Hi,
On 16/04/2020 13:39, Arne Schwabe wrote:
[CUT]
> diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
> index 49864c0a..195941ca 100644
> --- a/src/openvpn/manage.c
> +++ b/src/openvpn/manage.c
> @@ -3660,9 +3660,9 @@ management_query_pk_sig(struct management *man, const
> char *b64_data,
> buf_write(&buf_data, ",", (int) strlen(","));
> buf_write(&buf_data, algorithm, (int) strlen(algorithm));
> }
> - char* ret = management_query_multiline_flatten(man,
> - (char *)buf_bptr(&buf_data), prompt, desc,
> - &man->connection.ext_key_state, &man->connection.ext_key_input);
> + char *ret = management_query_multiline_flatten(man,
> + (char
> *)buf_bptr(&buf_data), prompt, desc,
why not moving some arguments on the first line ? One or two should fit.
(IMHO it can be done in this patch - it's still about restyling)
> +
> &man->connection.ext_key_state, &man->connection.ext_key_input);
> free_buf(&buf_data);
> return ret;
> }
> diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c
> index 1c17948c..a10888ed 100644
> --- a/src/openvpn/misc.c
> +++ b/src/openvpn/misc.c
> @@ -146,7 +146,7 @@ auth_user_pass_mgmt(struct user_pass *up, const char
> *prefix, const unsigned int
> }
> return true;
> }
> -#endif
> +#endif /* ifdef ENABLE_MANAGEMENT */
>
> /*
> * Get and store a username/password
> diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c
> index bdb1b0c0..a7e78213 100644
> --- a/src/openvpn/mroute.c
> +++ b/src/openvpn/mroute.c
> @@ -324,7 +324,7 @@ mroute_extract_addr_ether(struct mroute_addr *src,
> break;
> }
> }
> -#endif
> +#endif /* ifdef ENABLE_PF */
> }
> return ret;
> }
> diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h
> index 5e6d898f..9c1d1696 100644
> --- a/src/openvpn/networking.h
> +++ b/src/openvpn/networking.h
> @@ -31,8 +31,8 @@ struct context;
> #include "networking_iproute2.h"
> #else
> /* define mock types to ensure code builds on any platform */
> -typedef void * openvpn_net_ctx_t;
> -typedef void * openvpn_net_iface_t;
> +typedef void *openvpn_net_ctx_t;
> +typedef void *openvpn_net_iface_t;
>
> static inline int
> net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx)
> @@ -51,7 +51,7 @@ net_ctx_free(openvpn_net_ctx_t *ctx)
> {
> (void)ctx;
> }
> -#endif
> +#endif /* ifdef ENABLE_SITNL */
>
> #if defined(ENABLE_SITNL) || defined(ENABLE_IPROUTE)
>
> diff --git a/src/openvpn/networking_iproute2.c
> b/src/openvpn/networking_iproute2.c
> index 0f9e899a..f3b9c614 100644
> --- a/src/openvpn/networking_iproute2.c
> +++ b/src/openvpn/networking_iproute2.c
> @@ -43,7 +43,9 @@ net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx)
> {
> ctx->es = NULL;
> if (c)
> + {
> ctx->es = c->es;
> + }
> ctx->gc = gc_new();
>
> return 0;
> @@ -207,10 +209,14 @@ net_route_v4_add(openvpn_net_ctx_t *ctx, const
> in_addr_t *dst, int prefixlen,
> argv_printf(&argv, "%s route add %s/%d", iproute_path, dst_str,
> prefixlen);
>
> if (metric > 0)
> + {
> argv_printf_cat(&argv, "metric %d", metric);
> + }
>
> if (iface)
> + {
> argv_printf_cat(&argv, "dev %s", iface);
> + }
>
> if (gw)
> {
> @@ -246,7 +252,9 @@ net_route_v6_add(openvpn_net_ctx_t *ctx, const struct
> in6_addr *dst,
> }
>
> if (metric > 0)
> + {
> argv_printf_cat(&argv, "metric %d", metric);
> + }
>
> argv_msg(D_ROUTE, &argv);
> openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 add
> command failed");
> @@ -267,7 +275,9 @@ net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t
> *dst, int prefixlen,
> argv_printf(&argv, "%s route del %s/%d", iproute_path, dst_str,
> prefixlen);
>
> if (metric > 0)
> + {
> argv_printf_cat(&argv, "metric %d", metric);
> + }
>
> argv_msg(D_ROUTE, &argv);
> openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route delete
> command failed");
> @@ -296,7 +306,9 @@ net_route_v6_del(openvpn_net_ctx_t *ctx, const struct
> in6_addr *dst,
> }
>
> if (metric > 0)
> + {
> argv_printf_cat(&argv, "metric %d", metric);
> + }
>
> argv_msg(D_ROUTE, &argv);
> openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 del
> command failed");
> @@ -314,7 +326,9 @@ net_route_v4_best_gw(openvpn_net_ctx_t *ctx, const
> in_addr_t *dst,
>
> FILE *fp = fopen("/proc/net/route", "r");
> if (!fp)
> + {
> return -1;
> + }
>
> char line[256];
> int count = 0;
> diff --git a/src/openvpn/networking_sitnl.h b/src/openvpn/networking_sitnl.h
> index f39d426d..6396b06e 100644
> --- a/src/openvpn/networking_sitnl.h
> +++ b/src/openvpn/networking_sitnl.h
> @@ -23,6 +23,6 @@
> #define NETWORKING_SITNL_H_
>
> typedef char openvpn_net_iface_t;
> -typedef void * openvpn_net_ctx_t;
> +typedef void *openvpn_net_ctx_t;
>
> #endif /* NETWORKING_SITNL_H_ */
> diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h
> index 900db7e1..595a9b1d 100644
> --- a/src/openvpn/openvpn.h
> +++ b/src/openvpn/openvpn.h
> @@ -524,7 +524,7 @@ struct context
>
> struct env_set *es; /**< Set of environment variables. */
>
> - openvpn_net_ctx_t net_ctx; /**< Networking API opaque context */
> + openvpn_net_ctx_t net_ctx; /**< Networking API opaque context */
>
> struct signal_info *sig; /**< Internal error signaling object. */
>
> diff --git a/src/openvpn/options.c b/src/openvpn/options.c
> index 49df8df1..63dc53c3 100644
> --- a/src/openvpn/options.c
> +++ b/src/openvpn/options.c
> @@ -1241,8 +1241,10 @@ print_vlan_accept(enum vlan_acceptable_frames mode)
> {
> case VLAN_ONLY_TAGGED:
> return "tagged";
> +
> case VLAN_ONLY_UNTAGGED_OR_PRIORITY:
> return "untagged";
> +
> case VLAN_ALL:
> return "all";
> }
> @@ -1320,7 +1322,7 @@ show_p2mp_parms(const struct options *o)
> SHOW_STR(port_share_port);
> #endif
> SHOW_BOOL(vlan_tagging);
> - msg(D_SHOW_PARMS, " vlan_accept = %s", print_vlan_accept
> (o->vlan_accept));
> + msg(D_SHOW_PARMS, " vlan_accept = %s",
> print_vlan_accept(o->vlan_accept));
> SHOW_INT(vlan_pvid);
> #endif /* P2MP_SERVER */
>
> @@ -5301,7 +5303,7 @@ add_option(struct options *options,
> options->management_flags |= MF_EXTERNAL_CERT;
> options->management_certificate = p[1];
> }
> -#endif
> +#endif /* ifdef ENABLE_MANAGEMENT */
> #ifdef MANAGEMENT_DEF_AUTH
> else if (streq(p[0], "management-client-auth") && !p[1])
> {
> @@ -7711,8 +7713,8 @@ add_option(struct options *options,
> }
> else
> {
> - if (streq(p[1], "secret") || streq(p[1], "tls-auth") ||
> - streq(p[1], "tls-crypt"))
> + if (streq(p[1], "secret") || streq(p[1], "tls-auth")
> + || streq(p[1], "tls-crypt"))
> {
> options->genkey_type = GENKEY_SECRET;
> }
> diff --git a/src/openvpn/options.h b/src/openvpn/options.h
> index 2f1f6faf..4c1737e1 100644
> --- a/src/openvpn/options.h
> +++ b/src/openvpn/options.h
> @@ -222,8 +222,8 @@ struct options
> bool show_curves;
> bool genkey;
> enum genkey_type genkey_type;
> - const char* genkey_filename;
> - const char* genkey_extra_data;
> + const char *genkey_filename;
> + const char *genkey_extra_data;
>
> /* Networking parms */
> int connect_retry_max;
> diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h
> index c1ff3e14..c2517674 100644
> --- a/src/openvpn/proto.h
> +++ b/src/openvpn/proto.h
> @@ -67,7 +67,7 @@ struct openvpn_ethhdr
> struct openvpn_8021qhdr
> {
> uint8_t dest[OPENVPN_ETH_ALEN]; /* destination ethernet addr */
> - uint8_t source[OPENVPN_ETH_ALEN]; /* source ethernet addr */
> + uint8_t source[OPENVPN_ETH_ALEN]; /* source ethernet addr */
>
> uint16_t tpid; /* 802.1Q Tag Protocol Identifier */
> #define OPENVPN_8021Q_MASK_PCP htons(0xE000) /* mask PCP out of pcp_cfi_vid
> */
> diff --git a/src/openvpn/push.c b/src/openvpn/push.c
> index aef00d34..39a906d4 100644
> --- a/src/openvpn/push.c
> +++ b/src/openvpn/push.c
> @@ -72,19 +72,19 @@ receive_auth_failed(struct context *c, const struct
> buffer *buffer)
> {
> switch (auth_retry_get())
> {
> - case AR_NONE:
> - c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- Auth
> failure error */
> - break;
> + case AR_NONE:
> + c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM --
> Auth failure error */
> + break;
>
> - case AR_INTERACT:
> - ssl_purge_auth(false);
> + case AR_INTERACT:
> + ssl_purge_auth(false);
>
> - case AR_NOINTERACT:
> - c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Auth
> failure error */
> - break;
> + case AR_NOINTERACT:
> + c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 --
> Auth failure error */
> + break;
>
> - default:
> - ASSERT(0);
> + default:
> + ASSERT(0);
> }
> c->sig->signal_text = "auth-failure";
> }
> diff --git a/src/openvpn/route.c b/src/openvpn/route.c
> index e0f8d201..51f76318 100644
> --- a/src/openvpn/route.c
> +++ b/src/openvpn/route.c
> @@ -2152,7 +2152,7 @@ delete_route(struct route_ipv4 *r,
> #if !defined(TARGET_ANDROID)
> const char *gateway;
> #endif
> -#else
> +#else /* if !defined(TARGET_LINUX) */
> int metric;
> #endif
> int is_local_route;
> diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c
> index 56d0576a..80e0d5ac 100644
> --- a/src/openvpn/ssl.c
> +++ b/src/openvpn/ssl.c
> @@ -466,7 +466,7 @@ ssl_set_auth_token(const char *token)
> * Cleans an auth token and checks if it was active
> */
> bool
> -ssl_clean_auth_token (void)
> +ssl_clean_auth_token(void)
> {
> bool wasdefined = auth_token.defined;
> purge_user_pass(&auth_token, true);
> @@ -2015,7 +2015,7 @@ tls_session_update_crypto_params(struct tls_session
> *session,
> {
> frame_remove_from_extra_frame(frame_fragment, crypto_max_overhead());
> crypto_adjust_frame_parameters(frame_fragment,
> &session->opt->key_type,
> - options->replay, packet_id_long_form);
> + options->replay, packet_id_long_form);
> frame_set_mtu_dynamic(frame_fragment, options->ce.fragment,
> SET_MTU_UPPER_BOUND);
> frame_print(frame_fragment, D_MTU_INFO, "Fragmentation MTU parms");
> }
> @@ -2411,7 +2411,9 @@ key_method_2_write(struct buffer *buf, struct
> tls_session *session)
> * username/password
> */
> if (auth_token.defined)
> + {
> up = &auth_token;
> + }
>
> if (!write_string(buf, up->username, -1))
> {
> diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h
> index f0a8ef54..2f6f7657 100644
> --- a/src/openvpn/ssl.h
> +++ b/src/openvpn/ssl.h
> @@ -607,4 +607,5 @@ void
> show_available_tls_ciphers(const char *cipher_list,
> const char *cipher_list_tls13,
> const char *tls_cert_profile);
> +
> #endif /* ifndef OPENVPN_SSL_H */
> diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
> index d585111b..1f91b785 100644
> --- a/src/openvpn/ssl_mbedtls.c
> +++ b/src/openvpn/ssl_mbedtls.c
> @@ -191,12 +191,13 @@ tls_ctx_initialised(struct tls_root_ctx *ctx)
> }
>
> #ifdef HAVE_EXPORT_KEYING_MATERIAL
> -int mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms,
> - const unsigned char *kb, size_t maclen,
> - size_t keylen, size_t ivlen,
> - const unsigned char client_random[32],
> - const unsigned char server_random[32],
> - mbedtls_tls_prf_types tls_prf_type)
> +int
> +mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms,
> + const unsigned char *kb, size_t maclen,
> + size_t keylen, size_t ivlen,
> + const unsigned char client_random[32],
> + const unsigned char server_random[32],
> + mbedtls_tls_prf_types tls_prf_type)
> {
> struct tls_session *session = p_expkey;
> struct key_state_ssl *ks_ssl = &session->key[KS_PRIMARY].ks_ssl;
> @@ -1126,7 +1127,7 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl,
> if (session->opt->ekm_size)
> {
> mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->ssl_config,
> - mbedtls_ssl_export_keys_cb, session);
> + mbedtls_ssl_export_keys_cb,
> session);
> }
> #endif
>
> diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
> index d7bd6aa2..5955c6bd 100644
> --- a/src/openvpn/ssl_openssl.c
> +++ b/src/openvpn/ssl_openssl.c
> @@ -683,7 +683,7 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const
> char *curve_name
> * so do nothing */
> #endif
> return;
> -#else
> +#else /* if OPENSSL_VERSION_NUMBER >= 0x10002000L */
> /* For older OpenSSL we have to extract the curve from key on our
> own */
> EC_KEY *eckey = NULL;
> const EC_GROUP *ecgrp = NULL;
> @@ -1173,7 +1173,7 @@ openvpn_extkey_rsa_finish(RSA *rsa)
> * interface query
> */
> const char *
> -get_rsa_padding_name (const int padding)
> +get_rsa_padding_name(const int padding)
> {
> switch (padding)
> {
> @@ -1190,14 +1190,14 @@ get_rsa_padding_name (const int padding)
>
> /**
> * Pass the input hash in 'dgst' to management and get the signature back.
> - *
> - * @param dgst hash to be signed
> - * @param dgstlen len of data in dgst
> - * @param sig On successful return signature is in sig.
> - * @param siglen length of buffer sig
> - * @param algorithm padding/hashing algorithm for the signature
> *
> - * @return signature length or -1 on error.
> + * @param dgst hash to be signed
> + * @param dgstlen len of data in dgst
> + * @param sig On successful return signature is in sig.
> + * @param siglen length of buffer sig
> + * @param algorithm padding/hashing algorithm for the signature
> + *
> + * @return signature length or -1 on error.
> */
> static int
> get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen,
> @@ -1239,7 +1239,7 @@ rsa_priv_enc(int flen, const unsigned char *from,
> unsigned char *to, RSA *rsa,
> return -1;
> }
>
> - ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name
> (padding));
> + ret = get_sig_from_man(from, flen, to, len,
> get_rsa_padding_name(padding));
>
> return (ret == len) ? ret : -1;
> }
> @@ -1314,7 +1314,7 @@ err:
> }
>
> #if ((OPENSSL_VERSION_NUMBER > 0x10100000L &&
> !defined(LIBRESSL_VERSION_NUMBER)) \
> - || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
> + || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
> && !defined(OPENSSL_NO_EC)
>
> /* called when EC_KEY is destroyed */
> @@ -1475,7 +1475,7 @@ tls_ctx_use_management_external_key(struct tls_root_ctx
> *ctx)
> }
> }
> #if ((OPENSSL_VERSION_NUMBER > 0x10100000L &&
> !defined(LIBRESSL_VERSION_NUMBER)) \
> - || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
> + || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \
> && !defined(OPENSSL_NO_EC)
> else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC)
> {
> @@ -2135,8 +2135,8 @@ show_available_tls_ciphers_list(const char *cipher_list,
> crypto_msg(M_FATAL, "Cannot create SSL object");
> }
>
> -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || \
> - (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <=
> 0x2090000fL)
> +#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) \
> + || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <=
> 0x2090000fL)
> STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
> #else
> STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
> diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
> index da0966c5..9362b8e9 100644
> --- a/src/openvpn/ssl_verify.c
> +++ b/src/openvpn/ssl_verify.c
> @@ -804,7 +804,7 @@ cleanup:
> #endif
>
> void
> -auth_set_client_reason(struct tls_multi* multi, const char* client_reason)
> +auth_set_client_reason(struct tls_multi *multi, const char *client_reason)
> {
> if (multi->client_reason)
> {
> @@ -1204,7 +1204,7 @@ verify_user_pass_plugin(struct tls_session *session,
> struct tls_multi *multi,
>
> static int
> verify_user_pass_management(struct tls_session *session,
> - struct tls_multi* multi,
> + struct tls_multi *multi,
> const struct user_pass *up)
> {
> int retval = KMDA_ERROR;
> @@ -1301,16 +1301,16 @@ verify_user_pass(struct user_pass *up, struct
> tls_multi *multi,
> * for equality with AUTH_TOKEN_HMAC_OK
> */
> msg(M_WARN, "TLS: Username/auth-token authentication "
> - "succeeded for username '%s'",
> + "succeeded for username '%s'",
> up->username);
> - skip_auth = true;
> + skip_auth = true;
> }
> else
> {
> wipe_auth_token(multi);
> ks->authenticated = false;
> msg(M_WARN, "TLS: Username/auth-token authentication "
> - "failed for username '%s'", up->username);
> + "failed for username '%s'", up->username);
> return;
> }
> }
> @@ -1335,12 +1335,12 @@ verify_user_pass(struct user_pass *up, struct
> tls_multi *multi,
> }
>
> /* check sizing of username if it will become our common name */
> - if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME) &&
> - strlen(up->username)>TLS_USERNAME_LEN)
> + if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME)
> + && strlen(up->username)>TLS_USERNAME_LEN)
> {
> msg(D_TLS_ERRORS,
> - "TLS Auth Error: --username-as-common name specified and
> username is longer than the maximum permitted Common Name length of %d
> characters",
> - TLS_USERNAME_LEN);
> + "TLS Auth Error: --username-as-common name specified and
> username is longer than the maximum permitted Common Name length of %d
> characters",
> + TLS_USERNAME_LEN);
> s1 = OPENVPN_PLUGIN_FUNC_ERROR;
> }
> /* auth succeeded? */
> diff --git a/src/openvpn/ssl_verify.h b/src/openvpn/ssl_verify.h
> index c54b89a6..21b37a0f 100644
> --- a/src/openvpn/ssl_verify.h
> +++ b/src/openvpn/ssl_verify.h
> @@ -234,7 +234,8 @@ bool tls_authenticate_key(struct tls_multi *multi, const
> unsigned int mda_key_id
> * @param multi The multi tls struct
> * @param client_reason The string to send to the client as part of
> AUTH_FAILED
> */
> -void auth_set_client_reason(struct tls_multi* multi, const char*
> client_reason);
> +void auth_set_client_reason(struct tls_multi *multi, const char
> *client_reason);
> +
> #endif
>
> static inline const char *
> diff --git a/src/openvpn/vlan.c b/src/openvpn/vlan.c
> index a5885de2..9290179d 100644
> --- a/src/openvpn/vlan.c
> +++ b/src/openvpn/vlan.c
> @@ -58,7 +58,7 @@ static void
> vlanhdr_set_vid(struct openvpn_8021qhdr *hdr, const uint16_t vid)
> {
> hdr->pcp_cfi_vid = (hdr->pcp_cfi_vid & ~OPENVPN_8021Q_MASK_VID)
> - | (htons(vid) & OPENVPN_8021Q_MASK_VID);
> + | (htons(vid) & OPENVPN_8021Q_MASK_VID);
> }
>
> /*
> @@ -135,7 +135,7 @@ vlan_decapsulate(const struct context *c, struct buffer
> *buf)
> goto drop;
> }
>
> - /* vid == 0 means prio-tagged packet: don't drop and
> fall-through */
> + /* vid == 0 means prio-tagged packet: don't drop and fall-through */
> case VLAN_ONLY_TAGGED:
> case VLAN_ALL:
> /* tagged frame can be accepted: extract vid and strip
> encapsulation */
> diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h
> index 4b508c56..79504776 100644
> --- a/src/openvpn/win32.h
> +++ b/src/openvpn/win32.h
> @@ -69,7 +69,7 @@ struct security_attributes
> struct window_title
> {
> bool saved;
> - char old_window_title [256];
> + char old_window_title[256];
> };
>
> struct rw_handle {
>
I am not super happy with mis-aligning multi-line messages, but that's
how we have instructed uncrustify so far and we accept it for now.
@arne do you know if that bit is customizable?
By the way, the patch looks good.. except for that nitpick at the beginning.
--
Antonio Quartulli
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
