Clang format slam.

net/socket/nss_ssl_util.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/nss_ssl_util.h"
 
 #include <nss.h>
 #include <secerr.h>
 #include <ssl.h>
 #include <sslerr.h>
@@ skipping 20 matching lines @@
 
 namespace {
 
 // CiphersRemove takes a zero-terminated array of cipher suite ids in
 // |to_remove| and sets every instance of them in |ciphers| to zero. It returns
 // true if it found and removed every element of |to_remove|. It assumes that
 // there are no duplicates in |ciphers| nor in |to_remove|.
 bool CiphersRemove(const uint16* to_remove, uint16* ciphers, size_t num) {
   size_t i, found = 0;
 
-  for (i = 0; ; i++) {
+  for (i = 0;; i++) {
     if (to_remove[i] == 0)
       break;
 
     for (size_t j = 0; j < num; j++) {
       if (to_remove[i] == ciphers[j]) {
         ciphers[j] = 0;
         found++;
         break;
       }
     }
@@ skipping 11 matching lines @@
   for (size_t i = num - 1; i < num; i--) {
     if (ciphers[i] == 0)
       continue;
     ciphers[j--] = ciphers[i];
   }
 }
 
 // CiphersCopy copies the zero-terminated array |in| to |out|. It returns the
 // number of cipher suite ids copied.
 size_t CiphersCopy(const uint16* in, uint16* out) {
-  for (size_t i = 0; ; i++) {
+  for (size_t i = 0;; i++) {
     if (in[i] == 0)
       return i;
     out[i] = in[i];
   }
 }
 
 }  // anonymous namespace
 
 namespace net {
 
@@ skipping 12 matching lines @@
     // ciphersuites as a hint to send an ECDSA certificate.
     bool disableECDSA = false;
 #if defined(OS_WIN)
     if (base::win::GetVersion() < base::win::VERSION_VISTA)
       disableECDSA = true;
 #endif
 
     // Explicitly enable exactly those ciphers with keys of at least 80 bits
     for (int i = 0; i < num_ciphers; i++) {
       SSLCipherSuiteInfo info;
-      if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info,
-                                 sizeof(info)) == SECSuccess) {
+      if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) ==
+          SECSuccess) {
         bool enabled = info.effectiveKeyBits >= 80;
         if (info.authAlgorithm == ssl_auth_ecdsa && disableECDSA)
           enabled = false;
 
         // Trim the list of cipher suites in order to keep the size of the
         // ClientHello down. DSS, ECDH, CAMELLIA, SEED, ECC+3DES, and
         // HMAC-SHA256 cipher suites are disabled.
         if (info.symCipher == ssl_calg_camellia ||
             info.symCipher == ssl_calg_seed ||
             (info.symCipher == ssl_calg_3des && info.keaType != ssl_kea_rsa) ||
             info.authAlgorithm == ssl_auth_dsa ||
-            info.macAlgorithm == ssl_hmac_sha256 ||
-            info.nonStandard ||
+            info.macAlgorithm == ssl_hmac_sha256 || info.nonStandard ||
             strcmp(info.keaTypeName, "ECDH") == 0) {
           enabled = false;
         }
 
         if (ssl_ciphers[i] == TLS_DHE_DSS_WITH_AES_128_CBC_SHA) {
           // Enabled to allow servers with only a DSA certificate to function.
           enabled = true;
         }
         SSL_CipherPrefSetDefault(ssl_ciphers[i], enabled);
       }
     }
 
     // Enable SSL.
     SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE);
 
     // Calculate the order of ciphers that we'll use for NSS sockets. (Note
     // that, even if a cipher is specified in the ordering, it must still be
     // enabled in order to be included in a ClientHello.)
     //
     // Our top preference cipher suites are either forward-secret AES-GCM or
     // forward-secret ChaCha20-Poly1305. If the local machine has AES-NI then
     // we prefer AES-GCM, otherwise ChaCha20. The remainder of the cipher suite
     // preference is inheriented from NSS. */
     static const uint16 chacha_ciphers[] = {
-      TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-      TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-      0,
+        TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+        TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, 0,
     };
     static const uint16 aes_gcm_ciphers[] = {
-      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
-      0,
+        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 0,
     };
     scoped_ptr<uint16[]> ciphers(new uint16[num_ciphers]);
-    memcpy(ciphers.get(), ssl_ciphers, sizeof(uint16)*num_ciphers);
+    memcpy(ciphers.get(), ssl_ciphers, sizeof(uint16) * num_ciphers);
 
     if (CiphersRemove(chacha_ciphers, ciphers.get(), num_ciphers) &&
         CiphersRemove(aes_gcm_ciphers, ciphers.get(), num_ciphers)) {
       CiphersCompact(ciphers.get(), num_ciphers);
 
       const uint16* preference_ciphers = chacha_ciphers;
       const uint16* other_ciphers = aes_gcm_ciphers;
       base::CPU cpu;
 
       if (cpu.has_aesni() && cpu.has_avx()) {
@@ skipping 12 matching lines @@
           PR_Close(model_fd_);
           model_fd_ = NULL;
         }
       }
     }
 
     // All other SSL options are set per-session by SSLClientSocket and
     // SSLServerSocket.
   }
 
-  PRFileDesc* GetModelSocket() {
-    return model_fd_;
-  }
+  PRFileDesc* GetModelSocket() { return model_fd_; }
 
   ~NSSSSLInitSingleton() {
     // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY.
     SSL_ClearSessionCache();
     if (model_fd_)
       PR_Close(model_fd_);
   }
 
  private:
   PRFileDesc* model_fd_;
@@ skipping 16 matching lines @@
 }
 
 PRFileDesc* GetNSSModelSocket() {
   return g_nss_ssl_init_singleton.Get().GetModelSocket();
 }
 
 // Map a Chromium net error code to an NSS error code.
 // See _MD_unix_map_default_error in the NSS source
 // tree for inspiration.
 PRErrorCode MapErrorToNSS(int result) {
-  if (result >=0)
+  if (result >= 0)
     return result;
 
   switch (result) {
     case ERR_IO_PENDING:
       return PR_WOULD_BLOCK_ERROR;
     case ERR_ACCESS_DENIED:
     case ERR_NETWORK_ACCESS_DENIED:
       // For connect, this could be mapped to PR_ADDRESS_NOT_SUPPORTED_ERROR.
       return PR_NO_ACCESS_RIGHTS_ERROR;
     case ERR_NOT_IMPLEMENTED:
       return PR_NOT_IMPLEMENTED_ERROR;
     case ERR_SOCKET_NOT_CONNECTED:
       return PR_NOT_CONNECTED_ERROR;
-    case ERR_INTERNET_DISCONNECTED:  // Equivalent to ENETDOWN.
+    case ERR_INTERNET_DISCONNECTED:         // Equivalent to ENETDOWN.
       return PR_NETWORK_UNREACHABLE_ERROR;  // Best approximation.
     case ERR_CONNECTION_TIMED_OUT:
     case ERR_TIMED_OUT:
       return PR_IO_TIMEOUT_ERROR;
     case ERR_CONNECTION_RESET:
       return PR_CONNECT_RESET_ERROR;
     case ERR_CONNECTION_ABORTED:
       return PR_CONNECT_ABORTED_ERROR;
     case ERR_CONNECTION_REFUSED:
       return PR_CONNECT_REFUSED_ERROR;
@@ skipping 135 matching lines @@
   return dict;
 }
 
 void LogFailedNSSFunction(const BoundNetLog& net_log,
                           const char* function,
                           const char* param) {
   DCHECK(function);
   DCHECK(param);
   net_log.AddEvent(
       NetLog::TYPE_SSL_NSS_ERROR,
-      base::Bind(&NetLogSSLFailedNSSFunctionCallback,
-                 function, param, PR_GetError()));
+      base::Bind(
+          &NetLogSSLFailedNSSFunctionCallback, function, param, PR_GetError()));
 }
 
 }  // namespace net