1 files changed, 26 insertions, 23 deletions

diff --git a/lib/nettle/rnd.c b/lib/nettle/rnd.c
index cddf1f72ff..a7fe09db75 100644
--- a/lib/nettle/rnd.c
+++ b/lib/nettle/rnd.c
@@ -49,15 +49,15 @@
 
 /* after this number of bytes PRNG will rekey using the system RNG */
 static const unsigned prng_reseed_limits[] = {
-	[GNUTLS_RND_NONCE] = 16*1024*1024, /* 16 MB - we re-seed using the GNUTLS_RND_RANDOM output */
-	[GNUTLS_RND_RANDOM] = 2*1024*1024, /* 2MB - we re-seed by time as well */
-	[GNUTLS_RND_KEY] = 2*1024*1024 /* same as GNUTLS_RND_RANDOM - but we re-key on every operation */
+	[GNUTLS_RND_NONCE] = 16 * 1024 * 1024,	/* 16 MB - we re-seed using the GNUTLS_RND_RANDOM output */
+	[GNUTLS_RND_RANDOM] = 2 * 1024 * 1024,	/* 2MB - we re-seed by time as well */
+	[GNUTLS_RND_KEY] = 2 * 1024 * 1024	/* same as GNUTLS_RND_RANDOM - but we re-key on every operation */
 };
 
 static const time_t prng_reseed_time[] = {
-	[GNUTLS_RND_NONCE] = 14400, /* 4 hours */
-	[GNUTLS_RND_RANDOM] = 7200, /* 2 hours */
-	[GNUTLS_RND_KEY] = 7200 /* same as RANDOM */
+	[GNUTLS_RND_NONCE] = 14400,	/* 4 hours */
+	[GNUTLS_RND_RANDOM] = 7200,	/* 2 hours */
+	[GNUTLS_RND_KEY] = 7200	/* same as RANDOM */
 };
 
 struct prng_ctx_st {
@@ -68,11 +68,10 @@ struct prng_ctx_st {
 };
 
 struct generators_ctx_st {
-	struct prng_ctx_st nonce;  /* GNUTLS_RND_NONCE */
-	struct prng_ctx_st normal; /* GNUTLS_RND_RANDOM, GNUTLS_RND_KEY */
+	struct prng_ctx_st nonce;	/* GNUTLS_RND_NONCE */
+	struct prng_ctx_st normal;	/* GNUTLS_RND_RANDOM, GNUTLS_RND_KEY */
 };
 
-
 static void wrap_nettle_rnd_deinit(void *_ctx)
 {
 	gnutls_free(_ctx);
@@ -87,12 +86,11 @@ static void wrap_nettle_rnd_deinit(void *_ctx)
  */
 static int single_prng_init(struct prng_ctx_st *ctx,
 			    uint8_t new_key[PRNG_KEY_SIZE],
-			    unsigned new_key_size,
-			    unsigned init)
+			    unsigned new_key_size, unsigned init)
 {
 	uint8_t nonce[CHACHA_NONCE_SIZE];
 
-	memset(nonce, 0, sizeof(nonce)); /* to prevent valgrind from whinning */
+	memset(nonce, 0, sizeof(nonce));	/* to prevent valgrind from whinning */
 
 	if (init == 0) {
 		/* use the previous key to generate IV as well */
@@ -102,7 +100,7 @@ static int single_prng_init(struct prng_ctx_st *ctx,
 		 * from the old key */
 		chacha_crypt(&ctx->ctx, new_key_size, new_key, new_key);
 	} else {
-		struct timespec now; /* current time */
+		struct timespec now;	/* current time */
 
 		ctx->forkid = _gnutls_get_forkid();
 
@@ -126,7 +124,7 @@ static int single_prng_init(struct prng_ctx_st *ctx,
 static int wrap_nettle_rnd_init(void **_ctx)
 {
 	int ret;
-	uint8_t new_key[PRNG_KEY_SIZE*2];
+	uint8_t new_key[PRNG_KEY_SIZE * 2];
 	struct generators_ctx_st *ctx;
 
 	ctx = calloc(1, sizeof(*ctx));
@@ -147,7 +145,9 @@ static int wrap_nettle_rnd_init(void **_ctx)
 	}
 
 	/* initialize the random/key RNG */
-	ret = single_prng_init(&ctx->normal, new_key+PRNG_KEY_SIZE, PRNG_KEY_SIZE, 1);
+	ret =
+	    single_prng_init(&ctx->normal, new_key + PRNG_KEY_SIZE,
+			     PRNG_KEY_SIZE, 1);
 	if (ret < 0) {
 		gnutls_assert();
 		goto fail;
@@ -161,8 +161,7 @@ static int wrap_nettle_rnd_init(void **_ctx)
 	return ret;
 }
 
-static int
-wrap_nettle_rnd(void *_ctx, int level, void *data, size_t datasize)
+static int wrap_nettle_rnd(void *_ctx, int level, void *data, size_t datasize)
 {
 	struct generators_ctx_st *ctx = _ctx;
 	struct prng_ctx_st *prng_ctx;
@@ -199,7 +198,9 @@ wrap_nettle_rnd(void *_ctx, int level, void *data, size_t datasize)
 
 	if (reseed != 0 || prng_ctx->counter > prng_reseed_limits[level]) {
 		if (level == GNUTLS_RND_NONCE) {
-			ret = wrap_nettle_rnd(_ctx, GNUTLS_RND_RANDOM, new_key, sizeof(new_key));
+			ret =
+			    wrap_nettle_rnd(_ctx, GNUTLS_RND_RANDOM, new_key,
+					    sizeof(new_key));
 		} else {
 
 			/* we also use the system entropy to reduce the impact
@@ -227,8 +228,10 @@ wrap_nettle_rnd(void *_ctx, int level, void *data, size_t datasize)
 	chacha_crypt(&prng_ctx->ctx, datasize, data, data);
 	prng_ctx->counter += datasize;
 
-	if (level == GNUTLS_RND_KEY) { /* prevent backtracking */
-		ret = wrap_nettle_rnd(_ctx, GNUTLS_RND_RANDOM, new_key, sizeof(new_key));
+	if (level == GNUTLS_RND_KEY) {	/* prevent backtracking */
+		ret =
+		    wrap_nettle_rnd(_ctx, GNUTLS_RND_RANDOM, new_key,
+				    sizeof(new_key));
 		if (ret < 0) {
 			gnutls_assert();
 			_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_ERROR);
@@ -246,7 +249,7 @@ wrap_nettle_rnd(void *_ctx, int level, void *data, size_t datasize)
 	ret = 0;
 	_gnutls_switch_fips_state(GNUTLS_FIPS140_OP_NOT_APPROVED);
 
-cleanup:
+ cleanup:
 	return ret;
 }
 
@@ -256,8 +259,8 @@ static void wrap_nettle_rnd_refresh(void *_ctx)
 	char tmp;
 
 	/* force reseed */
-	ctx->nonce.counter = prng_reseed_limits[GNUTLS_RND_NONCE]+1;
-	ctx->normal.counter = prng_reseed_limits[GNUTLS_RND_RANDOM]+1;
+	ctx->nonce.counter = prng_reseed_limits[GNUTLS_RND_NONCE] + 1;
+	ctx->normal.counter = prng_reseed_limits[GNUTLS_RND_RANDOM] + 1;
 
 	wrap_nettle_rnd(_ctx, GNUTLS_RND_NONCE, &tmp, 1);
 	wrap_nettle_rnd(_ctx, GNUTLS_RND_RANDOM, &tmp, 1);