[Openvpn-devel,v2,3/3] After the last big formatting patch a number of changes have been commited that do not conform with our style/uncrustify config. This has lead to the problem that running uncrustify on before sending PR some of the changes made by u

Message ID 20200416113930.15192-3-arne@rfc2549.org
State Accepted
Headers show
Series
  • [Openvpn-devel,v2,1/3] Use crypto library functions for const time memcmp when possible
Related show

Commit Message

Arne Schwabe April 16, 2020, 11:39 a.m.
To bring everything back to the agreed upon style, run uncrustify once
more. Uncrustify version used:

	Uncrustify-0.70.1_f

I double checked the result by running uncrustify (Uncrustify-0.69.0_f)
from Ubuntu focal/20.04 which does not do any further changes and
uncrustify 0.66.1_f from Ubuntu bionic/18.04

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 src/compat/compat-strsep.c        |  2 +-
 src/compat/compat.h               |  3 ++-
 src/openvpn/crypto.c              |  9 +++++----
 src/openvpn/cryptoapi.c           |  5 +++--
 src/openvpn/forward.c             |  2 +-
 src/openvpn/forward.h             |  2 +-
 src/openvpn/manage.c              |  6 +++---
 src/openvpn/misc.c                |  2 +-
 src/openvpn/mroute.c              |  2 +-
 src/openvpn/networking.h          |  6 +++---
 src/openvpn/networking_iproute2.c | 14 ++++++++++++++
 src/openvpn/networking_sitnl.h    |  2 +-
 src/openvpn/openvpn.h             |  2 +-
 src/openvpn/options.c             | 10 ++++++----
 src/openvpn/options.h             |  4 ++--
 src/openvpn/proto.h               |  2 +-
 src/openvpn/push.c                | 20 ++++++++++----------
 src/openvpn/route.c               |  2 +-
 src/openvpn/ssl.c                 |  6 ++++--
 src/openvpn/ssl.h                 |  1 +
 src/openvpn/ssl_mbedtls.c         | 15 ++++++++-------
 src/openvpn/ssl_openssl.c         | 28 ++++++++++++++--------------
 src/openvpn/ssl_verify.c          | 18 +++++++++---------
 src/openvpn/ssl_verify.h          |  3 ++-
 src/openvpn/vlan.c                |  4 ++--
 src/openvpn/win32.h               |  2 +-
 26 files changed, 98 insertions(+), 74 deletions(-)

Comments

Antonio Quartulli April 17, 2020, 3:01 p.m. | #1
Hi,

On 16/04/2020 13:39, Arne Schwabe wrote:

[CUT]

> diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
> index 49864c0a..195941ca 100644
> --- a/src/openvpn/manage.c
> +++ b/src/openvpn/manage.c
> @@ -3660,9 +3660,9 @@ management_query_pk_sig(struct management *man, const char *b64_data,
>          buf_write(&buf_data, ",", (int) strlen(","));
>          buf_write(&buf_data, algorithm, (int) strlen(algorithm));
>      }
> -    char* ret = management_query_multiline_flatten(man,
> -            (char *)buf_bptr(&buf_data), prompt, desc,
> -            &man->connection.ext_key_state, &man->connection.ext_key_input);
> +    char *ret = management_query_multiline_flatten(man,
> +                                                   (char *)buf_bptr(&buf_data), prompt, desc,

why not moving some arguments on the first line ? One or two should fit.
(IMHO it can be done in this patch - it's still about restyling)

> +                                                   &man->connection.ext_key_state, &man->connection.ext_key_input);
>      free_buf(&buf_data);
>      return ret;
>  }
> diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
> index 1c17948c..a10888ed 100644
> --- a/src/openvpn/misc.c
> +++ b/src/openvpn/misc.c
> @@ -146,7 +146,7 @@ auth_user_pass_mgmt(struct user_pass *up, const char *prefix, const unsigned int
>      }
>      return true;
>  }
> -#endif
> +#endif /* ifdef ENABLE_MANAGEMENT */
>  
>  /*
>   * Get and store a username/password
> diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
> index bdb1b0c0..a7e78213 100644
> --- a/src/openvpn/mroute.c
> +++ b/src/openvpn/mroute.c
> @@ -324,7 +324,7 @@ mroute_extract_addr_ether(struct mroute_addr *src,
>                      break;
>              }
>          }
> -#endif
> +#endif /* ifdef ENABLE_PF */
>      }
>      return ret;
>  }
> diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h
> index 5e6d898f..9c1d1696 100644
> --- a/src/openvpn/networking.h
> +++ b/src/openvpn/networking.h
> @@ -31,8 +31,8 @@ struct context;
>  #include "networking_iproute2.h"
>  #else
>  /* define mock types to ensure code builds on any platform */
> -typedef void * openvpn_net_ctx_t;
> -typedef void * openvpn_net_iface_t;
> +typedef void *openvpn_net_ctx_t;
> +typedef void *openvpn_net_iface_t;
>  
>  static inline int
>  net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx)
> @@ -51,7 +51,7 @@ net_ctx_free(openvpn_net_ctx_t *ctx)
>  {
>      (void)ctx;
>  }
> -#endif
> +#endif /* ifdef ENABLE_SITNL */
>  
>  #if defined(ENABLE_SITNL) || defined(ENABLE_IPROUTE)
>  
> diff --git a/src/openvpn/networking_iproute2.c b/src/openvpn/networking_iproute2.c
> index 0f9e899a..f3b9c614 100644
> --- a/src/openvpn/networking_iproute2.c
> +++ b/src/openvpn/networking_iproute2.c
> @@ -43,7 +43,9 @@ net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx)
>  {
>      ctx->es = NULL;
>      if (c)
> +    {
>          ctx->es = c->es;
> +    }
>      ctx->gc = gc_new();
>  
>      return 0;
> @@ -207,10 +209,14 @@ net_route_v4_add(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen,
>      argv_printf(&argv, "%s route add %s/%d", iproute_path, dst_str, prefixlen);
>  
>      if (metric > 0)
> +    {
>          argv_printf_cat(&argv, "metric %d", metric);
> +    }
>  
>      if (iface)
> +    {
>          argv_printf_cat(&argv, "dev %s", iface);
> +    }
>  
>      if (gw)
>      {
> @@ -246,7 +252,9 @@ net_route_v6_add(openvpn_net_ctx_t *ctx, const struct in6_addr *dst,
>      }
>  
>      if (metric > 0)
> +    {
>          argv_printf_cat(&argv, "metric %d", metric);
> +    }
>  
>      argv_msg(D_ROUTE, &argv);
>      openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 add command failed");
> @@ -267,7 +275,9 @@ net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen,
>      argv_printf(&argv, "%s route del %s/%d", iproute_path, dst_str, prefixlen);
>  
>      if (metric > 0)
> +    {
>          argv_printf_cat(&argv, "metric %d", metric);
> +    }
>  
>      argv_msg(D_ROUTE, &argv);
>      openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route delete command failed");
> @@ -296,7 +306,9 @@ net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst,
>      }
>  
>      if (metric > 0)
> +    {
>          argv_printf_cat(&argv, "metric %d", metric);
> +    }
>  
>      argv_msg(D_ROUTE, &argv);
>      openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 del command failed");
> @@ -314,7 +326,9 @@ net_route_v4_best_gw(openvpn_net_ctx_t *ctx, const in_addr_t *dst,
>  
>      FILE *fp = fopen("/proc/net/route", "r");
>      if (!fp)
> +    {
>          return -1;
> +    }
>  
>      char line[256];
>      int count = 0;
> diff --git a/src/openvpn/networking_sitnl.h b/src/openvpn/networking_sitnl.h
> index f39d426d..6396b06e 100644
> --- a/src/openvpn/networking_sitnl.h
> +++ b/src/openvpn/networking_sitnl.h
> @@ -23,6 +23,6 @@
>  #define NETWORKING_SITNL_H_
>  
>  typedef char openvpn_net_iface_t;
> -typedef void * openvpn_net_ctx_t;
> +typedef void *openvpn_net_ctx_t;
>  
>  #endif /* NETWORKING_SITNL_H_ */
> diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
> index 900db7e1..595a9b1d 100644
> --- a/src/openvpn/openvpn.h
> +++ b/src/openvpn/openvpn.h
> @@ -524,7 +524,7 @@ struct context
>  
>      struct env_set *es;         /**< Set of environment variables. */
>  
> -    openvpn_net_ctx_t net_ctx;	/**< Networking API opaque context */
> +    openvpn_net_ctx_t net_ctx;  /**< Networking API opaque context */
>  
>      struct signal_info *sig;    /**< Internal error signaling object. */
>  
> diff --git a/src/openvpn/options.c b/src/openvpn/options.c
> index 49df8df1..63dc53c3 100644
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c
> @@ -1241,8 +1241,10 @@ print_vlan_accept(enum vlan_acceptable_frames mode)
>      {
>          case VLAN_ONLY_TAGGED:
>              return "tagged";
> +
>          case VLAN_ONLY_UNTAGGED_OR_PRIORITY:
>              return "untagged";
> +
>          case VLAN_ALL:
>              return "all";
>      }
> @@ -1320,7 +1322,7 @@ show_p2mp_parms(const struct options *o)
>      SHOW_STR(port_share_port);
>  #endif
>      SHOW_BOOL(vlan_tagging);
> -    msg(D_SHOW_PARMS, "  vlan_accept = %s", print_vlan_accept (o->vlan_accept));
> +    msg(D_SHOW_PARMS, "  vlan_accept = %s", print_vlan_accept(o->vlan_accept));
>      SHOW_INT(vlan_pvid);
>  #endif /* P2MP_SERVER */
>  
> @@ -5301,7 +5303,7 @@ add_option(struct options *options,
>          options->management_flags |= MF_EXTERNAL_CERT;
>          options->management_certificate = p[1];
>      }
> -#endif
> +#endif /* ifdef ENABLE_MANAGEMENT */
>  #ifdef MANAGEMENT_DEF_AUTH
>      else if (streq(p[0], "management-client-auth") && !p[1])
>      {
> @@ -7711,8 +7713,8 @@ add_option(struct options *options,
>          }
>          else
>          {
> -            if (streq(p[1], "secret") || streq(p[1], "tls-auth") ||
> -                streq(p[1], "tls-crypt"))
> +            if (streq(p[1], "secret") || streq(p[1], "tls-auth")
> +                || streq(p[1], "tls-crypt"))
>              {
>                  options->genkey_type = GENKEY_SECRET;
>              }
> diff --git a/src/openvpn/options.h b/src/openvpn/options.h
> index 2f1f6faf..4c1737e1 100644
> --- a/src/openvpn/options.h
> +++ b/src/openvpn/options.h
> @@ -222,8 +222,8 @@ struct options
>      bool show_curves;
>      bool genkey;
>      enum genkey_type genkey_type;
> -    const char* genkey_filename;
> -    const char* genkey_extra_data;
> +    const char *genkey_filename;
> +    const char *genkey_extra_data;
>  
>      /* Networking parms */
>      int connect_retry_max;
> diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h
> index c1ff3e14..c2517674 100644
> --- a/src/openvpn/proto.h
> +++ b/src/openvpn/proto.h
> @@ -67,7 +67,7 @@ struct openvpn_ethhdr
>  struct openvpn_8021qhdr
>  {
>      uint8_t dest[OPENVPN_ETH_ALEN];     /* destination ethernet addr */
> -    uint8_t source[OPENVPN_ETH_ALEN];   /* source ethernet addr	*/
> +    uint8_t source[OPENVPN_ETH_ALEN];   /* source ethernet addr */
>  
>      uint16_t tpid;                      /* 802.1Q Tag Protocol Identifier */
>  #define OPENVPN_8021Q_MASK_PCP htons(0xE000) /* mask PCP out of pcp_cfi_vid */
> diff --git a/src/openvpn/push.c b/src/openvpn/push.c
> index aef00d34..39a906d4 100644
> --- a/src/openvpn/push.c
> +++ b/src/openvpn/push.c
> @@ -72,19 +72,19 @@ receive_auth_failed(struct context *c, const struct buffer *buffer)
>          {
>              switch (auth_retry_get())
>              {
> -            case AR_NONE:
> -                c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- Auth failure error */
> -                break;
> +                case AR_NONE:
> +                    c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- Auth failure error */
> +                    break;
>  
> -            case AR_INTERACT:
> -                ssl_purge_auth(false);
> +                case AR_INTERACT:
> +                    ssl_purge_auth(false);
>  
> -            case AR_NOINTERACT:
> -                c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Auth failure error */
> -                break;
> +                case AR_NOINTERACT:
> +                    c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Auth failure error */
> +                    break;
>  
> -            default:
> -                ASSERT(0);
> +                default:
> +                    ASSERT(0);
>              }
>              c->sig->signal_text = "auth-failure";
>          }
> diff --git a/src/openvpn/route.c b/src/openvpn/route.c
> index e0f8d201..51f76318 100644
> --- a/src/openvpn/route.c
> +++ b/src/openvpn/route.c
> @@ -2152,7 +2152,7 @@ delete_route(struct route_ipv4 *r,
>  #if !defined(TARGET_ANDROID)
>      const char *gateway;
>  #endif
> -#else
> +#else  /* if !defined(TARGET_LINUX) */
>      int metric;
>  #endif
>      int is_local_route;
> diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
> index 56d0576a..80e0d5ac 100644
> --- a/src/openvpn/ssl.c
> +++ b/src/openvpn/ssl.c
> @@ -466,7 +466,7 @@ ssl_set_auth_token(const char *token)
>   * Cleans an auth token and checks if it was active
>   */
>  bool
> -ssl_clean_auth_token (void)
> +ssl_clean_auth_token(void)
>  {
>      bool wasdefined = auth_token.defined;
>      purge_user_pass(&auth_token, true);
> @@ -2015,7 +2015,7 @@ tls_session_update_crypto_params(struct tls_session *session,
>      {
>          frame_remove_from_extra_frame(frame_fragment, crypto_max_overhead());
>          crypto_adjust_frame_parameters(frame_fragment, &session->opt->key_type,
> -	                               options->replay, packet_id_long_form);
> +                                       options->replay, packet_id_long_form);
>          frame_set_mtu_dynamic(frame_fragment, options->ce.fragment, SET_MTU_UPPER_BOUND);
>          frame_print(frame_fragment, D_MTU_INFO, "Fragmentation MTU parms");
>      }
> @@ -2411,7 +2411,9 @@ key_method_2_write(struct buffer *buf, struct tls_session *session)
>           * username/password
>           */
>          if (auth_token.defined)
> +        {
>              up = &auth_token;
> +        }
>  
>          if (!write_string(buf, up->username, -1))
>          {
> diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h
> index f0a8ef54..2f6f7657 100644
> --- a/src/openvpn/ssl.h
> +++ b/src/openvpn/ssl.h
> @@ -607,4 +607,5 @@ void
>  show_available_tls_ciphers(const char *cipher_list,
>                             const char *cipher_list_tls13,
>                             const char *tls_cert_profile);
> +
>  #endif /* ifndef OPENVPN_SSL_H */
> diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
> index d585111b..1f91b785 100644
> --- a/src/openvpn/ssl_mbedtls.c
> +++ b/src/openvpn/ssl_mbedtls.c
> @@ -191,12 +191,13 @@ tls_ctx_initialised(struct tls_root_ctx *ctx)
>  }
>  
>  #ifdef HAVE_EXPORT_KEYING_MATERIAL
> -int mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms,
> -                               const unsigned char *kb, size_t maclen,
> -                               size_t keylen, size_t ivlen,
> -                               const unsigned char client_random[32],
> -                               const unsigned char server_random[32],
> -                               mbedtls_tls_prf_types tls_prf_type)
> +int
> +mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms,
> +                           const unsigned char *kb, size_t maclen,
> +                           size_t keylen, size_t ivlen,
> +                           const unsigned char client_random[32],
> +                           const unsigned char server_random[32],
> +                           mbedtls_tls_prf_types tls_prf_type)
>  {
>      struct tls_session *session = p_expkey;
>      struct key_state_ssl *ks_ssl = &session->key[KS_PRIMARY].ks_ssl;
> @@ -1126,7 +1127,7 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl,
>      if (session->opt->ekm_size)
>      {
>          mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->ssl_config,
> -                mbedtls_ssl_export_keys_cb, session);
> +                                            mbedtls_ssl_export_keys_cb, session);
>      }
>  #endif
>  
> diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
> index d7bd6aa2..5955c6bd 100644
> --- a/src/openvpn/ssl_openssl.c
> +++ b/src/openvpn/ssl_openssl.c
> @@ -683,7 +683,7 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name
>           * so do nothing */
>  #endif
>          return;
> -#else
> +#else  /* if OPENSSL_VERSION_NUMBER >= 0x10002000L */
>          /* For older OpenSSL we have to extract the curve from key on our own */
>          EC_KEY *eckey = NULL;
>          const EC_GROUP *ecgrp = NULL;
> @@ -1173,7 +1173,7 @@ openvpn_extkey_rsa_finish(RSA *rsa)
>   * interface query
>   */
>  const char *
> -get_rsa_padding_name (const int padding)
> +get_rsa_padding_name(const int padding)
>  {
>      switch (padding)
>      {
> @@ -1190,14 +1190,14 @@ get_rsa_padding_name (const int padding)
>  
>  /**
>   * Pass the input hash in 'dgst' to management and get the signature back.
> -  *
> - * @param dgst		hash to be signed
> - * @param dgstlen	len of data in dgst
> - * @param sig 		On successful return signature is in sig.
> - * @param siglen	length of buffer sig
> - * @param algorithm	padding/hashing algorithm for the signature
>   *
> - * @return 		signature length or -1 on error.
> + * @param dgst          hash to be signed
> + * @param dgstlen       len of data in dgst
> + * @param sig           On successful return signature is in sig.
> + * @param siglen        length of buffer sig
> + * @param algorithm     padding/hashing algorithm for the signature
> + *
> + * @return              signature length or -1 on error.
>   */
>  static int
>  get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen,
> @@ -1239,7 +1239,7 @@ rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,
>          return -1;
>      }
>  
> -    ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name (padding));
> +    ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name(padding));
>  
>      return (ret == len) ? ret : -1;
>  }
> @@ -1314,7 +1314,7 @@ err:
>  }
>  
>  #if ((OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \
> -     || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
> +    || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
>      && !defined(OPENSSL_NO_EC)
>  
>  /* called when EC_KEY is destroyed */
> @@ -1475,7 +1475,7 @@ tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
>          }
>      }
>  #if ((OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \
> -     || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
> +    || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
>      && !defined(OPENSSL_NO_EC)
>      else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
>      {
> @@ -2135,8 +2135,8 @@ show_available_tls_ciphers_list(const char *cipher_list,
>          crypto_msg(M_FATAL, "Cannot create SSL object");
>      }
>  
> -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || \
> -    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL)
> +#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)    \
> +    || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL)
>      STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
>  #else
>      STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
> diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
> index da0966c5..9362b8e9 100644
> --- a/src/openvpn/ssl_verify.c
> +++ b/src/openvpn/ssl_verify.c
> @@ -804,7 +804,7 @@ cleanup:
>  #endif
>  
>  void
> -auth_set_client_reason(struct tls_multi* multi, const char* client_reason)
> +auth_set_client_reason(struct tls_multi *multi, const char *client_reason)
>  {
>      if (multi->client_reason)
>      {
> @@ -1204,7 +1204,7 @@ verify_user_pass_plugin(struct tls_session *session, struct tls_multi *multi,
>  
>  static int
>  verify_user_pass_management(struct tls_session *session,
> -                            struct tls_multi* multi,
> +                            struct tls_multi *multi,
>                              const struct user_pass *up)
>  {
>      int retval = KMDA_ERROR;
> @@ -1301,16 +1301,16 @@ verify_user_pass(struct user_pass *up, struct tls_multi *multi,
>               * for equality with AUTH_TOKEN_HMAC_OK
>               */
>              msg(M_WARN, "TLS: Username/auth-token authentication "
> -                        "succeeded for username '%s'",
> +                "succeeded for username '%s'",
>                  up->username);
> -              skip_auth = true;
> +            skip_auth = true;
>          }
>          else
>          {
>              wipe_auth_token(multi);
>              ks->authenticated = false;
>              msg(M_WARN, "TLS: Username/auth-token authentication "
> -                        "failed for username '%s'", up->username);
> +                "failed for username '%s'", up->username);
>              return;
>          }
>      }
> @@ -1335,12 +1335,12 @@ verify_user_pass(struct user_pass *up, struct tls_multi *multi,
>      }
>  
>      /* check sizing of username if it will become our common name */
> -    if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME) &&
> -         strlen(up->username)>TLS_USERNAME_LEN)
> +    if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME)
> +        && strlen(up->username)>TLS_USERNAME_LEN)
>      {
>          msg(D_TLS_ERRORS,
> -                "TLS Auth Error: --username-as-common name specified and username is longer than the maximum permitted Common Name length of %d characters",
> -                TLS_USERNAME_LEN);
> +            "TLS Auth Error: --username-as-common name specified and username is longer than the maximum permitted Common Name length of %d characters",
> +            TLS_USERNAME_LEN);
>          s1 = OPENVPN_PLUGIN_FUNC_ERROR;
>      }
>      /* auth succeeded? */
> diff --git a/src/openvpn/ssl_verify.h b/src/openvpn/ssl_verify.h
> index c54b89a6..21b37a0f 100644
> --- a/src/openvpn/ssl_verify.h
> +++ b/src/openvpn/ssl_verify.h
> @@ -234,7 +234,8 @@ bool tls_authenticate_key(struct tls_multi *multi, const unsigned int mda_key_id
>   * @param multi             The multi tls struct
>   * @param client_reason     The string to send to the client as part of AUTH_FAILED
>   */
> -void auth_set_client_reason(struct tls_multi* multi, const char* client_reason);
> +void auth_set_client_reason(struct tls_multi *multi, const char *client_reason);
> +
>  #endif
>  
>  static inline const char *
> diff --git a/src/openvpn/vlan.c b/src/openvpn/vlan.c
> index a5885de2..9290179d 100644
> --- a/src/openvpn/vlan.c
> +++ b/src/openvpn/vlan.c
> @@ -58,7 +58,7 @@ static void
>  vlanhdr_set_vid(struct openvpn_8021qhdr *hdr, const uint16_t vid)
>  {
>      hdr->pcp_cfi_vid = (hdr->pcp_cfi_vid & ~OPENVPN_8021Q_MASK_VID)
> -                        | (htons(vid) & OPENVPN_8021Q_MASK_VID);
> +                       | (htons(vid) & OPENVPN_8021Q_MASK_VID);
>  }
>  
>  /*
> @@ -135,7 +135,7 @@ vlan_decapsulate(const struct context *c, struct buffer *buf)
>                  goto drop;
>              }
>  
> -            /* vid == 0 means prio-tagged packet: don't drop and fall-through */
> +        /* vid == 0 means prio-tagged packet: don't drop and fall-through */
>          case VLAN_ONLY_TAGGED:
>          case VLAN_ALL:
>              /* tagged frame can be accepted: extract vid and strip encapsulation */
> diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h
> index 4b508c56..79504776 100644
> --- a/src/openvpn/win32.h
> +++ b/src/openvpn/win32.h
> @@ -69,7 +69,7 @@ struct security_attributes
>  struct window_title
>  {
>      bool saved;
> -    char old_window_title [256];
> +    char old_window_title[256];
>  };
>  
>  struct rw_handle {
> 

I am not super happy with mis-aligning multi-line messages, but that's
how we have instructed uncrustify so far and we accept it for now.

@arne do you know if that bit is customizable?


By the way, the patch looks good.. except for that nitpick at the beginning.
Gert Doering April 19, 2020, 10:27 a.m. | #2
Hi,

On Fri, Apr 17, 2020 at 05:01:29PM +0200, Antonio Quartulli wrote:
> > -    char* ret = management_query_multiline_flatten(man,
> > -            (char *)buf_bptr(&buf_data), prompt, desc,
> > -            &man->connection.ext_key_state, &man->connection.ext_key_input);
> > +    char *ret = management_query_multiline_flatten(man,
> > +                                                   (char *)buf_bptr(&buf_data), prompt, desc,
> 
> why not moving some arguments on the first line ? One or two should fit.
> (IMHO it can be done in this patch - it's still about restyling)

The point of a "this is what uncrustify produces" patch is to produce
something which is immutable on future runs of uncrustify - so we can
check *new* code, without having to ignore other stuff that uncrustify
wants to change every time.

So, running uncrustify, and then changing things for a nicer look is
not solving the underlying issue.

(OTOH, if it turns out that some uncrustify option should be *changed*,
to produce nicer looking code, we can always do that after a quick round
of discussion in the meeting)

gert
Gert Doering April 19, 2020, 10:40 a.m. | #3
Acked-by: Gert Doering <gert@greenie.muc.de>

Verified the changes manually and by test compiling (Linux and FreeBSD)
- with "git show -w" one can see that most of it is simple whitespace
changes, and the rest is "change line wraps" and "add comment to #endif"
stuff.

The manage.c change is particularily ugly, but with a function name
that long and multiple (long) arguments, there is not really a way
that an automated tool can make this look *nice* (except if it had
a rule for "if the indended indent is > 50 chars, limit to 50" or
so - but then it would just be inconsistent).

Your patch has been applied to the master branch.

I've modified the commit message slightly (put the long text in the body,
add a shorter subject)

commit 9cf7b4925a54d93fbea1cadcf3dc0e11f3ce358f
Author: Arne Schwabe
Date:   Thu Apr 16 13:39:30 2020 +0200

     Another round of uncrustify code cleanup.

     After the last big formatting patch a number of changes have been commited that do not conform with our style/uncrustify config. This has lead to the problem that running uncrustify on before sending PR some of the changes made by uncrustify need to be backed out again.

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Message-Id: <20200416113930.15192-3-arne@rfc2549.org>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg19750.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
Antonio Quartulli April 19, 2020, 12:22 p.m. | #4
Hi,

On 19/04/2020 12:27, Gert Doering wrote:
> Hi,
> 
> On Fri, Apr 17, 2020 at 05:01:29PM +0200, Antonio Quartulli wrote:
>>> -    char* ret = management_query_multiline_flatten(man,
>>> -            (char *)buf_bptr(&buf_data), prompt, desc,
>>> -            &man->connection.ext_key_state, &man->connection.ext_key_input);
>>> +    char *ret = management_query_multiline_flatten(man,
>>> +                                                   (char *)buf_bptr(&buf_data), prompt, desc,
>>
>> why not moving some arguments on the first line ? One or two should fit.
>> (IMHO it can be done in this patch - it's still about restyling)
> 
> The point of a "this is what uncrustify produces" patch is to produce
> something which is immutable on future runs of uncrustify - so we can
> check *new* code, without having to ignore other stuff that uncrustify
> wants to change every time.
> 
> So, running uncrustify, and then changing things for a nicer look is
> not solving the underlying issue.
> 

fully agreed. but in this case uncrustify is just fixing the alignment -
moving the arguments above would not make uncrustify unhappy because all
rules would still be respected.


Regards,
Gert Doering April 19, 2020, 3:46 p.m. | #5
Hi,

On Sun, Apr 19, 2020 at 02:22:37PM +0200, Antonio Quartulli wrote:
> >>> -    char* ret = management_query_multiline_flatten(man,
> >>> -            (char *)buf_bptr(&buf_data), prompt, desc,
> >>> -            &man->connection.ext_key_state, &man->connection.ext_key_input);
> >>> +    char *ret = management_query_multiline_flatten(man,
> >>> +                                                   (char *)buf_bptr(&buf_data), prompt, desc,
> 
> fully agreed. but in this case uncrustify is just fixing the alignment -
> moving the arguments above would not make uncrustify unhappy because all
> rules would still be respected.

I think uncrustify would promptly move them down again... line length
rule.

Of course it's worth a try...  we're at a good point for refactoring
and code cleanup.

gert

Patch

diff --git a/src/compat/compat-strsep.c b/src/compat/compat-strsep.c
index 42ff6414..e6518db6 100644
--- a/src/compat/compat-strsep.c
+++ b/src/compat/compat-strsep.c
@@ -58,4 +58,4 @@  strsep(char **stringp, const char *delim)
     }
     return begin;
 }
-#endif
+#endif /* ifndef HAVE_STRSEP */
diff --git a/src/compat/compat.h b/src/compat/compat.h
index 592881df..a66a4235 100644
--- a/src/compat/compat.h
+++ b/src/compat/compat.h
@@ -71,7 +71,8 @@  int inet_pton(int af, const char *src, void *dst);
 #endif
 
 #ifndef HAVE_STRSEP
-char* strsep(char **stringp, const char *delim);
+char *strsep(char **stringp, const char *delim);
+
 #endif
 
 #endif /* COMPAT_H */
diff --git a/src/openvpn/crypto.c b/src/openvpn/crypto.c
index 453cb20a..1678cba8 100644
--- a/src/openvpn/crypto.c
+++ b/src/openvpn/crypto.c
@@ -736,13 +736,14 @@  crypto_max_overhead(void)
            +max_int(OPENVPN_MAX_HMAC_SIZE, OPENVPN_AEAD_TAG_LENGTH);
 }
 
-static void warn_insecure_key_type(const char* ciphername, const cipher_kt_t *cipher)
+static void
+warn_insecure_key_type(const char *ciphername, const cipher_kt_t *cipher)
 {
     if (cipher_kt_insecure(cipher))
     {
         msg(M_WARN, "WARNING: INSECURE cipher (%s) with block size less than 128"
-                    " bit (%d bit).  This allows attacks like SWEET32.  Mitigate by "
-                    "using a --cipher with a larger block size (e.g. AES-256-CBC).",
+            " bit (%d bit).  This allows attacks like SWEET32.  Mitigate by "
+            "using a --cipher with a larger block size (e.g. AES-256-CBC).",
             ciphername, cipher_kt_block_size(cipher)*8);
     }
 }
@@ -846,7 +847,7 @@  init_key_ctx(struct key_ctx *ctx, const struct key *key,
         cipher_ctx_init(ctx->cipher, key->cipher, kt->cipher_length,
                         kt->cipher, enc);
 
-        const char* ciphername = translate_cipher_name_to_openvpn(cipher_kt_name(kt->cipher));
+        const char *ciphername = translate_cipher_name_to_openvpn(cipher_kt_name(kt->cipher));
         msg(D_HANDSHAKE, "%s: Cipher '%s' initialized with %d bit key",
             prefix,
             ciphername,
diff --git a/src/openvpn/cryptoapi.c b/src/openvpn/cryptoapi.c
index 30eba7b2..6c4df9e3 100644
--- a/src/openvpn/cryptoapi.c
+++ b/src/openvpn/cryptoapi.c
@@ -803,12 +803,13 @@  find_certificate_in_store(const char *cert_prop, HCERTSTORE cert_store)
         }
         blob.cbData = i;
     }
-    else {
+    else
+    {
         msg(M_WARN, "WARNING: cryptoapicert: unsupported certificate specification <%s>", cert_prop);
         goto out;
     }
 
-    while(true)
+    while (true)
     {
         int validity = 1;
         /* this frees previous rv, if not NULL */
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index ea10f0bf..2082b9ea 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1278,7 +1278,7 @@  read_incoming_tun(struct context *c)
     ASSERT(buf_init(&c->c2.buf, FRAME_HEADROOM(&c->c2.frame)));
     ASSERT(buf_safe(&c->c2.buf, MAX_RW_SIZE_TUN(&c->c2.frame)));
     c->c2.buf.len = read_tun(c->c1.tuntap, BPTR(&c->c2.buf), MAX_RW_SIZE_TUN(&c->c2.frame));
-#endif
+#endif /* ifdef _WIN32 */
 
 #ifdef PACKET_TRUNCATION_CHECK
     ipv4_packet_size_verify(BPTR(&c->c2.buf),
diff --git a/src/openvpn/forward.h b/src/openvpn/forward.h
index b711ff00..ff898133 100644
--- a/src/openvpn/forward.h
+++ b/src/openvpn/forward.h
@@ -434,7 +434,7 @@  io_wait(struct context *c, const unsigned int flags)
             c->c2.event_set_status = ret;
         }
         else
-#endif
+#endif /* ifdef _WIN32 */
         {
             /* slow path */
             io_wait_dowork(c, flags);
diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 49864c0a..195941ca 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -3660,9 +3660,9 @@  management_query_pk_sig(struct management *man, const char *b64_data,
         buf_write(&buf_data, ",", (int) strlen(","));
         buf_write(&buf_data, algorithm, (int) strlen(algorithm));
     }
-    char* ret = management_query_multiline_flatten(man,
-            (char *)buf_bptr(&buf_data), prompt, desc,
-            &man->connection.ext_key_state, &man->connection.ext_key_input);
+    char *ret = management_query_multiline_flatten(man,
+                                                   (char *)buf_bptr(&buf_data), prompt, desc,
+                                                   &man->connection.ext_key_state, &man->connection.ext_key_input);
     free_buf(&buf_data);
     return ret;
 }
diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
index 1c17948c..a10888ed 100644
--- a/src/openvpn/misc.c
+++ b/src/openvpn/misc.c
@@ -146,7 +146,7 @@  auth_user_pass_mgmt(struct user_pass *up, const char *prefix, const unsigned int
     }
     return true;
 }
-#endif
+#endif /* ifdef ENABLE_MANAGEMENT */
 
 /*
  * Get and store a username/password
diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
index bdb1b0c0..a7e78213 100644
--- a/src/openvpn/mroute.c
+++ b/src/openvpn/mroute.c
@@ -324,7 +324,7 @@  mroute_extract_addr_ether(struct mroute_addr *src,
                     break;
             }
         }
-#endif
+#endif /* ifdef ENABLE_PF */
     }
     return ret;
 }
diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h
index 5e6d898f..9c1d1696 100644
--- a/src/openvpn/networking.h
+++ b/src/openvpn/networking.h
@@ -31,8 +31,8 @@  struct context;
 #include "networking_iproute2.h"
 #else
 /* define mock types to ensure code builds on any platform */
-typedef void * openvpn_net_ctx_t;
-typedef void * openvpn_net_iface_t;
+typedef void *openvpn_net_ctx_t;
+typedef void *openvpn_net_iface_t;
 
 static inline int
 net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx)
@@ -51,7 +51,7 @@  net_ctx_free(openvpn_net_ctx_t *ctx)
 {
     (void)ctx;
 }
-#endif
+#endif /* ifdef ENABLE_SITNL */
 
 #if defined(ENABLE_SITNL) || defined(ENABLE_IPROUTE)
 
diff --git a/src/openvpn/networking_iproute2.c b/src/openvpn/networking_iproute2.c
index 0f9e899a..f3b9c614 100644
--- a/src/openvpn/networking_iproute2.c
+++ b/src/openvpn/networking_iproute2.c
@@ -43,7 +43,9 @@  net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx)
 {
     ctx->es = NULL;
     if (c)
+    {
         ctx->es = c->es;
+    }
     ctx->gc = gc_new();
 
     return 0;
@@ -207,10 +209,14 @@  net_route_v4_add(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen,
     argv_printf(&argv, "%s route add %s/%d", iproute_path, dst_str, prefixlen);
 
     if (metric > 0)
+    {
         argv_printf_cat(&argv, "metric %d", metric);
+    }
 
     if (iface)
+    {
         argv_printf_cat(&argv, "dev %s", iface);
+    }
 
     if (gw)
     {
@@ -246,7 +252,9 @@  net_route_v6_add(openvpn_net_ctx_t *ctx, const struct in6_addr *dst,
     }
 
     if (metric > 0)
+    {
         argv_printf_cat(&argv, "metric %d", metric);
+    }
 
     argv_msg(D_ROUTE, &argv);
     openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 add command failed");
@@ -267,7 +275,9 @@  net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t *dst, int prefixlen,
     argv_printf(&argv, "%s route del %s/%d", iproute_path, dst_str, prefixlen);
 
     if (metric > 0)
+    {
         argv_printf_cat(&argv, "metric %d", metric);
+    }
 
     argv_msg(D_ROUTE, &argv);
     openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route delete command failed");
@@ -296,7 +306,9 @@  net_route_v6_del(openvpn_net_ctx_t *ctx, const struct in6_addr *dst,
     }
 
     if (metric > 0)
+    {
         argv_printf_cat(&argv, "metric %d", metric);
+    }
 
     argv_msg(D_ROUTE, &argv);
     openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 del command failed");
@@ -314,7 +326,9 @@  net_route_v4_best_gw(openvpn_net_ctx_t *ctx, const in_addr_t *dst,
 
     FILE *fp = fopen("/proc/net/route", "r");
     if (!fp)
+    {
         return -1;
+    }
 
     char line[256];
     int count = 0;
diff --git a/src/openvpn/networking_sitnl.h b/src/openvpn/networking_sitnl.h
index f39d426d..6396b06e 100644
--- a/src/openvpn/networking_sitnl.h
+++ b/src/openvpn/networking_sitnl.h
@@ -23,6 +23,6 @@ 
 #define NETWORKING_SITNL_H_
 
 typedef char openvpn_net_iface_t;
-typedef void * openvpn_net_ctx_t;
+typedef void *openvpn_net_ctx_t;
 
 #endif /* NETWORKING_SITNL_H_ */
diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
index 900db7e1..595a9b1d 100644
--- a/src/openvpn/openvpn.h
+++ b/src/openvpn/openvpn.h
@@ -524,7 +524,7 @@  struct context
 
     struct env_set *es;         /**< Set of environment variables. */
 
-    openvpn_net_ctx_t net_ctx;	/**< Networking API opaque context */
+    openvpn_net_ctx_t net_ctx;  /**< Networking API opaque context */
 
     struct signal_info *sig;    /**< Internal error signaling object. */
 
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 49df8df1..63dc53c3 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -1241,8 +1241,10 @@  print_vlan_accept(enum vlan_acceptable_frames mode)
     {
         case VLAN_ONLY_TAGGED:
             return "tagged";
+
         case VLAN_ONLY_UNTAGGED_OR_PRIORITY:
             return "untagged";
+
         case VLAN_ALL:
             return "all";
     }
@@ -1320,7 +1322,7 @@  show_p2mp_parms(const struct options *o)
     SHOW_STR(port_share_port);
 #endif
     SHOW_BOOL(vlan_tagging);
-    msg(D_SHOW_PARMS, "  vlan_accept = %s", print_vlan_accept (o->vlan_accept));
+    msg(D_SHOW_PARMS, "  vlan_accept = %s", print_vlan_accept(o->vlan_accept));
     SHOW_INT(vlan_pvid);
 #endif /* P2MP_SERVER */
 
@@ -5301,7 +5303,7 @@  add_option(struct options *options,
         options->management_flags |= MF_EXTERNAL_CERT;
         options->management_certificate = p[1];
     }
-#endif
+#endif /* ifdef ENABLE_MANAGEMENT */
 #ifdef MANAGEMENT_DEF_AUTH
     else if (streq(p[0], "management-client-auth") && !p[1])
     {
@@ -7711,8 +7713,8 @@  add_option(struct options *options,
         }
         else
         {
-            if (streq(p[1], "secret") || streq(p[1], "tls-auth") ||
-                streq(p[1], "tls-crypt"))
+            if (streq(p[1], "secret") || streq(p[1], "tls-auth")
+                || streq(p[1], "tls-crypt"))
             {
                 options->genkey_type = GENKEY_SECRET;
             }
diff --git a/src/openvpn/options.h b/src/openvpn/options.h
index 2f1f6faf..4c1737e1 100644
--- a/src/openvpn/options.h
+++ b/src/openvpn/options.h
@@ -222,8 +222,8 @@  struct options
     bool show_curves;
     bool genkey;
     enum genkey_type genkey_type;
-    const char* genkey_filename;
-    const char* genkey_extra_data;
+    const char *genkey_filename;
+    const char *genkey_extra_data;
 
     /* Networking parms */
     int connect_retry_max;
diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h
index c1ff3e14..c2517674 100644
--- a/src/openvpn/proto.h
+++ b/src/openvpn/proto.h
@@ -67,7 +67,7 @@  struct openvpn_ethhdr
 struct openvpn_8021qhdr
 {
     uint8_t dest[OPENVPN_ETH_ALEN];     /* destination ethernet addr */
-    uint8_t source[OPENVPN_ETH_ALEN];   /* source ethernet addr	*/
+    uint8_t source[OPENVPN_ETH_ALEN];   /* source ethernet addr */
 
     uint16_t tpid;                      /* 802.1Q Tag Protocol Identifier */
 #define OPENVPN_8021Q_MASK_PCP htons(0xE000) /* mask PCP out of pcp_cfi_vid */
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index aef00d34..39a906d4 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -72,19 +72,19 @@  receive_auth_failed(struct context *c, const struct buffer *buffer)
         {
             switch (auth_retry_get())
             {
-            case AR_NONE:
-                c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- Auth failure error */
-                break;
+                case AR_NONE:
+                    c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- Auth failure error */
+                    break;
 
-            case AR_INTERACT:
-                ssl_purge_auth(false);
+                case AR_INTERACT:
+                    ssl_purge_auth(false);
 
-            case AR_NOINTERACT:
-                c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Auth failure error */
-                break;
+                case AR_NOINTERACT:
+                    c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Auth failure error */
+                    break;
 
-            default:
-                ASSERT(0);
+                default:
+                    ASSERT(0);
             }
             c->sig->signal_text = "auth-failure";
         }
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index e0f8d201..51f76318 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -2152,7 +2152,7 @@  delete_route(struct route_ipv4 *r,
 #if !defined(TARGET_ANDROID)
     const char *gateway;
 #endif
-#else
+#else  /* if !defined(TARGET_LINUX) */
     int metric;
 #endif
     int is_local_route;
diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
index 56d0576a..80e0d5ac 100644
--- a/src/openvpn/ssl.c
+++ b/src/openvpn/ssl.c
@@ -466,7 +466,7 @@  ssl_set_auth_token(const char *token)
  * Cleans an auth token and checks if it was active
  */
 bool
-ssl_clean_auth_token (void)
+ssl_clean_auth_token(void)
 {
     bool wasdefined = auth_token.defined;
     purge_user_pass(&auth_token, true);
@@ -2015,7 +2015,7 @@  tls_session_update_crypto_params(struct tls_session *session,
     {
         frame_remove_from_extra_frame(frame_fragment, crypto_max_overhead());
         crypto_adjust_frame_parameters(frame_fragment, &session->opt->key_type,
-	                               options->replay, packet_id_long_form);
+                                       options->replay, packet_id_long_form);
         frame_set_mtu_dynamic(frame_fragment, options->ce.fragment, SET_MTU_UPPER_BOUND);
         frame_print(frame_fragment, D_MTU_INFO, "Fragmentation MTU parms");
     }
@@ -2411,7 +2411,9 @@  key_method_2_write(struct buffer *buf, struct tls_session *session)
          * username/password
          */
         if (auth_token.defined)
+        {
             up = &auth_token;
+        }
 
         if (!write_string(buf, up->username, -1))
         {
diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h
index f0a8ef54..2f6f7657 100644
--- a/src/openvpn/ssl.h
+++ b/src/openvpn/ssl.h
@@ -607,4 +607,5 @@  void
 show_available_tls_ciphers(const char *cipher_list,
                            const char *cipher_list_tls13,
                            const char *tls_cert_profile);
+
 #endif /* ifndef OPENVPN_SSL_H */
diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index d585111b..1f91b785 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -191,12 +191,13 @@  tls_ctx_initialised(struct tls_root_ctx *ctx)
 }
 
 #ifdef HAVE_EXPORT_KEYING_MATERIAL
-int mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms,
-                               const unsigned char *kb, size_t maclen,
-                               size_t keylen, size_t ivlen,
-                               const unsigned char client_random[32],
-                               const unsigned char server_random[32],
-                               mbedtls_tls_prf_types tls_prf_type)
+int
+mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms,
+                           const unsigned char *kb, size_t maclen,
+                           size_t keylen, size_t ivlen,
+                           const unsigned char client_random[32],
+                           const unsigned char server_random[32],
+                           mbedtls_tls_prf_types tls_prf_type)
 {
     struct tls_session *session = p_expkey;
     struct key_state_ssl *ks_ssl = &session->key[KS_PRIMARY].ks_ssl;
@@ -1126,7 +1127,7 @@  key_state_ssl_init(struct key_state_ssl *ks_ssl,
     if (session->opt->ekm_size)
     {
         mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->ssl_config,
-                mbedtls_ssl_export_keys_cb, session);
+                                            mbedtls_ssl_export_keys_cb, session);
     }
 #endif
 
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index d7bd6aa2..5955c6bd 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -683,7 +683,7 @@  tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const char *curve_name
          * so do nothing */
 #endif
         return;
-#else
+#else  /* if OPENSSL_VERSION_NUMBER >= 0x10002000L */
         /* For older OpenSSL we have to extract the curve from key on our own */
         EC_KEY *eckey = NULL;
         const EC_GROUP *ecgrp = NULL;
@@ -1173,7 +1173,7 @@  openvpn_extkey_rsa_finish(RSA *rsa)
  * interface query
  */
 const char *
-get_rsa_padding_name (const int padding)
+get_rsa_padding_name(const int padding)
 {
     switch (padding)
     {
@@ -1190,14 +1190,14 @@  get_rsa_padding_name (const int padding)
 
 /**
  * Pass the input hash in 'dgst' to management and get the signature back.
-  *
- * @param dgst		hash to be signed
- * @param dgstlen	len of data in dgst
- * @param sig 		On successful return signature is in sig.
- * @param siglen	length of buffer sig
- * @param algorithm	padding/hashing algorithm for the signature
  *
- * @return 		signature length or -1 on error.
+ * @param dgst          hash to be signed
+ * @param dgstlen       len of data in dgst
+ * @param sig           On successful return signature is in sig.
+ * @param siglen        length of buffer sig
+ * @param algorithm     padding/hashing algorithm for the signature
+ *
+ * @return              signature length or -1 on error.
  */
 static int
 get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen,
@@ -1239,7 +1239,7 @@  rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa,
         return -1;
     }
 
-    ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name (padding));
+    ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name(padding));
 
     return (ret == len) ? ret : -1;
 }
@@ -1314,7 +1314,7 @@  err:
 }
 
 #if ((OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \
-     || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
+    || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
     && !defined(OPENSSL_NO_EC)
 
 /* called when EC_KEY is destroyed */
@@ -1475,7 +1475,7 @@  tls_ctx_use_management_external_key(struct tls_root_ctx *ctx)
         }
     }
 #if ((OPENSSL_VERSION_NUMBER > 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)) \
-     || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
+    || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
     && !defined(OPENSSL_NO_EC)
     else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
     {
@@ -2135,8 +2135,8 @@  show_available_tls_ciphers_list(const char *cipher_list,
         crypto_msg(M_FATAL, "Cannot create SSL object");
     }
 
-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || \
-    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL)
+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)    \
+    || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= 0x2090000fL)
     STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
 #else
     STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index da0966c5..9362b8e9 100644
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -804,7 +804,7 @@  cleanup:
 #endif
 
 void
-auth_set_client_reason(struct tls_multi* multi, const char* client_reason)
+auth_set_client_reason(struct tls_multi *multi, const char *client_reason)
 {
     if (multi->client_reason)
     {
@@ -1204,7 +1204,7 @@  verify_user_pass_plugin(struct tls_session *session, struct tls_multi *multi,
 
 static int
 verify_user_pass_management(struct tls_session *session,
-                            struct tls_multi* multi,
+                            struct tls_multi *multi,
                             const struct user_pass *up)
 {
     int retval = KMDA_ERROR;
@@ -1301,16 +1301,16 @@  verify_user_pass(struct user_pass *up, struct tls_multi *multi,
              * for equality with AUTH_TOKEN_HMAC_OK
              */
             msg(M_WARN, "TLS: Username/auth-token authentication "
-                        "succeeded for username '%s'",
+                "succeeded for username '%s'",
                 up->username);
-              skip_auth = true;
+            skip_auth = true;
         }
         else
         {
             wipe_auth_token(multi);
             ks->authenticated = false;
             msg(M_WARN, "TLS: Username/auth-token authentication "
-                        "failed for username '%s'", up->username);
+                "failed for username '%s'", up->username);
             return;
         }
     }
@@ -1335,12 +1335,12 @@  verify_user_pass(struct user_pass *up, struct tls_multi *multi,
     }
 
     /* check sizing of username if it will become our common name */
-    if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME) &&
-         strlen(up->username)>TLS_USERNAME_LEN)
+    if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME)
+        && strlen(up->username)>TLS_USERNAME_LEN)
     {
         msg(D_TLS_ERRORS,
-                "TLS Auth Error: --username-as-common name specified and username is longer than the maximum permitted Common Name length of %d characters",
-                TLS_USERNAME_LEN);
+            "TLS Auth Error: --username-as-common name specified and username is longer than the maximum permitted Common Name length of %d characters",
+            TLS_USERNAME_LEN);
         s1 = OPENVPN_PLUGIN_FUNC_ERROR;
     }
     /* auth succeeded? */
diff --git a/src/openvpn/ssl_verify.h b/src/openvpn/ssl_verify.h
index c54b89a6..21b37a0f 100644
--- a/src/openvpn/ssl_verify.h
+++ b/src/openvpn/ssl_verify.h
@@ -234,7 +234,8 @@  bool tls_authenticate_key(struct tls_multi *multi, const unsigned int mda_key_id
  * @param multi             The multi tls struct
  * @param client_reason     The string to send to the client as part of AUTH_FAILED
  */
-void auth_set_client_reason(struct tls_multi* multi, const char* client_reason);
+void auth_set_client_reason(struct tls_multi *multi, const char *client_reason);
+
 #endif
 
 static inline const char *
diff --git a/src/openvpn/vlan.c b/src/openvpn/vlan.c
index a5885de2..9290179d 100644
--- a/src/openvpn/vlan.c
+++ b/src/openvpn/vlan.c
@@ -58,7 +58,7 @@  static void
 vlanhdr_set_vid(struct openvpn_8021qhdr *hdr, const uint16_t vid)
 {
     hdr->pcp_cfi_vid = (hdr->pcp_cfi_vid & ~OPENVPN_8021Q_MASK_VID)
-                        | (htons(vid) & OPENVPN_8021Q_MASK_VID);
+                       | (htons(vid) & OPENVPN_8021Q_MASK_VID);
 }
 
 /*
@@ -135,7 +135,7 @@  vlan_decapsulate(const struct context *c, struct buffer *buf)
                 goto drop;
             }
 
-            /* vid == 0 means prio-tagged packet: don't drop and fall-through */
+        /* vid == 0 means prio-tagged packet: don't drop and fall-through */
         case VLAN_ONLY_TAGGED:
         case VLAN_ALL:
             /* tagged frame can be accepted: extract vid and strip encapsulation */
diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h
index 4b508c56..79504776 100644
--- a/src/openvpn/win32.h
+++ b/src/openvpn/win32.h
@@ -69,7 +69,7 @@  struct security_attributes
 struct window_title
 {
     bool saved;
-    char old_window_title [256];
+    char old_window_title[256];
 };
 
 struct rw_handle {