Hi, On 16/04/2020 13:39, Arne Schwabe wrote:
[CUT] > diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c > index 49864c0a..195941ca 100644 > --- a/src/openvpn/manage.c > +++ b/src/openvpn/manage.c > @@ -3660,9 +3660,9 @@ management_query_pk_sig(struct management *man, const > char *b64_data, > buf_write(&buf_data, ",", (int) strlen(",")); > buf_write(&buf_data, algorithm, (int) strlen(algorithm)); > } > - char* ret = management_query_multiline_flatten(man, > - (char *)buf_bptr(&buf_data), prompt, desc, > - &man->connection.ext_key_state, &man->connection.ext_key_input); > + char *ret = management_query_multiline_flatten(man, > + (char > *)buf_bptr(&buf_data), prompt, desc, why not moving some arguments on the first line ? One or two should fit. (IMHO it can be done in this patch - it's still about restyling) > + > &man->connection.ext_key_state, &man->connection.ext_key_input); > free_buf(&buf_data); > return ret; > } > diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c > index 1c17948c..a10888ed 100644 > --- a/src/openvpn/misc.c > +++ b/src/openvpn/misc.c > @@ -146,7 +146,7 @@ auth_user_pass_mgmt(struct user_pass *up, const char > *prefix, const unsigned int > } > return true; > } > -#endif > +#endif /* ifdef ENABLE_MANAGEMENT */ > > /* > * Get and store a username/password > diff --git a/src/openvpn/mroute.c b/src/openvpn/mroute.c > index bdb1b0c0..a7e78213 100644 > --- a/src/openvpn/mroute.c > +++ b/src/openvpn/mroute.c > @@ -324,7 +324,7 @@ mroute_extract_addr_ether(struct mroute_addr *src, > break; > } > } > -#endif > +#endif /* ifdef ENABLE_PF */ > } > return ret; > } > diff --git a/src/openvpn/networking.h b/src/openvpn/networking.h > index 5e6d898f..9c1d1696 100644 > --- a/src/openvpn/networking.h > +++ b/src/openvpn/networking.h > @@ -31,8 +31,8 @@ struct context; > #include "networking_iproute2.h" > #else > /* define mock types to ensure code builds on any platform */ > -typedef void * openvpn_net_ctx_t; > -typedef void * openvpn_net_iface_t; > +typedef void *openvpn_net_ctx_t; > +typedef void *openvpn_net_iface_t; > > static inline int > net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx) > @@ -51,7 +51,7 @@ net_ctx_free(openvpn_net_ctx_t *ctx) > { > (void)ctx; > } > -#endif > +#endif /* ifdef ENABLE_SITNL */ > > #if defined(ENABLE_SITNL) || defined(ENABLE_IPROUTE) > > diff --git a/src/openvpn/networking_iproute2.c > b/src/openvpn/networking_iproute2.c > index 0f9e899a..f3b9c614 100644 > --- a/src/openvpn/networking_iproute2.c > +++ b/src/openvpn/networking_iproute2.c > @@ -43,7 +43,9 @@ net_ctx_init(struct context *c, openvpn_net_ctx_t *ctx) > { > ctx->es = NULL; > if (c) > + { > ctx->es = c->es; > + } > ctx->gc = gc_new(); > > return 0; > @@ -207,10 +209,14 @@ net_route_v4_add(openvpn_net_ctx_t *ctx, const > in_addr_t *dst, int prefixlen, > argv_printf(&argv, "%s route add %s/%d", iproute_path, dst_str, > prefixlen); > > if (metric > 0) > + { > argv_printf_cat(&argv, "metric %d", metric); > + } > > if (iface) > + { > argv_printf_cat(&argv, "dev %s", iface); > + } > > if (gw) > { > @@ -246,7 +252,9 @@ net_route_v6_add(openvpn_net_ctx_t *ctx, const struct > in6_addr *dst, > } > > if (metric > 0) > + { > argv_printf_cat(&argv, "metric %d", metric); > + } > > argv_msg(D_ROUTE, &argv); > openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 add > command failed"); > @@ -267,7 +275,9 @@ net_route_v4_del(openvpn_net_ctx_t *ctx, const in_addr_t > *dst, int prefixlen, > argv_printf(&argv, "%s route del %s/%d", iproute_path, dst_str, > prefixlen); > > if (metric > 0) > + { > argv_printf_cat(&argv, "metric %d", metric); > + } > > argv_msg(D_ROUTE, &argv); > openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route delete > command failed"); > @@ -296,7 +306,9 @@ net_route_v6_del(openvpn_net_ctx_t *ctx, const struct > in6_addr *dst, > } > > if (metric > 0) > + { > argv_printf_cat(&argv, "metric %d", metric); > + } > > argv_msg(D_ROUTE, &argv); > openvpn_execve_check(&argv, ctx->es, 0, "ERROR: Linux route -6 del > command failed"); > @@ -314,7 +326,9 @@ net_route_v4_best_gw(openvpn_net_ctx_t *ctx, const > in_addr_t *dst, > > FILE *fp = fopen("/proc/net/route", "r"); > if (!fp) > + { > return -1; > + } > > char line[256]; > int count = 0; > diff --git a/src/openvpn/networking_sitnl.h b/src/openvpn/networking_sitnl.h > index f39d426d..6396b06e 100644 > --- a/src/openvpn/networking_sitnl.h > +++ b/src/openvpn/networking_sitnl.h > @@ -23,6 +23,6 @@ > #define NETWORKING_SITNL_H_ > > typedef char openvpn_net_iface_t; > -typedef void * openvpn_net_ctx_t; > +typedef void *openvpn_net_ctx_t; > > #endif /* NETWORKING_SITNL_H_ */ > diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h > index 900db7e1..595a9b1d 100644 > --- a/src/openvpn/openvpn.h > +++ b/src/openvpn/openvpn.h > @@ -524,7 +524,7 @@ struct context > > struct env_set *es; /**< Set of environment variables. */ > > - openvpn_net_ctx_t net_ctx; /**< Networking API opaque context */ > + openvpn_net_ctx_t net_ctx; /**< Networking API opaque context */ > > struct signal_info *sig; /**< Internal error signaling object. */ > > diff --git a/src/openvpn/options.c b/src/openvpn/options.c > index 49df8df1..63dc53c3 100644 > --- a/src/openvpn/options.c > +++ b/src/openvpn/options.c > @@ -1241,8 +1241,10 @@ print_vlan_accept(enum vlan_acceptable_frames mode) > { > case VLAN_ONLY_TAGGED: > return "tagged"; > + > case VLAN_ONLY_UNTAGGED_OR_PRIORITY: > return "untagged"; > + > case VLAN_ALL: > return "all"; > } > @@ -1320,7 +1322,7 @@ show_p2mp_parms(const struct options *o) > SHOW_STR(port_share_port); > #endif > SHOW_BOOL(vlan_tagging); > - msg(D_SHOW_PARMS, " vlan_accept = %s", print_vlan_accept > (o->vlan_accept)); > + msg(D_SHOW_PARMS, " vlan_accept = %s", > print_vlan_accept(o->vlan_accept)); > SHOW_INT(vlan_pvid); > #endif /* P2MP_SERVER */ > > @@ -5301,7 +5303,7 @@ add_option(struct options *options, > options->management_flags |= MF_EXTERNAL_CERT; > options->management_certificate = p[1]; > } > -#endif > +#endif /* ifdef ENABLE_MANAGEMENT */ > #ifdef MANAGEMENT_DEF_AUTH > else if (streq(p[0], "management-client-auth") && !p[1]) > { > @@ -7711,8 +7713,8 @@ add_option(struct options *options, > } > else > { > - if (streq(p[1], "secret") || streq(p[1], "tls-auth") || > - streq(p[1], "tls-crypt")) > + if (streq(p[1], "secret") || streq(p[1], "tls-auth") > + || streq(p[1], "tls-crypt")) > { > options->genkey_type = GENKEY_SECRET; > } > diff --git a/src/openvpn/options.h b/src/openvpn/options.h > index 2f1f6faf..4c1737e1 100644 > --- a/src/openvpn/options.h > +++ b/src/openvpn/options.h > @@ -222,8 +222,8 @@ struct options > bool show_curves; > bool genkey; > enum genkey_type genkey_type; > - const char* genkey_filename; > - const char* genkey_extra_data; > + const char *genkey_filename; > + const char *genkey_extra_data; > > /* Networking parms */ > int connect_retry_max; > diff --git a/src/openvpn/proto.h b/src/openvpn/proto.h > index c1ff3e14..c2517674 100644 > --- a/src/openvpn/proto.h > +++ b/src/openvpn/proto.h > @@ -67,7 +67,7 @@ struct openvpn_ethhdr > struct openvpn_8021qhdr > { > uint8_t dest[OPENVPN_ETH_ALEN]; /* destination ethernet addr */ > - uint8_t source[OPENVPN_ETH_ALEN]; /* source ethernet addr */ > + uint8_t source[OPENVPN_ETH_ALEN]; /* source ethernet addr */ > > uint16_t tpid; /* 802.1Q Tag Protocol Identifier */ > #define OPENVPN_8021Q_MASK_PCP htons(0xE000) /* mask PCP out of pcp_cfi_vid > */ > diff --git a/src/openvpn/push.c b/src/openvpn/push.c > index aef00d34..39a906d4 100644 > --- a/src/openvpn/push.c > +++ b/src/openvpn/push.c > @@ -72,19 +72,19 @@ receive_auth_failed(struct context *c, const struct > buffer *buffer) > { > switch (auth_retry_get()) > { > - case AR_NONE: > - c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- Auth > failure error */ > - break; > + case AR_NONE: > + c->sig->signal_received = SIGTERM; /* SOFT-SIGTERM -- > Auth failure error */ > + break; > > - case AR_INTERACT: > - ssl_purge_auth(false); > + case AR_INTERACT: > + ssl_purge_auth(false); > > - case AR_NOINTERACT: > - c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- Auth > failure error */ > - break; > + case AR_NOINTERACT: > + c->sig->signal_received = SIGUSR1; /* SOFT-SIGUSR1 -- > Auth failure error */ > + break; > > - default: > - ASSERT(0); > + default: > + ASSERT(0); > } > c->sig->signal_text = "auth-failure"; > } > diff --git a/src/openvpn/route.c b/src/openvpn/route.c > index e0f8d201..51f76318 100644 > --- a/src/openvpn/route.c > +++ b/src/openvpn/route.c > @@ -2152,7 +2152,7 @@ delete_route(struct route_ipv4 *r, > #if !defined(TARGET_ANDROID) > const char *gateway; > #endif > -#else > +#else /* if !defined(TARGET_LINUX) */ > int metric; > #endif > int is_local_route; > diff --git a/src/openvpn/ssl.c b/src/openvpn/ssl.c > index 56d0576a..80e0d5ac 100644 > --- a/src/openvpn/ssl.c > +++ b/src/openvpn/ssl.c > @@ -466,7 +466,7 @@ ssl_set_auth_token(const char *token) > * Cleans an auth token and checks if it was active > */ > bool > -ssl_clean_auth_token (void) > +ssl_clean_auth_token(void) > { > bool wasdefined = auth_token.defined; > purge_user_pass(&auth_token, true); > @@ -2015,7 +2015,7 @@ tls_session_update_crypto_params(struct tls_session > *session, > { > frame_remove_from_extra_frame(frame_fragment, crypto_max_overhead()); > crypto_adjust_frame_parameters(frame_fragment, > &session->opt->key_type, > - options->replay, packet_id_long_form); > + options->replay, packet_id_long_form); > frame_set_mtu_dynamic(frame_fragment, options->ce.fragment, > SET_MTU_UPPER_BOUND); > frame_print(frame_fragment, D_MTU_INFO, "Fragmentation MTU parms"); > } > @@ -2411,7 +2411,9 @@ key_method_2_write(struct buffer *buf, struct > tls_session *session) > * username/password > */ > if (auth_token.defined) > + { > up = &auth_token; > + } > > if (!write_string(buf, up->username, -1)) > { > diff --git a/src/openvpn/ssl.h b/src/openvpn/ssl.h > index f0a8ef54..2f6f7657 100644 > --- a/src/openvpn/ssl.h > +++ b/src/openvpn/ssl.h > @@ -607,4 +607,5 @@ void > show_available_tls_ciphers(const char *cipher_list, > const char *cipher_list_tls13, > const char *tls_cert_profile); > + > #endif /* ifndef OPENVPN_SSL_H */ > diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c > index d585111b..1f91b785 100644 > --- a/src/openvpn/ssl_mbedtls.c > +++ b/src/openvpn/ssl_mbedtls.c > @@ -191,12 +191,13 @@ tls_ctx_initialised(struct tls_root_ctx *ctx) > } > > #ifdef HAVE_EXPORT_KEYING_MATERIAL > -int mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms, > - const unsigned char *kb, size_t maclen, > - size_t keylen, size_t ivlen, > - const unsigned char client_random[32], > - const unsigned char server_random[32], > - mbedtls_tls_prf_types tls_prf_type) > +int > +mbedtls_ssl_export_keys_cb(void *p_expkey, const unsigned char *ms, > + const unsigned char *kb, size_t maclen, > + size_t keylen, size_t ivlen, > + const unsigned char client_random[32], > + const unsigned char server_random[32], > + mbedtls_tls_prf_types tls_prf_type) > { > struct tls_session *session = p_expkey; > struct key_state_ssl *ks_ssl = &session->key[KS_PRIMARY].ks_ssl; > @@ -1126,7 +1127,7 @@ key_state_ssl_init(struct key_state_ssl *ks_ssl, > if (session->opt->ekm_size) > { > mbedtls_ssl_conf_export_keys_ext_cb(ks_ssl->ssl_config, > - mbedtls_ssl_export_keys_cb, session); > + mbedtls_ssl_export_keys_cb, > session); > } > #endif > > diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c > index d7bd6aa2..5955c6bd 100644 > --- a/src/openvpn/ssl_openssl.c > +++ b/src/openvpn/ssl_openssl.c > @@ -683,7 +683,7 @@ tls_ctx_load_ecdh_params(struct tls_root_ctx *ctx, const > char *curve_name > * so do nothing */ > #endif > return; > -#else > +#else /* if OPENSSL_VERSION_NUMBER >= 0x10002000L */ > /* For older OpenSSL we have to extract the curve from key on our > own */ > EC_KEY *eckey = NULL; > const EC_GROUP *ecgrp = NULL; > @@ -1173,7 +1173,7 @@ openvpn_extkey_rsa_finish(RSA *rsa) > * interface query > */ > const char * > -get_rsa_padding_name (const int padding) > +get_rsa_padding_name(const int padding) > { > switch (padding) > { > @@ -1190,14 +1190,14 @@ get_rsa_padding_name (const int padding) > > /** > * Pass the input hash in 'dgst' to management and get the signature back. > - * > - * @param dgst hash to be signed > - * @param dgstlen len of data in dgst > - * @param sig On successful return signature is in sig. > - * @param siglen length of buffer sig > - * @param algorithm padding/hashing algorithm for the signature > * > - * @return signature length or -1 on error. > + * @param dgst hash to be signed > + * @param dgstlen len of data in dgst > + * @param sig On successful return signature is in sig. > + * @param siglen length of buffer sig > + * @param algorithm padding/hashing algorithm for the signature > + * > + * @return signature length or -1 on error. > */ > static int > get_sig_from_man(const unsigned char *dgst, unsigned int dgstlen, > @@ -1239,7 +1239,7 @@ rsa_priv_enc(int flen, const unsigned char *from, > unsigned char *to, RSA *rsa, > return -1; > } > > - ret = get_sig_from_man(from, flen, to, len, get_rsa_padding_name > (padding)); > + ret = get_sig_from_man(from, flen, to, len, > get_rsa_padding_name(padding)); > > return (ret == len) ? ret : -1; > } > @@ -1314,7 +1314,7 @@ err: > } > > #if ((OPENSSL_VERSION_NUMBER > 0x10100000L && > !defined(LIBRESSL_VERSION_NUMBER)) \ > - || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \ > + || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \ > && !defined(OPENSSL_NO_EC) > > /* called when EC_KEY is destroyed */ > @@ -1475,7 +1475,7 @@ tls_ctx_use_management_external_key(struct tls_root_ctx > *ctx) > } > } > #if ((OPENSSL_VERSION_NUMBER > 0x10100000L && > !defined(LIBRESSL_VERSION_NUMBER)) \ > - || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \ > + || LIBRESSL_VERSION_NUMBER > 0x2090000fL) \ > && !defined(OPENSSL_NO_EC) > else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) > { > @@ -2135,8 +2135,8 @@ show_available_tls_ciphers_list(const char *cipher_list, > crypto_msg(M_FATAL, "Cannot create SSL object"); > } > > -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || \ > - (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= > 0x2090000fL) > +#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) \ > + || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER <= > 0x2090000fL) > STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl); > #else > STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl); > diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c > index da0966c5..9362b8e9 100644 > --- a/src/openvpn/ssl_verify.c > +++ b/src/openvpn/ssl_verify.c > @@ -804,7 +804,7 @@ cleanup: > #endif > > void > -auth_set_client_reason(struct tls_multi* multi, const char* client_reason) > +auth_set_client_reason(struct tls_multi *multi, const char *client_reason) > { > if (multi->client_reason) > { > @@ -1204,7 +1204,7 @@ verify_user_pass_plugin(struct tls_session *session, > struct tls_multi *multi, > > static int > verify_user_pass_management(struct tls_session *session, > - struct tls_multi* multi, > + struct tls_multi *multi, > const struct user_pass *up) > { > int retval = KMDA_ERROR; > @@ -1301,16 +1301,16 @@ verify_user_pass(struct user_pass *up, struct > tls_multi *multi, > * for equality with AUTH_TOKEN_HMAC_OK > */ > msg(M_WARN, "TLS: Username/auth-token authentication " > - "succeeded for username '%s'", > + "succeeded for username '%s'", > up->username); > - skip_auth = true; > + skip_auth = true; > } > else > { > wipe_auth_token(multi); > ks->authenticated = false; > msg(M_WARN, "TLS: Username/auth-token authentication " > - "failed for username '%s'", up->username); > + "failed for username '%s'", up->username); > return; > } > } > @@ -1335,12 +1335,12 @@ verify_user_pass(struct user_pass *up, struct > tls_multi *multi, > } > > /* check sizing of username if it will become our common name */ > - if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME) && > - strlen(up->username)>TLS_USERNAME_LEN) > + if ((session->opt->ssl_flags & SSLF_USERNAME_AS_COMMON_NAME) > + && strlen(up->username)>TLS_USERNAME_LEN) > { > msg(D_TLS_ERRORS, > - "TLS Auth Error: --username-as-common name specified and > username is longer than the maximum permitted Common Name length of %d > characters", > - TLS_USERNAME_LEN); > + "TLS Auth Error: --username-as-common name specified and > username is longer than the maximum permitted Common Name length of %d > characters", > + TLS_USERNAME_LEN); > s1 = OPENVPN_PLUGIN_FUNC_ERROR; > } > /* auth succeeded? */ > diff --git a/src/openvpn/ssl_verify.h b/src/openvpn/ssl_verify.h > index c54b89a6..21b37a0f 100644 > --- a/src/openvpn/ssl_verify.h > +++ b/src/openvpn/ssl_verify.h > @@ -234,7 +234,8 @@ bool tls_authenticate_key(struct tls_multi *multi, const > unsigned int mda_key_id > * @param multi The multi tls struct > * @param client_reason The string to send to the client as part of > AUTH_FAILED > */ > -void auth_set_client_reason(struct tls_multi* multi, const char* > client_reason); > +void auth_set_client_reason(struct tls_multi *multi, const char > *client_reason); > + > #endif > > static inline const char * > diff --git a/src/openvpn/vlan.c b/src/openvpn/vlan.c > index a5885de2..9290179d 100644 > --- a/src/openvpn/vlan.c > +++ b/src/openvpn/vlan.c > @@ -58,7 +58,7 @@ static void > vlanhdr_set_vid(struct openvpn_8021qhdr *hdr, const uint16_t vid) > { > hdr->pcp_cfi_vid = (hdr->pcp_cfi_vid & ~OPENVPN_8021Q_MASK_VID) > - | (htons(vid) & OPENVPN_8021Q_MASK_VID); > + | (htons(vid) & OPENVPN_8021Q_MASK_VID); > } > > /* > @@ -135,7 +135,7 @@ vlan_decapsulate(const struct context *c, struct buffer > *buf) > goto drop; > } > > - /* vid == 0 means prio-tagged packet: don't drop and > fall-through */ > + /* vid == 0 means prio-tagged packet: don't drop and fall-through */ > case VLAN_ONLY_TAGGED: > case VLAN_ALL: > /* tagged frame can be accepted: extract vid and strip > encapsulation */ > diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h > index 4b508c56..79504776 100644 > --- a/src/openvpn/win32.h > +++ b/src/openvpn/win32.h > @@ -69,7 +69,7 @@ struct security_attributes > struct window_title > { > bool saved; > - char old_window_title [256]; > + char old_window_title[256]; > }; > > struct rw_handle { > I am not super happy with mis-aligning multi-line messages, but that's how we have instructed uncrustify so far and we accept it for now. @arne do you know if that bit is customizable? By the way, the patch looks good.. except for that nitpick at the beginning. -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel