Run util/openssl-format-source -v -c .

Reviewed-by: Tim Hudson <tjh@openssl.org>

7 files changed, 1816 insertions, 1656 deletions

diff --git a/demos/tunala/breakage.c b/demos/tunala/breakage.c
index dcdd64b0ef..16a3b9e0c8 100644
--- a/demos/tunala/breakage.c
+++ b/demos/tunala/breakage.c
@@ -3,64 +3,66 @@
 int int_strtoul(const char *str, unsigned long *val)
 {
 #ifdef HAVE_STRTOUL
-	char *tmp;
-	unsigned long ret = strtoul(str, &tmp, 10);
-	if((str == tmp) || (*tmp != '\0'))
-		/* The value didn't parse cleanly */
-		return 0;
-	if(ret == ULONG_MAX)
-		/* We hit a limit */
-		return 0;
-	*val = ret;
-	return 1;
+    char *tmp;
+    unsigned long ret = strtoul(str, &tmp, 10);
+    if ((str == tmp) || (*tmp != '\0'))
+        /* The value didn't parse cleanly */
+        return 0;
+    if (ret == ULONG_MAX)
+        /* We hit a limit */
+        return 0;
+    *val = ret;
+    return 1;
 #else
-	char buf[2];
-	unsigned long ret = 0;
-	buf[1] = '\0';
-	if(str == '\0')
-		/* An empty string ... */
-		return 0;
-	while(*str != '\0') {
-		/* We have to multiply 'ret' by 10 before absorbing the next
-		 * digit. If this will overflow, catch it now. */
-		if(ret && (((ULONG_MAX + 10) / ret) < 10))
-			return 0;
-		ret *= 10;
-		if(!isdigit(*str))
-			return 0;
-		buf[0] = *str;
-		ret += atoi(buf);
-		str++;
-	}
-	*val = ret;
-	return 1;
+    char buf[2];
+    unsigned long ret = 0;
+    buf[1] = '\0';
+    if (str == '\0')
+        /* An empty string ... */
+        return 0;
+    while (*str != '\0') {
+        /*
+         * We have to multiply 'ret' by 10 before absorbing the next digit.
+         * If this will overflow, catch it now.
+         */
+        if (ret && (((ULONG_MAX + 10) / ret) < 10))
+            return 0;
+        ret *= 10;
+        if (!isdigit(*str))
+            return 0;
+        buf[0] = *str;
+        ret += atoi(buf);
+        str++;
+    }
+    *val = ret;
+    return 1;
 #endif
 }
 
 #ifndef HAVE_STRSTR
 char *int_strstr(const char *haystack, const char *needle)
 {
-	const char *sub_haystack = haystack, *sub_needle = needle;
-	unsigned int offset = 0;
-	if(!needle)
-		return haystack;
-	if(!haystack)
-		return NULL;
-	while((*sub_haystack != '\0') && (*sub_needle != '\0')) {
-		if(sub_haystack[offset] == sub_needle) {
-			/* sub_haystack is still a candidate */
-			offset++;
-			sub_needle++;
-		} else {
-			/* sub_haystack is no longer a possibility */
-			sub_haystack++;
-			offset = 0;
-			sub_needle = needle;
-		}
-	}
-	if(*sub_haystack == '\0')
-		/* Found nothing */
-		return NULL;
-	return sub_haystack;
+    const char *sub_haystack = haystack, *sub_needle = needle;
+    unsigned int offset = 0;
+    if (!needle)
+        return haystack;
+    if (!haystack)
+        return NULL;
+    while ((*sub_haystack != '\0') && (*sub_needle != '\0')) {
+        if (sub_haystack[offset] == sub_needle) {
+            /* sub_haystack is still a candidate */
+            offset++;
+            sub_needle++;
+        } else {
+            /* sub_haystack is no longer a possibility */
+            sub_haystack++;
+            offset = 0;
+            sub_needle = needle;
+        }
+    }
+    if (*sub_haystack == '\0')
+        /* Found nothing */
+        return NULL;
+    return sub_haystack;
 }
 #endif
diff --git a/demos/tunala/buffer.c b/demos/tunala/buffer.c
index c5cd004209..8e2cc9d200 100644
--- a/demos/tunala/buffer.c
+++ b/demos/tunala/buffer.c
@@ -2,204 +2,235 @@
 
 #ifndef NO_BUFFER
 
-void buffer_init(buffer_t *buf)
+void buffer_init(buffer_t * buf)
 {
-	buf->used = 0;
-	buf->total_in = buf->total_out = 0;
+    buf->used = 0;
+    buf->total_in = buf->total_out = 0;
 }
 
-void buffer_close(buffer_t *buf)
+void buffer_close(buffer_t * buf)
 {
-	/* Our data is static - nothing needs "release", just reset it */
-	buf->used = 0;
+    /* Our data is static - nothing needs "release", just reset it */
+    buf->used = 0;
 }
 
 /* Code these simple ones in compact form */
-unsigned int buffer_used(buffer_t *buf) {
-	return buf->used; }
-unsigned int buffer_unused(buffer_t *buf) {
-	return (MAX_DATA_SIZE - buf->used); }
-int buffer_full(buffer_t *buf) {
-	return (buf->used == MAX_DATA_SIZE ? 1 : 0); }
-int buffer_notfull(buffer_t *buf) {
-	return (buf->used < MAX_DATA_SIZE ? 1 : 0); }
-int buffer_empty(buffer_t *buf) {
-	return (buf->used == 0 ? 1 : 0); }
-int buffer_notempty(buffer_t *buf) {
-	return (buf->used > 0 ? 1 : 0); }
-unsigned long buffer_total_in(buffer_t *buf) {
-	return buf->total_in; }
-unsigned long buffer_total_out(buffer_t *buf) {
-	return buf->total_out; }
-
-/* These 3 static (internal) functions don't adjust the "total" variables as
+unsigned int buffer_used(buffer_t * buf)
+{
+    return buf->used;
+}
+
+unsigned int buffer_unused(buffer_t * buf)
+{
+    return (MAX_DATA_SIZE - buf->used);
+}
+
+int buffer_full(buffer_t * buf)
+{
+    return (buf->used == MAX_DATA_SIZE ? 1 : 0);
+}
+
+int buffer_notfull(buffer_t * buf)
+{
+    return (buf->used < MAX_DATA_SIZE ? 1 : 0);
+}
+
+int buffer_empty(buffer_t * buf)
+{
+    return (buf->used == 0 ? 1 : 0);
+}
+
+int buffer_notempty(buffer_t * buf)
+{
+    return (buf->used > 0 ? 1 : 0);
+}
+
+unsigned long buffer_total_in(buffer_t * buf)
+{
+    return buf->total_in;
+}
+
+unsigned long buffer_total_out(buffer_t * buf)
+{
+    return buf->total_out;
+}
+
+/*
+ * These 3 static (internal) functions don't adjust the "total" variables as
  * it's not sure when they're called how it should be interpreted. Only the
  * higher-level "buffer_[to|from]_[fd|SSL|BIO]" functions should alter these
- * values. */
-#if 0 /* To avoid "unused" warnings */
-static unsigned int buffer_adddata(buffer_t *buf, const unsigned char *ptr,
-		unsigned int size)
-{
-	unsigned int added = MAX_DATA_SIZE - buf->used;
-	if(added > size)
-		added = size;
-	if(added == 0)
-		return 0;
-	memcpy(buf->data + buf->used, ptr, added);
-	buf->used += added;
-	buf->total_in += added;
-	return added;
-}
-
-static unsigned int buffer_tobuffer(buffer_t *to, buffer_t *from, int cap)
-{
-	unsigned int moved, tomove = from->used;
-	if((int)tomove > cap)
-		tomove = cap;
-	if(tomove == 0)
-		return 0;
-	moved = buffer_adddata(to, from->data, tomove);
-	if(moved == 0)
-		return 0;
-	buffer_takedata(from, NULL, moved);
-	return moved;
-}
-#endif
-
-static unsigned int buffer_takedata(buffer_t *buf, unsigned char *ptr,
-		unsigned int size)
-{
-	unsigned int taken = buf->used;
-	if(taken > size)
-		taken = size;
-	if(taken == 0)
-		return 0;
-	if(ptr)
-		memcpy(ptr, buf->data, taken);
-	buf->used -= taken;
-	/* Do we have to scroll? */
-	if(buf->used > 0)
-		memmove(buf->data, buf->data + taken, buf->used);
-	return taken;
-}
-
-#ifndef NO_IP
-
-int buffer_from_fd(buffer_t *buf, int fd)
-{
-	int toread = buffer_unused(buf);
-	if(toread == 0)
-		/* Shouldn't be called in this case! */
-		abort();
-	toread = read(fd, buf->data + buf->used, toread);
-	if(toread > 0) {
-		buf->used += toread;
-		buf->total_in += toread;
-	}
-	return toread;
-}
-
-int buffer_to_fd(buffer_t *buf, int fd)
-{
-	int towrite = buffer_used(buf);
-	if(towrite == 0)
-		/* Shouldn't be called in this case! */
-		abort();
-	towrite = write(fd, buf->data, towrite);
-	if(towrite > 0) {
-		buffer_takedata(buf, NULL, towrite);
-		buf->total_out += towrite;
-	}
-	return towrite;
-}
-
-#endif /* !defined(NO_IP) */
-
-#ifndef NO_OPENSSL
+ * values.
+ */
+# if 0                          /* To avoid "unused" warnings */
+static unsigned int buffer_adddata(buffer_t * buf, const unsigned char *ptr,
+                                   unsigned int size)
+{
+    unsigned int added = MAX_DATA_SIZE - buf->used;
+    if (added > size)
+        added = size;
+    if (added == 0)
+        return 0;
+    memcpy(buf->data + buf->used, ptr, added);
+    buf->used += added;
+    buf->total_in += added;
+    return added;
+}
+
+static unsigned int buffer_tobuffer(buffer_t * to, buffer_t * from, int cap)
+{
+    unsigned int moved, tomove = from->used;
+    if ((int)tomove > cap)
+        tomove = cap;
+    if (tomove == 0)
+        return 0;
+    moved = buffer_adddata(to, from->data, tomove);
+    if (moved == 0)
+        return 0;
+    buffer_takedata(from, NULL, moved);
+    return moved;
+}
+# endif
+
+static unsigned int buffer_takedata(buffer_t * buf, unsigned char *ptr,
+                                    unsigned int size)
+{
+    unsigned int taken = buf->used;
+    if (taken > size)
+        taken = size;
+    if (taken == 0)
+        return 0;
+    if (ptr)
+        memcpy(ptr, buf->data, taken);
+    buf->used -= taken;
+    /* Do we have to scroll? */
+    if (buf->used > 0)
+        memmove(buf->data, buf->data + taken, buf->used);
+    return taken;
+}
+
+# ifndef NO_IP
+
+int buffer_from_fd(buffer_t * buf, int fd)
+{
+    int toread = buffer_unused(buf);
+    if (toread == 0)
+        /* Shouldn't be called in this case! */
+        abort();
+    toread = read(fd, buf->data + buf->used, toread);
+    if (toread > 0) {
+        buf->used += toread;
+        buf->total_in += toread;
+    }
+    return toread;
+}
+
+int buffer_to_fd(buffer_t * buf, int fd)
+{
+    int towrite = buffer_used(buf);
+    if (towrite == 0)
+        /* Shouldn't be called in this case! */
+        abort();
+    towrite = write(fd, buf->data, towrite);
+    if (towrite > 0) {
+        buffer_takedata(buf, NULL, towrite);
+        buf->total_out += towrite;
+    }
+    return towrite;
+}
+
+# endif                         /* !defined(NO_IP) */
+
+# ifndef NO_OPENSSL
 
 static void int_ssl_check(SSL *s, int ret)
 {
-	int e = SSL_get_error(s, ret);
-	switch(e) {
-		/* These seem to be harmless and already "dealt with" by our
-		 * non-blocking environment. NB: "ZERO_RETURN" is the clean
-		 * "error" indicating a successfully closed SSL tunnel. We let
-		 * this happen because our IO loop should not appear to have
-		 * broken on this condition - and outside the IO loop, the
-		 * "shutdown" state is checked. */
-	case SSL_ERROR_NONE:
-	case SSL_ERROR_WANT_READ:
-	case SSL_ERROR_WANT_WRITE:
-	case SSL_ERROR_WANT_X509_LOOKUP:
-	case SSL_ERROR_ZERO_RETURN:
-		return;
-		/* These seem to be indications of a genuine error that should
-		 * result in the SSL tunnel being regarded as "dead". */
-	case SSL_ERROR_SYSCALL:
-	case SSL_ERROR_SSL:
-		SSL_set_app_data(s, (char *)1);
-		return;
-	default:
-		break;
-	}
-	/* For any other errors that (a) exist, and (b) crop up - we need to
-	 * interpret what to do with them - so "politely inform" the caller that
-	 * the code needs updating here. */
-	abort();
-}
-
-void buffer_from_SSL(buffer_t *buf, SSL *ssl)
-{
-	int ret;
-	if(!ssl || buffer_full(buf))
-		return;
-	ret = SSL_read(ssl, buf->data + buf->used, buffer_unused(buf));
-	if(ret > 0) {
-		buf->used += ret;
-		buf->total_in += ret;
-	}
-	if(ret < 0)
-		int_ssl_check(ssl, ret);
-}
-
-void buffer_to_SSL(buffer_t *buf, SSL *ssl)
-{
-	int ret;
-	if(!ssl || buffer_empty(buf))
-		return;
-	ret = SSL_write(ssl, buf->data, buf->used);
-	if(ret > 0) {
-		buffer_takedata(buf, NULL, ret);
-		buf->total_out += ret;
-	}
-	if(ret < 0)
-		int_ssl_check(ssl, ret);
-}
-
-void buffer_from_BIO(buffer_t *buf, BIO *bio)
-{
-	int ret;
-	if(!bio || buffer_full(buf))
-		return;
-	ret = BIO_read(bio, buf->data + buf->used, buffer_unused(buf));
-	if(ret > 0) {
-		buf->used += ret;
-		buf->total_in += ret;
-	}
-}
-
-void buffer_to_BIO(buffer_t *buf, BIO *bio)
-{
-	int ret;
-	if(!bio || buffer_empty(buf))
-		return;
-	ret = BIO_write(bio, buf->data, buf->used);
-	if(ret > 0) {
-		buffer_takedata(buf, NULL, ret);
-		buf->total_out += ret;
-	}
-}
-
-#endif /* !defined(NO_OPENSSL) */
-
-#endif /* !defined(NO_BUFFER) */
+    int e = SSL_get_error(s, ret);
+    switch (e) {
+        /*
+         * These seem to be harmless and already "dealt with" by our
+         * non-blocking environment. NB: "ZERO_RETURN" is the clean "error"
+         * indicating a successfully closed SSL tunnel. We let this happen
+         * because our IO loop should not appear to have broken on this
+         * condition - and outside the IO loop, the "shutdown" state is
+         * checked.
+         */
+    case SSL_ERROR_NONE:
+    case SSL_ERROR_WANT_READ:
+    case SSL_ERROR_WANT_WRITE:
+    case SSL_ERROR_WANT_X509_LOOKUP:
+    case SSL_ERROR_ZERO_RETURN:
+        return;
+        /*
+         * These seem to be indications of a genuine error that should result
+         * in the SSL tunnel being regarded as "dead".
+         */
+    case SSL_ERROR_SYSCALL:
+    case SSL_ERROR_SSL:
+        SSL_set_app_data(s, (char *)1);
+        return;
+    default:
+        break;
+    }
+    /*
+     * For any other errors that (a) exist, and (b) crop up - we need to
+     * interpret what to do with them - so "politely inform" the caller that
+     * the code needs updating here.
+     */
+    abort();
+}
+
+void buffer_from_SSL(buffer_t * buf, SSL *ssl)
+{
+    int ret;
+    if (!ssl || buffer_full(buf))
+        return;
+    ret = SSL_read(ssl, buf->data + buf->used, buffer_unused(buf));
+    if (ret > 0) {
+        buf->used += ret;
+        buf->total_in += ret;
+    }
+    if (ret < 0)
+        int_ssl_check(ssl, ret);
+}
+
+void buffer_to_SSL(buffer_t * buf, SSL *ssl)
+{
+    int ret;
+    if (!ssl || buffer_empty(buf))
+        return;
+    ret = SSL_write(ssl, buf->data, buf->used);
+    if (ret > 0) {
+        buffer_takedata(buf, NULL, ret);
+        buf->total_out += ret;
+    }
+    if (ret < 0)
+        int_ssl_check(ssl, ret);
+}
+
+void buffer_from_BIO(buffer_t * buf, BIO *bio)
+{
+    int ret;
+    if (!bio || buffer_full(buf))
+        return;
+    ret = BIO_read(bio, buf->data + buf->used, buffer_unused(buf));
+    if (ret > 0) {
+        buf->used += ret;
+        buf->total_in += ret;
+    }
+}
+
+void buffer_to_BIO(buffer_t * buf, BIO *bio)
+{
+    int ret;
+    if (!bio || buffer_empty(buf))
+        return;
+    ret = BIO_write(bio, buf->data, buf->used);
+    if (ret > 0) {
+        buffer_takedata(buf, NULL, ret);
+        buf->total_out += ret;
+    }
+}
+
+# endif                         /* !defined(NO_OPENSSL) */
+
+#endif                          /* !defined(NO_BUFFER) */
diff --git a/demos/tunala/cb.c b/demos/tunala/cb.c
index 0f6850ea97..deea66cc01 100644
--- a/demos/tunala/cb.c
+++ b/demos/tunala/cb.c
@@ -16,129 +16,139 @@ static unsigned int cb_ssl_verify_level = 1;
 /* Other static rubbish (to mirror s_cb.c where required) */
 static int int_verify_depth = 10;
 
-/* This function is largely borrowed from the one used in OpenSSL's "s_client"
- * and "s_server" utilities. */
+/*
+ * This function is largely borrowed from the one used in OpenSSL's
+ * "s_client" and "s_server" utilities.
+ */
 void cb_ssl_info(const SSL *s, int where, int ret)
 {
-	const char *str1, *str2;
-	int w;
-
-	if(!fp_cb_ssl_info)
-		return;
-
-	w = where & ~SSL_ST_MASK;
-	str1 = (w & SSL_ST_CONNECT ? "SSL_connect" : (w & SSL_ST_ACCEPT ?
-				"SSL_accept" : "undefined")),
-	str2 = SSL_state_string_long(s);
-
-	if (where & SSL_CB_LOOP)
-		fprintf(fp_cb_ssl_info, "(%s) %s\n", str1, str2);
-	else if (where & SSL_CB_EXIT) {
-		if (ret == 0)
-			fprintf(fp_cb_ssl_info, "(%s) failed in %s\n", str1, str2);
-/* In a non-blocking model, we get a few of these "error"s simply because we're
- * calling "reads" and "writes" on the state-machine that are virtual NOPs
- * simply to avoid wasting the time seeing if we *should* call them. Removing
- * this case makes the "-out_state" output a lot easier on the eye. */
-#if 0
-		else if (ret < 0)
-			fprintf(fp_cb_ssl_info, "%s:error in %s\n", str1, str2);
-#endif
-	}
+    const char *str1, *str2;
+    int w;
+
+    if (!fp_cb_ssl_info)
+        return;
+
+    w = where & ~SSL_ST_MASK;
+    str1 = (w & SSL_ST_CONNECT ? "SSL_connect" : (w & SSL_ST_ACCEPT ?
+                                                  "SSL_accept" :
+                                                  "undefined")), str2 =
+        SSL_state_string_long(s);
+
+    if (where & SSL_CB_LOOP)
+        fprintf(fp_cb_ssl_info, "(%s) %s\n", str1, str2);
+    else if (where & SSL_CB_EXIT) {
+        if (ret == 0)
+            fprintf(fp_cb_ssl_info, "(%s) failed in %s\n", str1, str2);
+        /*
+         * In a non-blocking model, we get a few of these "error"s simply
+         * because we're calling "reads" and "writes" on the state-machine
+         * that are virtual NOPs simply to avoid wasting the time seeing if
+         * we *should* call them. Removing this case makes the "-out_state"
+         * output a lot easier on the eye.
+         */
+# if 0
+        else if (ret < 0)
+            fprintf(fp_cb_ssl_info, "%s:error in %s\n", str1, str2);
+# endif
+    }
 }
 
 void cb_ssl_info_set_output(FILE *fp)
 {
-	fp_cb_ssl_info = fp;
+    fp_cb_ssl_info = fp;
 }
 
-static const char *int_reason_no_issuer = "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT";
+static const char *int_reason_no_issuer =
+    "X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT";
 static const char *int_reason_not_yet = "X509_V_ERR_CERT_NOT_YET_VALID";
-static const char *int_reason_before = "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD";
+static const char *int_reason_before =
+    "X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD";
 static const char *int_reason_expired = "X509_V_ERR_CERT_HAS_EXPIRED";
-static const char *int_reason_after = "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD";
+static const char *int_reason_after =
+    "X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD";
 
 /* Stolen wholesale from apps/s_cb.c :-) And since then, mutilated ... */
 int cb_ssl_verify(int ok, X509_STORE_CTX *ctx)
 {
-	char buf1[256]; /* Used for the subject name */
-	char buf2[256]; /* Used for the issuer name */
-	const char *reason = NULL; /* Error reason (if any) */
-	X509 *err_cert;
-	int err, depth;
-
-	if(!fp_cb_ssl_verify || (cb_ssl_verify_level == 0))
-		return ok;
-	err_cert = X509_STORE_CTX_get_current_cert(ctx);
-	err = X509_STORE_CTX_get_error(ctx);
-	depth = X509_STORE_CTX_get_error_depth(ctx);
-
-	buf1[0] = buf2[0] = '\0';
-	/* Fill buf1 */
-	X509_NAME_oneline(X509_get_subject_name(err_cert), buf1, 256);
-	/* Fill buf2 */
-	X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf2, 256);
-	switch (ctx->error) {
-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-		reason = int_reason_no_issuer;
-		break;
-	case X509_V_ERR_CERT_NOT_YET_VALID:
-		reason = int_reason_not_yet;
-		break;
-	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-		reason = int_reason_before;
-		break;
-	case X509_V_ERR_CERT_HAS_EXPIRED:
-		reason = int_reason_expired;
-		break;
-	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-		reason = int_reason_after;
-		break;
-	}
-
-	if((cb_ssl_verify_level == 1) && ok)
-		return ok;
-	fprintf(fp_cb_ssl_verify, "chain-depth=%d, ", depth);
-	if(reason)
-		fprintf(fp_cb_ssl_verify, "error=%s\n", reason);
-	else
-		fprintf(fp_cb_ssl_verify, "error=%d\n", err);
-	if(cb_ssl_verify_level < 3)
-		return ok;
-	fprintf(fp_cb_ssl_verify, "--> subject = %s\n", buf1);
-	fprintf(fp_cb_ssl_verify, "--> issuer  = %s\n", buf2);
-	if(!ok)
-		fprintf(fp_cb_ssl_verify,"--> verify error:num=%d:%s\n",err,
-			X509_verify_cert_error_string(err));
-	fprintf(fp_cb_ssl_verify, "--> verify return:%d\n",ok);
-	return ok;
+    char buf1[256];             /* Used for the subject name */
+    char buf2[256];             /* Used for the issuer name */
+    const char *reason = NULL;  /* Error reason (if any) */
+    X509 *err_cert;
+    int err, depth;
+
+    if (!fp_cb_ssl_verify || (cb_ssl_verify_level == 0))
+        return ok;
+    err_cert = X509_STORE_CTX_get_current_cert(ctx);
+    err = X509_STORE_CTX_get_error(ctx);
+    depth = X509_STORE_CTX_get_error_depth(ctx);
+
+    buf1[0] = buf2[0] = '\0';
+    /* Fill buf1 */
+    X509_NAME_oneline(X509_get_subject_name(err_cert), buf1, 256);
+    /* Fill buf2 */
+    X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf2, 256);
+    switch (ctx->error) {
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+        reason = int_reason_no_issuer;
+        break;
+    case X509_V_ERR_CERT_NOT_YET_VALID:
+        reason = int_reason_not_yet;
+        break;
+    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        reason = int_reason_before;
+        break;
+    case X509_V_ERR_CERT_HAS_EXPIRED:
+        reason = int_reason_expired;
+        break;
+    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        reason = int_reason_after;
+        break;
+    }
+
+    if ((cb_ssl_verify_level == 1) && ok)
+        return ok;
+    fprintf(fp_cb_ssl_verify, "chain-depth=%d, ", depth);
+    if (reason)
+        fprintf(fp_cb_ssl_verify, "error=%s\n", reason);
+    else
+        fprintf(fp_cb_ssl_verify, "error=%d\n", err);
+    if (cb_ssl_verify_level < 3)
+        return ok;
+    fprintf(fp_cb_ssl_verify, "--> subject = %s\n", buf1);
+    fprintf(fp_cb_ssl_verify, "--> issuer  = %s\n", buf2);
+    if (!ok)
+        fprintf(fp_cb_ssl_verify, "--> verify error:num=%d:%s\n", err,
+                X509_verify_cert_error_string(err));
+    fprintf(fp_cb_ssl_verify, "--> verify return:%d\n", ok);
+    return ok;
 }
 
 void cb_ssl_verify_set_output(FILE *fp)
 {
-	fp_cb_ssl_verify = fp;
+    fp_cb_ssl_verify = fp;
 }
 
 void cb_ssl_verify_set_depth(unsigned int verify_depth)
 {
-	int_verify_depth = verify_depth;
+    int_verify_depth = verify_depth;
 }
 
 void cb_ssl_verify_set_level(unsigned int level)
 {
-	if(level < 4)
-		cb_ssl_verify_level = level;
+    if (level < 4)
+        cb_ssl_verify_level = level;
 }
 
 RSA *cb_generate_tmp_rsa(SSL *s, int is_export, int keylength)
 {
-	/* TODO: Perhaps make it so our global key can be generated on-the-fly
-	 * after certain intervals? */
-	static RSA *rsa_tmp = NULL;
-	if(!rsa_tmp)
-		rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
-	return rsa_tmp;
+    /*
+     * TODO: Perhaps make it so our global key can be generated on-the-fly
+     * after certain intervals?
+     */
+    static RSA *rsa_tmp = NULL;
+    if (!rsa_tmp)
+        rsa_tmp = RSA_generate_key(keylength, RSA_F4, NULL, NULL);
+    return rsa_tmp;
 }
 
-#endif /* !defined(NO_OPENSSL) */
-
+#endif                          /* !defined(NO_OPENSSL) */
diff --git a/demos/tunala/ip.c b/demos/tunala/ip.c
index 96ef4e6536..b172d2e4e2 100644
--- a/demos/tunala/ip.c
+++ b/demos/tunala/ip.c
@@ -2,145 +2,148 @@
 
 #ifndef NO_IP
 
-#define IP_LISTENER_BACKLOG 511 /* So if it gets masked by 256 or some other
-				   such value it'll still be respectable */
+# define IP_LISTENER_BACKLOG 511/* So if it gets masked by 256 or some other
+                                 * such value it'll still be respectable */
 
 /* Any IP-related initialisations. For now, this means blocking SIGPIPE */
 int ip_initialise(void)
 {
-	struct sigaction sa;
-
-	sa.sa_handler = SIG_IGN;
-	sa.sa_flags = 0;
-	sigemptyset(&sa.sa_mask);
-	if(sigaction(SIGPIPE, &sa, NULL) != 0)
-		return 0;
-	return 1;
+    struct sigaction sa;
+
+    sa.sa_handler = SIG_IGN;
+    sa.sa_flags = 0;
+    sigemptyset(&sa.sa_mask);
+    if (sigaction(SIGPIPE, &sa, NULL) != 0)
+        return 0;
+    return 1;
 }
 
 int ip_create_listener_split(const char *ip, unsigned short port)
 {
-	struct sockaddr_in in_addr;
-	int fd = -1;
-	int reuseVal = 1;
-
-	/* Create the socket */
-	if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
-		goto err;
-	/* Set the SO_REUSEADDR flag - servers act weird without it */
-	if(setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)(&reuseVal),
-				sizeof(reuseVal)) != 0)
-		goto err;
-	/* Prepare the listen address stuff */
-	in_addr.sin_family = AF_INET;
-	memcpy(&in_addr.sin_addr.s_addr, ip, 4);
-	in_addr.sin_port = htons(port);
-	/* Bind to the required port/address/interface */
-	if(bind(fd, (struct sockaddr *)&in_addr, sizeof(struct sockaddr_in)) != 0)
-		goto err;
-	/* Start "listening" */
-	if(listen(fd, IP_LISTENER_BACKLOG) != 0)
-		goto err;
-	return fd;
-err:
-	if(fd != -1)
-		close(fd);
-	return -1;
+    struct sockaddr_in in_addr;
+    int fd = -1;
+    int reuseVal = 1;
+
+    /* Create the socket */
+    if ((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
+        goto err;
+    /* Set the SO_REUSEADDR flag - servers act weird without it */
+    if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)(&reuseVal),
+                   sizeof(reuseVal)) != 0)
+        goto err;
+    /* Prepare the listen address stuff */
+    in_addr.sin_family = AF_INET;
+    memcpy(&in_addr.sin_addr.s_addr, ip, 4);
+    in_addr.sin_port = htons(port);
+    /* Bind to the required port/address/interface */
+    if (bind(fd, (struct sockaddr *)&in_addr, sizeof(struct sockaddr_in)) !=
+        0)
+        goto err;
+    /* Start "listening" */
+    if (listen(fd, IP_LISTENER_BACKLOG) != 0)
+        goto err;
+    return fd;
+ err:
+    if (fd != -1)
+        close(fd);
+    return -1;
 }
 
 int ip_create_connection_split(const char *ip, unsigned short port)
 {
-	struct sockaddr_in in_addr;
-	int flags, fd = -1;
-
-	/* Create the socket */
-	if((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
-		goto err;
-	/* Make it non-blocking */
-	if(((flags = fcntl(fd, F_GETFL, 0)) < 0) ||
-			(fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0))
-		goto err;
-	/* Prepare the connection address stuff */
-	in_addr.sin_family = AF_INET;
-	memcpy(&in_addr.sin_addr.s_addr, ip, 4);
-	in_addr.sin_port = htons(port);
-	/* Start a connect (non-blocking, in all likelihood) */
-	if((connect(fd, (struct sockaddr *)&in_addr,
-			sizeof(struct sockaddr_in)) != 0) &&
-			(errno != EINPROGRESS))
-		goto err;
-	return fd;
-err:
-	if(fd != -1)
-		close(fd);
-	return -1;
+    struct sockaddr_in in_addr;
+    int flags, fd = -1;
+
+    /* Create the socket */
+    if ((fd = socket(PF_INET, SOCK_STREAM, 0)) == -1)
+        goto err;
+    /* Make it non-blocking */
+    if (((flags = fcntl(fd, F_GETFL, 0)) < 0) ||
+        (fcntl(fd, F_SETFL, flags | O_NONBLOCK) < 0))
+        goto err;
+    /* Prepare the connection address stuff */
+    in_addr.sin_family = AF_INET;
+    memcpy(&in_addr.sin_addr.s_addr, ip, 4);
+    in_addr.sin_port = htons(port);
+    /* Start a connect (non-blocking, in all likelihood) */
+    if ((connect(fd, (struct sockaddr *)&in_addr,
+                 sizeof(struct sockaddr_in)) != 0) && (errno != EINPROGRESS))
+        goto err;
+    return fd;
+ err:
+    if (fd != -1)
+        close(fd);
+    return -1;
 }
 
-static char all_local_ip[] = {0x00,0x00,0x00,0x00};
+static char all_local_ip[] = { 0x00, 0x00, 0x00, 0x00 };
 
 int ip_parse_address(const char *address, const char **parsed_ip,
-		unsigned short *parsed_port, int accept_all_ip)
+                     unsigned short *parsed_port, int accept_all_ip)
 {
-	char buf[256];
-	struct hostent *lookup;
-	unsigned long port;
-	const char *ptr = strstr(address, ":");
-	const char *ip = all_local_ip;
-
-	if(!ptr) {
-		/* We assume we're listening on all local interfaces and have
-		 * only specified a port. */
-		if(!accept_all_ip)
-			return 0;
-		ptr = address;
-		goto determine_port;
-	}
-	if((ptr - address) > 255)
-		return 0;
-	memset(buf, 0, 256);
-	memcpy(buf, address, ptr - address);
-	ptr++;
-	if((lookup = gethostbyname(buf)) == NULL) {
-		/* Spit a message to differentiate between lookup failures and
-		 * bad strings. */
-		fprintf(stderr, "hostname lookup for '%s' failed\n", buf);
-		return 0;
-	}
-	ip = lookup->h_addr_list[0];
-determine_port:
-	if(strlen(ptr) < 1)
-		return 0;
-	if(!int_strtoul(ptr, &port) || (port > 65535))
-		return 0;
-	*parsed_ip = ip;
-	*parsed_port = (unsigned short)port;
-	return 1;
+    char buf[256];
+    struct hostent *lookup;
+    unsigned long port;
+    const char *ptr = strstr(address, ":");
+    const char *ip = all_local_ip;
+
+    if (!ptr) {
+        /*
+         * We assume we're listening on all local interfaces and have only
+         * specified a port.
+         */
+        if (!accept_all_ip)
+            return 0;
+        ptr = address;
+        goto determine_port;
+    }
+    if ((ptr - address) > 255)
+        return 0;
+    memset(buf, 0, 256);
+    memcpy(buf, address, ptr - address);
+    ptr++;
+    if ((lookup = gethostbyname(buf)) == NULL) {
+        /*
+         * Spit a message to differentiate between lookup failures and bad
+         * strings.
+         */
+        fprintf(stderr, "hostname lookup for '%s' failed\n", buf);
+        return 0;
+    }
+    ip = lookup->h_addr_list[0];
+ determine_port:
+    if (strlen(ptr) < 1)
+        return 0;
+    if (!int_strtoul(ptr, &port) || (port > 65535))
+        return 0;
+    *parsed_ip = ip;
+    *parsed_port = (unsigned short)port;
+    return 1;
 }
 
 int ip_create_listener(const char *address)
 {
-	const char *ip;
-	unsigned short port;
+    const char *ip;
+    unsigned short port;
 
-	if(!ip_parse_address(address, &ip, &port, 1))
-		return -1;
-	return ip_create_listener_split(ip, port);
+    if (!ip_parse_address(address, &ip, &port, 1))
+        return -1;
+    return ip_create_listener_split(ip, port);
 }
 
 int ip_create_connection(const char *address)
 {
-	const char *ip;
-	unsigned short port;
+    const char *ip;
+    unsigned short port;
 
-	if(!ip_parse_address(address, &ip, &port, 0))
-		return -1;
-	return ip_create_connection_split(ip, port);
+    if (!ip_parse_address(address, &ip, &port, 0))
+        return -1;
+    return ip_create_connection_split(ip, port);
 }
 
 int ip_accept_connection(int listen_fd)
 {
-	return accept(listen_fd, NULL, NULL);
+    return accept(listen_fd, NULL, NULL);
 }
 
-#endif /* !defined(NO_IP) */
-
+#endif                          /* !defined(NO_IP) */
diff --git a/demos/tunala/sm.c b/demos/tunala/sm.c
index 25359e67ef..5658dfff2d 100644
--- a/demos/tunala/sm.c
+++ b/demos/tunala/sm.c
@@ -2,150 +2,163 @@
 
 #ifndef NO_TUNALA
 
-void state_machine_init(state_machine_t *machine)
+voi