Fix "make check-spaces"

src/common/crypto.c

@@ -2734,3 +2734,4 @@ crypto_global_cleanup(void)
 }
 
 /** @} */
+

src/common/crypto.h

@@ -296,3 +296,4 @@ struct dh_st *crypto_dh_get_dh_(crypto_dh_t *dh);
 void crypto_add_spaces_to_fp(char *out, size_t outlen, const char *in);
 
 #endif
+

src/common/tortls.c

@@ -111,7 +111,6 @@
 #define SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION 0x0010
 #endif
 
-
 /** Return values for tor_tls_classify_client_ciphers.
  *
  * @{
@@ -130,7 +129,6 @@
 #define CIPHERS_UNRESTRICTED 3
 /** @} */
 
-
 /** The ex_data index in which we store a pointer to an SSL object's
  * corresponding tor_tls_t object. */
 STATIC int tor_tls_object_ex_data_index = -1;
@@ -383,7 +381,7 @@ tor_tls_init(void)
      OPENSSL_VERSION_NUMBER >= OPENSSL_V_SERIES(1,0,1))
     long version = SSLeay();
 
-    /* LCOV_EXCL_START because we can't reasonably test these lines on the same machine */
+    /* LCOV_EXCL_START : we can't test these lines on the same machine */
     if (version >= OPENSSL_V_SERIES(1,0,1)) {
       /* Warn if we could *almost* be running with much faster ECDH.
          If we're built for a 64-bit target, using OpenSSL 1.0.1, but we
@@ -456,7 +454,7 @@ tor_x509_name_new(const char *cname)
 {
   int nid;
   X509_NAME *name;
-  /* LCOV_EXCL_BR_START because these branches will only fail on out of memory errors */
+  /* LCOV_EXCL_BR_START : these branches will only fail on OOM errors */
   if (!(name = X509_NAME_new()))
     return NULL;
   if ((nid = OBJ_txt2nid("commonName")) == NID_undef) goto error;
@@ -466,7 +464,7 @@ tor_x509_name_new(const char *cname)
   /* LCOV_EXCL_BR_STOP */
   return name;
  error:
-  /* LCOV_EXCL_START because these lines will only execute on out of memory errors*/
+  /* LCOV_EXCL_START : these lines will only execute on out of memory errors*/
   X509_NAME_free(name);
   return NULL;
   /* LCOV_EXCL_STOP */
@@ -516,17 +514,17 @@ MOCK_IMPL(STATIC X509 *,
     goto error;
   if (!(pkey = crypto_pk_get_evp_pkey_(rsa,0)))
     goto error;
-  if (!(x509 = X509_new())) /* LCOV_EXCL_BR_LINE because this can only fail when memory failures occur */
+  if (!(x509 = X509_new()))
     goto error;
-  if (!(X509_set_version(x509, 2))) /* LCOV_EXCL_BR_LINE because this can only fail when something catastrophic happens in openssl  */
+  if (!(X509_set_version(x509, 2)))
     goto error;
 
   { /* our serial number is 8 random bytes. */
     if (crypto_rand((char *)serial_tmp, sizeof(serial_tmp)) < 0)
       goto error;
-    if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL))) /* LCOV_EXCL_BR_LINE because this can only fail when memory failures occur */
+    if (!(serial_number = BN_bin2bn(serial_tmp, sizeof(serial_tmp), NULL)))
       goto error;
-    if (!(BN_to_ASN1_INTEGER(serial_number, X509_get_serialNumber(x509)))) /* LCOV_EXCL_BR_LINE because this can only fail when memory failures occur */
+    if (!(BN_to_ASN1_INTEGER(serial_number, X509_get_serialNumber(x509))))
       goto error;
   }
 
@@ -676,7 +674,7 @@ MOCK_IMPL(STATIC tor_x509_cert_t *,
 
   length = i2d_X509(x509_cert, &buf);
   cert = tor_malloc_zero(sizeof(tor_x509_cert_t));
-  if (length <= 0 || buf == NULL) { /* LCOV_EXCL_BR_LINE because these conditions can't be provoked without memory failures */
+  if (length <= 0 || buf == NULL) {
     /* LCOV_EXCL_START for the same reason as the exclusion above */
     tor_free(cert);
     log_err(LD_CRYPTO, "Couldn't get length of encoded x509 certificate");
@@ -1192,7 +1190,7 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
       goto error;
     X509_free(cert); /* We just added a reference to cert. */
     cert=NULL;
-    if (idcert) { /* LCOV_EXCL_BR_LINE because we can't actually get here without a valid idcert */
+    if (idcert) {
       X509_STORE *s = SSL_CTX_get_cert_store(result->ctx);
       tor_assert(s);
       X509_STORE_add_cert(s, idcert);
@@ -1272,8 +1270,10 @@ tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime,
 STATIC void
 tor_tls_debug_state_callback(const SSL *ssl, int type, int val)
 {
-  log_debug(LD_HANDSHAKE, "SSL %p is now in state %s [type=%d,val=%d].", /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
+  /* LCOV_EXCL_START since this depends on whether debug is captured or not */
+  log_debug(LD_HANDSHAKE, "SSL %p is now in state %s [type=%d,val=%d].",
             ssl, SSL_state_string_long(ssl), type, val);
+  /* LCOV_EXCL_STOP */
 }
 
 /* Return the name of the negotiated ciphersuite in use on <b>tls</b> */
@@ -1333,7 +1333,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
   {
     unsigned char cipherid[3];
     tor_assert(ssl);
-    set_uint16(cipherid, htons(cipher));  /* LCOV_EXCL_BR_LINE since we won't necessarily hit both branches if htons is a macro */
+    set_uint16(cipherid, htons(cipher));
     cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
                       * with a two-byte 'cipherid', it may look for a v2
                       * cipher with the appropriate 3 bytes. */
@@ -1345,7 +1345,7 @@ find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher)
 #elif defined(HAVE_STRUCT_SSL_METHOD_ST_GET_CIPHER_BY_CHAR)
   if (m && m->get_cipher_by_char) {
     unsigned char cipherid[3];
-    set_uint16(cipherid, htons(cipher)); /* LCOV_EXCL_BR_LINE since we won't necessarily hit both branches if htons is a macro */
+    set_uint16(cipherid, htons(cipher));
     cipherid[2] = 0; /* If ssl23_get_cipher_by_char finds no cipher starting
                       * with a two-byte 'cipherid', it may look for a v2
                       * cipher with the appropriate 3 bytes. */
@@ -1436,7 +1436,7 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
         strcmp(ciphername, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) &&
         strcmp(ciphername, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) &&
         strcmp(ciphername, "(NONE)")) {
-      log_debug(LD_NET, "Got a non-version-1 cipher called '%s'", ciphername); /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
+      log_debug(LD_NET, "Got a non-version-1 cipher called '%s'", ciphername);
       // return 1;
       goto v2_or_higher;
     }
@@ -1474,9 +1474,9 @@ tor_tls_classify_client_ciphers(const SSL *ssl,
       smartlist_add(elts, (char*)ciphername);
     }
     s = smartlist_join_strings(elts, ":", 0, NULL);
-    log_debug(LD_NET, "Got a %s V2/V3 cipher list from %s.  It is: '%s'", /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
+    log_debug(LD_NET, "Got a %s V2/V3 cipher list from %s.  It is: '%s'",
               (res == CIPHERS_V2) ? "fictitious" : "real", ADDR(tor_tls), s);
-    tor_free(s); /* LCOV_EXCL_BR_LINE since s will always be non-null here */
+    tor_free(s);
     smartlist_free(elts);
   }
  done:
@@ -1555,7 +1555,7 @@ tor_tls_server_info_callback(const SSL *ssl, int type, int val)
     /* Don't send a hello request. */
     SSL_set_verify((SSL*) ssl, SSL_VERIFY_NONE, NULL);
 
-    if (tls) { /* LCOV_EXCL_BR_LINE impossible to have tls be NULL here, it's checked earlier */
+    if (tls) {
       tls->wasV2Handshake = 1;
     } else {
       log_warn(LD_BUG, "Couldn't look up the tls for an SSL*. How odd!"); /* LCOV_EXCL_LINE this line is not reachable */
@@ -1618,7 +1618,7 @@ tor_tls_new(int sock, int isServer)
   tor_assert(context); /* make sure somebody made it first */
   if (!(result->ssl = SSL_new(context->ctx))) {
     tls_log_errors(NULL, LOG_WARN, LD_NET, "creating SSL object");
-    tor_free(result); /* LCOV_EXCL_BR_LINE because result can't be null here */
+    tor_free(result);
     goto err;
   }
 
@@ -1627,7 +1627,7 @@ tor_tls_new(int sock, int isServer)
   if (!isServer) {
     char *fake_hostname = crypto_random_hostname(4,25, "www.",".com");
     SSL_set_tlsext_host_name(result->ssl, fake_hostname);
-    tor_free(fake_hostname); /* LCOV_EXCL_BR_LINE because fake_hostname can't be null here */
+    tor_free(fake_hostname);
   }
 #endif
 
@@ -1638,7 +1638,7 @@ tor_tls_new(int sock, int isServer)
     SSL_set_tlsext_host_name(result->ssl, NULL);
 #endif
     SSL_free(result->ssl);
-    tor_free(result); /* LCOV_EXCL_BR_LINE because this can't be null here */
+    tor_free(result);
     goto err;
   }
   result->socket = sock;
@@ -1791,7 +1791,7 @@ tor_tls_free(tor_tls_t *tls)
     tor_tls_context_decref(tls->context);
   tor_free(tls->address);
   tls->magic = 0x99999999;
-  tor_free(tls); /* LCOV_EXCL_BR_LINE because this line will not be reached if tls is NULL */
+  tor_free(tls);
 }
 
 /** Underlying function for TLS reading.  Reads up to <b>len</b>
@@ -1812,7 +1812,7 @@ tor_tls_read,(tor_tls_t *tls, char *cp, size_t len))
 #ifdef V2_HANDSHAKE_SERVER
     if (tls->got_renegotiate) {
       /* Renegotiation happened! */
-      log_info(LD_NET, "Got a TLS renegotiation from %s", ADDR(tls)); /* LCOV_EXCL_BR_LINE because testing the branches of ADDR feels not so useful here */
+      log_info(LD_NET, "Got a TLS renegotiation from %s", ADDR(tls));
       if (tls->negotiated_callback)
         tls->negotiated_callback(tls, tls->callback_arg);
       tls->got_renegotiate = 0;
@@ -1821,13 +1821,13 @@ tor_tls_read,(tor_tls_t *tls, char *cp, size_t len))
     return r;
   }
   err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_DEBUG, LD_NET);
-  if (err == TOR_TLS_ZERORETURN_ || err == TOR_TLS_CLOSE) { /* LCOV_EXCL_BR_LINE err can never be TOR_TLS_CLOSE here because tor_tls_get_error will never return it with those parameters */
-    log_debug(LD_NET,"read returned r=%d; TLS is closed",r); /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
+  if (err == TOR_TLS_ZERORETURN_ || err == TOR_TLS_CLOSE) {
+    log_debug(LD_NET,"read returned r=%d; TLS is closed",r);
     tls->state = TOR_TLS_ST_CLOSED;
     return TOR_TLS_CLOSE;
   } else {
     tor_assert(err != TOR_TLS_DONE);
-    log_debug(LD_NET,"read returned r=%d, err=%d",r,err); /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
+    log_debug(LD_NET,"read returned r=%d, err=%d",r,err);
     return err;
   }
 }
@@ -1857,7 +1857,7 @@ tor_tls_write(tor_tls_t *tls, const char *cp, size_t n)
   if (tls->wantwrite_n) {
     /* if WANTWRITE last time, we must use the _same_ n as before */
     tor_assert(n >= tls->wantwrite_n);
-    log_debug(LD_NET,"resuming pending-write, (%d to flush, reusing %d)", /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
+    log_debug(LD_NET,"resuming pending-write, (%d to flush, reusing %d)",
               (int)n, (int)tls->wantwrite_n);
     n = tls->wantwrite_n;
     tls->wantwrite_n = 0;
@@ -1890,16 +1890,16 @@ tor_tls_handshake(tor_tls_t *tls)
   check_no_tls_errors();
   oldstate = SSL_state(tls->ssl);
   if (tls->isServer) {
-    log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls, /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
+    log_debug(LD_HANDSHAKE, "About to call SSL_accept on %p (%s)", tls,
               SSL_state_string_long(tls->ssl));
     r = SSL_accept(tls->ssl);
   } else {
-    log_debug(LD_HANDSHAKE, "About to call SSL_connect on %p (%s)", tls, /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
+    log_debug(LD_HANDSHAKE, "About to call SSL_connect on %p (%s)", tls,
               SSL_state_string_long(tls->ssl));
     r = SSL_connect(tls->ssl);
   }
   if (oldstate != SSL_state(tls->ssl))
-    log_debug(LD_HANDSHAKE, "After call, %p was in state %s",  /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
+    log_debug(LD_HANDSHAKE, "After call, %p was in state %s",
               tls, SSL_state_string_long(tls->ssl));
   /* We need to call this here and not earlier, since OpenSSL has a penchant
    * for clearing its flags when you say accept or connect. */
@@ -1944,7 +1944,7 @@ tor_tls_finish_handshake(tor_tls_t *tls)
                  " get set. Fixing that.");
       }
       tls->wasV2Handshake = 1;
-      log_debug(LD_HANDSHAKE, "Completed V2 TLS handshake with client; waiting" /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
+      log_debug(LD_HANDSHAKE, "Completed V2 TLS handshake with client; waiting"
                 " for renegotiation.");
     } else {
       tls->wasV2Handshake = 0;
@@ -1957,11 +1957,11 @@ tor_tls_finish_handshake(tor_tls_t *tls)
     STACK_OF(X509) *chain = SSL_get_peer_cert_chain(tls->ssl);
     int n_certs = sk_X509_num(chain);
     if (n_certs > 1 || (n_certs == 1 && cert != sk_X509_value(chain, 0))) {
-      log_debug(LD_HANDSHAKE, "Server sent back multiple certificates; it " /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
+      log_debug(LD_HANDSHAKE, "Server sent back multiple certificates; it "
                 "looks like a v1 handshake on %p", tls);
       tls->wasV2Handshake = 0;
     } else {
-      log_debug(LD_HANDSHAKE, /* LCOV_EXCL_BR_LINE since this depends on whether debug is captured or not */
+      log_debug(LD_HANDSHAKE,
                 "Server sent back a single certificate; looks like "
                 "a v2 handshake on %p.", tls);
       tls->wasV2Handshake = 1;
@@ -2200,7 +2200,7 @@ MOCK_IMPL(STATIC void, try_to_extract_certs_from_tls, (int severity, tor_tls_t *
            num_in_chain);
     return;
   }
-  for (i=0; i<num_in_chain; ++i) { /* LCOV_EXCL_BR_LINE because we can never hit the case when we don't enter this loop, since num_in_chain<1 is checked above */
+  for (i=0; i<num_in_chain; ++i) {
     id_cert = sk_X509_value(chain, i);
     if (X509_cmp(id_cert, cert) != 0)
       break;
@@ -2445,7 +2445,7 @@ dn_indicates_v3_cert(X509_NAME *name)
 
   str = X509_NAME_ENTRY_get_data(entry);
   len = ASN1_STRING_to_UTF8(&s, str);
-  if (len < 0){
+  if (len < 0) {
     return 0;
   }
   r = fast_memneq(s + len - 4, ".net", 4);
@@ -2625,7 +2625,7 @@ tor_tls_get_tlssecrets,(tor_tls_t *tls, uint8_t *secrets_out))
                      (char*)buf, len);
   memwipe(buf, 0, sizeof(buf));
   memwipe(master_key, 0, master_key_len);
-  tor_free(master_key); /* LCOV_EXCL_BR_LINE since master_key will never be NULL here */
+  tor_free(master_key);
 
   return 0;
 }
@@ -2762,3 +2762,4 @@ evaluate_ecgroup_for_tls(const char *ecgroup)
 
   return ret;
 }
+

src/common/tortls.h

@@ -55,7 +55,6 @@ typedef struct tor_x509_cert_t tor_x509_cert_t;
 
 #define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE)
 
-
 #ifdef TORTLS_PRIVATE
 #define TOR_TLS_MAGIC 0x71571571
 
@@ -128,40 +127,45 @@ struct tor_tls_t {
   void *callback_arg;
 };
 
-
 STATIC int tor_errno_to_tls_error(int e);
 STATIC int tor_tls_get_error(tor_tls_t *tls, int r, int extra,
                   const char *doing, int severity, int domain);
 STATIC tor_tls_t *tor_tls_get_by_ssl(const SSL *ssl);
 STATIC void tor_tls_allocate_tor_tls_object_ex_data_index(void);
 STATIC int always_accept_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx);
-STATIC int tor_tls_classify_client_ciphers(const SSL *ssl, STACK_OF(SSL_CIPHER) *peer_ciphers);
+STATIC int tor_tls_classify_client_ciphers(const SSL *ssl,
+                                           STACK_OF(SSL_CIPHER) *peer_ciphers);
 STATIC int tor_tls_client_is_using_v2_ciphers(const SSL *ssl);
-MOCK_DECL(STATIC void, try_to_extract_certs_from_tls, (int severity, tor_tls_t *tls, X509 **cert_out, X509 **id_cert_out));
+MOCK_DECL(STATIC void, try_to_extract_certs_from_tls,
+          (int severity, tor_tls_t *tls, X509 **cert_out, X509 **id_cert_out));
 STATIC int dn_indicates_v3_cert(X509_NAME *name);
-STATIC size_t SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out, size_t len);
+STATIC size_t SSL_SESSION_get_master_key(SSL_SESSION *s, uint8_t *out,
+                                         size_t len);
 STATIC void tor_tls_debug_state_callback(const SSL *ssl, int type, int val);
 STATIC void tor_tls_server_info_callback(const SSL *ssl, int type, int val);
-STATIC int tor_tls_session_secret_cb(SSL *ssl, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
-STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m, uint16_t cipher);
+STATIC int tor_tls_session_secret_cb(SSL *ssl, void *secret,
+                                     int *secret_len,
+                                     STACK_OF(SSL_CIPHER) *peer_ciphers,
+                                     SSL_CIPHER **cipher, void *arg);
+STATIC int find_cipher_by_id(const SSL *ssl, const SSL_METHOD *m,
+                             uint16_t cipher);
 MOCK_DECL(STATIC X509*, tor_tls_create_certificate,(crypto_pk_t *rsa,
                                                     crypto_pk_t *rsa_sign,
                                                     const char *cname,
                                                     const char *cname_sign,
-                                                    unsigned int cert_lifetime));
-STATIC tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity, unsigned int key_lifetime, unsigned flags, int is_client);
+                                                  unsigned int cert_lifetime));
+STATIC tor_tls_context_t *tor_tls_context_new(crypto_pk_t *identity,
+                   unsigned int key_lifetime, unsigned flags, int is_client);
 MOCK_DECL(STATIC tor_x509_cert_t *, tor_x509_cert_new,(X509 *x509_cert));
 STATIC int tor_tls_context_init_one(tor_tls_context_t **ppcontext,
                                     crypto_pk_t *identity,
                                     unsigned int key_lifetime,
                                     unsigned int flags,
                                     int is_client);
-STATIC void tls_log_errors(tor_tls_t *tls, int severity, int domain, const char *doing);
+STATIC void tls_log_errors(tor_tls_t *tls, int severity, int domain,
+                           const char *doing);
 #endif
 
-
-
-
 const char *tor_tls_err_to_string(int err);
 void tor_tls_get_state_description(tor_tls_t *tls, char *buf, size_t sz);
 
@@ -254,3 +258,4 @@ const char *tor_tls_get_ciphersuite_name(tor_tls_t *tls);
 int evaluate_ecgroup_for_tls(const char *ecgroup);
 
 #endif
+

src/test/test.c

@@ -1218,3 +1218,4 @@ struct testgroup_t testgroups[] = {
   { "dns/", dns_tests },
   END_OF_GROUPS
 };
+

src/test/test_routerset.c

@@ -500,7 +500,7 @@ NS(test_main)(void *arg)
   tt_int_op(smartlist_len(set->policies), OP_NE, 0);
   tt_int_op(CALLED(router_parse_addr_policy_item_from_string), OP_EQ, 1);
 
-done:
+ done:
   routerset_free(set);
 }
 
@@ -547,7 +547,7 @@ NS(test_main)(void *arg)
   tt_int_op(smartlist_len(set->policies), OP_NE, 0);
   tt_int_op(CALLED(router_parse_addr_policy_item_from_string), OP_EQ, 1);
 
-done:
+ done:
   routerset_free(set);
 }
 

src/test/test_tortls.c

@@ -41,12 +41,17 @@ static void
 test_tortls_errno_to_tls_error(void *data)
 {
   (void) data;
-    tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNRESET)),OP_EQ,TOR_TLS_ERROR_CONNRESET);
-    tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ETIMEDOUT)),OP_EQ,TOR_TLS_ERROR_TIMEOUT);
-    tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(EHOSTUNREACH)),OP_EQ,TOR_TLS_ERROR_NO_ROUTE);
-    tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ENETUNREACH)),OP_EQ,TOR_TLS_ERROR_NO_ROUTE);
-    tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNREFUSED)),OP_EQ,TOR_TLS_ERROR_CONNREFUSED);
-    tt_int_op(tor_errno_to_tls_error(0),OP_EQ,TOR_TLS_ERROR_MISC);
+  tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNRESET)),OP_EQ,
+            TOR_TLS_ERROR_CONNRESET);
+  tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ETIMEDOUT)),OP_EQ,
+            TOR_TLS_ERROR_TIMEOUT);
+  tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(EHOSTUNREACH)),OP_EQ,
+            TOR_TLS_ERROR_NO_ROUTE);
+  tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ENETUNREACH)),OP_EQ,
+            TOR_TLS_ERROR_NO_ROUTE);
+  tt_int_op(tor_errno_to_tls_error(SOCK_ERRNO(ECONNREFUSED)),OP_EQ,
+            TOR_TLS_ERROR_CONNREFUSED);
+  tt_int_op(tor_errno_to_tls_error(0),OP_EQ,TOR_TLS_ERROR_MISC);
  done:
   (void)1;
 }
@@ -55,17 +60,21 @@ static void
 test_tortls_err_to_string(void *data)
 {
   (void) data;
-    tt_str_op(tor_tls_err_to_string(1),OP_EQ,"[Not an error.]");
-    tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_MISC),OP_EQ,"misc error");
-    tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_IO),OP_EQ,"unexpected close");
-    tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNREFUSED),OP_EQ,"connection refused");
-    tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNRESET),OP_EQ,"connection reset");
-    tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_NO_ROUTE),OP_EQ,"host unreachable");
-    tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_TIMEOUT),OP_EQ,"connection timed out");
-    tt_str_op(tor_tls_err_to_string(TOR_TLS_CLOSE),OP_EQ,"closed");
-    tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTREAD),OP_EQ,"want to read");
-    tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTWRITE),OP_EQ,"want to write");
-    tt_str_op(tor_tls_err_to_string(-100),OP_EQ,"(unknown error code)");
+  tt_str_op(tor_tls_err_to_string(1),OP_EQ,"[Not an error.]");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_MISC),OP_EQ,"misc error");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_IO),OP_EQ,"unexpected close");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNREFUSED),OP_EQ,
+            "connection refused");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_CONNRESET),OP_EQ,
+            "connection reset");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_NO_ROUTE),OP_EQ,
+            "host unreachable");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_ERROR_TIMEOUT),OP_EQ,
+            "connection timed out");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_CLOSE),OP_EQ,"closed");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTREAD),OP_EQ,"want to read");
+  tt_str_op(tor_tls_err_to_string(TOR_TLS_WANTWRITE),OP_EQ,"want to write");
+  tt_str_op(tor_tls_err_to_string(-100),OP_EQ,"(unknown error code)");
  done:
   (void)1;
 }
@@ -82,28 +91,27 @@ static void
 test_tortls_tor_tls_new(void *data)
 {
   (void) data;
-    MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
-    crypto_pk_t *key1 = NULL, *key2 = NULL;
-    key1 = pk_generate(2);
-    key2 = pk_generate(3);
-
-    tor_tls_t *tls;
-    tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
-                key1, key2, 86400), OP_EQ, 0);
-    tls = tor_tls_new(-1, 0);
-    tt_want(tls);
+  MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
+  crypto_pk_t *key1 = NULL, *key2 = NULL;
+  key1 = pk_generate(2);
+  key2 = pk_generate(3);
 
+  tor_tls_t *tls;
+  tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
+                                 key1, key2, 86400), OP_EQ, 0);
+  tls = tor_tls_new(-1, 0);
+  tt_want(tls);
 
-    client_tls_context->ctx = NULL;
-    tls = tor_tls_new(-1, 0);
-    tt_assert(!tls);
+  client_tls_context->ctx = NULL;
+  tls = tor_tls_new(-1, 0);
+  tt_assert(!tls);
 
-    SSL_METHOD *method = give_me_a_test_method();
-    SSL_CTX *ctx = SSL_CTX_new(method);
-    method->num_ciphers = fake_num_ciphers;
-    client_tls_context->ctx = ctx;
-    tls = tor_tls_new(-1, 0);
-    tt_assert(!tls);
+  SSL_METHOD *method = give_me_a_test_method();
+  SSL_CTX *ctx = SSL_CTX_new(method);
+  method->num_ciphers = fake_num_ciphers;
+  client_tls_context->ctx = ctx;
+  tls = tor_tls_new(-1, 0);
+  tt_assert(!tls);
 
  done:
   UNMOCK(tor_tls_cert_matches_key);
@@ -113,40 +121,41 @@ test_tortls_tor_tls_new(void *data)
 
 #define NS_MODULE tortls
 NS_DECL(void, logv, (int severity, log_domain_mask_t domain,
-    const char *funcname, const char *suffix, const char *format, va_list ap));
+                     const char *funcname, const char *suffix,
+                     const char *format, va_list ap));
 
 static void
 NS(logv)(int severity, log_domain_mask_t domain,
-    const char *funcname, const char *suffix, const char *format,
-    va_list ap)
+         const char *funcname, const char *suffix, const char *format,
+         va_list ap)
 {
-    (void) severity;
-    (void) domain;
-    (void) funcname;
-    (void) suffix;
-    (void) format;
-    (void) ap; // XXXX look at this.
-    CALLED(logv)++;
+  (void) severity;
+  (void) domain;
+  (void) funcname;
+  (void) suffix;
+  (void) format;
+  (void) ap; // XXXX look at this.
+  CALLED(logv)++;
 }
 
 static void
 test_tortls_tor_tls_get_error(void *data)
 {
   (void) data;
-    MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
-    crypto_pk_t *key1 = NULL, *key2 = NULL;
-    key1 = pk_generate(2);
-    key2 = pk_generate(3);
-
-    tor_tls_t *tls;
-    tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
-                key1, key2, 86400), OP_EQ, 0);
-    tls = tor_tls_new(-1, 0);
-    NS_MOCK(logv);
-    tt_int_op(CALLED(logv), OP_EQ, 0);
-    tor_tls_get_error(tls, 0, 0,
-            (const char *)"test", 0, 0);
-    tt_int_op(CALLED(logv), OP_EQ, 1);
+  MOCK(tor_tls_cert_matches_key, mock_tls_cert_matches_key);
+  crypto_pk_t *key1 = NULL, *key2 = NULL;
+  key1 = pk_generate(2);
+  key2 = pk_generate(3);
+
+  tor_tls_t *tls;
+  tt_int_op(tor_tls_context_init(TOR_TLS_CTX_IS_PUBLIC_SERVER,
+                                 key1, key2, 86400), OP_EQ, 0);
+  tls = tor_tls_new(-1, 0);
+  NS_MOCK(logv);
+  tt_int_op(CALLED(logv), OP_EQ, 0);
+  tor_tls_get_error(tls, 0, 0,
+                    (const char *)"test", 0, 0);
+  tt_int_op(CALLED(logv), OP_EQ, 1);
 
  done:
   UNMOCK(tor_tls_cert_matches_key);
@@ -284,58 +293,68 @@ test_tortls_log_one_error(void *ignored)
 
   tor_tls_log_one_error(NULL, 0, LOG_WARN, 0, "something");
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
-  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: (null) (in (null):(null):---)\n");
+  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: "
+            "(null) (in (null):(null):---)\n");
 
   mock_clean_saved_logs();
   tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
-  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: (null) (in (null):(null):---)\n");
+  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: (null) "
+            "(in (null):(null):---)\n");
 
   mock_clean_saved_logs();
   tls->address = tor_strdup("127.hello");
   tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
-  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null) (in (null):(null):---)\n");
-
+  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null) "
+            "(in (null):(null):---)\n");
 
   mock_clean_saved_logs();
   tls->address = tor_strdup("127.hello");
   tor_tls_log_one_error(tls, 0, LOG_WARN, 0, "blarg");
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
-  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while blarg with 127.hello: (null) (in (null):(null):---)\n");
+  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while blarg with "
+            "127.hello: (null) (in (null):(null):---)\n");
 
   mock_clean_saved_logs();
   tor_tls_log_one_error(tls, ERR_PACK(1, 2, 3), LOG_WARN, 0, NULL);
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
-  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: BN lib (in unknown library:(null):---)\n");
+  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: "
+            "BN lib (in unknown library:(null):---)\n");
 
   mock_clean_saved_logs();
-  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST), LOG_WARN, 0, NULL);
+  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTP_REQUEST),
+                        LOG_WARN, 0, NULL);
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
   tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
 
   mock_clean_saved_logs();
-  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTPS_PROXY_REQUEST), LOG_WARN, 0, NULL);
+  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_HTTPS_PROXY_REQUEST),
+                        LOG_WARN, 0, NULL);
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
   tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
 
   mock_clean_saved_logs();
-  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_LENGTH_MISMATCH), LOG_WARN, 0, NULL);
+  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_LENGTH_MISMATCH),
+                        LOG_WARN, 0, NULL);
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
   tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
 
   mock_clean_saved_logs();
-  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_TOO_LARGE), LOG_WARN, 0, NULL);
+  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_RECORD_TOO_LARGE),
+                        LOG_WARN, 0, NULL);
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
   tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
 
   mock_clean_saved_logs();
-  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNKNOWN_PROTOCOL), LOG_WARN, 0, NULL);
+  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNKNOWN_PROTOCOL),
+                        LOG_WARN, 0, NULL);
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
   tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
 
   mock_clean_saved_logs();
-  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNSUPPORTED_PROTOCOL), LOG_WARN, 0, NULL);
+  tor_tls_log_one_error(tls, ERR_PACK(1, 2, SSL_R_UNSUPPORTED_PROTOCOL),
+                        LOG_WARN, 0, NULL);
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
   tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
 
@@ -344,7 +363,8 @@ test_tortls_log_one_error(void *ignored)
   mock_clean_saved_logs();
   tor_tls_log_one_error(tls, 0, LOG_WARN, 0, NULL);
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
-  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null) (in (null):(null):before/accept initialization)\n");
+  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error with 127.hello: (null)"
+            " (in (null):(null):before/accept initialization)\n");
 
  done:
   teardown_capture_of_logs(previous_log);
@@ -373,7 +393,8 @@ test_tortls_get_error(void *ignored)
   ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
   tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_IO);
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
-  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: unexpected close while something (before/accept initialization)\n");
+  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error: unexpected close while"
+            " something (before/accept initialization)\n");
 
   mock_clean_saved_logs();
   ret = tor_tls_get_error(tls, 2, 0, "something", LOG_WARN, 0);
@@ -391,7 +412,8 @@ test_tortls_get_error(void *ignored)
   ret = tor_tls_get_error(tls, 0, 0, "something", LOG_WARN, 0);
   tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
-  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: (null) (in bignum routines:(null):before/accept initialization)\n");
+  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while something: (null)"
+            " (in bignum routines:(null):before/accept initialization)\n");
 
   mock_clean_saved_logs();
   ERR_clear_error();
@@ -409,7 +431,6 @@ test_tortls_get_error(void *ignored)
   tt_int_op(ret, OP_EQ, TOR_TLS_WANTWRITE);
   tt_int_op(mock_saved_log_number(), OP_EQ, 0);
 
-
   mock_clean_saved_logs();
   ERR_clear_error();
   tls->ssl->rwstate = 0;
@@ -429,7 +450,9 @@ test_tortls_get_error(void *ignored)
   ret = tor_tls_get_error(tls, -1, 0, "something", LOG_WARN, 0);
   tt_int_op(ret, OP_EQ, -9);
   tt_int_op(mock_saved_log_number(), OP_EQ, 2);
-  tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while something: (null) (in system library:connect:before/accept initialization)\n");
+  tt_str_op(mock_saved_log_at(1), OP_EQ,
+            "TLS error while something: (null) (in system library:"
+            "connect:before/accept initialization)\n");
 
  done:
   teardown_capture_of_logs(previous_log);
@@ -449,7 +472,6 @@ test_tortls_always_accept_verify_cb(void *ignored)
   (void)0;
 }
 
-
 static void
 test_tortls_x509_cert_free(void *ignored)
 {
@@ -639,7 +661,6 @@ test_tortls_get_my_certs(void *ignored)
   ret = tor_tls_get_my_certs(1, &link_cert_out, &id_cert_out);
   tt_int_op(ret, OP_EQ, 0);
 
-
  done:
   (void)1;
 }
@@ -685,7 +706,7 @@ get_cipher_by_id(uint16_t id)
   int num = method->num_ciphers();
   for (i = 0; i < num; ++i) {
     const SSL_CIPHER *cipher = method->get_cipher(i);
-    if(id == (SSL_CIPHER_get_id(cipher) & 0xffff)) {
+    if (id == (SSL_CIPHER_get_id(cipher) & 0xffff)) {
       return (SSL_CIPHER *)cipher;
     }
   }
@@ -778,7 +799,7 @@ test_tortls_classify_client_ciphers(void *ignored)
   tt_int_op(tls->client_cipher_list_type, OP_EQ, 3);
 
   sk_SSL_CIPHER_zero(ciphers);
-  for(i=0; v2_cipher_list[i]; i++) {
+  for (i=0; v2_cipher_list[i]; i++) {
     tmp_cipher = get_cipher_by_id(v2_cipher_list[i]);
     tt_assert(tmp_cipher);
     sk_SSL_CIPHER_push(ciphers, tmp_cipher);
@@ -788,7 +809,6 @@ test_tortls_classify_client_ciphers(void *ignored)
   tt_int_op(ret, OP_EQ, 2);
   tt_int_op(tls->client_cipher_list_type, OP_EQ, 2);
 
-
  done:
   (void)1;
 }
@@ -815,7 +835,6 @@ test_tortls_client_is_using_v2_ciphers(void *ignored)
   ret = tor_tls_client_is_using_v2_ciphers(ssl);
   tt_int_op(ret, OP_EQ, -1);
 
-
   ssl->session = sess;
   ret = tor_tls_client_is_using_v2_ciphers(ssl);
   tt_int_op(ret, OP_EQ, 0);
@@ -846,7 +865,8 @@ fixed_try_to_extract_certs_from_tls(int severity, tor_tls_t *tls,
   *id_cert_out = fixed_try_to_extract_certs_from_tls_id_cert_out_result;
 }
 
-static const char* notCompletelyValidCertString = "-----BEGIN CERTIFICATE-----\n"
+static const char* notCompletelyValidCertString =
+  "-----BEGIN CERTIFICATE-----\n"
   "MIICVjCCAb8CAg37MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG\n"
   "A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE\n"
   "MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl\n"
@@ -862,7 +882,6 @@ static const char* notCompletelyValidCertString = "-----BEGIN CERTIFICATE-----\n
   "evnAhf0cwULaebn+lMs8Pdl7y37+sfluVok=\n"
   "-----END CERTIFICATE-----\n";
 
-
 static const char* validCertString = "-----BEGIN CERTIFICATE-----\n"
   "MIIDpTCCAY0CAg3+MA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNVBAYTAlVTMREwDwYD\n"
   "VQQIDAhJbGxpbm9pczEQMA4GA1UEBwwHQ2hpY2FnbzEUMBIGA1UECgwLVG9yIFRl\n"
@@ -936,7 +955,8 @@ test_tortls_verify(void *ignored)
   int ret;
   tor_tls_t *tls;
   crypto_pk_t *k = NULL;
-  X509 *cert1 = NULL, *cert2 = NULL, *invalidCert = NULL, *validCert = NULL, *caCert = NULL;
+  X509 *cert1 = NULL, *cert2 = NULL, *invalidCert = NULL,
+    *validCert = NULL, *caCert = NULL;
 
   cert1 = tor_malloc_zero(sizeof(X509));
   cert1->references = 10;
@@ -1123,38 +1143,45 @@ test_tortls_dn_indicates_v3_cert(void *ignored)
   X509_NAME *name;
 
   name = X509_NAME_new();
-  X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (const unsigned char *)"US", -1, -1, 0);
-  X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (const unsigned char *)"Foobar", -1, -1, 0);
+  X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
+                             (const unsigned char *)"US", -1, -1, 0);
+  X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC,
+                             (const unsigned char *)"Foobar", -1, -1, 0);
   ret = dn_indicates_v3_cert(name);
   tt_int_op(ret, OP_EQ, 1);
 
   X509_NAME_free(name);
   name = X509_NAME_new();
-  X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (const unsigned char *)"US", -1, -1, 0);
+  X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC,
+                             (const unsigned char *)"US", -1, -1, 0);
   ret = dn_indicates_v3_cert(name);
   tt_int_op(ret, OP_EQ, 1);
 
   X509_NAME_free(name);
   name = X509_NAME_new();
-  X509_NAME_add_entry_by_txt(name, "commonName", V_ASN1_REAL, (const unsigned char *)"123", -1, -1, 0);
+  X509_NAME_add_entry_by_txt(name, "commonName", V_ASN1_REAL,
+                             (const unsigned char *)"123", -1, -1, 0);
   ret = dn_indicates_v3_cert(name);
   tt_int_op(ret, OP_EQ, 0);
 
   X509_NAME_free(name);
   name = X509_NAME_new();
-  X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC, (const unsigned char *)"hello.com", -1, -1, 0);
+  X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC,
+                           (const unsigned char *)"hello.com", -1, -1, 0);
   ret = dn_indicates_v3_cert(name);
   tt_int_op(ret, OP_EQ, 1);
 
   X509_NAME_free(name);
   name = X509_NAME_new();
-  X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC, (const unsigned char *)"hello.net", -1, -1, 0);
+  X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC,
+                           (const unsigned char *)"hello.net", -1, -1, 0);
   ret = dn_indicates_v3_cert(name);
   tt_int_op(ret, OP_EQ, 0);
 
   X509_NAME_free(name);
   name = X509_NAME_new();
-  X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC, (const unsigned char *)"x.s", -1, -1, 0);
+  X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_ASC,
+                           (const unsigned char *)"x.s", -1, -1, 0);
   ret = dn_indicates_v3_cert(name);
   tt_int_op(ret, OP_EQ, 1);
 
@@ -1181,44 +1208,46 @@ test_tortls_received_v3_certificate(void *ignored)
   tls->ssl->session->peer = validCert;
 
   subject = X509_NAME_new();
-  X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"same.com", -1, -1, 0);
+  X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC,
+                           (const unsigned char *)"same.com", -1, -1, 0);
   X509_set_subject_name(validCert, subject);
 
   issuer = X509_NAME_new();
-  X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC, (const unsigned char *)"same.com", -1, -1, 0);
+  X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC,
+                           (const unsigned char *)"same.com", -1, -1, 0);
   X509_set_issuer_name(validCert, issuer);
 
   ret = tor_tls_received_v3_certificate(tls);
   tt_int_op(ret, OP_EQ, 1);
 
-
   X509_NAME_free(subject);
   subject = X509_NAME_new();
-  X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"different.net", -1, -1, 0);
+  X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC,
+                           (const unsigned char *)"different.net", -1, -1, 0);
   X509_set_subject_name(validCert, subject);
 
   ret = tor_tls_received_v3_certificate(tls);
   tt_int_op(ret, OP_EQ, 1);
 
-
-
   X509_NAME_free(subject);
   subject = X509_NAME_new();
-  X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"same.com", -1, -1, 0);
+  X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC,
+                      (const unsigned char *)"same.com", -1, -1, 0);
   X509_set_subject_name(validCert, subject);
 
   X509_NAME_free(issuer);
   issuer = X509_NAME_new();
-  X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC, (const unsigned char *)"different.net", -1, -1, 0);
+  X509_NAME_add_entry_by_txt(issuer, "commonName", MBSTRING_ASC,
+                       (const unsigned char *)"different.net", -1, -1, 0);
   X509_set_issuer_name(validCert, issuer);
 
   ret = tor_tls_received_v3_certificate(tls);
   tt_int_op(ret, OP_EQ, 1);
 
-
   X509_NAME_free(subject);
   subject = X509_NAME_new();
-  X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC, (const unsigned char *)"different2.net", -1, -1, 0);
+  X509_NAME_add_entry_by_txt(subject, "commonName", MBSTRING_ASC,
+                      (const unsigned char *)"different2.net", -1, -1, 0);
   X509_set_subject_name(validCert, subject);
   ret = tor_tls_received_v3_certificate(tls);
   tt_int_op(ret, OP_EQ, 0);
@@ -1233,7 +1262,6 @@ test_tortls_received_v3_certificate(void *ignored)
   ret = tor_tls_received_v3_certificate(tls);
   tt_int_op(ret, OP_EQ, 1);
 
-
  done:
   X509_NAME_free(subject);
   X509_NAME_free(issuer);
@@ -1405,18 +1433,18 @@ test_tortls_evaluate_ecgroup_for_tls(void *ignored)
 
 typedef struct cert_pkey_st_local
 {
-	X509 *x509;
-	EVP_PKEY *privatekey;
-	const EVP_MD *digest;
+  X509 *x509;
+  EVP_PKEY *privatekey;
+  const EVP_MD *digest;
 } CERT_PKEY_local;
 
 typedef struct sess_cert_st_local
 {
-	STACK_OF(X509) *cert_chain;
-	int peer_cert_type;
-	CERT_PKEY_local *peer_key;
-	CERT_PKEY_local peer_pkeys[8];
-	int references;
+  STACK_OF(X509) *cert_chain;
+  int peer_cert_type;
+  CERT_PKEY_local *peer_key;
+  CERT_PKEY_local peer_pkeys[8];
+  int references;
 } SESS_CERT_local;
 
 static void
@@ -1577,8 +1605,8 @@ test_tortls_session_secret_cb(void *ignored)
   tor_free(tls);
 }
 
-
-/* TODO: It seems block_renegotiation and unblock_renegotiation and using different blags. This might not be correct */
+/* TODO: It seems block_renegotiation and unblock_renegotiation and
+ * using different blags. This might not be correct */
 static void
 test_tortls_block_renegotiation(void *ignored)
 {
@@ -1626,7 +1654,8 @@ test_tortls_assert_renegotiation_unblocked(void *ignored)
   tls->ssl = tor_malloc_zero(sizeof(SSL));
   tor_tls_unblock_renegotiation(tls);
   tor_tls_assert_renegotiation_unblocked(tls);
-  // No assertion here - this test will fail if tor_assert is turned on and things are bad.
+  /* No assertion here - this test will fail if tor_assert is turned on
+   * and things are bad. */
 
   tor_free(tls);
 }
@@ -1657,7 +1686,6 @@ example_cb(tor_tls_t *t, void *arg)
   (void)arg;
 }
 
-
 static void
 test_tortls_set_renegotiate_callback(void *ignored)
 {
@@ -1690,7 +1718,7 @@ fake_get_cipher(unsigned ncipher)
   SSL_CIPHER *fixed = tor_malloc_zero(sizeof(SSL_CIPHER));
   SSL_CIPHER *fixed2 = tor_malloc_zero(sizeof(SSL_CIPHER));
   fixed2->id = 0xC00A;
-  switch(ncipher) {
+  switch (ncipher) {
   case 1:
     return fixed;
   case 2:
@@ -1777,7 +1805,8 @@ test_tortls_debug_state_callback(void *ignored)
 
   tor_tls_debug_state_callback(ssl, 32, 45);
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
-  n = snprintf(buf, 1000, "SSL %p is now in state unknown state [type=32,val=45].\n", ssl);
+  n = snprintf(buf, 1000, "SSL %p is now in state unknown"
+               " state [type=32,val=45].\n", ssl);
   buf[n]='\0';
   tt_str_op(mock_saved_log_at(0), OP_EQ, buf);
 
@@ -1812,13 +1841,15 @@ test_tortls_server_info_callback(void *ignored)
   mock_clean_saved_logs();
   tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
-  tt_str_op(mock_saved_log_at(0), OP_EQ, "Couldn't look up the tls for an SSL*. How odd!\n");
+  tt_str_op(mock_saved_log_at(0), OP_EQ,
+            "Couldn't look up the tls for an SSL*. How odd!\n");
 
   SSL_set_state(ssl, SSL3_ST_SW_SRVR_HELLO_B);
   mock_clean_saved_logs();
   tor_tls_server_info_callback(ssl, SSL_CB_ACCEPT_LOOP, 0);
   tt_int_op(mock_saved_log_number(), OP_EQ, 1);
-  tt_str_op(mock_saved_log_at(0), OP_EQ, "Couldn't look up the tls for an SSL*. How odd!\n");
+  tt_str_op(mock_saved_log_at(0), OP_EQ,
+            "Couldn't look up the tls for an SSL*. How odd!\n");
 
   SSL_set_state(ssl, 99);
   mock_clean_saved_logs();
@@ -1848,7 +1879,6 @@ test_tortls_server_info_callback(void *ignored)
   tor_free(ssl);
 }
 
-
 static int fixed_ssl_read_result_index;
 static int fixed_ssl_read_result[5];
 static int fixed_ssl_shutdown_result;
@@ -2069,7 +2099,6 @@ fixed_ssl_write(SSL *s, const void *buf, int len)
   return fixed_ssl_write_result;
 }
 
-
 static void
 test_tortls_write(void *ignored)
 {
@@ -2235,7 +2264,6 @@ test_tortls_handshake(void *ignored)
   ret = tor_tls_handshake(tls);
   tt_int_op(ret, OP_EQ, -9);
 
-
   tls->ssl->method = method;
   method->ssl_accept = fixed_ssl_accept;
   fixed_ssl_accept_result = 2;
@@ -2252,8 +2280,12 @@ test_tortls_handshake(void *ignored)
   ret = tor_tls_handshake(tls);
   tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
   tt_int_op(mock_saved_log_number(), OP_EQ, 2);
-  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while handshaking: (null) (in bignum routines:(null):SSLv3 write client hello B)\n");
-  tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while handshaking: (null) (in system library:connect:SSLv3 write client hello B)\n");
+  tt_str_op(mock_saved_log_at(0), OP_EQ,
+            "TLS error while handshaking: (null) (in bignum routines:"
+            "(null):SSLv3 write client hello B)\n");
+  tt_str_op(mock_saved_log_at(1), OP_EQ,
+            "TLS error while handshaking: (null) (in system library:"
+            "connect:SSLv3 write client hello B)\n");
   tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_INFO);
   tt_int_op(mock_saved_severity_at(1), OP_EQ, LOG_INFO);
 
@@ -2266,8 +2298,10 @@ test_tortls_handshake(void *ignored)
   ret = tor_tls_handshake(tls);
   tt_int_op(ret, OP_EQ, TOR_TLS_ERROR_MISC);
   tt_int_op(mock_saved_log_number(), OP_EQ, 2);
-  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while handshaking: (null) (in bignum routines:(null):SSLv3 write client hello B)\n");
-  tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while handshaking: (null) (in system library:connect:SSLv3 write client hello B)\n");
+  tt_str_op(mock_saved_log_at(0), OP_EQ, "TLS error while handshaking: "
+            "(null) (in bignum routines:(null):SSLv3 write client hello B)\n");
+  tt_str_op(mock_saved_log_at(1), OP_EQ, "TLS error while handshaking: "
+            "(null) (in system library:connect:SSLv3 write client hello B)\n");
   tt_int_op(mock_saved_severity_at(0), OP_EQ, LOG_WARN);
   tt_int_op(mock_saved_severity_at(1), OP_EQ, LOG_WARN);
 
@@ -2372,7 +2406,7 @@ fixed_crypto_pk_generate_key_with_bits(crypto_pk_t *env, int bits)
   (void)env;
   (void)bits;
   return fixed_crypto_pk_generate_key_with_bits_result[
-                      fixed_crypto_pk_generate_key_with_bits_result_index++];
+                    fixed_crypto_pk_generate_key_with_bits_result_index++];
 }
 
 static X509 *
@@ -2388,14 +2422,15 @@ fixed_tor_tls_create_certificate(crypto_pk_t *rsa,
   (void)cname_sign;
   (void)cert_lifetime;
   return fixed_tor_tls_create_certificate_result[
-                       fixed_tor_tls_create_certificate_result_index++];
+                             fixed_tor_tls_create_certificate_result_index++];
 }
 
 static tor_x509_cert_t *
 fixed_tor_x509_cert_new(X509 *x509_cert)
 {
   (void) x509_cert;
-  return fixed_tor_x509_cert_new_result[fixed_tor_x509_cert_new_result_index++];
+  return fixed_tor_x509_cert_new_result[
+                                      fixed_tor_x509_cert_new_result_index++];
 }
 
 static void
@@ -2431,7 +2466,8 @@ test_tortls_context_new(void *ignored)
   ret = tor_tls_context_new(NULL, 0, 0, 0);
   tt_assert(!ret);
 
-  MOCK(crypto_pk_generate_key_with_bits, fixed_crypto_pk_generate_key_with_bits);
+  MOCK(crypto_pk_generate_key_with_bits,
+       fixed_crypto_pk_generate_key_with_bits);
   fixed_crypto_pk_new_result_index = 0;
   fixed_crypto_pk_new_result[0] = pk1;
   fixed_crypto_pk_new_result[1] = NULL;
@@ -2607,7 +2643,7 @@ test_tortls_create_certificate(void *ignored)
   tt_assert(!ret);
 
   fixed_crypto_pk_get_evp_pkey_result_index = 0;
-  fixed_crypto_pk_get_evp_pkey_result[0] = tor_malloc_zero(sizeof(EVP_PKEY));;
+  fixed_crypto_pk_get_evp_pkey_result[0] = tor_malloc_zero(sizeof(EVP_PKEY));
   fixed_crypto_pk_get_evp_pkey_result[1] = NULL;
   ret = tor_tls_create_certificate(pk1, pk2, "hello", "hello2", 1);
   tt_assert(!ret);
@@ -2656,7 +2692,6 @@ test_tortls_cert_new(void *ignored)
   (void)0;
 }
 
-
 static void
 test_tortls_cert_is_valid(void *ignored)
 {
@@ -2675,7 +2710,8 @@ test_tortls_cert_is_valid(void *ignored)
 
   cert = tor_x509_cert_new(read_cert_from(validCertString));
   scert = tor_x509_cert_new(read_cert_from(caCertString));
-  cert->cert->cert_info->validity->notAfter = ASN1_TIME_set(NULL, time(NULL)-1000000);
+  cert->cert->cert_info->validity->notAfter =
+    ASN1_TIME_set(NULL, time(NULL)-1000000);
   ret = tor_tls_cert_is_valid(LOG_WARN, cert, scert, 0);
   tt_int_op(ret, OP_EQ, 0);
 
@@ -2714,7 +2750,6 @@ test_tortls_cert_is_valid(void *ignored)
   (void)0;
 }
 
-
 static void
 test_tortls_context_init_one(void *ignored)
 {
@@ -2733,7 +2768,7 @@ test_tortls_context_init_one(void *ignored)
   UNMOCK(crypto_pk_new);
 }
 
-#define LOCAL_TEST_CASE(name, flags)                  \
+#define LOCAL_TEST_CASE(name, flags)                    \
   { #name, test_tortls_##name, (flags), NULL, NULL }
 
 struct testcase_t tortls_tests[] = {
@@ -2776,7 +2811,7 @@ struct testcase_t tortls_tests[] = {
   LOCAL_TEST_CASE(shutdown, 0),
   LOCAL_TEST_CASE(renegotiate, 0),
   LOCAL_TEST_CASE(finish_handshake, 0),
-   LOCAL_TEST_CASE(handshake, 0),
+  LOCAL_TEST_CASE(handshake, 0),
   LOCAL_TEST_CASE(write, 0),
   LOCAL_TEST_CASE(read, 0),
   LOCAL_TEST_CASE(server_info_callback, 0),
@@ -2796,3 +2831,4 @@ struct testcase_t tortls_tests[] = {
   LOCAL_TEST_CASE(context_init_one, 0),
   END_OF_TESTCASES
 };
+