @@ -686,7 +689,8 @@ find_certificate_in_store(const char *cert_prop,
> HCERTSTORE cert_store)
>
> /* skip the tag */
> cert_prop += 6;
> - for (p = (char *) cert_prop, i = 0; *p && i < sizeof(hash); i++) {
> + for (p = (char *) cert_prop, i = 0; *p && i < sizeof(hash); i++)
> + {
> if (*p >= '0' && *p <= '9')
> {
> x = (*p - '0') << 4;
> @@ -739,7 +743,7 @@ ssl_ctx_set_rsakey(SSL_CTX *ssl_ctx, CAPI_DATA *cd,
> EVP_PKEY *pkey)
> bool rsa_method_set = false;
>
> my_rsa_method = RSA_meth_new("Microsoft Cryptography API RSA Method",
> - RSA_METHOD_FLAG_NO_CHECK);
> + RSA_METHOD_FLAG_NO_CHECK);
> check_malloc_return(my_rsa_method);
> RSA_meth_set_pub_enc(my_rsa_method, rsa_pub_enc);
> RSA_meth_set_pub_dec(my_rsa_method, rsa_pub_dec);
> @@ -797,7 +801,7 @@ ssl_ctx_set_rsakey(SSL_CTX *ssl_ctx, CAPI_DATA *cd,
> EVP_PKEY *pkey)
> goto err;
> }
> /* SSL_CTX_use_RSAPrivateKey() increased the reference count in 'rsa', so
> - * we decrease it here with RSA_free(), or it will never be cleaned up.
> */
> + * we decrease it here with RSA_free(), or it will never be cleaned up. */
Is the above change right? Maybe it would make more sense to move the */
to the new line too, but regardless, this change is clearly breaking the
alignment of the *s.
> RSA_free(rsa);
> return 1;
>
> @@ -867,7 +871,7 @@ SSL_CTX_use_CryptoAPI_certificate(SSL_CTX *ssl_ctx, const
> char *cert_prop)
> DWORD flags = CRYPT_ACQUIRE_COMPARE_KEY_FLAG
> | CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG;
> if (!CryptAcquireCertificatePrivateKey(cd->cert_context, flags, NULL,
> - &cd->crypt_prov, &cd->key_spec, &cd->free_crypt_prov))
> + &cd->crypt_prov, &cd->key_spec,
> &cd->free_crypt_prov))
> {
> /* if we don't have a smart card reader here, and we try to access a
> * smart card certificate, we get:
[cut]
> --- a/src/openvpn/forward.c
> +++ b/src/openvpn/forward.c
> @@ -757,7 +757,7 @@ static void
> process_coarse_timers(struct context *c)
> {
> /* flush current packet-id to file once per 60
> - * seconds if --replay-persist was specified */
> + * seconds if --replay-persist was specified */
same here
> check_packet_id_persist_flush(c);
>
> /* should we update status file? */
> @@ -836,7 +836,7 @@ check_coarse_timers_dowork(struct context *c)
> process_coarse_timers(c);
> c->c2.coarse_timer_wakeup = now + c->c2.timeval.tv_sec;
>
> - dmsg(D_INTERVAL, "TIMER: coarse timer wakeup %"PRIi64" seconds",
> (int64_t)c->c2.timeval.tv_sec);
> + dmsg(D_INTERVAL, "TIMER: coarse timer wakeup %" PRIi64 " seconds",
> (int64_t)c->c2.timeval.tv_sec);
>
> /* Is the coarse timeout NOT the earliest one? */
> if (c->c2.timeval.tv_sec > save.tv_sec)
[cut]
> --- a/src/openvpn/ntlm.c
> +++ b/src/openvpn/ntlm.c
> @@ -314,8 +314,8 @@ ntlm_phase_3(const struct http_proxy_info *p, const char
> *phase_2,
> * byte order on the wire for the NTLM header is LE.
> */
> const size_t hoff = 0x14;
> - unsigned long flags = buf2[hoff] | (buf2[hoff + 1] << 8) |
> - (buf2[hoff + 2] << 16) | (buf2[hoff + 3] <<
> 24);
> + unsigned long flags = buf2[hoff] | (buf2[hoff + 1] << 8)
> + |(buf2[hoff + 2] << 16) | (buf2[hoff + 3] <<
> 24);
shouldn't there be a space between | and the opening ( ?
> if ((flags & 0x00800000) == 0x00800000)
> {
> tib_len = buf2[0x28]; /* Get Target Information block
> size */
> diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
> index 9560b29f..a4072b9a 100644
> --- a/src/openvpn/openssl_compat.h
> +++ b/src/openvpn/openssl_compat.h
> @@ -193,8 +193,8 @@ X509_get0_pubkey(const X509 *x)
> * @param store X509 object store
> * @return the X509 object stack
> */
> -static inline STACK_OF(X509_OBJECT) *
> -X509_STORE_get0_objects(X509_STORE *store)
> +static inline STACK_OF(X509_OBJECT)
> +*X509_STORE_get0_objects(X509_STORE *store)
This is kind of wierd, isn't it? normally the * is kept on the same line
as the type, exactly because it is part of the return type. no?
> {
> return store ? store->objs : NULL;
> }
> @@ -369,7 +369,7 @@ RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
>
> return 1;
> }
> -#endif
> +#endif /* if !defined(HAVE_RSA_SET0_KEY) */
>
> #if !defined(HAVE_RSA_BITS)
> /**
> @@ -483,9 +483,9 @@ RSA_meth_free(RSA_METHOD *meth)
> */
> static inline int
> RSA_meth_set_pub_enc(RSA_METHOD *meth,
> - int (*pub_enc) (int flen, const unsigned char *from,
> - unsigned char *to, RSA *rsa,
> - int padding))
> + int (*pub_enc)(int flen, const unsigned char *from,
> + unsigned char *to, RSA *rsa,
> + int padding))
> {
> if (meth)
> {
> @@ -506,9 +506,9 @@ RSA_meth_set_pub_enc(RSA_METHOD *meth,
> */
> static inline int
> RSA_meth_set_pub_dec(RSA_METHOD *meth,
> - int (*pub_dec) (int flen, const unsigned char *from,
> - unsigned char *to, RSA *rsa,
> - int padding))
> + int (*pub_dec)(int flen, const unsigned char *from,
> + unsigned char *to, RSA *rsa,
> + int padding))
> {
> if (meth)
> {
> @@ -529,9 +529,9 @@ RSA_meth_set_pub_dec(RSA_METHOD *meth,
> */
> static inline int
> RSA_meth_set_priv_enc(RSA_METHOD *meth,
> - int (*priv_enc) (int flen, const unsigned char *from,
> - unsigned char *to, RSA *rsa,
> - int padding))
> + int (*priv_enc)(int flen, const unsigned char *from,
> + unsigned char *to, RSA *rsa,
> + int padding))
> {
> if (meth)
> {
> @@ -552,9 +552,9 @@ RSA_meth_set_priv_enc(RSA_METHOD *meth,
> */
> static inline int
> RSA_meth_set_priv_dec(RSA_METHOD *meth,
> - int (*priv_dec) (int flen, const unsigned char *from,
> - unsigned char *to, RSA *rsa,
> - int padding))
> + int (*priv_dec)(int flen, const unsigned char *from,
> + unsigned char *to, RSA *rsa,
> + int padding))
> {
> if (meth)
> {
> @@ -574,7 +574,7 @@ RSA_meth_set_priv_dec(RSA_METHOD *meth,
> * @return 1 on success, 0 on error
> */
> static inline int
> -RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa))
> +RSA_meth_set_init(RSA_METHOD *meth, int (*init)(RSA *rsa))
> {
> if (meth)
> {
> @@ -594,11 +594,12 @@ RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA
> *rsa))
> * @return 1 on success, 0 on error
> */
> static inline
> -int RSA_meth_set_sign(RSA_METHOD *meth,
> - int (*sign) (int type, const unsigned char *m,
> - unsigned int m_length,
> - unsigned char *sigret, unsigned int
> *siglen,
> - const RSA *rsa))
> +int
shouldn't int go on the same line as 'static inline' ?
> +RSA_meth_set_sign(RSA_METHOD *meth,
> + int (*sign)(int type, const unsigned char *m,
> + unsigned int m_length,
> + unsigned char *sigret, unsigned int *siglen,
> + const RSA *rsa))
> {
> meth->rsa_sign = sign;
> return 1;
> @@ -614,7 +615,7 @@ int RSA_meth_set_sign(RSA_METHOD *meth,
> * @return 1 on success, 0 on error
> */
> static inline int
> -RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
> +RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
> {
> if (meth)
> {
> @@ -669,7 +670,7 @@ RSA_meth_get0_app_data(const RSA_METHOD *meth)
> static inline int
> EC_GROUP_order_bits(const EC_GROUP *group)
> {
> - BIGNUM* order = BN_new();
> + BIGNUM *order = BN_new();
> EC_GROUP_get_order(group, order, NULL);
> int bits = BN_num_bits(order);
> BN_free(order);
> diff --git a/src/openvpn/options.c b/src/openvpn/options.c
> index 9ee1836b..6d53dea5 100644
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c
> @@ -2134,7 +2134,7 @@ options_postprocess_verify_ce(const struct options
> *options, const struct connec
> "passwords is STRONGLY discouraged and considered insecure");
> }
>
> -#endif
> +#endif /* ifdef ENABLE_MANAGEMENT */
>
> /*
> * Windows-specific options.
> @@ -2859,8 +2859,10 @@ options_postprocess_mutate_ce(struct options *o,
> struct connection_entry *ce)
> {
> struct buffer in = buffer_read_from_file(o->tls_auth_file,
> &o->gc);
> if (!buf_valid(&in))
> + {
> msg(M_FATAL, "Cannot pre-load tls-auth keyfile (%s)",
> o->tls_auth_file);
> + }
>
> ce->tls_auth_file = INLINE_FILE_TAG;
> ce->tls_auth_file_inline = (char *)in.data;
> @@ -2870,8 +2872,10 @@ options_postprocess_mutate_ce(struct options *o,
> struct connection_entry *ce)
> {
> struct buffer in = buffer_read_from_file(o->tls_crypt_file,
> &o->gc);
> if (!buf_valid(&in))
> + {
> msg(M_FATAL, "Cannot pre-load tls-crypt keyfile (%s)",
> o->tls_auth_file);
> + }
>
> ce->tls_crypt_file = INLINE_FILE_TAG;
> ce->tls_crypt_inline = (char *)in.data;
> @@ -3040,7 +3044,7 @@ options_postprocess_mutate(struct options *o)
> {
> /* DH file is only meaningful in a tls-server context. */
> msg(M_WARN, "WARNING: Ignoring option 'dh' in tls-client mode,
> please only "
> - "include this in your server configuration");
> + "include this in your server configuration");
> o->dh_file = NULL;
> }
>
> @@ -7146,7 +7150,7 @@ add_option(struct options *options,
> {
> if (strstr(p[2], ":"))
> {
> - ipv6dns=true;
> + ipv6dns = true;
> foreign_option(options, p, 3, es);
> dhcp_option_dns6_parse(p[2], o->dns6, &o->dns6_len,
> msglevel);
> }
> diff --git a/src/openvpn/otime.c b/src/openvpn/otime.c
> index e0b1b0ee..759a7fb5 100644
> --- a/src/openvpn/otime.c
> +++ b/src/openvpn/otime.c
> @@ -88,7 +88,7 @@ const char *
> tv_string(const struct timeval *tv, struct gc_arena *gc)
> {
> struct buffer out = alloc_buf_gc(64, gc);
> - buf_printf(&out, "[%"PRIi64"/%ld]",
> + buf_printf(&out, "[%" PRIi64 "/%ld]",
> (int64_t)tv->tv_sec,
> (long)tv->tv_usec);
> return BSTR(&out);
> @@ -198,7 +198,7 @@ time_test(void)
> t = time(NULL);
> gettimeofday(&tv, NULL);
> #if 1
> - msg(M_INFO, "t=%"PRIi64" s=%"PRIi64" us=%ld",
> + msg(M_INFO, "t=%" PRIi64 " s=%" PRIi64 " us=%ld",
> (int64_t)t,
> (int64_t)tv.tv_sec,
> (long)tv.tv_usec);
> diff --git a/src/openvpn/packet_id.c b/src/openvpn/packet_id.c
> index dc44f36b..0c744875 100644
> --- a/src/openvpn/packet_id.c
> +++ b/src/openvpn/packet_id.c
> @@ -347,7 +347,7 @@ packet_id_send_update(struct packet_id_send *p, bool
> long_form)
>
> bool
> packet_id_write(struct packet_id_send *p, struct buffer *buf, bool long_form,
> - bool prepend)
> + bool prepend)
> {
> if (!packet_id_send_update(p, long_form))
> {
> @@ -606,13 +606,13 @@ packet_id_debug_print(int msglevel,
> }
> buf_printf(&out, "%c", c);
> }
> - buf_printf(&out, "] %"PRIi64":" packet_id_format, (int64_t)p->time,
> (packet_id_print_type)p->id);
> + buf_printf(&out, "] %" PRIi64 ":" packet_id_format, (int64_t)p->time,
> (packet_id_print_type)p->id);
> if (pin)
> {
> - buf_printf(&out, " %"PRIi64":" packet_id_format, (int64_t)pin->time,
> (packet_id_print_type)pin->id);
> + buf_printf(&out, " %" PRIi64 ":" packet_id_format,
> (int64_t)pin->time, (packet_id_print_type)pin->id);
> }
>
> - buf_printf(&out, " t=%"PRIi64"[%d]",
> + buf_printf(&out, " t=%" PRIi64 "[%d]",
> (int64_t)prev_now,
> (int)(prev_now - tv.tv_sec));
>
> @@ -666,7 +666,7 @@ packet_id_interactive_test(void)
> {
> packet_id_reap_test(&pid.rec);
> test = packet_id_test(&pid.rec, &pin);
> - printf("packet_id_test (%"PRIi64", " packet_id_format ")
> returned %d\n",
> + printf("packet_id_test (%" PRIi64 ", " packet_id_format ")
> returned %d\n",
> (int64_t)pin.time,
> (packet_id_print_type)pin.id,
> test);
> @@ -679,7 +679,7 @@ packet_id_interactive_test(void)
> {
> long_form = (count < 20);
> packet_id_alloc_outgoing(&pid.send, &pin, long_form);
> - printf("(%"PRIi64"(" packet_id_format "), %d)\n",
> + printf("(%" PRIi64 "(" packet_id_format "), %d)\n",
> (int64_t)pin.time,
> (packet_id_print_type)pin.id,
> long_form);
> diff --git a/src/openvpn/packet_id.h b/src/openvpn/packet_id.h
> index ec03e348..26b07975 100644
> --- a/src/openvpn/packet_id.h
> +++ b/src/openvpn/packet_id.h
> @@ -263,7 +263,7 @@ bool packet_id_read(struct packet_id_net *pin, struct
> buffer *buf, bool long_for
> * @return true if successful, false otherwise.
> */
> bool packet_id_write(struct packet_id_send *p, struct buffer *buf,
> - bool long_form, bool prepend);
> + bool long_form, bool prepend);
>
> /*
> * Inline functions.
> diff --git a/src/openvpn/ping.h b/src/openvpn/ping.h
> index a196b32b..b51f082a 100644
> --- a/src/openvpn/ping.h
> +++ b/src/openvpn/ping.h
> @@ -84,4 +84,4 @@ check_ping_send(struct context *c)
> }
> }
>
> -#endif
> +#endif /* ifndef PING_H */
> diff --git a/src/openvpn/plugin.c b/src/openvpn/plugin.c
> index 4d17c821..33687d44 100644
> --- a/src/openvpn/plugin.c
> +++ b/src/openvpn/plugin.c
> @@ -552,8 +552,7 @@ plugin_call_item(const struct plugin *p,
> p->plugin_handle,
> per_client_context,
> (current_cert ?
> certdepth : -1),
> - current_cert
> - };
> + current_cert};
why does the closing bracket go on the same line of the last field ? I
think in general we wanted to keep it aligned to where the opening line
starts, no?
>
> struct openvpn_plugin_args_func_return retargs;
>
> diff --git a/src/openvpn/proxy.c b/src/openvpn/proxy.c
> index fdad3ed5..c8bd86dd 100644
> --- a/src/openvpn/proxy.c
> +++ b/src/openvpn/proxy.c
> @@ -884,10 +884,10 @@ establish_http_proxy_passthru(struct http_proxy_info *p,
> const char *algor = get_pa_var("algorithm", pa, &gc);
> const char *opaque = get_pa_var("opaque", pa, &gc);
>
> - if ( !realm || !nonce )
> + if (!realm || !nonce)
> {
> msg(D_LINK_ERRORS, "HTTP proxy: digest auth failed,
> malformed response "
> - "from server: realm= or nonce= missing" );
> + "from server: realm= or nonce= missing" );
> goto error;
> }
>
> diff --git a/src/openvpn/reliable.c b/src/openvpn/reliable.c
> index a7f4ed96..eae1e0cb 100644
> --- a/src/openvpn/reliable.c
> +++ b/src/openvpn/reliable.c
> @@ -762,14 +762,14 @@ reliable_debug_print(const struct reliable *rel, char
> *desc)
> printf("********* struct reliable %s\n", desc);
> printf(" initial_timeout=%d\n", (int)rel->initial_timeout);
> printf(" packet_id=" packet_id_format "\n", rel->packet_id);
> - printf(" now=%"PRIi64"\n", (int64_t)now);
> + printf(" now=%" PRIi64 "\n", (int64_t)now);
> for (i = 0; i < rel->size; ++i)
> {
> const struct reliable_entry *e = &rel->array[i];
> if (e->active)
> {
> printf(" %d: packet_id=" packet_id_format " len=%d", i,
> e->packet_id, e->buf.len);
> - printf(" next_try=%"PRIi64, (int64_t)e->next_try);
> + printf(" next_try=%" PRIi64, (int64_t)e->next_try);
> printf("\n");
> }
> }
> diff --git a/src/openvpn/route.c b/src/openvpn/route.c
> index d97e8dba..346f08e2 100644
> --- a/src/openvpn/route.c
> +++ b/src/openvpn/route.c
> @@ -3074,7 +3074,7 @@ do_route_ipv6_service(const bool add, const struct
> route_ipv6 *r, const struct t
> * (only do this for routes actually using the tun/tap device)
> */
> if (tt->type == DEV_TYPE_TUN
> - && msg.iface.index == tt->adapter_index )
> + && msg.iface.index == tt->adapter_index)
> {
> inet_pton(AF_INET6, "fe80::8", &msg.gateway.ipv6);
> }
> @@ -3298,7 +3298,7 @@ get_default_gateway(struct route_gateway_info *rgi)
> if (rgi->flags & RGI_ON_LINK)
> {
> /* check that interface name of current interface
> - * matches interface name of best default route */
> + * matches interface name of best default route */
same in previous patterns.
> if (strcmp(ifreq.ifr_name, best_name))
> {
> continue;
> diff --git a/src/openvpn/run_command.c b/src/openvpn/run_command.c
> index 4e198676..04ad2312 100644
> --- a/src/openvpn/run_command.c
> +++ b/src/openvpn/run_command.c
> @@ -41,12 +41,14 @@
> /* contains an SSEC_x value defined in platform.h */
> static int script_security_level = SSEC_BUILT_IN; /* GLOBAL */
>
> -int script_security(void)
> +int
> +script_security(void)
> {
> return script_security_level;
> }
>
> -void script_security_set(int level)
> +void
> +script_security_set(int level)
> {
> script_security_level = level;
> }
> diff --git a/src/openvpn/shaper.c b/src/openvpn/shaper.c
> index 92364f29..62579840 100644
> --- a/src/openvpn/shaper.c
> +++ b/src/openvpn/shaper.c
> @@ -76,7 +76,7 @@ shaper_soonest_event(struct timeval *tv, int delay)
> }
> }
> #ifdef SHAPER_DEBUG
> - dmsg(D_SHAPER_DEBUG, "SHAPER shaper_soonest_event sec=%"PRIi64" usec=%ld
> ret=%d",
> + dmsg(D_SHAPER_DEBUG, "SHAPER shaper_soonest_event sec=%" PRIi64 "
> usec=%ld ret=%d",
> (int64_t)tv->tv_sec, (long)tv->tv_usec, (int)ret);
> #endif
> return ret;
> diff --git a/src/openvpn/shaper.h b/src/openvpn/shaper.h
> index 4efe398a..bcdb5e36 100644
> --- a/src/openvpn/shaper.h
> +++ b/src/openvpn/shaper.h
> @@ -147,7 +147,7 @@ shaper_wrote_bytes(struct shaper *s, int nbytes)
> tv_add(&s->wakeup, &tv);
>
> #ifdef SHAPER_DEBUG
> - dmsg(D_SHAPER_DEBUG, "SHAPER shaper_wrote_bytes bytes=%d delay=%ld
> sec=%"PRIi64" usec=%ld",
> + dmsg(D_SHAPER_DEBUG, "SHAPER shaper_wrote_bytes bytes=%d delay=%ld
> sec=%" PRIi64 " usec=%ld",
> nbytes,
> (long)tv.tv_usec,
> (int64_t)s->wakeup.tv_sec,
> diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c
> index 3f2b97e4..db944245 100644
> --- a/src/openvpn/socket.c
> +++ b/src/openvpn/socket.c
> @@ -100,10 +100,12 @@ get_addr_generic(sa_family_t af, unsigned int flags,
> const char *hostname,
> bits = 0;
> max_bits = sizeof(in_addr_t) * 8;
> break;
> +
> case AF_INET6:
> bits = 64;
> max_bits = sizeof(struct in6_addr) * 8;
> break;
> +
> default:
> msg(M_WARN,
> "Unsupported AF family passed to getaddrinfo for %s (%d)",
> @@ -125,7 +127,7 @@ get_addr_generic(sa_family_t af, unsigned int flags,
> const char *hostname,
> }
>
> /* check if this hostname has a /bits suffix */
> - sep = strchr(var_host , '/');
> + sep = strchr(var_host, '/');
> if (sep)
> {
> bits = strtoul(sep + 1, &endp, 10);
> @@ -156,10 +158,12 @@ get_addr_generic(sa_family_t af, unsigned int flags,
> const char *hostname,
> *ip4 = ntohl(*ip4);
> }
> break;
> +
> case AF_INET6:
> ip6 = network;
> *ip6 = ((struct sockaddr_in6 *)ai->ai_addr)->sin6_addr;
> break;
> +
> default:
> /* can't get here because 'af' was previously checked */
> msg(M_WARN,
> diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h
> index 0f22d479..17801418 100644
> --- a/src/openvpn/socket.h
> +++ b/src/openvpn/socket.h
> @@ -138,7 +138,7 @@ struct stream_buf
> int len; /* -1 if not yet known */
>
> bool error; /* if true, fatal TCP error has occurred,
> - * requiring that connection be restarted */
> + * requiring that connection be restarted */
> #if PORT_SHARE
> #define PS_DISABLED 0
> #define PS_ENABLED 1
> diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
> index 74b88ce6..d783c598 100644
> --- a/src/openvpn/ssl.c
> +++ b/src/openvpn/ssl.c
> @@ -680,7 +680,7 @@ init_ssl(const struct options *options, struct
> tls_root_ctx *new_ctx)
> {
> if (tls_ctx_use_management_external_key(new_ctx))
> {
> - msg (M_WARN, "Cannot initialize mamagement-external-key");
> + msg(M_WARN, "Cannot initialize mamagement-external-key");
> goto err;
> }
> }
> @@ -1099,7 +1099,7 @@ tls_session_init(struct tls_multi *multi, struct
> tls_session *session)
> else
> {
> session->initial_opcode = session->opt->tls_crypt_v2 ?
> - P_CONTROL_HARD_RESET_CLIENT_V3 :
> P_CONTROL_HARD_RESET_CLIENT_V2;
> + P_CONTROL_HARD_RESET_CLIENT_V3 :
> P_CONTROL_HARD_RESET_CLIENT_V2;
> }
> }
>
> @@ -1527,9 +1527,9 @@ read_control_auth(struct buffer *buf,
> if (opcode == P_CONTROL_HARD_RESET_CLIENT_V3
> && !tls_crypt_v2_extract_client_key(buf, ctx, opt))
> {
> - msg (D_TLS_ERRORS,
> - "TLS Error: can not extract tls-crypt-v2 client key from %s",
> - print_link_socket_actual(from, &gc));
> + msg(D_TLS_ERRORS,
> + "TLS Error: can not extract tls-crypt-v2 client key from %s",
> + print_link_socket_actual(from, &gc));
> goto cleanup;
> }
>
> @@ -3781,7 +3781,7 @@ tls_pre_decrypt(struct tls_multi *multi,
> /* Save incoming ciphertext packet to
> reliable buffer */
> struct buffer *in =
> reliable_get_buf(ks->rec_reliable);
> ASSERT(in);
> - if(!buf_copy(in, buf))
> + if (!buf_copy(in, buf))
> {
> msg(D_MULTI_DROPPED,
> "Incoming control channel packet too
> big, dropping.");
> @@ -4182,10 +4182,10 @@ show_available_tls_ciphers(const char *cipher_list,
> show_available_tls_ciphers_list(cipher_list, tls_cert_profile, false);
>
> printf("\n"
> - "Be aware that that whether a cipher suite in this list can actually
> work\n"
> - "depends on the specific setup of both peers. See the man page entries
> of\n"
> - "--tls-cipher and --show-tls for more details.\n\n"
> - );
> + "Be aware that that whether a cipher suite in this list can
> actually work\n"
> + "depends on the specific setup of both peers. See the man page
> entries of\n"
> + "--tls-cipher and --show-tls for more details.\n\n"
> + );
since you are there you could move the closing parenthesis to the line
before :)
> }
>
> /*
> diff --git a/src/openvpn/ssl_common.h b/src/openvpn/ssl_common.h
> index 7bf82b3a..410b2163 100644
> --- a/src/openvpn/ssl_common.h
> +++ b/src/openvpn/ssl_common.h
> @@ -215,10 +215,10 @@ struct tls_wrap_ctx
> struct buffer work; /**< Work buffer (only for --tls-crypt) */
> struct key_ctx tls_crypt_v2_server_key; /**< Decrypts client keys */
> const struct buffer *tls_crypt_v2_wkc; /**< Wrapped client key,
> - sent to server */
> + * sent to server */
> struct buffer tls_crypt_v2_metadata; /**< Received from client */
> bool cleanup_key_ctx; /**< opt.key_ctx_bi is owned by
> - this context */
> + * this context */
> };
>
> /*
> diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
> index f7e8c2d0..a4197cba 100644
> --- a/src/openvpn/ssl_mbedtls.c
> +++ b/src/openvpn/ssl_mbedtls.c
> @@ -65,12 +65,12 @@
> static const mbedtls_x509_crt_profile openvpn_x509_crt_profile_legacy =
> {
> /* Hashes from SHA-1 and above */
> - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
> - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
> - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
> - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
> - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
> - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
> + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 )
> + |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 )
> + |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 )
> + |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 )
> + |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 )
> + |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
space missing?
> 0xFFFFFFF, /* Any PK alg */
> 0xFFFFFFF, /* Any curve */
> 1024, /* RSA-1024 and larger */
> @@ -79,10 +79,10 @@ static const mbedtls_x509_crt_profile
> openvpn_x509_crt_profile_legacy =
> static const mbedtls_x509_crt_profile openvpn_x509_crt_profile_preferred =
> {
> /* SHA-2 and above */
> - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
> - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
> - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
> - MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
> + MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 )
> + |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 )
> + |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 )
> + |MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
space missing?
> 0xFFFFFFF, /* Any PK alg */
> 0xFFFFFFF, /* Any curve */
> 2048, /* RSA-2048 and larger */
> @@ -232,7 +232,7 @@ tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx,
> const char *ciphers)
> }
>
> msg(M_WARN, "mbed TLS does not support setting tls-ciphersuites. "
> - "Ignoring TLS 1.3 cipher list: %s", ciphers);
> + "Ignoring TLS 1.3 cipher list: %s", ciphers);
> }
>
> void
> @@ -299,7 +299,7 @@ tls_ctx_set_cert_profile(struct tls_root_ctx *ctx, const
> char *profile)
> }
> else
> {
> - msg (M_FATAL, "ERROR: Invalid cert profile: %s", profile);
> + msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
> }
> }
>
> @@ -600,14 +600,14 @@ tls_ctx_use_external_signing_func(struct tls_root_ctx
> *ctx,
>
> if (ctx->crt_chain == NULL)
> {
> - msg (M_WARN, "ERROR: external key requires a certificate.");
> + msg(M_WARN, "ERROR: external key requires a certificate.");
> return 1;
> }
>
> if (mbedtls_pk_get_type(&ctx->crt_chain->pk) != MBEDTLS_PK_RSA)
> {
> msg(M_WARN, "ERROR: external key with mbed TLS requires a "
> - "certificate with an RSA key.");
> + "certificate with an RSA key.");
> return 1;
> }
>
> @@ -653,8 +653,8 @@ management_sign_func(void *sign_ctx, const void *src,
> size_t src_len,
>
> ret = true;
> cleanup:
> - free (src_b64);
> - free (dst_b64);
> + free(src_b64);
> + free(dst_b64);
>
> return ret;
> }
> diff --git a/src/openvpn/ssl_mbedtls.h b/src/openvpn/ssl_mbedtls.h
> index 998d6f2f..1328ceb7 100644
> --- a/src/openvpn/ssl_mbedtls.h
> +++ b/src/openvpn/ssl_mbedtls.h
> @@ -71,8 +71,8 @@ typedef struct {
> * @return true if signing succeeded, false otherwise.
> */
> typedef bool (*external_sign_func)(
> - void *sign_ctx, const void *src, size_t src_size,
> - void *dst, size_t dst_size);
> + void *sign_ctx, const void *src, size_t src_size,
> + void *dst, size_t dst_size);
>
> /** Context used by external_pkcs1_sign() */
> struct external_context {
> diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
> index da573cfa..ddb78da7 100644
> --- a/src/openvpn/ssl_openssl.c
> +++ b/src/openvpn/ssl_openssl.c
> @@ -217,7 +217,7 @@ tls_version_max(void)
> return TLS_VER_1_2;
> #elif defined(TLS1_1_VERSION) || defined(SSL_OP_NO_TLSv1_1)
> return TLS_VER_1_1;
> -#else
> +#else /* if defined(TLS1_3_VERSION) */
> return TLS_VER_1_0;
> #endif
> }
> @@ -322,7 +322,7 @@ tls_ctx_set_options(struct tls_root_ctx *ctx, unsigned
> int ssl_flags)
> }
>
> void
> -convert_tls_list_to_openssl(char* openssl_ciphers, size_t len,const char
> *ciphers)
> +convert_tls_list_to_openssl(char *openssl_ciphers, size_t len,const char
> *ciphers)
> {
> /* Parse supplied cipher list and pass on to OpenSSL */
> size_t begin_of_cipher, end_of_cipher;
> @@ -466,9 +466,9 @@ tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx,
> const char *ciphers)
> }
>
> #if (OPENSSL_VERSION_NUMBER < 0x1010100fL)
> - crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "
> - "Ignoring TLS 1.3 only tls-ciphersuites '%s'
> setting.",
> - ciphers);
> + crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "
> + "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
> + ciphers);
> #else
> ASSERT(NULL != ctx);
>
> @@ -509,13 +509,13 @@ tls_ctx_set_cert_profile(struct tls_root_ctx *ctx,
> const char *profile)
> {
> msg(M_FATAL, "ERROR: Invalid cert profile: %s", profile);
> }
> -#else
> +#else /* ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL */
> if (profile)
> {
> msg(M_WARN, "WARNING: OpenSSL 1.0.1 does not support
> --tls-cert-profile"
> ", ignoring user-set profile: '%s'", profile);
> }
> -#endif
> +#endif /* ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL */
> }
>
> void
> @@ -658,7 +658,7 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const
> char *curve_name
> {
> nid = EC_GROUP_get_curve_name(ecgrp);
> }
> -#endif
> +#endif /* if OPENSSL_VERSION_NUMBER >= 0x10002000L */
> }
>
> /* Translate NID back to name , just for kicks */
> @@ -1137,7 +1137,7 @@ rsa_priv_enc(int flen, const unsigned char *from,
> unsigned char *to, RSA *rsa, i
>
> ret = get_sig_from_man(from, flen, to, len);
>
> - return (ret == len)? ret : -1;
> + return (ret == len) ? ret : -1;
> }
>
> static int
> @@ -1325,7 +1325,7 @@ err:
> {
> EVP_PKEY_free(privkey);
> }
> - if(ec)
> + if (ec)
> {
> EC_KEY_free(ec);
> }
> @@ -1375,7 +1375,7 @@ tls_ctx_use_management_external_key(struct tls_root_ctx
> *ctx)
> crypto_msg(M_WARN, "management-external-key requires an RSA or EC
> certificate");
> goto cleanup;
> }
> -#else
> +#else /* if OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(OPENSSL_NO_EC)
> && !defined(LIBRESSL_VERSION_NUMBER) */
> else
> {
> crypto_msg(M_WARN, "management-external-key requires an RSA
> certificate");
> @@ -1644,7 +1644,7 @@ bio_debug_data(const char *mode, BIO *bio, const
> uint8_t *buf, int len, const ch
> if (len > 0)
> {
> open_biofp();
> - fprintf(biofp, "BIO_%s %s time=%"PRIi64" bio=" ptr_format " len=%d
> data=%s\n",
> + fprintf(biofp, "BIO_%s %s time=%" PRIi64 " bio=" ptr_format " len=%d
> data=%s\n",
> mode, desc, (int64_t)time(NULL), (ptr_type)bio, len,
> format_hex(buf, len, 0, &gc));
> fflush(biofp);
> }
> @@ -1655,7 +1655,7 @@ static void
> bio_debug_oc(const char *mode, BIO *bio)
> {
> open_biofp();
> - fprintf(biofp, "BIO %s time=%"PRIi64" bio=" ptr_format "\n",
> + fprintf(biofp, "BIO %s time=%" PRIi64 " bio=" ptr_format "\n",
> mode, (int64_t)time(NULL), (ptr_type)bio);
> fflush(biofp);
> }
> @@ -1963,7 +1963,7 @@ print_details(struct key_state_ssl *ks_ssl, const char
> *prefix)
> {
> EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
> const EC_GROUP *group = EC_KEY_get0_group(ec);
> - const char* curve;
> + const char *curve;
>
> int nid = EC_GROUP_get_curve_name(group);
> if (nid == 0 || (curve = OBJ_nid2sn(nid)) == NULL)
> @@ -2024,7 +2024,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
> #else
> STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
> #endif
> - for (int i=0;i < sk_SSL_CIPHER_num(sk);i++)
> + for (int i = 0; i < sk_SSL_CIPHER_num(sk); i++)
> {
> const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
>
> @@ -2035,7 +2035,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
>
> if (tls13)
> {
> - printf("%s\n", cipher_name);
> + printf("%s\n", cipher_name);
> }
> else if (NULL == pair)
> {
> diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
> index 03c0b661..a7f51751 100644
> --- a/src/openvpn/ssl_verify.c
> +++ b/src/openvpn/ssl_verify.c
> @@ -72,7 +72,7 @@ setenv_untrusted(struct tls_session *session)
> static void
> wipe_auth_token(struct tls_multi *multi)
> {
> - if(multi)
> + if (multi)
> {
> if (multi->auth_token)
> {
> @@ -712,24 +712,24 @@ verify_cert(struct tls_session *session,
> openvpn_x509_cert_t *cert, int cert_dep
>
> switch (opt->verify_hash_algo)
> {
> - case MD_SHA1:
> - ca_hash = x509_get_sha1_fingerprint(cert, &gc);
> - break;
> -
> - case MD_SHA256:
> - ca_hash = x509_get_sha256_fingerprint(cert, &gc);
> - break;
> -
> - default:
> - /* This should normally not happen at all; the algorithm used
> - * is parsed by add_option() [options.c] and set to a predefined
> - * value in an enumerated type. So if this unlikely scenario
> - * happens, consider this a failure
> - */
> - msg(M_WARN, "Unexpected invalid algorithm used with "
> - "--verify-hash (%i)", opt->verify_hash_algo);
> - ret = FAILURE;
> - goto cleanup;
> + case MD_SHA1:
> + ca_hash = x509_get_sha1_fingerprint(cert, &gc);
> + break;
> +
> + case MD_SHA256:
> + ca_hash = x509_get_sha256_fingerprint(cert, &gc);
> + break;
> +
> + default:
> + /* This should normally not happen at all; the algorithm used
> + * is parsed by add_option() [options.c] and set to a
> predefined
> + * value in an enumerated type. So if this unlikely scenario
> + * happens, consider this a failure
> + */
> + msg(M_WARN, "Unexpected invalid algorithm used with "
> + "--verify-hash (%i)", opt->verify_hash_algo);
> + ret = FAILURE;
> + goto cleanup;
> }
>
> if (memcmp(BPTR(&ca_hash), opt->verify_hash, BLEN(&ca_hash)))
> @@ -1178,8 +1178,8 @@ verify_user_pass_plugin(struct tls_session *session,
> const struct user_pass *up)
> /* generate filename for deferred auth control file */
> if (!key_state_gen_auth_control_file(ks, session->opt))
> {
> - msg (D_TLS_ERRORS, "TLS Auth Error (%s): "
> - "could not create deferred auth control file", __func__);
> + msg(D_TLS_ERRORS, "TLS Auth Error (%s): "
> + "could not create deferred auth control file", __func__);
> goto cleanup;
> }
> #endif
> diff --git a/src/openvpn/ssl_verify_backend.h
> b/src/openvpn/ssl_verify_backend.h
> index 2a9e8bb7..f4cc2c54 100644
> --- a/src/openvpn/ssl_verify_backend.h
> +++ b/src/openvpn/ssl_verify_backend.h
> @@ -130,6 +130,7 @@ result_t backend_x509_get_username(char *common_name, int
> cn_len,
> * --x509-username-field option.
> */
> bool x509_username_field_ext_supported(const char *extname);
> +
> #endif
>
> /*
> diff --git a/src/openvpn/ssl_verify_openssl.c
> b/src/openvpn/ssl_verify_openssl.c
> index 10085b29..ff14db23 100644
> --- a/src/openvpn/ssl_verify_openssl.c
> +++ b/src/openvpn/ssl_verify_openssl.c
> @@ -114,7 +114,8 @@ cleanup:
> }
>
> #ifdef ENABLE_X509ALTUSERNAME
> -bool x509_username_field_ext_supported(const char *fieldname)
> +bool
> +x509_username_field_ext_supported(const char *fieldname)
> {
> int nid = OBJ_txt2nid(fieldname);
> return nid == NID_subject_alt_name || nid == NID_issuer_alt_name;
> @@ -587,7 +588,7 @@ x509_verify_ns_cert_type(openvpn_x509_cert_t *peer_cert,
> const int usage)
> * prevent it to take a const argument
> */
> result_t result = X509_check_purpose(peer_cert,
> X509_PURPOSE_SSL_CLIENT, 0) ?
> - SUCCESS : FAILURE;
> + SUCCESS : FAILURE;
>
> /*
> * old versions of OpenSSL allow us to make the less strict check we
> used to
> @@ -615,7 +616,7 @@ x509_verify_ns_cert_type(openvpn_x509_cert_t *peer_cert,
> const int usage)
> * prevent it to take a const argument
> */
> result_t result = X509_check_purpose(peer_cert,
> X509_PURPOSE_SSL_SERVER, 0) ?
> - SUCCESS : FAILURE;
> + SUCCESS : FAILURE;
>
> /*
> * old versions of OpenSSL allow us to make the less strict check we
> used to
> diff --git a/src/openvpn/tls_crypt.c b/src/openvpn/tls_crypt.c
> index c3ed2b93..85495d7f 100644
> --- a/src/openvpn/tls_crypt.c
> +++ b/src/openvpn/tls_crypt.c
> @@ -86,7 +86,7 @@ tls_crypt_init_key(struct key_ctx_bi *key, const char
> *key_file,
> struct key_type kt = tls_crypt_kt();
> if (!kt.cipher || !kt.digest)
> {
> - msg (M_FATAL, "ERROR: --tls-crypt not supported");
> + msg(M_FATAL, "ERROR: --tls-crypt not supported");
> }
> crypto_read_openvpn_key(&kt, key, key_file, key_inline, key_direction,
> "Control Channel Encryption", "tls-crypt");
> @@ -530,7 +530,7 @@ tls_crypt_v2_unwrap_client_key(struct key2 *client_key,
> struct buffer *metadata,
> memcpy(&client_key->keys, BPTR(&plaintext), sizeof(client_key->keys));
> ASSERT(buf_advance(&plaintext, sizeof(client_key->keys)));
>
> - if(!buf_copy(metadata, &plaintext))
> + if (!buf_copy(metadata, &plaintext))
> {
> CRYPT_ERROR("metadata too large for supplied buffer");
> }
> @@ -613,7 +613,7 @@ tls_crypt_v2_extract_client_key(struct buffer *buf,
> if (!ctx->tls_crypt_v2_server_key.cipher)
> {
> msg(D_TLS_ERRORS,
> - "Client wants tls-crypt-v2, but no server key present.");
> + "Client wants tls-crypt-v2, but no server key present.");
> return false;
> }
>
> diff --git a/src/openvpn/tls_crypt.h b/src/openvpn/tls_crypt.h
> index 9b5ea971..43bf8122 100644
> --- a/src/openvpn/tls_crypt.h
> +++ b/src/openvpn/tls_crypt.h
> @@ -99,10 +99,10 @@
> #define TLS_CRYPT_V2_SERVER_KEY_LEN (sizeof(struct key))
> #define TLS_CRYPT_V2_TAG_SIZE (TLS_CRYPT_TAG_SIZE)
> #define TLS_CRYPT_V2_MAX_METADATA_LEN (unsigned)(TLS_CRYPT_V2_MAX_WKC_LEN \
> - - (TLS_CRYPT_V2_CLIENT_KEY_LEN + TLS_CRYPT_V2_TAG_SIZE \
> - + sizeof(uint16_t)))
> + -
> (TLS_CRYPT_V2_CLIENT_KEY_LEN + TLS_CRYPT_V2_TAG_SIZE \
> + + sizeof(uint16_t)))
> #define TLS_CRYPT_V2_MAX_B64_METADATA_LEN \
> - OPENVPN_BASE64_LENGTH(TLS_CRYPT_V2_MAX_METADATA_LEN - 1)
> + OPENVPN_BASE64_LENGTH(TLS_CRYPT_V2_MAX_METADATA_LEN - 1)
>
> /**
> * Initialize a key_ctx_bi structure for use with --tls-crypt.
> diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
> index c091401f..12e6eb00 100644
> --- a/src/openvpn/tun.c
> +++ b/src/openvpn/tun.c
> @@ -553,8 +553,8 @@ is_tun_p2p(const struct tuntap *tt)
> bool tun = false;
>
> if (tt->type == DEV_TYPE_TAP
> - || (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
> - || tt->type == DEV_TYPE_NULL )
> + || (tt->type == DEV_TYPE_TUN && tt->topology == TOP_SUBNET)
> + || tt->type == DEV_TYPE_NULL)
> {
> tun = false;
> }
> @@ -893,7 +893,7 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname,
> int tun_mtu,
> ifconfig_ipv6_local, tt->netbits_ipv6, ifname);
> argv_msg(M_INFO, &argv);
> openvpn_execve_check(&argv, es, S_FATAL, "Linux ip -6 addr add failed");
> -#else
> +#else /* ifdef ENABLE_IPROUTE */
> argv_printf(&argv, "%s %s add %s/%d mtu %d up", IFCONFIG_PATH, ifname,
> ifconfig_ipv6_local, tt->netbits_ipv6, tun_mtu);
> argv_msg(M_INFO, &argv);
> @@ -1387,6 +1387,7 @@ do_ifconfig_ipv4(struct tuntap *tt, const char *ifname,
> int tun_mtu,
> ifname, ifconfig_local,
> print_in_addr_t(tt->adapter_netmask, 0, &gc));
> break;
> +
> case IPW32_SET_NETSH:
> netsh_ifconfig(&tt->options, ifname, tt->local,
> tt->adapter_netmask,
> NI_IP_NETMASK|NI_OPTIONS);
> @@ -2442,7 +2443,7 @@ close_tun(struct tuntap *tt)
> struct argv argv = argv_new();
>
> /* setup command, close tun dev (clears tt->actual_name!), run command
> - */
> + */
>
> argv_printf(&argv, "%s %s destroy",
> IFCONFIG_PATH, tt->actual_name);
> @@ -2528,7 +2529,7 @@ close_tun(struct tuntap *tt)
> struct argv argv = argv_new();
>
> /* setup command, close tun dev (clears tt->actual_name!), run command
> - */
> + */
>
> argv_printf(&argv, "%s %s destroy",
> IFCONFIG_PATH, tt->actual_name);
> @@ -2668,7 +2669,7 @@ close_tun(struct tuntap *tt)
> struct argv argv = argv_new();
>
> /* setup command, close tun dev (clears tt->actual_name!), run command
> - */
> + */
>
> argv_printf(&argv, "%s %s destroy",
> IFCONFIG_PATH, tt->actual_name);
> @@ -5923,7 +5924,7 @@ open_tun(const char *dev, const char *dev_type, const
> char *dev_node, struct tun
> };
>
> if (send_msg_iservice(tt->options.msg_channel, &msg,
> sizeof(msg),
> - &ack, "TUN"))
> + &ack, "TUN"))
> {
> status = ack.error_number;
> }
> diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c
> index e43296eb..be526945 100644
> --- a/src/openvpn/win32.c
> +++ b/src/openvpn/win32.c
> @@ -1481,7 +1481,7 @@ send_msg_iservice(HANDLE pipe, const void *data, size_t
> size,
> || !ReadFile(pipe, ack, sizeof(*ack), &len, NULL))
> {
> msg(M_WARN, "%s: could not talk to service: %s [%lu]",
> - context? context : "Unknown",
> + context ? context : "Unknown",
> strerror_win32(GetLastError(), &gc), GetLastError());
> ret = false;
> }
>
I know we want to get "uncrustity-clean", but maybe we can tweak some
options to comply with my remarks above? if not...well...uncrustify will
decide for our codestyle ;P
Cheers,
--
Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
