Clang format slam.

net/socket/ssl_client_socket_openssl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // OpenSSL binding for SSLClientSocket. The class layout and general principle
 // of operation is derived from SSLClientSocketNSS.
 
 #include "net/socket/ssl_client_socket_openssl.h"
 
 #include <openssl/err.h>
@@ skipping 18 matching lines @@
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/ssl/ssl_info.h"
 
 namespace net {
 
 namespace {
 
 // Enable this to see logging for state machine state transitions.
 #if 0
-#define GotoState(s) do { DVLOG(2) << (void *)this << " " << __FUNCTION__ << \
-                           " jump to state " << s; \
-                           next_handshake_state_ = s; } while (0)
+#define GotoState(s)                                                           \
+  do {                                                                         \
+    DVLOG(2) << (void*) this << " " << __FUNCTION__ << " jump to state " << s; \
+    next_handshake_state_ = s;                                                 \
+  } while (0)
 #else
 #define GotoState(s) next_handshake_state_ = s
 #endif
 
 // This constant can be any non-negative/non-zero value (eg: it does not
 // overlap with any value of the net::Error range, including net::OK).
 const int kNoPendingReadResult = 1;
 
 // If a client doesn't have a list of protocols that it supports, but
 // the server supports NPN, choosing "http/1.1" is the best answer.
 const char kDefaultSupportedNPNProtocol[] = "http/1.1";
 
 #if OPENSSL_VERSION_NUMBER < 0x1000103fL
 // This method doesn't seem to have made it into the OpenSSL headers.
-unsigned long SSL_CIPHER_get_id(const SSL_CIPHER* cipher) { return cipher->id; }
+unsigned long SSL_CIPHER_get_id(const SSL_CIPHER* cipher) {
+  return cipher->id;
+}
 #endif
 
 // Used for encoding the |connection_status| field of an SSLInfo object.
-int EncodeSSLConnectionStatus(int cipher_suite,
-                              int compression,
-                              int version) {
-  return ((cipher_suite & SSL_CONNECTION_CIPHERSUITE_MASK) <<
-          SSL_CONNECTION_CIPHERSUITE_SHIFT) |
-         ((compression & SSL_CONNECTION_COMPRESSION_MASK) <<
-          SSL_CONNECTION_COMPRESSION_SHIFT) |
-         ((version & SSL_CONNECTION_VERSION_MASK) <<
-          SSL_CONNECTION_VERSION_SHIFT);
+int EncodeSSLConnectionStatus(int cipher_suite, int compression, int version) {
+  return ((cipher_suite & SSL_CONNECTION_CIPHERSUITE_MASK)
+          << SSL_CONNECTION_CIPHERSUITE_SHIFT) |
+         ((compression & SSL_CONNECTION_COMPRESSION_MASK)
+          << SSL_CONNECTION_COMPRESSION_SHIFT) |
+         ((version & SSL_CONNECTION_VERSION_MASK)
+          << SSL_CONNECTION_VERSION_SHIFT);
 }
 
 // Returns the net SSL version number (see ssl_connection_status_flags.h) for
 // this SSL connection.
 int GetNetSSLVersion(SSL* ssl) {
   switch (SSL_version(ssl)) {
     case SSL2_VERSION:
       return SSL_CONNECTION_VERSION_SSL2;
     case SSL3_VERSION:
       return SSL_CONNECTION_VERSION_SSL3;
@@ skipping 118 matching lines @@
 // error stack if needed. Note that |tracer| is not currently used in the
 // implementation, but is passed in anyway as this ensures the caller will clear
 // any residual codes left on the error stack.
 int MapOpenSSLError(int err, const crypto::OpenSSLErrStackTracer& tracer) {
   switch (err) {
     case SSL_ERROR_WANT_READ:
     case SSL_ERROR_WANT_WRITE:
       return ERR_IO_PENDING;
     case SSL_ERROR_SYSCALL:
       LOG(ERROR) << "OpenSSL SYSCALL error, earliest error code in "
-                    "error queue: " << ERR_peek_error() << ", errno: "
-                 << errno;
+                    "error queue: " << ERR_peek_error() << ", errno: " << errno;
       return ERR_SSL_PROTOCOL_ERROR;
     case SSL_ERROR_SSL:
       return MapOpenSSLErrorSSL();
     default:
       // TODO(joth): Implement full mapping.
       LOG(WARNING) << "Unknown OpenSSL error " << err;
       return ERR_SSL_PROTOCOL_ERROR;
   }
 }
 
@@ skipping 48 matching lines @@
     DCHECK_NE(ssl_socket_data_index_, -1);
     ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method()));
     session_cache_.Reset(ssl_ctx_.get(), kDefaultSessionCacheConfig);
     SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), CertVerifyCallback, NULL);
     SSL_CTX_set_client_cert_cb(ssl_ctx_.get(), ClientCertCallback);
     SSL_CTX_set_channel_id_cb(ssl_ctx_.get(), ChannelIDCallback);
     SSL_CTX_set_verify(ssl_ctx_.get(), SSL_VERIFY_PEER, NULL);
     // TODO(kristianm): Only select this if ssl_config_.next_proto is not empty.
     // It would be better if the callback were not a global setting,
     // but that is an OpenSSL issue.
-    SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback,
-                                     NULL);
+    SSL_CTX_set_next_proto_select_cb(
+        ssl_ctx_.get(), SelectNextProtoCallback, NULL);
   }
 
   static std::string GetSessionCacheKey(const SSL* ssl) {
     SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     DCHECK(socket);
     return GetSocketSessionCacheKey(*socket);
   }
 
   static SSLSessionCacheOpenSSL::Config kDefaultSessionCacheConfig;
 
   static int ClientCertCallback(SSL* ssl, X509** x509, EVP_PKEY** pkey) {
     SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     CHECK(socket);
     return socket->ClientCertRequestCallback(ssl, x509, pkey);
   }
 
   static void ChannelIDCallback(SSL* ssl, EVP_PKEY** pkey) {
     SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     CHECK(socket);
     socket->ChannelIDRequestCallback(ssl, pkey);
   }
 
-  static int CertVerifyCallback(X509_STORE_CTX *store_ctx, void *arg) {
+  static int CertVerifyCallback(X509_STORE_CTX* store_ctx, void* arg) {
     SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(
         store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
     SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     CHECK(socket);
 
     return socket->CertVerifyCallback(store_ctx);
   }
 
   static int SelectNextProtoCallback(SSL* ssl,
-                                     unsigned char** out, unsigned char* outlen,
+                                     unsigned char** out,
+                                     unsigned char* outlen,
                                      const unsigned char* in,
-                                     unsigned int inlen, void* arg) {
+                                     unsigned int inlen,
+                                     void* arg) {
     SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->SelectNextProtoCallback(out, outlen, in, inlen);
   }
 
   // This is the index used with SSL_get_ex_data to retrieve the owner
   // SSLClientSocketOpenSSL object from an SSL instance.
   int ssl_socket_data_index_;
 
   crypto::ScopedOpenSSL<SSL_CTX, SSL_CTX_free> ssl_ctx_;
   // |session_cache_| must be destroyed before |ssl_ctx_|.
   SSLSessionCacheOpenSSL session_cache_;
 };
 
 // PeerCertificateChain is a helper object which extracts the certificate
 // chain, as given by the server, from an OpenSSL socket and performs the needed
 // resource management. The first element of the chain is the leaf certificate
 // and the other elements are in the order given by the server.
 class SSLClientSocketOpenSSL::PeerCertificateChain {
  public:
-  explicit PeerCertificateChain(STACK_OF(X509)* chain) { Reset(chain); }
+  explicit PeerCertificateChain(STACK_OF(X509) * chain) { Reset(chain); }
   PeerCertificateChain(const PeerCertificateChain& other) { *this = other; }
   ~PeerCertificateChain() {}
   PeerCertificateChain& operator=(const PeerCertificateChain& other);
 
   // Resets the PeerCertificateChain to the set of certificates in|chain|,
   // which may be NULL, indicating to empty the store certificates.
   // Note: If an error occurs, such as being unable to parse the certificates,
   // this will behave as if Reset(NULL) was called.
-  void Reset(STACK_OF(X509)* chain);
+  void Reset(STACK_OF(X509) * chain);
 
   // Note that when USE_OPENSSL is defined, OSCertHandle is X509*
   const scoped_refptr<X509Certificate>& AsOSChain() const { return os_chain_; }
 
   size_t size() const {
     if (!openssl_chain_.get())
       return 0;
     return sk_X509_num(openssl_chain_.get());
   }
 
   X509* operator[](size_t index) const {
     DCHECK_LT(index, size());
     return sk_X509_value(openssl_chain_.get(), index);
   }
 
   bool IsValid() { return os_chain_.get() && openssl_chain_.get(); }
 
  private:
-  static void FreeX509Stack(STACK_OF(X509)* cert_chain) {
+  static void FreeX509Stack(STACK_OF(X509) * cert_chain) {
     sk_X509_pop_free(cert_chain, X509_free);
   }
 
   friend class crypto::ScopedOpenSSL<STACK_OF(X509), FreeX509Stack>;
 
   crypto::ScopedOpenSSL<STACK_OF(X509), FreeX509Stack> openssl_chain_;
 
   scoped_refptr<X509Certificate> os_chain_;
 };
 
 SSLClientSocketOpenSSL::PeerCertificateChain&
-SSLClientSocketOpenSSL::PeerCertificateChain::operator=(
-    const PeerCertificateChain& other) {
+SSLClientSocketOpenSSL::PeerCertificateChain::
+operator=(const PeerCertificateChain& other) {
   if (this == &other)
     return *this;
 
   // os_chain_ is reference counted by scoped_refptr;
   os_chain_ = other.os_chain_;
 
   // Must increase the reference count manually for sk_X509_dup
   openssl_chain_.reset(sk_X509_dup(other.openssl_chain_.get()));
   for (int i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) {
     X509* x = sk_X509_value(openssl_chain_.get(), i);
     CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
   }
   return *this;
 }
 
 #if defined(USE_OPENSSL_CERTS)
 // When OSCertHandle is typedef'ed to X509, this implementation does a short cut
 // to avoid converting back and forth between der and X509 struct.
-void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
-    STACK_OF(X509)* chain) {
+void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(STACK_OF(X509) *
+                                                         chain) {
   openssl_chain_.reset(NULL);
   os_chain_ = NULL;
 
   if (!chain)
     return;
 
   X509Certificate::OSCertHandles intermediates;
   for (int i = 1; i < sk_X509_num(chain); ++i)
     intermediates.push_back(sk_X509_value(chain, i));
 
   os_chain_ =
       X509Certificate::CreateFromHandle(sk_X509_value(chain, 0), intermediates);
 
   // sk_X509_dup does not increase reference count on the certs in the stack.
   openssl_chain_.reset(sk_X509_dup(chain));
 
   std::vector<base::StringPiece> der_chain;
   for (int i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) {
     X509* x = sk_X509_value(openssl_chain_.get(), i);
     // Increase the reference count for the certs in openssl_chain_.
     CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
   }
 }
-#else  // !defined(USE_OPENSSL_CERTS)
-void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
-    STACK_OF(X509)* chain) {
+#else   // !defined(USE_OPENSSL_CERTS)
+void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(STACK_OF(X509) *
+                                                         chain) {
   openssl_chain_.reset(NULL);
   os_chain_ = NULL;
 
   if (!chain)
     return;
 
   // sk_X509_dup does not increase reference count on the certs in the stack.
   openssl_chain_.reset(sk_X509_dup(chain));
 
   std::vector<base::StringPiece> der_chain;
@@ skipping 64 matching lines @@
       transport_bio_(NULL),
       transport_(transport_socket.Pass()),
       host_and_port_(host_and_port),
       ssl_config_(ssl_config),
       ssl_session_cache_shard_(context.ssl_session_cache_shard),
       trying_cached_session_(false),
       next_handshake_state_(STATE_NONE),
       npn_status_(kNextProtoUnsupported),
       channel_id_request_return_value_(ERR_UNEXPECTED),
       channel_id_xtn_negotiated_(false),
-      net_log_(transport_->socket()->NetLog()) {}
+      net_log_(transport_->socket()->NetLog()) {
+}
 
 SSLClientSocketOpenSSL::~SSLClientSocketOpenSSL() {
   Disconnect();
 }
 
 void SSLClientSocketOpenSSL::GetSSLCertRequestInfo(
     SSLCertRequestInfo* cert_request_info) {
   cert_request_info->host_and_port = host_and_port_;
   cert_request_info->cert_authorities = cert_authorities_;
 }
 
 SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto(
-    std::string* proto, std::string* server_protos) {
+    std::string* proto,
+    std::string* server_protos) {
   *proto = npn_proto_;
   *server_protos = server_protos_;
   return npn_status_;
 }
 
-ServerBoundCertService*
-SSLClientSocketOpenSSL::GetServerBoundCertService() const {
+ServerBoundCertService* SSLClientSocketOpenSSL::GetServerBoundCertService()
+    const {
   return server_bound_cert_service_;
 }
 
 int SSLClientSocketOpenSSL::ExportKeyingMaterial(
     const base::StringPiece& label,
-    bool has_context, const base::StringPiece& context,
-    unsigned char* out, unsigned int outlen) {
+    bool has_context,
+    const base::StringPiece& context,
+    unsigned char* out,
+    unsigned int outlen) {
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
 
   int rv = SSL_export_keying_material(
-      ssl_, out, outlen, const_cast<char*>(label.data()),
+      ssl_,
+      out,
+      outlen,
+      const_cast<char*>(label.data()),
       label.size(),
       reinterpret_cast<unsigned char*>(const_cast<char*>(context.data())),
       context.length(),
       context.length() > 0);
 
   if (rv != 1) {
     int ssl_error = SSL_get_error(ssl_, rv);
     LOG(ERROR) << "Failed to export keying material;"
-               << " returned " << rv
-               << ", SSL error code " << ssl_error;
+               << " returned " << rv << ", SSL error code " << ssl_error;
     return MapOpenSSLError(ssl_error, err_tracer);
   }
   return OK;
 }
 
 int SSLClientSocketOpenSSL::GetTLSUniqueChannelBinding(std::string* out) {
   return ERR_NOT_IMPLEMENTED;
 }
 
 int SSLClientSocketOpenSSL::Connect(const CompletionCallback& callback) {
@@ skipping 40 matching lines @@
   // Null all callbacks, delete all buffers.
   transport_send_busy_ = false;
   send_buffer_ = NULL;
   transport_recv_busy_ = false;
   transport_recv_eof_ = false;
   recv_buffer_ = NULL;
 
   user_connect_callback_.Reset();
   user_read_callback_.Reset();
   user_write_callback_.Reset();
-  user_read_buf_         = NULL;
-  user_read_buf_len_     = 0;
-  user_write_buf_        = NULL;
-  user_write_buf_len_    = 0;
+  user_read_buf_ = NULL;
+  user_read_buf_len_ = 0;
+  user_write_buf_ = NULL;
+  user_write_buf_len_ = 0;
 
   pending_read_error_ = kNoPendingReadResult;
   transport_write_error_ = OK;
 
   server_cert_verify_result_.Reset();
   completed_handshake_ = false;
 
   cert_authorities_.clear();
   client_auth_cert_needed_ = false;
 }
@@ skipping 68 matching lines @@
 
 bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
   ssl_info->Reset();
   if (!server_cert_.get())
     return false;
 
   ssl_info->cert = server_cert_verify_result_.verified_cert;
   ssl_info->cert_status = server_cert_verify_result_.cert_status;
   ssl_info->is_issued_by_known_root =
       server_cert_verify_result_.is_issued_by_known_root;
-  ssl_info->public_key_hashes =
-    server_cert_verify_result_.public_key_hashes;
+  ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
   ssl_info->client_cert_sent =
       ssl_config_.send_client_cert && ssl_config_.client_cert.get();
   ssl_info->channel_id_sent = WasChannelIDSent();
 
   RecordChannelIDSupport(server_bound_cert_service_,
                          channel_id_xtn_negotiated_,
                          ssl_config_.channel_id_enabled,
                          crypto::ECPrivateKey::IsSupported());
 
   const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_);
   CHECK(cipher);
   ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL);
   const COMP_METHOD* compression = SSL_get_current_compression(ssl_);
 
-  ssl_info->connection_status = EncodeSSLConnectionStatus(
-      SSL_CIPHER_get_id(cipher),
-      compression ? compression->type : 0,
-      GetNetSSLVersion(ssl_));
+  ssl_info->connection_status =
+      EncodeSSLConnectionStatus(SSL_CIPHER_get_id(cipher),
+                                compression ? compression->type : 0,
+                                GetNetSSLVersion(ssl_));
 
   bool peer_supports_renego_ext = !!SSL_get_secure_renegotiation_support(ssl_);
   if (!peer_supports_renego_ext)
     ssl_info->connection_status |= SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION;
   UMA_HISTOGRAM_ENUMERATION("Net.RenegotiationExtensionSupported",
-                            implicit_cast<int>(peer_supports_renego_ext), 2);
+                            implicit_cast<int>(peer_supports_renego_ext),
+                            2);
 
   if (ssl_config_.version_fallback)
     ssl_info->connection_status |= SSL_CONNECTION_VERSION_FALLBACK;
 
-  ssl_info->handshake_type = SSL_session_reused(ssl_) ?
-      SSLInfo::HANDSHAKE_RESUME : SSLInfo::HANDSHAKE_FULL;
+  ssl_info->handshake_type = SSL_session_reused(ssl_)
+                                 ? SSLInfo::HANDSHAKE_RESUME
+                                 : SSLInfo::HANDSHAKE_FULL;
 
   DVLOG(3) << "Encoded connection status: cipher suite = "
-      << SSLConnectionStatusToCipherSuite(ssl_info->connection_status)
-      << " version = "
-      << SSLConnectionStatusToVersion(ssl_info->connection_status);
+           << SSLConnectionStatusToCipherSuite(ssl_info->connection_status)
+           << " version = "
+           << SSLConnectionStatusToVersion(ssl_info->connection_status);
   return true;
 }
 
 int SSLClientSocketOpenSSL::Read(IOBuffer* buf,
                                  int buf_len,
                                  const CompletionCallback& callback) {
   user_read_buf_ = buf;
   user_read_buf_len_ = buf_len;
 
   int rv = DoReadLoop(OK);
@@ skipping 103 matching lines @@
 
   // Removing ciphers by ID from OpenSSL is a bit involved as we must use the
   // textual name with SSL_set_cipher_list because there is no public API to
   // directly remove a cipher by ID.
   STACK_OF(SSL_CIPHER)* ciphers = SSL_get_ciphers(ssl_);
   DCHECK(ciphers);
   // See SSLConfig::disabled_cipher_suites for description of the suites
   // disabled by default. Note that !SHA256 and !SHA384 only remove HMAC-SHA256
   // and HMAC-SHA384 cipher suites, not GCM cipher suites with SHA256 or SHA384
   // as the handshake hash.
-  std::string command("DEFAULT:!NULL:!aNULL:!IDEA:!FZA:!SRP:!SHA256:!SHA384:"
-                      "!aECDH:!AESGCM+AES256");
+  std::string command(
+      "DEFAULT:!NULL:!aNULL:!IDEA:!FZA:!SRP:!SHA256:!SHA384:"
+      "!aECDH:!AESGCM+AES256");
   // Walk through all the installed ciphers, seeing if any need to be
   // appended to the cipher removal |command|.
   for (int i = 0; i < sk_SSL_CIPHER_num(ciphers); ++i) {
     const SSL_CIPHER* cipher = sk_SSL_CIPHER_value(ciphers, i);
     const uint16 id = SSL_CIPHER_get_id(cipher);
     // Remove any ciphers with a strength of less than 80 bits. Note the NSS
     // implementation uses "effective" bits here but OpenSSL does not provide
     // this detail. This only impacts Triple DES: reports 112 vs. 168 bits,
     // both of which are greater than 80 anyway.
     bool disable = SSL_CIPHER_get_bits(cipher, NULL) < 80;
     if (!disable) {
       disable = std::find(ssl_config_.disabled_cipher_suites.begin(),
-                          ssl_config_.disabled_cipher_suites.end(), id) !=
-                    ssl_config_.disabled_cipher_suites.end();
+                          ssl_config_.disabled_cipher_suites.end(),
+                          id) != ssl_config_.disabled_cipher_suites.end();
     }
     if (disable) {
-       const char* name = SSL_CIPHER_get_name(cipher);
-       DVLOG(3) << "Found cipher to remove: '" << name << "', ID: " << id
-                << " strength: " << SSL_CIPHER_get_bits(cipher, NULL);
-       command.append(":!");
-       command.append(name);
-     }
+      const char* name = SSL_CIPHER_get_name(cipher);
+      DVLOG(3) << "Found cipher to remove: '" << name << "', ID: " << id
+               << " strength: " << SSL_CIPHER_get_bits(cipher, NULL);
+      command.append(":!");
+      command.append(name);
+    }
   }
   int rv = SSL_set_cipher_list(ssl_, command.c_str());
   // If this fails (rv = 0) it means there are no ciphers enabled on this SSL.
   // This will almost certainly result in the socket failing to complete the
   // handshake at which point the appropriate error is bubbled up to the client.
   LOG_IF(WARNING, rv != 1) << "SSL_set_cipher_list('" << command << "') "
-                              "returned " << rv;
+                                                                    "returned "
+                           << rv;
 
   // TLS channel ids.
   if (IsChannelIDEnabled(ssl_config_, server_bound_cert_service_)) {
     SSL_enable_tls_channel_id(ssl_);
   }
 
   return true;
 }
 
 void SSLClientSocketOpenSSL::DoReadCallback(int rv) {
@@ skipping 52 matching lines @@
       }
     }
   } else if (rv == 1) {
     if (trying_cached_session_ && logging::DEBUG_MODE) {
       DVLOG(2) << "Result of session reuse for " << host_and_port_.ToString()
                << " is: " << (SSL_session_reused(ssl_) ? "Success" : "Fail");
     }
     // SSL handshake is completed.  Let's verify the certificate.
     const bool got_cert = !!UpdateServerCert();
     DCHECK(got_cert);
-    net_log_.AddEvent(
-        NetLog::TYPE_SSL_CERTIFICATES_RECEIVED,
-        base::Bind(&NetLogX509CertificateCallback,
-                   base::Unretained(server_cert_.get())));
+    net_log_.AddEvent(NetLog::TYPE_SSL_CERTIFICATES_RECEIVED,
+                      base::Bind(&NetLogX509CertificateCallback,
+                                 base::Unretained(server_cert_.get())));
     GotoState(STATE_VERIFY_CERT);
   } else {
     int ssl_error = SSL_get_error(ssl_, rv);
 
     if (ssl_error == SSL_ERROR_WANT_CHANNEL_ID_LOOKUP) {
       // The server supports TLS channel id and the lookup is asynchronous.
       // Retrieve the error from the call to |server_bound_cert_service_|.
       net_error = channel_id_request_return_value_;
     } else {
       net_error = MapOpenSSLError(ssl_error, err_tracer);
     }
 
     // If not done, stay in this state
     if (net_error == ERR_IO_PENDING) {
       GotoState(STATE_HANDSHAKE);
     } else {
-      LOG(ERROR) << "handshake failed; returned " << rv
-                 << ", SSL error code " << ssl_error
-                 << ", net_error " << net_error;
-      net_log_.AddEvent(
-          NetLog::TYPE_SSL_HANDSHAKE_ERROR,
-          CreateNetLogSSLErrorCallback(net_error, ssl_error));
+      LOG(ERROR) << "handshake failed; returned " << rv << ", SSL error code "
+                 << ssl_error << ", net_error " << net_error;
+      net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR,
+                        CreateNetLogSSLErrorCallback(net_error, ssl_error));
     }
   }
   return net_error;
 }
 
 int SSLClientSocketOpenSSL::DoVerifyCert(int result) {
   DCHECK(server_cert_.get());
   GotoState(STATE_VERIFY_CERT_COMPLETE);
 
   CertStatus cert_status;
@@ skipping 27 matching lines @@
 }
 
 int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) {
   verifier_.reset();
 
   if (result == OK) {
     // TODO(joth): Work out if we need to remember the intermediate CA certs
     // when the server sends them to us, and do so here.
     SSLContext::GetInstance()->session_cache()->MarkSSLSessionAsGood(ssl_);
   } else {
-    DVLOG(1) << "DoVerifyCertComplete error " << ErrorToString(result)
-             << " (" << result << ")";
+    DVLOG(1) << "DoVerifyCertComplete error " << ErrorToString(result) << " ("
+             << result << ")";
   }
 
   completed_handshake_ = true;
   // Exit DoHandshakeLoop and return the result to the caller to Connect.
   DCHECK_EQ(STATE_NONE, next_handshake_state_);
   return result;
 }
 
 void SSLClientSocketOpenSSL::DoConnectCallback(int rv) {
   if (!user_connect_callback_.is_null()) {
@@ skipping 83 matching lines @@
     // to stay in the current state.
     State state = next_handshake_state_;
     GotoState(STATE_NONE);
     switch (state) {
       case STATE_HANDSHAKE:
         rv = DoHandshake();
         break;
       case STATE_VERIFY_CERT:
         DCHECK(rv == OK);
         rv = DoVerifyCert(rv);
-       break;
+        break;
       case STATE_VERIFY_CERT_COMPLETE:
         rv = DoVerifyCertComplete(rv);
         break;
       case STATE_NONE:
       default:
         rv = ERR_UNEXPECTED;
         NOTREACHED() << "unexpected state" << state;
         break;
     }
 
@@ skipping 37 matching lines @@
 }
 
 int SSLClientSocketOpenSSL::DoPayloadRead() {
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
 
   int rv;
   if (pending_read_error_ != kNoPendingReadResult) {
     rv = pending_read_error_;
     pending_read_error_ = kNoPendingReadResult;
     if (rv == 0) {
-      net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED,
-                                    rv, user_read_buf_->data());
+      net_log_.AddByteTransferEvent(
+          NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, user_read_buf_->data());
     }
     return rv;
   }
 
   int total_bytes_read = 0;
   do {
-    rv = SSL_read(ssl_, user_read_buf_->data() + total_bytes_read,
+    rv = SSL_read(ssl_,
+                  user_read_buf_->data() + total_bytes_read,
                   user_read_buf_len_ - total_bytes_read);
     if (rv > 0)
       total_bytes_read += rv;
   } while (total_bytes_read < user_read_buf_len_ && rv > 0);
 
   if (total_bytes_read == user_read_buf_len_) {
     rv = total_bytes_read;
   } else {
     // Otherwise, an error occurred (rv <= 0). The error needs to be handled
     // immediately, while the OpenSSL errors are still available in
     // thread-local storage. However, the handled/remapped error code should
     // only be returned if no application data was already read; if it was, the
     // error code should be deferred until the next call of DoPayloadRead.
     //
     // If no data was read, |*next_result| will point to the return value of
     // this function. If at least some data was read, |*next_result| will point
     // to |pending_read_error_|, to be returned in a future call to
     // DoPayloadRead() (e.g.: after the current data is handled).
-    int *next_result = &rv;
+    int* next_result = &rv;
     if (total_bytes_read > 0) {
       pending_read_error_ = rv;
       rv = total_bytes_read;
       next_result = &pending_read_error_;
     }
 
     if (client_auth_cert_needed_) {
       *next_result = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
     } else if (*next_result < 0) {
       int err = SSL_get_error(ssl_, *next_result);
       *next_result = MapOpenSSLError(err, err_tracer);
       if (rv > 0 && *next_result == ERR_IO_PENDING) {
-          // If at least some data was read from SSL_read(), do not treat
-          // insufficient data as an error to return in the next call to
-          // DoPayloadRead() - instead, let the call fall through to check
-          // SSL_read() again. This is because DoTransportIO() may complete
-          // in between the next call to DoPayloadRead(), and thus it is
-          // important to check SSL_read() on subsequent invocations to see
-          // if a complete record may now be read.
+        // If at least some data was read from SSL_read(), do not treat
+        // insufficient data as an error to return in the next call to
+        // DoPayloadRead() - instead, let the call fall through to check
+        // SSL_read() again. This is because DoTransportIO() may complete
+        // in between the next call to DoPayloadRead(), and thus it is
+        // important to check SSL_read() on subsequent invocations to see
+        // if a complete record may now be read.
         *next_result = kNoPendingReadResult;
       }
     }
   }
 
   if (rv >= 0) {
-    net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv,
-                                  user_read_buf_->data());
+    net_log_.AddByteTransferEvent(
+        NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, user_read_buf_->data());
   }
   return rv;
 }
 
 int SSLClientSocketOpenSSL::DoPayloadWrite() {
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
   int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_);
 
   if (rv >= 0) {
-    net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv,
-                                  user_write_buf_->data());
+    net_log_.AddByteTransferEvent(
+        NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, user_write_buf_->data());
     return rv;
   }
 
   int err = SSL_get_error(ssl_, rv);
   return MapOpenSSLError(err, err_tracer);
 }
 
 int SSLClientSocketOpenSSL::BufferSend(void) {
   if (transport_send_busy_)
     return ERR_IO_PENDING;
@@ skipping 134 matching lines @@
                                                       EVP_PKEY** pkey) {
   DVLOG(3) << "OpenSSL ClientCertRequestCallback called";
   DCHECK(ssl == ssl_);
   DCHECK(*x509 == NULL);
   DCHECK(*pkey == NULL);
 #if defined(USE_OPENSSL_CERTS)
   if (!ssl_config_.send_client_cert) {
     // First pass: we know that a client certificate is needed, but we do not
     // have one at hand.
     client_auth_cert_needed_ = true;
-    STACK_OF(X509_NAME) *authorities = SSL_get_client_CA_list(ssl);
+    STACK_OF(X509_NAME)* authorities = SSL_get_client_CA_list(ssl);
     for (int i = 0; i < sk_X509_NAME_num(authorities); i++) {
-      X509_NAME *ca_name = (X509_NAME *)sk_X509_NAME_value(authorities, i);
+      X509_NAME* ca_name = (X509_NAME*)sk_X509_NAME_value(authorities, i);
       unsigned char* str = NULL;
       int length = i2d_X509_NAME(ca_name, &str);
       cert_authorities_.push_back(std::string(
-          reinterpret_cast<const char*>(str),
-          static_cast<size_t>(length)));
+          reinterpret_cast<const char*>(str), static_cast<size_t>(length)));
       OPENSSL_free(str);
     }
 
     return -1;  // Suspends handshake.
   }
 
   // Second pass: a client certificate should have been selected.
   if (ssl_config_.client_cert.get()) {
     // A note about ownership: FetchClientCertPrivateKey() increments
     // the reference count of the EVP_PKEY. Ownership of this reference
     // is passed directly to OpenSSL, which will release the reference
     // using EVP_PKEY_free() when the SSL object is destroyed.
     OpenSSLClientKeyStore::ScopedEVP_PKEY privkey;
     if (OpenSSLClientKeyStore::GetInstance()->FetchClientCertPrivateKey(
             ssl_config_.client_cert.get(), &privkey)) {
       // TODO(joth): (copied from NSS) We should wait for server certificate
       // verification before sending our credentials. See http://crbug.com/13934
       *x509 = X509Certificate::DupOSCertHandle(
           ssl_config_.client_cert->os_cert_handle());
       *pkey = privkey.release();
       return 1;
     }
     LOG(WARNING) << "Client cert found without private key";
   }
-#else  // !defined(USE_OPENSSL_CERTS)
+#else   // !defined(USE_OPENSSL_CERTS)
   // OS handling of client certificates is not yet implemented.
   NOTIMPLEMENTED();
 #endif  // defined(USE_OPENSSL_CERTS)
 
   // Send no client certificate.
   return 0;
 }
 
 void SSLClientSocketOpenSSL::ChannelIDRequestCallback(SSL* ssl,
                                                       EVP_PKEY** pkey) {
@@ skipping 68 matching lines @@
         const_cast<char*>(kDefaultSupportedNPNProtocol));
     *outlen = arraysize(kDefaultSupportedNPNProtocol) - 1;
     npn_status_ = kNextProtoUnsupported;
     return SSL_TLSEXT_ERR_OK;
   }
 
   // Assume there's no overlap between our protocols and the server's list.
   npn_status_ = kNextProtoNoOverlap;
 
   // For each protocol in server preference order, see if we support it.
-  for (unsigned int i = 0; i < inlen; i += in[i] + 1) {
-    for (std::vector<std::string>::const_iterator
-             j = ssl_config_.next_protos.begin();
-         j != ssl_config_.next_protos.end(); ++j) {
-      if (in[i] == j->size() &&
-          memcmp(&in[i + 1], j->data(), in[i]) == 0) {
+  for (unsigned int i = 0; i < inlen; i += in [i] + 1) {
+    for (std::vector<std::string>::const_iterator j =
+             ssl_config_.next_protos.begin();
+         j != ssl_config_.next_protos.end();
+         ++j) {
+      if (in[i] == j->size() && memcmp(&in[i + 1], j->data(), in[i]) == 0) {
         // We found a match.
         *out = const_cast<unsigned char*>(in) + i + 1;
         *outlen = in[i];
         npn_status_ = kNextProtoNegotiated;
         break;
       }
     }
     if (npn_status_ == kNextProtoNegotiated)
       break;
   }
 
   // If we didn't find a protocol, we select the first one from our list.
   if (npn_status_ == kNextProtoNoOverlap) {
-    *out = reinterpret_cast<uint8*>(const_cast<char*>(
-        ssl_config_.next_protos[0].data()));
+    *out = reinterpret_cast<uint8*>(
+        const_cast<char*>(ssl_config_.next_protos[0].data()));
     *outlen = ssl_config_.next_protos[0].size();
   }
 
   npn_proto_.assign(reinterpret_cast<const char*>(*out), *outlen);
   server_protos_.assign(reinterpret_cast<const char*>(in), inlen);
   DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_;
   return SSL_TLSEXT_ERR_OK;
 }
 
 scoped_refptr<X509Certificate>
 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {
   return server_cert_;
 }
 
 }  // namespace net