uncrustify openvpn/ sources

There are an amazing number of brackets that were either
totally missing, or have snuck up on the "for(...){"
line.  Further, uncrustify wants "|" in multi-line
logical expressions now at the beginning of the new
line, and "PRIi64" now gets surrounding spaces.

Added "sp_after_semi_for_empty=Add" to uncrustify.conf
to leave a few for() statements alone that look better
the way they are.

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <20181130135641.11533-3-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17970.html
Signed-off-by: David Sommerseth <davids@openvpn.net>

dev-tools/uncrustify.conf

@@ -60,6 +60,9 @@ mod_add_long_ifdef_else_comment=5
 # Misc cleanup
 mod_remove_extra_semicolon=true
 
+# leave blank at end of empty for() statements
+sp_after_semi_for_empty=Add
+
 # Use C-style comments (/* .. */)
 cmt_c_nl_end=true
 cmt_star_cont=true

src/openvpn/block_dns.h

@@ -65,5 +65,5 @@ DWORD
 set_interface_metric(const NET_IFINDEX index, const ADDRESS_FAMILY family,
                      const ULONG metric);
 
-#endif
-#endif
+#endif /* ifndef OPENVPN_BLOCK_DNS_H */
+#endif /* ifdef _WIN32 */

src/openvpn/buffer.c

@@ -312,7 +312,7 @@ openvpn_snprintf(char *str, size_t size, const char *format, ...)
 
 /*
  * openvpn_swprintf() is currently only used by Windows code paths
- * and when enabled for all platforms it will currently break older 
+ * and when enabled for all platforms it will currently break older
  * OpenBSD versions lacking vswprintf(3) support in their libc.
  */
 
@@ -474,7 +474,7 @@ x_gc_freespecial(struct gc_arena *a)
 }
 
 void
-gc_addspecial(void *addr, void(free_function)(void *), struct gc_arena *a)
+gc_addspecial(void *addr, void (free_function)(void *), struct gc_arena *a)
 {
     ASSERT(a);
     struct gc_entry_special *e;

src/openvpn/buffer.h

@@ -458,6 +458,7 @@ __attribute__ ((format(__printf__, 3, 4)))
  */
 bool
 openvpn_swprintf(wchar_t *const str, const size_t size, const wchar_t *const format, ...);
+
 /*
  * Unlike in openvpn_snprintf, we cannot use format attributes since
  * GCC doesn't support wprintf as archetype.

src/openvpn/console.h

@@ -21,7 +21,7 @@
  *  You should have received a copy of the GNU General Public License along
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-*/
+ */
 
 #ifndef CONSOLE_H
 #define CONSOLE_H

src/openvpn/crypto.c

@@ -920,10 +920,12 @@ key_is_zero(struct key *key, const struct key_type *kt)
 {
     int i;
     for (i = 0; i < kt->cipher_length; ++i)
+    {
         if (key->cipher[i])
         {
             return false;
         }
+    }
     msg(D_CRYPT_ERRORS, "CRYPTO INFO: WARNING: zero key detected");
     return true;
 }
@@ -1270,7 +1272,9 @@ read_key_file(struct key2 *key2, const char *file, const unsigned int flags)
     {
         in = buffer_read_from_file(file, &gc);
         if (!buf_valid(&in))
+        {
             msg(M_FATAL, "Read error on key file ('%s')", file);
+        }
 
         size = in.len;
     }
@@ -1462,7 +1466,7 @@ write_key_file(const int nkeys, const char *filename)
     buf_printf(&out, "%s\n", static_key_foot);
 
     /* write key file, now formatted in out, to file */
-    if(!buffer_write_file(filename, &out))
+    if (!buffer_write_file(filename, &out))
     {
         nbits = -1;
     }
@@ -1692,7 +1696,9 @@ prng_reset_nonce(void)
     {
         int i;
         for (i = 0; i < size; ++i)
+        {
             nonce_data[i] = (uint8_t) i;
+        }
     }
 #endif
 }
@@ -1773,7 +1779,7 @@ void
 print_cipher(const cipher_kt_t *cipher)
 {
     const char *var_key_size = cipher_kt_var_key_size(cipher) ?
-        " by default" : "";
+                               " by default" : "";
 
     printf("%s  (%d bit key%s, ",
            translate_cipher_name_to_openvpn(cipher_kt_name(cipher)),

src/openvpn/crypto.h

@@ -318,7 +318,7 @@ void free_key_ctx(struct key_ctx *ctx);
 
 void init_key_ctx_bi(struct key_ctx_bi *ctx, const struct key2 *key2,
                      int key_direction, const struct key_type *kt,
-		     const char *name);
+                     const char *name);
 
 void free_key_ctx_bi(struct key_ctx_bi *ctx);
 
@@ -504,7 +504,8 @@ memcmp_constant_time(const void *a, const void *b, size_t size)
     int ret = 0;
     size_t i;
 
-    for (i = 0; i < size; i++) {
+    for (i = 0; i < size; i++)
+    {
         ret |= *a1++ ^ *b1++;
     }
 

src/openvpn/crypto_backend.h

@@ -51,7 +51,7 @@
 typedef enum {
     MD_SHA1,
     MD_SHA256
-} hash_algo_type ;
+} hash_algo_type;
 
 /** Struct used in cipher name translation table */
 typedef struct {

src/openvpn/crypto_mbedtls.c

@@ -233,8 +233,8 @@ crypto_pem_encode(const char *name, struct buffer *dst,
 
     size_t out_len = 0;
     if (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL !=
-            mbedtls_pem_write_buffer(header, footer, BPTR(src), BLEN(src),
-                                     NULL, 0, &out_len))
+        mbedtls_pem_write_buffer(header, footer, BPTR(src), BLEN(src),
+                                 NULL, 0, &out_len))
     {
         return false;
     }
@@ -858,7 +858,8 @@ md_ctx_new(void)
     return ctx;
 }
 
-void md_ctx_free(mbedtls_md_context_t *ctx)
+void
+md_ctx_free(mbedtls_md_context_t *ctx)
 {
     free(ctx);
 }

src/openvpn/crypto_mbedtls.h

@@ -146,7 +146,8 @@ mbed_log_func_line_lite(unsigned int flags, int errval,
 #define mbed_ok(errval) \
     mbed_log_func_line_lite(D_CRYPT_ERRORS, errval, __func__, __LINE__)
 
-static inline bool cipher_kt_var_key_size(const cipher_kt_t *cipher)
+static inline bool
+cipher_kt_var_key_size(const cipher_kt_t *cipher)
 {
     return cipher->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN;
 }

src/openvpn/crypto_openssl.c

@@ -202,12 +202,12 @@ crypto_print_openssl_errors(const unsigned int flags)
         else if (ERR_GET_REASON(err) == SSL_R_UNSUPPORTED_PROTOCOL)
         {
             msg(D_CRYPT_ERRORS, "TLS error: Unsupported protocol. This typically "
-                 "indicates that client and server have no common TLS version enabled. "
-                 "This can be caused by mismatched tls-version-min and tls-version-max "
-                 "options on client and server. "
-                 "If your OpenVPN client is between v2.3.6 and v2.3.2 try adding "
-                 "tls-version-min 1.0 to the client configuration to use TLS 1.0+ "
-                 "instead of TLS 1.0 only");
+                "indicates that client and server have no common TLS version enabled. "
+                "This can be caused by mismatched tls-version-min and tls-version-max "
+                "options on client and server. "
+                "If your OpenVPN client is between v2.3.6 and v2.3.2 try adding "
+                "tls-version-min 1.0 to the client configuration to use TLS 1.0+ "
+                "instead of TLS 1.0 only");
         }
         msg(flags, "OpenSSL: %s", ERR_error_string(err, NULL));
     }
@@ -315,7 +315,8 @@ show_available_ciphers(void)
 
     qsort(cipher_list, num_ciphers, sizeof(*cipher_list), cipher_name_cmp);
 
-    for (i = 0; i < num_ciphers; i++) {
+    for (i = 0; i < num_ciphers; i++)
+    {
         if (!cipher_kt_insecure(cipher_list[i]))
         {
             print_cipher(cipher_list[i]);
@@ -324,7 +325,8 @@ show_available_ciphers(void)
 
     printf("\nThe following ciphers have a block size of less than 128 bits, \n"
            "and are therefore deprecated.  Do not use unless you have to.\n\n");
-    for (i = 0; i < num_ciphers; i++) {
+    for (i = 0; i < num_ciphers; i++)
+    {
         if (cipher_kt_insecure(cipher_list[i]))
         {
             print_cipher(cipher_list[i]);
@@ -405,7 +407,7 @@ crypto_pem_encode(const char *name, struct buffer *dst,
 cleanup:
     if (!BIO_free(bio))
     {
-        ret = false;;
+        ret = false;
     }
 
     return ret;
@@ -458,7 +460,7 @@ crypto_pem_decode(const char *name, struct buffer *dst,
     OPENSSL_free(data_read);
     if (!BIO_free(bio))
     {
-        ret = false;;
+        ret = false;
     }
 
     return ret;
@@ -688,7 +690,7 @@ cipher_kt_insecure(const EVP_CIPHER *cipher)
 #ifdef NID_chacha20_poly1305
              || EVP_CIPHER_nid(cipher) == NID_chacha20_poly1305
 #endif
-            );
+             );
 }
 
 int
@@ -729,13 +731,13 @@ cipher_kt_mode_aead(const cipher_kt_t *cipher)
     {
         switch (EVP_CIPHER_nid(cipher))
         {
-        case NID_aes_128_gcm:
-        case NID_aes_192_gcm:
-        case NID_aes_256_gcm:
+            case NID_aes_128_gcm:
+            case NID_aes_192_gcm:
+            case NID_aes_256_gcm:
 #ifdef NID_chacha20_poly1305
-        case NID_chacha20_poly1305:
+            case NID_chacha20_poly1305:
 #endif
-            return true;
+                return true;
         }
     }
 #endif
@@ -962,7 +964,8 @@ md_ctx_new(void)
     return ctx;
 }
 
-void md_ctx_free(EVP_MD_CTX *ctx)
+void
+md_ctx_free(EVP_MD_CTX *ctx)
 {
     EVP_MD_CTX_free(ctx);
 }

src/openvpn/crypto_openssl.h

@@ -101,7 +101,8 @@ void crypto_print_openssl_errors(const unsigned int flags);
         msg((flags), __VA_ARGS__); \
     } while (false)
 
-static inline bool cipher_kt_var_key_size(const cipher_kt_t *cipher)
+static inline bool
+cipher_kt_var_key_size(const cipher_kt_t *cipher)
 {
     return EVP_CIPHER_flags(cipher) & EVP_CIPH_VARIABLE_LENGTH;
 }

src/openvpn/cryptoapi.c

@@ -159,7 +159,8 @@ ms_error_text(DWORD ms_err)
         /* trim to the left */
         if (rv)
         {
-            for (p = rv + strlen(rv) - 1; p >= rv; p--) {
+            for (p = rv + strlen(rv) - 1; p >= rv; p--)
+            {
                 if (isspace(*p))
                 {
                     *p = '\0';
@@ -198,7 +199,8 @@ err_put_ms_error(DWORD ms_err, int func, const char *file, int line)
     }
     /* since MS error codes are 32 bit, and the ones in the ERR_... system is
      * only 12, we must have a mapping table between them.  */
-    for (i = 0; i < ERR_MAP_SZ; i++) {
+    for (i = 0; i < ERR_MAP_SZ; i++)
+    {
         if (err_map[i].ms_err == ms_err)
         {
             ERR_PUT_error(ERR_LIB_CRYPTOAPI, func, err_map[i].err, file, line);
@@ -267,8 +269,8 @@ priv_enc_CNG(const CAPI_DATA *cd, const wchar_t *hash_algo, const unsigned char
     BCRYPT_PKCS1_PADDING_INFO padinfo = {hash_algo};
     DWORD status;
 
-    status = NCryptSignHash(hkey, padding? &padinfo : NULL, (BYTE*) from, flen,
-                            to, tlen, &len, padding? BCRYPT_PAD_PKCS1 : 0);
+    status = NCryptSignHash(hkey, padding ? &padinfo : NULL, (BYTE *) from, flen,
+                            to, tlen, &len, padding ? BCRYPT_PAD_PKCS1 : 0);
     if (status != ERROR_SUCCESS)
     {
         SetLastError(status);
@@ -375,7 +377,7 @@ rsa_priv_enc(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, i
  */
 static int
 rsa_sign_CNG(int type, const unsigned char *m, unsigned int m_len,
-              unsigned char *sig, unsigned int *siglen, const RSA *rsa)
+             unsigned char *sig, unsigned int *siglen, const RSA *rsa)
 {
     CAPI_DATA *cd = (CAPI_DATA *) RSA_meth_get0_app_data(RSA_get_method(rsa));
     const wchar_t *alg = NULL;
@@ -419,6 +421,7 @@ rsa_sign_CNG(int type, const unsigned char *m, unsigned int m_len,
             /* No DigestInfo header is required -- set alg-name to NULL */
             alg = NULL;
             break;
+
         default:
             msg(M_WARN, "cryptoapicert: Unknown hash type NID=0x%x", type);
             RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
@@ -459,7 +462,7 @@ finish(RSA *rsa)
         return 0;
     }
     CAPI_DATA_free(cd);
-    RSA_meth_free((RSA_METHOD*) rsa_meth);
+    RSA_meth_free((RSA_METHOD *) rsa_meth);
     return 1;
 }
 
@@ -586,7 +589,7 @@ ssl_ctx_set_eckey(SSL_CTX *ssl_ctx, CAPI_DATA *cd, EVP_PKEY *pkey)
     if (cd->key_spec != CERT_NCRYPT_KEY_SPEC)
     {
         msg(M_NONFATAL, "ERROR: cryptoapicert with only legacy private key handle available."
-                    " EC certificate not supported.");
+            " EC certificate not supported.");
         goto err;
     }
     /* create a method struct with default callbacks filled in */
@@ -686,7 +689,8 @@ find_certificate_in_store(const char *cert_prop, HCERTSTORE cert_store)
 
         /* skip the tag */
         cert_prop += 6;
-        for (p = (char *) cert_prop, i = 0; *p && i < sizeof(hash); i++) {
+        for (p = (char *) cert_prop, i = 0; *p && i < sizeof(hash); i++)
+        {
             if (*p >= '0' && *p <= '9')
             {
                 x = (*p - '0') << 4;
@@ -739,7 +743,7 @@ ssl_ctx_set_rsakey(SSL_CTX *ssl_ctx, CAPI_DATA *cd, EVP_PKEY *pkey)
     bool rsa_method_set = false;
 
     my_rsa_method = RSA_meth_new("Microsoft Cryptography API RSA Method",
-                                  RSA_METHOD_FLAG_NO_CHECK);
+                                 RSA_METHOD_FLAG_NO_CHECK);
     check_malloc_return(my_rsa_method);
     RSA_meth_set_pub_enc(my_rsa_method, rsa_pub_enc);
     RSA_meth_set_pub_dec(my_rsa_method, rsa_pub_dec);
@@ -797,7 +801,7 @@ ssl_ctx_set_rsakey(SSL_CTX *ssl_ctx, CAPI_DATA *cd, EVP_PKEY *pkey)
         goto err;
     }
     /* SSL_CTX_use_RSAPrivateKey() increased the reference count in 'rsa', so
-     * we decrease it here with RSA_free(), or it will never be cleaned up. */
+    * we decrease it here with RSA_free(), or it will never be cleaned up. */
     RSA_free(rsa);
     return 1;
 
@@ -867,7 +871,7 @@ SSL_CTX_use_CryptoAPI_certificate(SSL_CTX *ssl_ctx, const char *cert_prop)
     DWORD flags = CRYPT_ACQUIRE_COMPARE_KEY_FLAG
                   | CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG;
     if (!CryptAcquireCertificatePrivateKey(cd->cert_context, flags, NULL,
-                    &cd->crypt_prov, &cd->key_spec, &cd->free_crypt_prov))
+                                           &cd->crypt_prov, &cd->key_spec, &cd->free_crypt_prov))
     {
         /* if we don't have a smart card reader here, and we try to access a
          * smart card certificate, we get:

src/openvpn/env_set.c

@@ -277,7 +277,7 @@ void
 setenv_long_long(struct env_set *es, const char *name, long long value)
 {
     char buf[64];
-    openvpn_snprintf(buf, sizeof(buf), "%"PRIi64, (int64_t)value);
+    openvpn_snprintf(buf, sizeof(buf), "%" PRIi64, (int64_t)value);
     setenv_str(es, name, buf);
 }
 

src/openvpn/env_set.h

@@ -94,13 +94,15 @@ void env_set_print(int msglevel, const struct env_set *es);
 void env_set_inherit(struct env_set *es, const struct env_set *src);
 
 /* returns true if environmental variable name starts with 'password' */
-static inline bool is_password_env_var(const char *str)
+static inline bool
+is_password_env_var(const char *str)
 {
     return (strncmp(str, "password", 8) == 0);
 }
 
 /* returns true if environmental variable safe to print to log */
-static inline bool env_safe_to_print(const char *str)
+static inline bool
+env_safe_to_print(const char *str)
 {
 #ifndef UNSAFE_DEBUG
     if (is_password_env_var(str))