Switch to the new code style

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

include/mbedtls/aes.h

@@ -72,8 +72,7 @@ extern "C" {
 /**
  * \brief The AES context-type definition.
  */
-typedef struct mbedtls_aes_context
+typedef struct mbedtls_aes_context {
-{
     int MBEDTLS_PRIVATE(nr);                     /*!< The number of rounds. */
     size_t MBEDTLS_PRIVATE(rk_offset);           /*!< The offset in array elements to AES
                                                     round keys in the buffer. */
@@ -92,8 +91,7 @@ mbedtls_aes_context;
 /**
  * \brief The AES XTS context-type definition.
  */
-typedef struct mbedtls_aes_xts_context
+typedef struct mbedtls_aes_xts_context {
-{
     mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block
                                                    encryption or decryption. */
     mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak

include/mbedtls/aria.h

@@ -61,8 +61,7 @@ extern "C" {
 /**
  * \brief The ARIA context-type definition.
  */
-typedef struct mbedtls_aria_context
+typedef struct mbedtls_aria_context {
-{
     unsigned char MBEDTLS_PRIVATE(nr);           /*!< The number of rounds (12, 14 or 16) */
     /*! The ARIA round keys. */
     uint32_t MBEDTLS_PRIVATE(rk)[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];

include/mbedtls/asn1.h

@@ -151,8 +151,7 @@ extern "C" {
 /**
  * Type-length-value structure that allows for ASN1 using DER.
  */
-typedef struct mbedtls_asn1_buf
+typedef struct mbedtls_asn1_buf {
-{
     int tag;                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
     size_t len;             /**< ASN1 length, in octets. */
     unsigned char *p;       /**< ASN1 data, e.g. in ASCII. */
@@ -162,8 +161,7 @@ mbedtls_asn1_buf;
 /**
  * Container for ASN1 bit strings.
  */
-typedef struct mbedtls_asn1_bitstring
+typedef struct mbedtls_asn1_bitstring {
-{
     size_t len;                 /**< ASN1 length, in octets. */
     unsigned char unused_bits;  /**< Number of unused bits at the end of the string */
     unsigned char *p;           /**< Raw ASN1 data for the bit string */
@@ -173,8 +171,7 @@ mbedtls_asn1_bitstring;
 /**
  * Container for a sequence of ASN.1 items
  */
-typedef struct mbedtls_asn1_sequence
+typedef struct mbedtls_asn1_sequence {
-{
     mbedtls_asn1_buf buf;                   /**< Buffer containing the given ASN.1 item. */
 
     /** The next entry in the sequence.
@@ -191,8 +188,7 @@ mbedtls_asn1_sequence;
 /**
  * Container for a sequence or list of 'named' ASN.1 data items
  */
-typedef struct mbedtls_asn1_named_data
+typedef struct mbedtls_asn1_named_data {
-{
     mbedtls_asn1_buf oid;                   /**< The object identifier. */
     mbedtls_asn1_buf val;                   /**< The named value. */
 

include/mbedtls/asn1write.h

@@ -30,7 +30,7 @@
     do                                                  \
     {                                                   \
         if ((ret = (f)) < 0)                         \
-            return( ret );                              \
+        return ret;                              \
         else                                            \
         (g) += ret;                                 \
     } while (0)

include/mbedtls/bignum.h

@@ -107,7 +107,9 @@
  */
 #define MBEDTLS_MPI_MAX_BITS_SCALE100          (100 * MBEDTLS_MPI_MAX_BITS)
 #define MBEDTLS_LN_2_DIV_LN_10_SCALE100                 332
-#define MBEDTLS_MPI_RW_BUFFER_SIZE             ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
+#define MBEDTLS_MPI_RW_BUFFER_SIZE             (((MBEDTLS_MPI_MAX_BITS_SCALE100 + \
+                                                  MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / \
+                                                 MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6)
 
 /*
  * Define the base integer type, architecture-wise.
@@ -200,8 +202,7 @@ extern "C" {
 /**
  * \brief          MPI structure
  */
-typedef struct mbedtls_mpi
+typedef struct mbedtls_mpi {
-{
     /** Sign: -1 if the mpi is negative, 1 otherwise.
      *
      * The number 0 must be represented with `s = +1`. Although many library

include/mbedtls/camellia.h

@@ -50,8 +50,7 @@ extern "C" {
 /**
  * \brief          CAMELLIA context structure
  */
-typedef struct mbedtls_camellia_context
+typedef struct mbedtls_camellia_context {
-{
     int MBEDTLS_PRIVATE(nr);                     /*!<  number of rounds  */
     uint32_t MBEDTLS_PRIVATE(rk)[68];            /*!<  CAMELLIA round keys    */
 }

include/mbedtls/ccm.h

@@ -74,8 +74,7 @@ extern "C" {
  * \brief    The CCM context-type definition. The CCM context is passed
  *           to the APIs called.
  */
-typedef struct mbedtls_ccm_context
+typedef struct mbedtls_ccm_context {
-{
     unsigned char MBEDTLS_PRIVATE(y)[16];    /*!< The Y working buffer */
     unsigned char MBEDTLS_PRIVATE(ctr)[16];  /*!< The counter buffer */
     mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx);    /*!< The cipher context used. */

include/mbedtls/chacha20.h

@@ -47,8 +47,7 @@ extern "C" {
 
 #if !defined(MBEDTLS_CHACHA20_ALT)
 
-typedef struct mbedtls_chacha20_context
+typedef struct mbedtls_chacha20_context {
-{
     uint32_t MBEDTLS_PRIVATE(state)[16];          /*! The state (before round operations). */
     uint8_t  MBEDTLS_PRIVATE(keystream8)[64];     /*! Leftover keystream bytes. */
     size_t MBEDTLS_PRIVATE(keystream_bytes_used); /*! Number of keystream bytes already used. */

include/mbedtls/chachapoly.h

@@ -47,8 +47,7 @@
 extern "C" {
 #endif
 
-typedef enum
+typedef enum {
-{
     MBEDTLS_CHACHAPOLY_ENCRYPT,     /**< The mode value for performing encryption. */
     MBEDTLS_CHACHAPOLY_DECRYPT      /**< The mode value for performing decryption. */
 }
@@ -58,8 +57,7 @@ mbedtls_chachapoly_mode_t;
 
 #include "mbedtls/chacha20.h"
 
-typedef struct mbedtls_chachapoly_context
+typedef struct mbedtls_chachapoly_context {
-{
     mbedtls_chacha20_context MBEDTLS_PRIVATE(chacha20_ctx);  /**< The ChaCha20 context. */
     mbedtls_poly1305_context MBEDTLS_PRIVATE(poly1305_ctx);  /**< The Poly1305 context. */
     uint64_t MBEDTLS_PRIVATE(aad_len);                       /**< The length (bytes) of the Additional Authenticated Data. */

include/mbedtls/cipher.h

@@ -271,8 +271,7 @@ typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
  *              mbedtls_cipher_info_from_values(),
  *              mbedtls_cipher_info_from_psa().
  */
-typedef struct mbedtls_cipher_info_t
+typedef struct mbedtls_cipher_info_t {
-{
     /** Full cipher identifier. For example,
      * MBEDTLS_CIPHER_AES_256_CBC.
      */
@@ -313,8 +312,7 @@ typedef struct mbedtls_cipher_info_t
 /**
  * Generic cipher context.
  */
-typedef struct mbedtls_cipher_context_t
+typedef struct mbedtls_cipher_context_t {
-{
     /** Information about the associated cipher. */
     const mbedtls_cipher_info_t *MBEDTLS_PRIVATE(cipher_info);
 
@@ -438,10 +436,11 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_ciph
 static inline mbedtls_cipher_type_t mbedtls_cipher_info_get_type(
     const mbedtls_cipher_info_t *info)
 {
-    if( info == NULL )
+    if (info == NULL) {
-        return( MBEDTLS_CIPHER_NONE );
+        return MBEDTLS_CIPHER_NONE;
-    else
+    } else {
-        return( info->MBEDTLS_PRIVATE(type) );
+        return info->MBEDTLS_PRIVATE(type);
+    }
 }
 
 /**
@@ -456,10 +455,11 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_info_get_type(
 static inline mbedtls_cipher_mode_t mbedtls_cipher_info_get_mode(
     const mbedtls_cipher_info_t *info)
 {
-    if( info == NULL )
+    if (info == NULL) {
-        return( MBEDTLS_MODE_NONE );
+        return MBEDTLS_MODE_NONE;
-    else
+    } else {
-        return( info->MBEDTLS_PRIVATE(mode) );
+        return info->MBEDTLS_PRIVATE(mode);
+    }
 }
 
 /**
@@ -476,10 +476,11 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_info_get_mode(
 static inline size_t mbedtls_cipher_info_get_key_bitlen(
     const mbedtls_cipher_info_t *info)
 {
-    if( info == NULL )
+    if (info == NULL) {
-        return( 0 );
+        return 0;
-    else
+    } else {
-        return( info->MBEDTLS_PRIVATE(key_bitlen) );
+        return info->MBEDTLS_PRIVATE(key_bitlen);
+    }
 }
 
 /**
@@ -496,10 +497,11 @@ static inline size_t mbedtls_cipher_info_get_key_bitlen(
 static inline const char *mbedtls_cipher_info_get_name(
     const mbedtls_cipher_info_t *info)
 {
-    if( info == NULL )
+    if (info == NULL) {
-        return( NULL );
+        return NULL;
-    else
+    } else {
-        return( info->MBEDTLS_PRIVATE(name) );
+        return info->MBEDTLS_PRIVATE(name);
+    }
 }
 
 /**
@@ -515,10 +517,11 @@ static inline const char *mbedtls_cipher_info_get_name(
 static inline size_t mbedtls_cipher_info_get_iv_size(
     const mbedtls_cipher_info_t *info)
 {
-    if( info == NULL )
+    if (info == NULL) {
-        return( 0 );
+        return 0;
+    }
 
-    return( (size_t) info->MBEDTLS_PRIVATE(iv_size) );
+    return (size_t) info->MBEDTLS_PRIVATE(iv_size);
 }
 
 /**
@@ -534,10 +537,11 @@ static inline size_t mbedtls_cipher_info_get_iv_size(
 static inline size_t mbedtls_cipher_info_get_block_size(
     const mbedtls_cipher_info_t *info)
 {
-    if( info == NULL )
+    if (info == NULL) {
-        return( 0 );
+        return 0;
+    }
 
-    return( (size_t) info->MBEDTLS_PRIVATE(block_size) );
+    return (size_t) info->MBEDTLS_PRIVATE(block_size);
 }
 
 /**
@@ -552,10 +556,11 @@ static inline size_t mbedtls_cipher_info_get_block_size(
 static inline int mbedtls_cipher_info_has_variable_key_bitlen(
     const mbedtls_cipher_info_t *info)
 {
-    if( info == NULL )
+    if (info == NULL) {
-        return( 0 );
+        return 0;
+    }
 
-    return( info->MBEDTLS_PRIVATE(flags) & MBEDTLS_CIPHER_VARIABLE_KEY_LEN );
+    return info->MBEDTLS_PRIVATE(flags) & MBEDTLS_CIPHER_VARIABLE_KEY_LEN;
 }
 
 /**
@@ -570,10 +575,11 @@ static inline int mbedtls_cipher_info_has_variable_key_bitlen(
 static inline int mbedtls_cipher_info_has_variable_iv_size(
     const mbedtls_cipher_info_t *info)
 {
-    if( info == NULL )
+    if (info == NULL) {
-        return( 0 );
+        return 0;
+    }
 
-    return( info->MBEDTLS_PRIVATE(flags) & MBEDTLS_CIPHER_VARIABLE_IV_LEN );
+    return info->MBEDTLS_PRIVATE(flags) & MBEDTLS_CIPHER_VARIABLE_IV_LEN;
 }
 
 /**
@@ -653,7 +659,8 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
  *                      cipher-specific context fails.
  */
 int MBEDTLS_DEPRECATED mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
-    const mbedtls_cipher_info_t *cipher_info, size_t taglen );
+                                                const mbedtls_cipher_info_t *cipher_info,
+                                                size_t taglen);
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
@@ -671,8 +678,9 @@ static inline unsigned int mbedtls_cipher_get_block_size(
     const mbedtls_cipher_context_t *ctx)
 {
     MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
-    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+    if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
         return 0;
+    }
 
     return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
 }
@@ -690,8 +698,9 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
     const mbedtls_cipher_context_t *ctx)
 {
     MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_MODE_NONE);
-    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+    if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
         return MBEDTLS_MODE_NONE;
+    }
 
     return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode);
 }
@@ -710,11 +719,13 @@ static inline int mbedtls_cipher_get_iv_size(
     const mbedtls_cipher_context_t *ctx)
 {
     MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
-    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+    if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
         return 0;
+    }
 
-    if( ctx->MBEDTLS_PRIVATE(iv_size) != 0 )
+    if (ctx->MBEDTLS_PRIVATE(iv_size) != 0) {
         return (int) ctx->MBEDTLS_PRIVATE(iv_size);
+    }
 
     return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
 }
@@ -732,8 +743,9 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
 {
     MBEDTLS_INTERNAL_VALIDATE_RET(
         ctx != NULL, MBEDTLS_CIPHER_NONE);
-    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+    if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
         return MBEDTLS_CIPHER_NONE;
+    }
 
     return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type);
 }
@@ -751,8 +763,9 @@ static inline const char *mbedtls_cipher_get_name(
     const mbedtls_cipher_context_t *ctx)
 {
     MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
-    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+    if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
         return 0;
+    }
 
     return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(name);
 }
@@ -771,8 +784,9 @@ static inline int mbedtls_cipher_get_key_bitlen(
 {
     MBEDTLS_INTERNAL_VALIDATE_RET(
         ctx != NULL, MBEDTLS_KEY_LENGTH_NONE);
-    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+    if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
         return MBEDTLS_KEY_LENGTH_NONE;
+    }
 
     return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
 }
@@ -790,8 +804,9 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation(
 {
     MBEDTLS_INTERNAL_VALIDATE_RET(
         ctx != NULL, MBEDTLS_OPERATION_NONE);
-    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+    if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
         return MBEDTLS_OPERATION_NONE;
+    }
 
     return ctx->MBEDTLS_PRIVATE(operation);
 }

include/mbedtls/cmac.h

@@ -49,8 +49,7 @@ extern "C" {
 /**
  * The CMAC context structure.
  */
-struct mbedtls_cmac_context_t
+struct mbedtls_cmac_context_t {
-{
     /** The internal state of the CMAC algorithm.  */
     unsigned char       MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX];
 

include/mbedtls/ctr_drbg.h

@@ -167,8 +167,7 @@ extern "C" {
 /**
  * \brief          The CTR_DRBG context structure.
  */
-typedef struct mbedtls_ctr_drbg_context
+typedef struct mbedtls_ctr_drbg_context {
-{
     unsigned char MBEDTLS_PRIVATE(counter)[16];  /*!< The counter (V). */
     int MBEDTLS_PRIVATE(reseed_counter);         /*!< The reseed counter.
                                                   * This is the number of requests that have

include/mbedtls/debug.h

@@ -124,10 +124,12 @@
    #include <inttypes.h>
    #define MBEDTLS_PRINTF_SIZET     PRIuPTR
    #define MBEDTLS_PRINTF_LONGLONG  "I64d"
-#else /* (defined(__MINGW32__)  && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
+#else \
+    /* (defined(__MINGW32__)  && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
    #define MBEDTLS_PRINTF_SIZET     "zu"
    #define MBEDTLS_PRINTF_LONGLONG  "lld"
-#endif /* (defined(__MINGW32__)  && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
+#endif \
+    /* (defined(__MINGW32__)  && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
 
 #ifdef __cplusplus
 extern "C" {
@@ -275,8 +277,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
 #endif
 
 #if defined(MBEDTLS_ECDH_C)
-typedef enum
+typedef enum {
-{
     MBEDTLS_DEBUG_ECDH_Q,
     MBEDTLS_DEBUG_ECDH_QP,
     MBEDTLS_DEBUG_ECDH_Z,

include/mbedtls/des.h

@@ -57,8 +57,7 @@ extern "C" {
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-typedef struct mbedtls_des_context
+typedef struct mbedtls_des_context {
-{
     uint32_t MBEDTLS_PRIVATE(sk)[32];            /*!<  DES subkeys       */
 }
 mbedtls_des_context;
@@ -66,8 +65,7 @@ mbedtls_des_context;
 /**
  * \brief          Triple-DES context structure
  */
-typedef struct mbedtls_des3_context
+typedef struct mbedtls_des3_context {
-{
     uint32_t MBEDTLS_PRIVATE(sk)[96];            /*!<  3DES subkeys      */
 }
 mbedtls_des3_context;

include/mbedtls/dhm.h

@@ -92,8 +92,7 @@
 #define MBEDTLS_ERR_DHM_SET_GROUP_FAILED                  -0x3580
 
 /** Which parameter to access in mbedtls_dhm_get_value(). */
-typedef enum
+typedef enum {
-{
     MBEDTLS_DHM_PARAM_P,  /*!<  The prime modulus. */
     MBEDTLS_DHM_PARAM_G,  /*!<  The generator. */
     MBEDTLS_DHM_PARAM_X,  /*!<  Our secret value. */
@@ -111,8 +110,7 @@ extern "C" {
 /**
  * \brief          The DHM context structure.
  */
-typedef struct mbedtls_dhm_context
+typedef struct mbedtls_dhm_context {
-{
     mbedtls_mpi MBEDTLS_PRIVATE(P);      /*!<  The prime modulus. */
     mbedtls_mpi MBEDTLS_PRIVATE(G);      /*!<  The generator. */
     mbedtls_mpi MBEDTLS_PRIVATE(X);      /*!<  Our secret value. */

include/mbedtls/ecdh.h

@@ -68,8 +68,7 @@ extern "C" {
 /**
  * Defines the source of the imported EC key.
  */
-typedef enum
+typedef enum {
-{
     MBEDTLS_ECDH_OURS,   /**< Our key. */
     MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
 } mbedtls_ecdh_side;
@@ -81,8 +80,7 @@ typedef enum
  * Later versions of the library may add new variants, therefore users should
  * not make any assumptions about them.
  */
-typedef enum
+typedef enum {
-{
     MBEDTLS_ECDH_VARIANT_NONE = 0,   /*!< Implementation not defined. */
     MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
@@ -97,8 +95,7 @@ typedef enum
  * should not make any assumptions about the structure of
  * mbedtls_ecdh_context_mbed.
  */
-typedef struct mbedtls_ecdh_context_mbed
+typedef struct mbedtls_ecdh_context_mbed {
-{
     mbedtls_ecp_group MBEDTLS_PRIVATE(grp);   /*!< The elliptic curve used. */
     mbedtls_mpi MBEDTLS_PRIVATE(d);           /*!< The private key. */
     mbedtls_ecp_point MBEDTLS_PRIVATE(Q);     /*!< The public key. */
@@ -117,8 +114,7 @@ typedef struct mbedtls_ecdh_context_mbed
  *                  should not be shared between multiple threads.
  * \brief           The ECDH context structure.
  */
-typedef struct mbedtls_ecdh_context
+typedef struct mbedtls_ecdh_context {
-{
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
     mbedtls_ecp_group MBEDTLS_PRIVATE(grp);   /*!< The elliptic curve used. */
     mbedtls_mpi MBEDTLS_PRIVATE(d);           /*!< The private key. */
@@ -138,8 +134,7 @@ typedef struct mbedtls_ecdh_context
                                                     as defined in RFC 4492. */
     mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id);/*!< The elliptic curve used. */
     mbedtls_ecdh_variant MBEDTLS_PRIVATE(var);   /*!< The ECDH implementation/structure used. */
-    union
+    union {
-    {
         mbedtls_ecdh_context_mbed   MBEDTLS_PRIVATE(mbed_ecdh);
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         mbedtls_ecdh_context_everest MBEDTLS_PRIVATE(everest_ecdh);

include/mbedtls/ecdsa.h

@@ -102,8 +102,7 @@ typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
 /**
  * \brief           General context for resuming ECDSA operations
  */
-typedef struct
+typedef struct {
-{
     mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp);        /*!<  base context for ECP restart and
                                                             shared administrative info    */
     mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!<  ecdsa_verify() sub-context    */

include/mbedtls/ecjpake.h

@@ -68,8 +68,7 @@ typedef enum {
  * convention from the Thread v1.0 spec. Correspondence is indicated in the
  * description as a pair C: client name, S: server name
  */
-typedef struct mbedtls_ecjpake_context
+typedef struct mbedtls_ecjpake_context {
-{
     mbedtls_md_type_t MBEDTLS_PRIVATE(md_type);          /**< Hash to use                    */
     mbedtls_ecp_group MBEDTLS_PRIVATE(grp);              /**< Elliptic curve                 */
     mbedtls_ecjpake_role MBEDTLS_PRIVATE(role);          /**< Are we client or server?       */

include/mbedtls/ecp.h

@@ -110,8 +110,7 @@ extern "C" {
  * - Add the curve to applicable profiles in x509_crt.c.
  * - Add the curve to applicable presets in ssl_tls.c.
  */
-typedef enum
+typedef enum {
-{
     MBEDTLS_ECP_DP_NONE = 0,       /*!< Curve not defined. */
     MBEDTLS_ECP_DP_SECP192R1,      /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
     MBEDTLS_ECP_DP_SECP224R1,      /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
@@ -136,8 +135,7 @@ typedef enum
 /*
  * Curve types
  */
-typedef enum
+typedef enum {
-{
     MBEDTLS_ECP_TYPE_NONE = 0,
     MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS,    /* y^2 = x^3 + a x + b      */
     MBEDTLS_ECP_TYPE_MONTGOMERY,           /* y^2 = x^3 + a x^2 + x    */
@@ -150,8 +148,7 @@ typedef enum
  * accessed directly by applications. Future versions of the library may
  * add extra fields or reorder existing fields.
  */
-typedef struct mbedtls_ecp_curve_info
+typedef struct mbedtls_ecp_curve_info {
-{
     mbedtls_ecp_group_id grp_id;    /*!< An internal identifier. */
     uint16_t tls_id;                /*!< The TLS NamedCurve identifier. */
     uint16_t bit_size;              /*!< The curve size in bits. */
@@ -169,8 +166,7 @@ typedef struct mbedtls_ecp_curve_info
  *                  Otherwise, \p X and \p Y are its standard (affine)
  *                  coordinates.
  */
-typedef struct mbedtls_ecp_point
+typedef struct mbedtls_ecp_point {
-{
     mbedtls_mpi MBEDTLS_PRIVATE(X);          /*!< The X coordinate of the ECP point. */
     mbedtls_mpi MBEDTLS_PRIVATE(Y);          /*!< The Y coordinate of the ECP point. */
     mbedtls_mpi MBEDTLS_PRIVATE(Z);          /*!< The Z coordinate of the ECP point. */
@@ -224,8 +220,7 @@ mbedtls_ecp_point;
  *                of these fields does not need to be supported.
  *                They do not need to be at the same offset in the structure.
  */
-typedef struct mbedtls_ecp_group
+typedef struct mbedtls_ecp_group {
-{
     mbedtls_ecp_group_id id;    /*!< An internal group identifier. */
     mbedtls_mpi P;              /*!< The prime modulus of the base field. */
     mbedtls_mpi A;              /*!< For Short Weierstrass: \p A in the equation. For
@@ -365,8 +360,7 @@ typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx;
 /**
  * \brief           General context for resuming ECC operations
  */
-typedef struct
+typedef struct {
-{
     unsigned MBEDTLS_PRIVATE(ops_done);                  /*!<  current ops count             */
     unsigned MBEDTLS_PRIVATE(depth);                     /*!<  call depth (0 = top-level)    */
     mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm);   /*!<  ecp_mul_comb() sub-context    */
@@ -418,8 +412,7 @@ typedef void mbedtls_ecp_restart_ctx;
  * \note    Members are deliberately in the same order as in the
  *          ::mbedtls_ecdsa_context structure.
  */
-typedef struct mbedtls_ecp_keypair
+typedef struct mbedtls_ecp_keypair {
-{
     mbedtls_ecp_group MBEDTLS_PRIVATE(grp);      /*!<  Elliptic curve and base point     */
     mbedtls_mpi MBEDTLS_PRIVATE(d);              /*!<  our secret value                  */
     mbedtls_ecp_point MBEDTLS_PRIVATE(Q);        /*!<  our public value                  */

include/mbedtls/entropy.h

@@ -104,8 +104,7 @@ typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, s
 /**
  * \brief           Entropy source state
  */
-typedef struct mbedtls_entropy_source_state
+typedef struct mbedtls_entropy_source_state {
-{
     mbedtls_entropy_f_source_ptr    MBEDTLS_PRIVATE(f_source);   /**< The entropy source callback */
     void *MBEDTLS_PRIVATE(p_source);             /**< The callback data pointer */
     size_t          MBEDTLS_PRIVATE(size);       /**< Amount received in bytes */
@@ -117,8 +116,7 @@ mbedtls_entropy_source_state;
 /**
  * \brief           Entropy context structure
  */
-typedef struct mbedtls_entropy_context
+typedef struct mbedtls_entropy_context {
-{
     int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init.
                                                * 1 after the first update.
                                                * -1 after free. */

include/mbedtls/error.h

@@ -154,13 +154,14 @@ static inline int mbedtls_error_add( int high, int low,
                                     const char *file, int line)
 {
 #if defined(MBEDTLS_TEST_HOOKS)
-    if( *mbedtls_test_hook_error_add != NULL )
+    if (*mbedtls_test_hook_error_add != NULL) {
         (*mbedtls_test_hook_error_add)(high, low, file, line);
+    }
 #endif
     (void) file;
     (void) line;
 
-    return( high + low );
+    return high + low;
 }
 
 /**

include/mbedtls/gcm.h

@@ -57,8 +57,7 @@ extern "C" {
 /**
  * \brief          The GCM context structure.
  */
-typedef struct mbedtls_gcm_context
+typedef struct mbedtls_gcm_context {
-{
     mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx);  /*!< The cipher context used. */
     uint64_t MBEDTLS_PRIVATE(HL)[16];                      /*!< Precalculated HTable low. */
     uint64_t MBEDTLS_PRIVATE(HH)[16];                      /*!< Precalculated HTable high. */

include/mbedtls/hmac_drbg.h

@@ -83,8 +83,7 @@ extern "C" {
 /**
  * HMAC_DRBG context.
  */
-typedef struct mbedtls_hmac_drbg_context
+typedef struct mbedtls_hmac_drbg_context {
-{
     /* Working state: the key K is not stored explicitly,
      * but is implied by the HMAC context */
     mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx);                    /*!< HMAC context (inc. K)  */

include/mbedtls/lms.h

@@ -157,7 +157,8 @@ typedef struct {
  */
 typedef struct {
     mbedtls_lmots_parameters_t MBEDTLS_PRIVATE(params);
-    unsigned char MBEDTLS_PRIVATE(private_key)[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX][MBEDTLS_LMOTS_N_HASH_LEN_MAX];
+    unsigned char MBEDTLS_PRIVATE(private_key)[MBEDTLS_LMOTS_P_SIG_DIGIT_COUNT_MAX][
+        MBEDTLS_LMOTS_N_HASH_LEN_MAX];
     unsigned char MBEDTLS_PRIVATE(have_private_key); /*!< Whether the context contains a private key.
                                                         Boolean values only. */
 } mbedtls_lmots_private_t;

include/mbedtls/md.h

@@ -96,8 +96,7 @@ typedef struct mbedtls_md_info_t mbedtls_md_info_t;
 /**
  * The generic message-digest context.
  */
-typedef struct mbedtls_md_context_t
+typedef struct mbedtls_md_context_t {
-{
     /** Information about the associated message digest. */
     const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info);
 

include/mbedtls/md5.h

@@ -48,8 +48,7 @@ extern "C" {
  *                 stronger message digests instead.
  *
  */
-typedef struct mbedtls_md5_context
+typedef struct mbedtls_md5_context {
-{
     uint32_t MBEDTLS_PRIVATE(total)[2];          /*!< number of bytes processed  */
     uint32_t MBEDTLS_PRIVATE(state)[4];          /*!< intermediate digest state  */
     unsigned char MBEDTLS_PRIVATE(buffer)[64];   /*!< data block being processed */

include/mbedtls/memory_buffer_alloc.h

@@ -43,7 +43,8 @@
 #define MBEDTLS_MEMORY_VERIFY_NONE         0
 #define MBEDTLS_MEMORY_VERIFY_ALLOC        (1 << 0)
 #define MBEDTLS_MEMORY_VERIFY_FREE         (1 << 1)
-#define MBEDTLS_MEMORY_VERIFY_ALWAYS       (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
+#define MBEDTLS_MEMORY_VERIFY_ALWAYS       (MBEDTLS_MEMORY_VERIFY_ALLOC | \
+                                            MBEDTLS_MEMORY_VERIFY_FREE)
 
 #ifdef __cplusplus
 extern "C" {

include/mbedtls/net_sockets.h

@@ -92,8 +92,7 @@ extern "C" {
  * (eg two file descriptors for combined IPv4 + IPv6 support, or additional
  * structures for hand-made UDP demultiplexing).
  */
-typedef struct mbedtls_net_context
+typedef struct mbedtls_net_context {
-{
     /** The underlying file descriptor.
      *
      * This field is only guaranteed to be present on POSIX/Unix-like platforms.

include/mbedtls/nist_kw.h

@@ -44,8 +44,7 @@
 extern "C" {
 #endif
 
-typedef enum
+typedef enum {
-{
     MBEDTLS_KW_MODE_KW = 0,
     MBEDTLS_KW_MODE_KWP = 1
 } mbedtls_nist_kw_mode_t;

include/mbedtls/oid.h

@@ -91,15 +91,18 @@
 #define MBEDTLS_OID_OIW_SECSIG_ALG              MBEDTLS_OID_OIW_SECSIG "\x02"
 #define MBEDTLS_OID_OIW_SECSIG_SHA1             MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
 #define MBEDTLS_OID_ORG_CERTICOM                "\x81\x04"  /* certicom(132) */
-#define MBEDTLS_OID_CERTICOM                    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
+#define MBEDTLS_OID_CERTICOM                    MBEDTLS_OID_ISO_IDENTIFIED_ORG \
+        MBEDTLS_OID_ORG_CERTICOM
 #define MBEDTLS_OID_ORG_TELETRUST               "\x24" /* teletrust(36) */
-#define MBEDTLS_OID_TELETRUST                   MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
+#define MBEDTLS_OID_TELETRUST                   MBEDTLS_OID_ISO_IDENTIFIED_ORG \
+        MBEDTLS_OID_ORG_TELETRUST
 
 /*
  * ISO ITU OID parts
  */
 #define MBEDTLS_OID_ORGANIZATION                "\x01"          /* {organization(1)} */
-#define MBEDTLS_OID_ISO_ITU_US_ORG              MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
+#define MBEDTLS_OID_ISO_ITU_US_ORG              MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \
+        MBEDTLS_OID_ORGANIZATION                                                                                            /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
 
 #define MBEDTLS_OID_ORG_GOV                     "\x65"          /* {gov(101)} */
 #define MBEDTLS_OID_GOV                         MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
@@ -117,7 +120,8 @@
  * { iso(1) identified-organization(3) dod(6) internet(1)
  *                      security(5) mechanisms(5) pkix(7) }
  */
-#define MBEDTLS_OID_INTERNET                    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01"
+#define MBEDTLS_OID_INTERNET                    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD \
+    "\x01"
 #define MBEDTLS_OID_PKIX                        MBEDTLS_OID_INTERNET "\x05\x05\x07"
 
 /*
@@ -247,7 +251,8 @@
  * Digest algorithms
  */
 #define MBEDTLS_OID_DIGEST_ALG_MD5              MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA1             MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA1             MBEDTLS_OID_ISO_IDENTIFIED_ORG \
+        MBEDTLS_OID_OIW_SECSIG_SHA1                                                                        /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
 #define MBEDTLS_OID_DIGEST_ALG_SHA224           MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
 #define MBEDTLS_OID_DIGEST_ALG_SHA256           MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
 
@@ -270,7 +275,8 @@
 /*
  * Encryption algorithms
  */
-#define MBEDTLS_OID_DES_CBC                     MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
+#define MBEDTLS_OID_DES_CBC                     MBEDTLS_OID_ISO_IDENTIFIED_ORG \
+        MBEDTLS_OID_OIW_SECSIG_ALG "\x07"                                                                        /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
 #define MBEDTLS_OID_DES_EDE3_CBC                MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
 #define MBEDTLS_OID_AES                         MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
 
@@ -438,8 +444,7 @@ extern "C" {
 /**
  * \brief Base OID descriptor structure
  */
-typedef struct mbedtls_oid_descriptor_t
+typedef struct mbedtls_oid_descriptor_t {
-{
     const char *MBEDTLS_PRIVATE(asn1);               /*!< OID ASN.1 representation       */
     size_t MBEDTLS_PRIVATE(asn1_len);                /*!< length of asn1                 */
 #if !defined(MBEDTLS_X509_REMOVE_INFO)

include/mbedtls/pem.h

@@ -61,8 +61,7 @@ extern "C" {
 /**
  * \brief       PEM context structure
  */
-typedef struct mbedtls_pem_context
+typedef struct mbedtls_pem_context {
-{
     unsigned char *MBEDTLS_PRIVATE(buf);     /*!< buffer for decoded data             */
     size_t MBEDTLS_PRIVATE(buflen);          /*!< length of the buffer                */
     unsigned char *MBEDTLS_PRIVATE(info);    /*!< buffer for extra header information */
@@ -122,7 +121,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
 static inline const unsigned char *mbedtls_pem_get_buffer(mbedtls_pem_context *ctx, size_t *buflen)
 {
     *buflen = ctx->MBEDTLS_PRIVATE(buflen);
-    return( ctx->MBEDTLS_PRIVATE(buf) );
+    return ctx->MBEDTLS_PRIVATE(buf);
 }
 
 

include/mbedtls/pk.h

@@ -97,8 +97,7 @@ typedef enum {
  * \brief           Options for RSASSA-PSS signature verification.
  *                  See \c mbedtls_rsa_rsassa_pss_verify_ext()
  */
-typedef struct mbedtls_pk_rsassa_pss_options
+typedef struct mbedtls_pk_rsassa_pss_options {
-{
     mbedtls_md_type_t MBEDTLS_PRIVATE(mgf1_hash_id);
     int MBEDTLS_PRIVATE(expected_salt_len);
 
@@ -159,8 +158,7 @@ typedef struct mbedtls_pk_rsassa_pss_options
 /**
  * \brief           Types for interfacing with the debug module
  */
-typedef enum
+typedef enum {
-{
     MBEDTLS_PK_DEBUG_NONE = 0,
     MBEDTLS_PK_DEBUG_MPI,
     MBEDTLS_PK_DEBUG_ECP,
@@ -169,8 +167,7 @@ typedef enum
 /**
  * \brief           Item to send to the debug module
  */
-typedef struct mbedtls_pk_debug_item
+typedef struct mbedtls_pk_debug_item {
-{
     mbedtls_pk_debug_type MBEDTLS_PRIVATE(type);
     const char *MBEDTLS_PRIVATE(name);
     void *MBEDTLS_PRIVATE(value);
@@ -191,8 +188,7 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
 /**
  * \brief           Public key container
  */
-typedef struct mbedtls_pk_context
+typedef struct mbedtls_pk_context {
-{
     const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info);    /**< Public key information         */
     void *MBEDTLS_PRIVATE(pk_ctx);                        /**< Underlying public key context  */
 } mbedtls_pk_context;
@@ -201,8 +197,7 @@ typedef struct mbedtls_pk_context
 /**
  * \brief           Context for resuming operations
  */
-typedef struct
+typedef struct {
-{
     const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info);    /**< Public key information         */
     void *MBEDTLS_PRIVATE(rs_ctx);                        /**< Underlying restart context     */
 } mbedtls_pk_restart_ctx;
@@ -219,7 +214,8 @@ typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, size_t *olen,
                                                const unsigned char *input, unsigned char *output,
                                                size_t output_max_len);
 typedef int (*mbedtls_pk_rsa_alt_sign_func)(void *ctx,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
+                                            int (*f_rng)(void *, unsigned char *, size_t),
+                                            void *p_rng,
                                             mbedtls_md_type_t md_alg, unsigned int hashlen,
                                             const unsigned char *hash, unsigned char *sig);
 typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)(void *ctx);
@@ -363,7 +359,7 @@ size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
  */
 static inline size_t mbedtls_pk_get_len(const mbedtls_pk_context *ctx)
 {
-    return( ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 );
+    return (mbedtls_pk_get_bitlen(ctx) + 7) / 8;
 }
 
 /**
@@ -719,12 +715,11 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
  */
 static inline mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk)
 {
-    switch( mbedtls_pk_get_type( &pk ) )
+    switch (mbedtls_pk_get_type(&pk)) {
-    {
         case MBEDTLS_PK_RSA:
-            return( (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
+            return (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx);
         default:
-            return( NULL );
+            return NULL;
     }
 }
 #endif /* MBEDTLS_RSA_C */
@@ -743,14 +738,13 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
  */
 static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk)
 {
-    switch( mbedtls_pk_get_type( &pk ) )
+    switch (mbedtls_pk_get_type(&pk)) {
-    {
         case MBEDTLS_PK_ECKEY:
         case MBEDTLS_PK_ECKEY_DH:
         case MBEDTLS_PK_ECDSA:
-            return( (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
+            return (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx);
         default:
-            return( NULL );
+            return NULL;
     }
 }
 #endif /* MBEDTLS_ECP_C */

include/mbedtls/pkcs5.h

@@ -110,9 +110,12 @@ int mbedtls_pkcs5_pbkdf2_hmac_ext( mbedtls_md_type_t md_type,
  */
 int MBEDTLS_DEPRECATED mbedtls_pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx,
                                                  const unsigned char *password,
-                       size_t plen, const unsigned char *salt, size_t slen,
+                                                 size_t plen,
+                                                 const unsigned char *salt,
+                                                 size_t slen,
                                                  unsigned int iteration_count,
-                       uint32_t key_length, unsigned char *output );
+                                                 uint32_t key_length,
+                                                 unsigned char *output);
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #endif /* MBEDTLS_MD_C */
 #if defined(MBEDTLS_SELF_TEST)

include/mbedtls/pkcs7.h

@@ -121,8 +121,7 @@ mbedtls_pkcs7_type;
 /**
  * Structure holding PKCS7 signer info
  */
-typedef struct mbedtls_pkcs7_signer_info
+typedef struct mbedtls_pkcs7_signer_info {
-{
     int MBEDTLS_PRIVATE(version);
     mbedtls_x509_buf MBEDTLS_PRIVATE(serial);
     mbedtls_x509_name MBEDTLS_PRIVATE(issuer);
@@ -137,8 +136,7 @@ mbedtls_pkcs7_signer_info;
 /**
  * Structure holding attached data as part of PKCS7 signed data format
  */
-typedef struct mbedtls_pkcs7_data
+typedef struct mbedtls_pkcs7_data {
-{
     mbedtls_pkcs7_buf MBEDTLS_PRIVATE(oid);
     mbedtls_pkcs7_buf MBEDTLS_PRIVATE(data);
 }
@@ -147,8 +145,7 @@ mbedtls_pkcs7_data;
 /**
  * Structure holding the signed data section
  */
-typedef struct mbedtls_pkcs7_signed_data
+typedef struct mbedtls_pkcs7_signed_data {
-{
     int MBEDTLS_PRIVATE(version);
     mbedtls_pkcs7_buf MBEDTLS_PRIVATE(digest_alg_identifiers);
     struct mbedtls_pkcs7_data MBEDTLS_PRIVATE(content);
@@ -164,8 +161,7 @@ mbedtls_pkcs7_signed_data;
 /**
  * Structure holding PKCS7 structure, only signed data for now
  */
-typedef struct mbedtls_pkcs7
+typedef struct mbedtls_pkcs7 {
-{
     mbedtls_pkcs7_buf MBEDTLS_PRIVATE(raw);
     mbedtls_pkcs7_buf MBEDTLS_PRIVATE(content_type_oid);
     mbedtls_pkcs7_signed_data MBEDTLS_PRIVATE(signed_data);

include/mbedtls/platform.h

@@ -424,8 +424,7 @@ int mbedtls_platform_set_nv_seed(
  * \note    This structure may be used to assist platform-specific
  *          setup or teardown operations.
  */
-typedef struct mbedtls_platform_context
+typedef struct mbedtls_platform_context {
-{
     char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are not portable. */
 }
 mbedtls_platform_context;

include/mbedtls/poly1305.h

@@ -47,8 +47,7 @@ extern "C" {
 
 #if !defined(MBEDTLS_POLY1305_ALT)
 
-typedef struct mbedtls_poly1305_context
+typedef struct mbedtls_poly1305_context {
-{
     uint32_t MBEDTLS_PRIVATE(r)[4];      /** The value for 'r' (low 128 bits of the key). */
     uint32_t MBEDTLS_PRIVATE(s)[4];      /** The value for 's' (high 128 bits of the key). */
     uint32_t MBEDTLS_PRIVATE(acc)[5];    /** The accumulator number. */

include/mbedtls/psa_util.h

@@ -46,8 +46,7 @@
 static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
     mbedtls_cipher_type_t cipher)
 {
-    switch( cipher )
+    switch (cipher) {
-    {
         case MBEDTLS_CIPHER_AES_128_CCM:
         case MBEDTLS_CIPHER_AES_192_CCM:
         case MBEDTLS_CIPHER_AES_256_CCM:
@@ -63,7 +62,7 @@ static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
         case MBEDTLS_CIPHER_AES_128_ECB:
         case MBEDTLS_CIPHER_AES_192_ECB:
         case MBEDTLS_CIPHER_AES_256_ECB:
-            return( PSA_KEY_TYPE_AES );
+            return PSA_KEY_TYPE_AES;
 
         /* ARIA not yet supported in PSA. */
         /* case MBEDTLS_CIPHER_ARIA_128_CCM:
@@ -81,44 +80,43 @@ static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
                return( PSA_KEY_TYPE_ARIA ); */
 
         default:
-            return( 0 );
+            return 0;
     }
 }
 
 static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
     mbedtls_cipher_mode_t mode, size_t taglen)
 {
-    switch( mode )
+    switch (mode) {
-    {
         case MBEDTLS_MODE_ECB:
-            return( PSA_ALG_ECB_NO_PADDING );
+            return PSA_ALG_ECB_NO_PADDING;
         case MBEDTLS_MODE_GCM:
-            return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) );
+            return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, taglen);
         case MBEDTLS_MODE_CCM:
-            return( PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) );
+            return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen);
         case MBEDTLS_MODE_CCM_STAR_NO_TAG:
             return PSA_ALG_CCM_STAR_NO_TAG;
         case MBEDTLS_MODE_CBC:
-            if( taglen == 0 )
+            if (taglen == 0) {
-                return( PSA_ALG_CBC_NO_PADDING );
+                return PSA_ALG_CBC_NO_PADDING;
-            else
+            } else {
-                return( 0 );
+                return 0;
+            }
         default:
-            return( 0 );
+            return 0;
     }
 }
 
 static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
     mbedtls_operation_t op)
 {
-    switch( op )
+    switch (op) {
-    {
         case MBEDTLS_ENCRYPT:
-            return( PSA_KEY_USAGE_ENCRYPT );
+            return PSA_KEY_USAGE_ENCRYPT;
         case MBEDTLS_DECRYPT:
-            return( PSA_KEY_USAGE_DECRYPT );
+            return PSA_KEY_USAGE_DECRYPT;
         default:
-            return( 0 );
+            return 0;
     }
 }
 
@@ -129,40 +127,39 @@ static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
  * It is kept only for compatibility in case applications were using it. */
 static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg)
 {
-    switch( md_alg )
+    switch (md_alg) {
-    {
 #if defined(MBEDTLS_MD5_C) || defined(PSA_WANT_ALG_MD5)
         case MBEDTLS_MD_MD5:
-        return( PSA_ALG_MD5 );
+            return PSA_ALG_MD5;
 #endif
 #if defined(MBEDTLS_SHA1_C) || defined(PSA_WANT_ALG_SHA_1)
         case MBEDTLS_MD_SHA1:
-        return( PSA_ALG_SHA_1 );
+            return PSA_ALG_SHA_1;
 #endif
 #if defined(MBEDTLS_SHA224_C) || defined(PSA_WANT_ALG_SHA_224)
         case MBEDTLS_MD_SHA224:
-        return( PSA_ALG_SHA_224 );
+            return PSA_ALG_SHA_224;
 #endif
 #if defined(MBEDTLS_SHA256_C) || defined(PSA_WANT_ALG_SHA_256)
         case MBEDTLS_MD_SHA256:
-        return( PSA_ALG_SHA_256 );
+            return PSA_ALG_SHA_256;
 #endif
 #if defined(MBEDTLS_SHA384_C) || defined(PSA_WANT_ALG_SHA_384)
         case MBEDTLS_MD_SHA384:
-        return( PSA_ALG_SHA_384 );
+            return PSA_ALG_SHA_384;
 #endif
 #if defined(MBEDTLS_SHA512_C) || defined(PSA_WANT_ALG_SHA_512)
         case MBEDTLS_MD_SHA512:
-        return( PSA_ALG_SHA_512 );
+            return PSA_ALG_SHA_512;
 #endif
 #if defined(MBEDTLS_RIPEMD160_C) || defined(PSA_WANT_ALG_RIPEMD160)
         case MBEDTLS_MD_RIPEMD160:
-        return( PSA_ALG_RIPEMD160 );
+            return PSA_ALG_RIPEMD160;
 #endif
         case MBEDTLS_MD_NONE:
-        return( 0 );
+            return 0;
         default:
-        return( 0 );
+            return 0;
     }
 }
 
@@ -172,93 +169,89 @@ static inline int mbedtls_psa_get_ecc_oid_from_id(
     psa_ecc_family_t curve, size_t bits,
     char const **oid, size_t *oid_len)
 {
-    switch( curve )
+    switch (curve) {
-    {
         case PSA_ECC_FAMILY_SECP_R1:
-            switch( bits )
+            switch (bits) {
-            {
 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
                 case 192:
                     *oid = MBEDTLS_OID_EC_GRP_SECP192R1;
                     *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192R1);
-                    return( 0 );
+                    return 0;
 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
                 case 224:
                     *oid = MBEDTLS_OID_EC_GRP_SECP224R1;
                     *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224R1);
-                    return( 0 );
+                    return 0;
 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
                 case 256:
                     *oid = MBEDTLS_OID_EC_GRP_SECP256R1;
                     *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256R1);
-                    return( 0 );
+                    return 0;
 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
                 case 384:
                     *oid = MBEDTLS_OID_EC_GRP_SECP384R1;
                     *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP384R1);
-                    return( 0 );
+                    return 0;
 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
                 case 521:
                     *oid = MBEDTLS_OID_EC_GRP_SECP521R1;
                     *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP521R1);
-                    return( 0 );
+                    return 0;
 #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
             }
             break;
         case PSA_ECC_FAMILY_SECP_K1:
-            switch( bits )
+            switch (bits) {
-            {
 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
                 case 192:
                     *oid = MBEDTLS_OID_EC_GRP_SECP192K1;
                     *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192K1);
-                    return( 0 );
+                    return 0;
 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
                 case 224:
                     *oid = MBEDTLS_OID_EC_GRP_SECP224K1;
                     *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224K1);
-                    return( 0 );
+                    return 0;
 #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
                 case 256:
                     *oid = MBEDTLS_OID_EC_GRP_SECP256K1;
                     *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256K1);
-                    return( 0 );
+                    return 0;
 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
             }
             break;
         case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
-            switch( bits )
+            switch (bits) {
-            {
 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
                 case 256:
                     *oid = MBEDTLS_OID_EC_GRP_BP256R1;
                     *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP256R1);
-                    return( 0 );
+                    return 0;
 #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
                 case 384:
                     *oid = MBEDTLS_OID_EC_GRP_BP384R1;
                     *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP384R1);
-                    return( 0 );
+                    return 0;
 #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
                 case 512:
                     *oid = MBEDTLS_OID_EC_GRP_BP512R1;
                     *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP512R1);
-                    return( 0 );
+                    return 0;
 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
             }
             break;
     }
     (void) oid;
     (void) oid_len;
-    return( -1 );
+    return -1;
 }
 
 #define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \

include/mbedtls/ripemd160.h

@@ -39,8 +39,7 @@ extern "C" {
 /**
  * \brief          RIPEMD-160 context structure
  */
-typedef struct mbedtls_ripemd160_context
+typedef struct mbedtls_ripemd160_context {
-{
     uint32_t MBEDTLS_PRIVATE(total)[2];          /*!< number of bytes processed  */
     uint32_t MBEDTLS_PRIVATE(state)[5];          /*!< intermediate digest state  */
     unsigned char MBEDTLS_PRIVATE(buffer)[64];   /*!< data block being processed */

include/mbedtls/rsa.h

@@ -88,8 +88,7 @@ extern "C" {
 /**
  * \brief   The RSA context structure.
  */
-typedef struct mbedtls_rsa_context
+typedef struct mbedtls_rsa_context {
-{
     int MBEDTLS_PRIVATE(ver);                    /*!<  Reserved for internal purposes.
                                                   *    Do not set this field in application
                                                   *    code. Its meaning might change without

include/mbedtls/sha1.h

@@ -54,8 +54,7 @@ extern "C" {
  *                 stronger message digests instead.
  *
  */
-typedef struct mbedtls_sha1_context
+typedef struct mbedtls_sha1_context {
-{
     uint32_t MBEDTLS_PRIVATE(total)[2];          /*!< The number of Bytes processed.  */
     uint32_t MBEDTLS_PRIVATE(state)[5];          /*!< The intermediate digest state.  */
     unsigned char MBEDTLS_PRIVATE(buffer)[64];   /*!< The data block being processed. */

include/mbedtls/sha256.h

@@ -49,8 +49,7 @@ extern "C" {
  *                 checksum calculations. The choice between these two is
  *                 made in the call to mbedtls_sha256_starts().
  */
-typedef struct mbedtls_sha256_context
+typedef struct mbedtls_sha256_context {
-{
     uint32_t MBEDTLS_PRIVATE(total)[2];          /*!< The number of Bytes processed.  */
     uint32_t MBEDTLS_PRIVATE(state)[8];          /*!< The intermediate digest state.  */
     unsigned char MBEDTLS_PRIVATE(buffer)[64];   /*!< The data block being processed. */

include/mbedtls/sha512.h

@@ -48,8 +48,7 @@ extern "C" {
  *                 checksum calculations. The choice between these two is
  *                 made in the call to mbedtls_sha512_starts().
  */
-typedef struct mbedtls_sha512_context
+typedef struct mbedtls_sha512_context {
-{
     uint64_t MBEDTLS_PRIVATE(total)[2];          /*!< The number of Bytes processed. */
     uint64_t MBEDTLS_PRIVATE(state)[8];          /*!< The intermediate digest state. */
     unsigned char MBEDTLS_PRIVATE(buffer)[128];  /*!< The data block being processed. */

include/mbedtls/ssl.h

@@ -602,8 +602,7 @@
 #endif
 
 /* Dummy type used only for its size */
-union mbedtls_ssl_premaster_secret
+union mbedtls_ssl_premaster_secret {
-{
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
     unsigned char _pms_rsa[48];                         /* RFC 5246 8.1.1 */
 #endif
@@ -650,8 +649,7 @@ extern "C" {
 /*
  * SSL state machine
  */
-typedef enum
+typedef enum {
-{
     MBEDTLS_SSL_HELLO_REQUEST,
     MBEDTLS_SSL_CLIENT_HELLO,
     MBEDTLS_SSL_SERVER_HELLO,
@@ -1106,8 +1104,7 @@ typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED &&
           !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
-typedef struct
+typedef struct {
-{
     unsigned char client_application_traffic_secret_N[MBEDTLS_TLS1_3_MD_MAX_SIZE];
     unsigned char server_application_traffic_secret_N[MBEDTLS_TLS1_3_MD_MAX_SIZE];
     unsigned char exporter_master_secret[MBEDTLS_TLS1_3_MD_MAX_SIZE];
@@ -1136,8 +1133,7 @@ typedef struct
 
 typedef uint16_t mbedtls_ssl_srtp_profile;
 
-typedef struct mbedtls_dtls_srtp_info_t
+typedef struct mbedtls_dtls_srtp_info_t {
-{
     /*! The SRTP profile that was negotiated. */
     mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile);
     /*! The length of mki_value. */
@@ -1150,8 +1146,7 @@ mbedtls_dtls_srtp_info;
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
 /** Human-friendly representation of the (D)TLS protocol version. */
-typedef enum
+typedef enum {
-{
     MBEDTLS_SSL_VERSION_UNKNOWN, /*!< Context not in use or version not yet negotiated. */
     MBEDTLS_SSL_VERSION_TLS1_2 = 0x0303, /*!< (D)TLS 1.2 */
     MBEDTLS_SSL_VERSION_TLS1_3 = 0x0304, /*!< (D)TLS 1.3 */
@@ -1168,8 +1163,7 @@ typedef enum
  *      mbedtls_ssl_session_save() and ssl_session_load()
  *      ssl_session_copy()
  */
-struct mbedtls_ssl_session
+struct mbedtls_ssl_session {
-{
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
     unsigned char MBEDTLS_PRIVATE(mfl_code);     /*!< MaxFragmentLength negotiated by peer */
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
@@ -1237,8 +1231,7 @@ struct mbedtls_ssl_session
 /*
  * Identifiers for PRFs used in various versions of TLS.
  */
-typedef enum
+typedef enum {
-{
     MBEDTLS_SSL_TLS_PRF_NONE,
     MBEDTLS_SSL_TLS_PRF_SHA384,
     MBEDTLS_SSL_TLS_PRF_SHA256,
@@ -1247,8 +1240,7 @@ typedef enum
 }
 mbedtls_tls_prf_types;
 
-typedef enum
+typedef enum {
-{
     MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0,
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     MBEDTLS_SSL_KEY_EXPORT_TLS1_3_CLIENT_EARLY_SECRET,
@@ -1308,8 +1300,7 @@ typedef int (*mbedtls_ssl_hs_cb_t)( mbedtls_ssl_context *ssl );
  * Only the behaviors guaranteed by documented accessor functions are
  * guaranteed to remain stable.
  */
-typedef union
+typedef union {
-{
     uintptr_t n;                /* typically a handle to an associated object */
     void *p;                    /* typically a pointer to extra data */
 } mbedtls_ssl_user_data_t;
@@ -1317,8 +1308,7 @@ typedef union
 /**
  * SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
  */
-struct mbedtls_ssl_config
+struct mbedtls_ssl_config {
-{
     /* Group items mostly by size. This helps to reduce memory wasted to
      * padding. It also helps to keep smaller fields early in the structure,
      * so that elements tend to be in the 128-element direct access window
@@ -1441,7 +1431,8 @@ struct mbedtls_ssl_config
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
     /** Callback to create & write a session ticket                         */
     int(*MBEDTLS_PRIVATE(f_ticket_write))(void *, const mbedtls_ssl_session *,
-            unsigned char *, const unsigned char *, size_t *, uint32_t * );
+                                          unsigned char *, const unsigned char *, size_t *,
+                                          uint32_t *);
     /** Callback to parse a session ticket into a session structure         */
     int(*MBEDTLS_PRIVATE(f_ticket_parse))(void *, mbedtls_ssl_session *, unsigned char *, size_t);
     void *MBEDTLS_PRIVATE(p_ticket);                 /*!< context for the ticket callbacks   */
@@ -1587,8 +1578,7 @@ struct mbedtls_ssl_config
 #endif
 };
 
-struct mbedtls_ssl_context
+struct mbedtls_ssl_context {
-{
     const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information          */
 
     /*
@@ -2066,7 +2056,7 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
 static inline const mbedtls_ssl_config *mbedtls_ssl_context_get_config(
     const mbedtls_ssl_context *ssl)
 {
-    return( ssl->MBEDTLS_PRIVATE( conf ) );
+    return ssl->MBEDTLS_PRIVATE(conf);
 }
 
 /**
@@ -2593,7 +2583,7 @@ static inline void mbedtls_ssl_conf_set_user_data_n(
 static inline void *mbedtls_ssl_conf_get_user_data_p(
     mbedtls_ssl_config *conf)
 {
-    return( conf->MBEDTLS_PRIVATE(user_data).p );
+    return conf->MBEDTLS_PRIVATE(user_data).p;
 }
 
 /** \brief Retrieve the user data in an SSL configuration as an integer.
@@ -2609,7 +2599,7 @@ static inline void *mbedtls_ssl_conf_get_user_data_p(
 static inline uintptr_t mbedtls_ssl_conf_get_user_data_n(
     mbedtls_ssl_config *conf)
 {
-    return( conf->MBEDTLS_PRIVATE(user_data).n );
+    return conf->MBEDTLS_PRIVATE(user_data).n;
 }
 
 /** \brief Set the user data in an SSL context to a pointer.
@@ -2656,7 +2646,7 @@ static inline void mbedtls_ssl_set_user_data_n(
 static inline void *mbedtls_ssl_get_user_data_p(
     mbedtls_ssl_context *ssl)
 {
-    return( ssl->MBEDTLS_PRIVATE(user_data).p );
+    return ssl->MBEDTLS_PRIVATE(user_data).p;
 }
 
 /** \brief Retrieve the user data in an SSL context as an integer.
@@ -2672,7 +2662,7 @@ static inline void *mbedtls_ssl_get_user_data_p(
 static inline uintptr_t mbedtls_ssl_get_user_data_n(
     mbedtls_ssl_context *ssl)
 {
-    return( ssl->MBEDTLS_PRIVATE(user_data).n );
+    return ssl->MBEDTLS_PRIVATE(user_data).n;
 }
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -3951,19 +3941,18 @@ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
 #if defined(MBEDTLS_DEBUG_C)
 static inline const char *mbedtls_ssl_get_srtp_profile_as_string(mbedtls_ssl_srtp_profile profile)
 {
-    switch( profile )
+    switch (profile) {
-    {
         case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
-            return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" );
+            return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80";
         case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
-            return( "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" );
+            return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32";
         case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
-            return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" );
+            return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80";
         case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32:
-            return( "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" );
+            return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32";
         default: break;
     }
-    return( "" );
+    return "";
 }
 #endif /* MBEDTLS_DEBUG_C */
 /**
@@ -4064,7 +4053,8 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ss
  *                 (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
  *                 #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
  */
-void MBEDTLS_DEPRECATED mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
+void MBEDTLS_DEPRECATED mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major,
+                                                     int minor);
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 
 /**
@@ -4120,7 +4110,8 @@ static inline void mbedtls_ssl_conf_max_tls_version( mbedtls_ssl_config *conf,
  *                 (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
  *                 #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
  */
-void MBEDTLS_DEPRECATED mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
+void MBEDTLS_DEPRECATED mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major,
+                                                     int minor);
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 
 /**
@@ -4708,7 +4699,7 @@ int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
  */
 static inline int mbedtls_ssl_is_handshake_over(mbedtls_ssl_context *ssl)
 {
-    return( ssl->MBEDTLS_PRIVATE( state ) >= MBEDTLS_SSL_HANDSHAKE_OVER );
+    return ssl->MBEDTLS_PRIVATE(state) >= MBEDTLS_SSL_HANDSHAKE_OVER;
 }
 
 /**

include/mbedtls/ssl_cache.h

@@ -59,8 +59,7 @@ typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry;
 /**
  * \brief   This structure is used for storing cache entries
  */
-struct mbedtls_ssl_cache_entry
+struct mbedtls_ssl_cache_entry {
-{
 #if defined(MBEDTLS_HAVE_TIME)
     mbedtls_time_t MBEDTLS_PRIVATE(timestamp);           /*!< entry timestamp    */
 #endif
@@ -77,8 +76,7 @@ struct mbedtls_ssl_cache_entry
 /**
  * \brief Cache context
  */
-struct mbedtls_ssl_cache_context
+struct mbedtls_ssl_cache_context {
-{
     mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain);     /*!< start of the chain     */
     int MBEDTLS_PRIVATE(timeout);                /*!< cache entry timeout    */
     int MBEDTLS_PRIVATE(max_entries);            /*!< maximum entries        */

include/mbedtls/ssl_ciphersuites.h

@@ -378,8 +378,7 @@ typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
  *          in order to pack structure and reduce memory usage by internal
  *          \c ciphersuite_definitions[]
  */
-struct mbedtls_ssl_ciphersuite_t
+struct mbedtls_ssl_ciphersuite_t {
-{
     int MBEDTLS_PRIVATE(id);
     const char *MBEDTLS_PRIVATE(name);
 
@@ -419,18 +418,17 @@ size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen( const mbedtls_ssl_ciphersu
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
 static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-    {
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
-            return( 1 );
+            return 1;
 
         default:
-            return( 0 );
+            return 0;
     }
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
@@ -438,17 +436,16 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
 static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-    {
         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_RSA:
         case MBEDTLS_KEY_EXCHANGE_PSK:
         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-            return( 1 );
+            return 1;
 
         default:
-            return( 0 );
+            return 0;
     }
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
@@ -456,39 +453,36 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
 static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-    {
         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return( 1 );
+            return 1;
 
         default:
-            return( 0 );
+            return 0;
     }
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
 
 static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-    {
         case MBEDTLS_KEY_EXCHANGE_RSA:
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( 1 );
+            return 1;
 
         default:
-            return( 0 );
+            return 0;
     }
 }
 
 static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-    {
         case MBEDTLS_KEY_EXCHANGE_RSA:
         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
@@ -496,24 +490,23 @@ static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphe
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( 1 );
+            return 1;
 
         default:
-            return( 0 );
+            return 0;
     }
 }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
 static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-    {
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
-            return( 1 );
+            return 1;
 
         default:
-            return( 0 );
+            return 0;
     }
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
@@ -521,31 +514,30 @@ static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuit
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
 static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-    {
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-            return( 1 );
+            return 1;
 
         default:
-            return( 0 );
+            return 0;
     }
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
+static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
-{
+    const mbedtls_ssl_ciphersuite_t *info)
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
 {
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return( 1 );
+            return 1;
 
         default:
-            return( 0 );
+            return 0;
     }
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */

include/mbedtls/ssl_cookie.h

@@ -53,8 +53,7 @@ extern "C" {
 /**
  * \brief          Context for the default cookie functions.
  */
-typedef struct mbedtls_ssl_cookie_ctx
+typedef struct mbedtls_ssl_cookie_ctx {
-{
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t    MBEDTLS_PRIVATE(psa_hmac_key);  /*!< key id for the HMAC portion   */
     psa_algorithm_t         MBEDTLS_PRIVATE(psa_hmac_alg);  /*!< key algorithm for the HMAC portion   */

include/mbedtls/ssl_ticket.h

@@ -56,8 +56,7 @@ extern "C" {
 /**
  * \brief   Information for session ticket protection
  */
-typedef struct mbedtls_ssl_ticket_key
+typedef struct mbedtls_ssl_ticket_key {
-{
     unsigned char MBEDTLS_PRIVATE(name)[MBEDTLS_SSL_TICKET_KEY_NAME_BYTES];
     /*!< random key identifier              */
 #if defined(MBEDTLS_HAVE_TIME)
@@ -77,8 +76,7 @@ mbedtls_ssl_ticket_key;
 /**
  * \brief   Context for session ticket handling functions
  */
-typedef struct mbedtls_ssl_ticket_context
+typedef struct mbedtls_ssl_ticket_context {
-{
     mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys             */
     unsigned char MBEDTLS_PRIVATE(active);           /*!< index of the currently active key  */
 

include/mbedtls/threading.h

@@ -38,8 +38,7 @@ extern "C" {
 
 #if defined(MBEDTLS_THREADING_PTHREAD)
 #include <pthread.h>
-typedef struct mbedtls_threading_mutex_t
+typedef struct mbedtls_threading_mutex_t {
-{
     pthread_mutex_t MBEDTLS_PRIVATE(mutex);
     /* is_valid is 0 after a failed init or a free, and nonzero after a
      * successful init. This field is not considered part of the public

include/mbedtls/timing.h

@@ -38,16 +38,14 @@ extern "C" {
 /**
  * \brief          timer structure
  */
-struct mbedtls_timing_hr_time
+struct mbedtls_timing_hr_time {
-{
     unsigned char MBEDTLS_PRIVATE(opaque)[32];
 };
 
 /**
  * \brief          Context for mbedtls_timing_set/get_delay()
  */
-typedef struct mbedtls_timing_delay_context
+typedef struct mbedtls_timing_delay_context {
-{
     struct mbedtls_timing_hr_time   MBEDTLS_PRIVATE(timer);
     uint32_t                        MBEDTLS_PRIVATE(int_ms);
     uint32_t                        MBEDTLS_PRIVATE(fin_ms);

include/mbedtls/x509.h

@@ -244,8 +244,7 @@ typedef mbedtls_asn1_named_data mbedtls_x509_name;
 typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
 
 /** Container for date and time (precision in seconds). */
-typedef struct mbedtls_x509_time
+typedef struct mbedtls_x509_time {
-{
     int year, mon, day;         /**< Date. */
     int hour, min, sec;         /**< Time. */
 }
@@ -280,9 +279,10 @@ int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
 static inline mbedtls_x509_name *mbedtls_x509_dn_get_next(
     mbedtls_x509_name *dn)
 {
-    while( dn->MBEDTLS_PRIVATE(next_merged) && dn->next != NULL )
+    while (dn->MBEDTLS_PRIVATE(next_merged) && dn->next != NULL) {
         dn = dn->next;
-    return( dn->next );
+    }
+    return dn->next;
 }
 
 /**
@@ -374,7 +374,7 @@ int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
 #define MBEDTLS_X509_SAFE_SNPRINTF                          \
     do {                                                    \
         if (ret < 0 || (size_t) ret >= n)                  \
-            return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );    \
+        return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;    \
                                                           \
         n -= (size_t) ret;                                  \
         p += (size_t) ret;                                  \

include/mbedtls/x509_crl.h

@@ -48,8 +48,7 @@ extern "C" {
  * them except via Mbed TLS library functions: the effect of modifying
  * those fields or the data that those fields points to is unspecified.
  */
-typedef struct mbedtls_x509_crl_entry
+typedef struct mbedtls_x509_crl_entry {
-{
     /** Direct access to the whole entry inside the containing buffer. */
     mbedtls_x509_buf raw;
     /** The serial number of the revoked certificate. */
@@ -74,8 +73,7 @@ mbedtls_x509_crl_entry;
  * Certificate revocation list structure.
  * Every CRL may have multiple entries.
  */
-typedef struct mbedtls_x509_crl
+typedef struct mbedtls_x509_crl {
-{
     mbedtls_x509_buf raw;           /**< The raw certificate data (DER). */
     mbedtls_x509_buf tbs;           /**< The raw certificate body (DER). The part that is To Be Signed. */
 

include/mbedtls/x509_crt.h

@@ -51,8 +51,7 @@ extern "C" {
  * them except via Mbed TLS library functions: the effect of modifying
  * those fields or the data that those fields points to is unspecified.
  */
-typedef struct mbedtls_x509_crt
+typedef struct mbedtls_x509_crt {
-{
     int MBEDTLS_PRIVATE(own_buffer);                     /**< Indicates if \c raw is owned
                                                           *   by the structure or not.        */
     mbedtls_x509_buf raw;               /**< The raw certificate data (DER). */
@@ -112,24 +111,21 @@ mbedtls_x509_crt;
  * Future versions of the library may add new fields to this structure or
  * to its embedded union and structure.
  */
-typedef struct mbedtls_x509_san_other_name
+typedef struct mbedtls_x509_san_other_name {
-{
     /**
      * The type_id is an OID as defined in RFC 5280.
      * To check the value of the type id, you should use
      * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
      */
     mbedtls_x509_buf type_id;                   /**< The type id. */
-    union
+    union {
-    {
         /**
          * From RFC 4108 section 5:
          * HardwareModuleName ::= SEQUENCE {
          *                         hwType OBJECT IDENTIFIER,
          *                         hwSerialNum OCTET STRING }
          */
-        struct
+        struct {
-        {
             mbedtls_x509_buf oid;               /**< The object identifier. */
             mbedtls_x509_buf val;               /**< The named value. */
         }
@@ -146,8 +142,7 @@ mbedtls_x509_san_other_name;
  * Future versions of the library may add new fields to this structure or
  * to its embedded union and structure.
  */
-typedef struct mbedtls_x509_subject_alternative_name
+typedef struct mbedtls_x509_subject_alternative_name {
-{
     int type;                              /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
     union {
         mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
@@ -188,8 +183,7 @@ mbedtls_x509_subject_alternative_name;
  *  my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA );
  *  my_profile.rsa_min_bitlen = 3072;
  */
-typedef struct mbedtls_x509_crt_profile
+typedef struct mbedtls_x509_crt_profile {
-{
     uint32_t allowed_mds;       /**< MDs for signatures         */
     uint32_t allowed_pks;       /**< PK algs for public keys;
                                  *   this applies to all certificates
@@ -281,8 +275,7 @@ mbedtls_x509_crt_profile;
 /**
  * Container for writing a certificate (CRT)
  */
-typedef struct mbedtls_x509write_cert
+typedef struct mbedtls_x509write_cert {
-{
     int MBEDTLS_PRIVATE(version);
     mbedtls_mpi MBEDTLS_PRIVATE(serial);
     mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key);
@@ -312,8 +305,7 @@ typedef struct {
 /**
  * Verification chain as built by \c mbedtls_crt_verify_chain()
  */
-typedef struct
+typedef struct {
-{
     mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
     unsigned MBEDTLS_PRIVATE(len);
 
@@ -331,8 +323,7 @@ typedef struct
 /**
  * \brief       Context for resuming X.509 verify operations
  */
-typedef struct
+typedef struct {
-{
     /* for check_signature() */
     mbedtls_pk_restart_ctx MBEDTLS_PRIVATE(pk);
 

include/mbedtls/x509_csr.h

@@ -47,8 +47,7 @@ extern "C" {
  * them except via Mbed TLS library functions: the effect of modifying
  * those fields or the data that those fields point to is unspecified.
  */
-typedef struct mbedtls_x509_csr
+typedef struct mbedtls_x509_csr {
-{
     mbedtls_x509_buf raw;           /**< The raw CSR data (DER). */
     mbedtls_x509_buf cri;           /**< The raw CertificateRequestInfo body (DER). */
 
@@ -70,8 +69,7 @@ mbedtls_x509_csr;
 /**
  * Container for writing a CSR
  */
-typedef struct mbedtls_x509write_csr
+typedef struct mbedtls_x509write_csr {
-{
     mbedtls_pk_context *MBEDTLS_PRIVATE(key);
     mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
     mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);

include/psa/crypto_builtin_composites.h

@@ -45,8 +45,7 @@
 #endif
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
-typedef struct
+typedef struct {
-{
     /** The HMAC algorithm in use */
     psa_algorithm_t MBEDTLS_PRIVATE(alg);
     /** The hash context. */
@@ -60,11 +59,9 @@ typedef struct
 
 #include "mbedtls/cmac.h"
 
-typedef struct
+typedef struct {
-{
     psa_algorithm_t MBEDTLS_PRIVATE(alg);
-    union
+    union {
-    {
         unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST)
         mbedtls_psa_hmac_operation_t MBEDTLS_PRIVATE(hmac);
@@ -84,8 +81,7 @@ typedef struct
 #endif
 
 /* Context structure for the Mbed TLS AEAD implementation. */
-typedef struct
+typedef struct {
-{
     psa_algorithm_t MBEDTLS_PRIVATE(alg);
     psa_key_type_t MBEDTLS_PRIVATE(key_type);
 
@@ -93,8 +89,7 @@ typedef struct
 
     uint8_t MBEDTLS_PRIVATE(tag_length);
 
-    union
+    union {
-    {
         unsigned dummy; /* Enable easier initializing of the union. */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
         mbedtls_ccm_context MBEDTLS_PRIVATE(ccm);

include/psa/crypto_builtin_primitives.h

@@ -56,11 +56,9 @@
 #define MBEDTLS_PSA_BUILTIN_HASH
 #endif
 
-typedef struct
+typedef struct {
-{
     psa_algorithm_t MBEDTLS_PRIVATE(alg);
-    union
+    union {
-    {
         unsigned dummy; /* Make the union non-empty even with no supported algorithms. */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5)
         mbedtls_md5_context md5;

include/psa/crypto_compat.h

@@ -52,7 +52,7 @@ typedef mbedtls_svc_key_id_t psa_key_handle_t;
  */
 static inline int psa_key_handle_is_null(psa_key_handle_t handle)
 {
-    return( mbedtls_svc_key_id_is_null( handle ) );
+    return mbedtls_svc_key_id_is_null(handle);
 }
 
 /** Open a handle to an existing persistent key.

include/psa/crypto_extra.h

@@ -85,7 +85,7 @@ static inline void psa_set_key_enrollment_algorithm(
 static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
     const psa_key_attributes_t *attributes)
 {
-    return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) );
+    return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2);
 }
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
@@ -156,7 +156,8 @@ static inline void psa_set_key_slot_number(
 static inline void psa_clear_key_slot_number(
     psa_key_attributes_t *attributes)
 {
-    attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
+    attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &=
+        ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
 }
 
 /** Register a key that is already present in a secure element.
@@ -222,8 +223,7 @@ void mbedtls_psa_crypto_free( void );
  * \note The content of this structure is not part of the stable API and ABI
  *       of Mbed Crypto and may change arbitrarily from version to version.
  */
-typedef struct mbedtls_psa_stats_s
+typedef struct mbedtls_psa_stats_s {
-{
     /** Number of slots containing key material for a volatile key. */
     size_t MBEDTLS_PRIVATE(volatile_slots);
     /** Number of slots containing key material for a key which is in
@@ -590,50 +590,49 @@ psa_status_t psa_get_key_domain_parameters(
 static inline psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid,
                                                         size_t *bits)
 {
-    switch( grpid )
+    switch (grpid) {
-    {
         case MBEDTLS_ECP_DP_SECP192R1:
             *bits = 192;
-            return( PSA_ECC_FAMILY_SECP_R1 );
+            return PSA_ECC_FAMILY_SECP_R1;
         case MBEDTLS_ECP_DP_SECP224R1:
             *bits = 224;
-            return( PSA_ECC_FAMILY_SECP_R1 );
+            return PSA_ECC_FAMILY_SECP_R1;
         case MBEDTLS_ECP_DP_SECP256R1:
             *bits = 256;
-            return( PSA_ECC_FAMILY_SECP_R1 );
+            return PSA_ECC_FAMILY_SECP_R1;
         case MBEDTLS_ECP_DP_SECP384R1:
             *bits = 384;
-            return( PSA_ECC_FAMILY_SECP_R1 );
+            return PSA_ECC_FAMILY_SECP_R1;
         case MBEDTLS_ECP_DP_SECP521R1:
             *bits = 521;
-            return( PSA_ECC_FAMILY_SECP_R1 );
+            return PSA_ECC_FAMILY_SECP_R1;
         case MBEDTLS_ECP_DP_BP256R1:
             *bits = 256;
-            return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
+            return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
         case MBEDTLS_ECP_DP_BP384R1:
             *bits = 384;
-            return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
+            return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
         case MBEDTLS_ECP_DP_BP512R1:
             *bits = 512;
-            return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 );
+            return PSA_ECC_FAMILY_BRAINPOOL_P_R1;
         case MBEDTLS_ECP_DP_CURVE25519:
             *bits = 255;
-            return( PSA_ECC_FAMILY_MONTGOMERY );
+            return PSA_ECC_FAMILY_MONTGOMERY;
         case MBEDTLS_ECP_DP_SECP192K1:
             *bits = 192;
-            return( PSA_ECC_FAMILY_SECP_K1 );
+            return PSA_ECC_FAMILY_SECP_K1;
         case MBEDTLS_ECP_DP_SECP224K1:
             *bits = 224;
-            return( PSA_ECC_FAMILY_SECP_K1 );
+            return PSA_ECC_FAMILY_SECP_K1;
         case MBEDTLS_ECP_DP_SECP256K1:
             *bits = 256;
-            return( PSA_ECC_FAMILY_SECP_K1 );
+            return PSA_ECC_FAMILY_SECP_K1;
         case MBEDTLS_ECP_DP_CURVE448:
             *bits = 448;
-            return( PSA_ECC_FAMILY_MONTGOMERY );
+            return PSA_ECC_FAMILY_MONTGOMERY;
         default:
             *bits = 0;
-            return( 0 );
+            return 0;
     }
 }
 
@@ -756,8 +755,8 @@ typedef uint64_t psa_drv_slot_number_t;
  */
 static inline int psa_key_id_is_builtin(psa_key_id_t key_id)
 {
-    return( ( key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN ) &&
+    return (key_id >= MBEDTLS_PSA_KEY_ID_BUILTIN_MIN) &&
-            ( key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX ) );
+           (key_id <= MBEDTLS_PSA_KEY_ID_BUILTIN_MAX);
 }
 
 /** Platform function to obtain the location and slot number of a built-in key.
@@ -1836,8 +1835,7 @@ psa_status_t psa_pake_abort( psa_pake_operation_t * operation );
 #define PSA_PAKE_OPERATION_INIT { PSA_ALG_NONE, 0, 0, { 0 } }
 #endif
 
-struct psa_pake_cipher_suite_s
+struct psa_pake_cipher_suite_s {
-{
     psa_algorithm_t algorithm;
     psa_pake_primitive_type_t type;
     psa_pake_family_t family;
@@ -1848,24 +1846,25 @@ struct psa_pake_cipher_suite_s
 static inline psa_algorithm_t psa_pake_cs_get_algorithm(
     const psa_pake_cipher_suite_t *cipher_suite)
 {
-    return( cipher_suite->algorithm );
+    return cipher_suite->algorithm;
 }
 
 static inline void psa_pake_cs_set_algorithm(
     psa_pake_cipher_suite_t *cipher_suite,
     psa_algorithm_t algorithm)
 {
-    if( !PSA_ALG_IS_PAKE( algorithm ) )
+    if (!PSA_ALG_IS_PAKE(algorithm)) {
         cipher_suite->algorithm = 0;
-    else
+    } else {
         cipher_suite->algorithm = algorithm;
     }
+}
 
 static inline psa_pake_primitive_t psa_pake_cs_get_primitive(
     const psa_pake_cipher_suite_t *cipher_suite)
 {
-    return( PSA_PAKE_PRIMITIVE( cipher_suite->type, cipher_suite->family,
+    return PSA_PAKE_PRIMITIVE(cipher_suite->type, cipher_suite->family,
-                                cipher_suite->bits ) );
+                              cipher_suite->bits);
 }
 
 static inline void psa_pake_cs_set_primitive(
@@ -1880,29 +1879,30 @@ static inline void psa_pake_cs_set_primitive(
 static inline psa_pake_family_t psa_pake_cs_get_family(
     const psa_pake_cipher_suite_t *cipher_suite)
 {
-    return( cipher_suite->family );
+    return cipher_suite->family;
 }
 
 static inline uint16_t psa_pake_cs_get_bits(
     const psa_pake_cipher_suite_t *cipher_suite)
 {
-    return( cipher_suite->bits );
+    return cipher_suite->bits;
 }
 
 static inline psa_algorithm_t psa_pake_cs_get_hash(
     const psa_pake_cipher_suite_t *cipher_suite)
 {
-    return( cipher_suite->hash );
+    return cipher_suite->hash;
 }
 
 static inline void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite,
                                         psa_algorithm_t hash)
 {
-    if( !PSA_ALG_IS_HASH( hash ) )
+    if (!PSA_ALG_IS_HASH(hash)) {
         cipher_suite->hash = 0;
-    else
+    } else {
         cipher_suite->hash = hash;
     }
+}
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
 #include <mbedtls/ecjpake.h>
@@ -1912,8 +1912,7 @@ static inline void psa_pake_cs_set_hash( psa_pake_cipher_suite_t *cipher_suite,
 #define MBEDTLS_PSA_PAKE_BUFFER_SIZE ((3 + 1 + 65 + 1 + 65 + 1 + 32) * 2)
 #endif
 
-struct psa_pake_operation_s
+struct psa_pake_operation_s {
-{
     psa_algorithm_t MBEDTLS_PRIVATE(alg);
     unsigned int MBEDTLS_PRIVATE(state);
     unsigned int MBEDTLS_PRIVATE(sequence);
@@ -1927,8 +1926,7 @@ struct psa_pake_operation_s
     size_t MBEDTLS_PRIVATE(buffer_length);
     size_t MBEDTLS_PRIVATE(buffer_offset);
 #endif
-    union
+    union {
-    {
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE)
         mbedtls_ecjpake_context ecjpake;
 #endif
@@ -1940,13 +1938,13 @@ struct psa_pake_operation_s
 static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void)
 {
     const struct psa_pake_cipher_suite_s v = PSA_PAKE_CIPHER_SUITE_INIT;
-    return( v );
+    return v;
 }
 
 static inline struct psa_pake_operation_s psa_pake_operation_init(void)
 {
     const struct psa_pake_operation_s v = PSA_PAKE_OPERATION_INIT;
-    return( v );
+    return v;
 }
 
 #ifdef __cplusplus

include/psa/crypto_platform.h

@@ -68,7 +68,7 @@ typedef int32_t mbedtls_key_owner_id_t;
 static inline int mbedtls_key_owner_id_equal(mbedtls_key_owner_id_t id1,
                                              mbedtls_key_owner_id_t id2)
 {
-    return( id1 == id2 );
+    return id1 == id2;
 }
 
 #endif /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */

include/psa/crypto_se_driver.h

@@ -815,8 +815,7 @@ typedef struct {
 
 /** An enumeration indicating how a key is created.
  */
-typedef enum
+typedef enum {
-{
     PSA_KEY_CREATION_IMPORT, /**< During psa_import_key() */
     PSA_KEY_CREATION_GENERATE, /**< During psa_generate_key() */
     PSA_KEY_CREATION_DERIVE, /**< During psa_key_derivation_output_key() */

include/psa/crypto_struct.h

@@ -79,8 +79,7 @@ extern "C" {
  * algorithms. */
 #include "psa/crypto_driver_contexts_primitives.h"
 
-struct psa_hash_operation_s
+struct psa_hash_operation_s {
-{
     /** Unique ID indicating which driver got assigned to do the
      * operation. Since driver contexts are driver-specific, swapping
      * drivers halfway through the operation is not supported.
@@ -95,11 +94,10 @@ struct psa_hash_operation_s
 static inline struct psa_hash_operation_s psa_hash_operation_init(void)
 {
     const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
-    return( v );
+    return v;
 }
 
-struct psa_cipher_operation_s
+struct psa_cipher_operation_s {
-{
     /** Unique ID indicating which driver got assigned to do the
      * operation. Since driver contexts are driver-specific, swapping
      * drivers halfway through the operation is not supported.
@@ -120,15 +118,14 @@ struct psa_cipher_operation_s
 static inline struct psa_cipher_operation_s psa_cipher_operation_init(void)
 {
     const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
-    return( v );
+    return v;
 }
 
 /* Include the context definition for the compiled-in drivers for the composite
  * algorithms. */
 #include "psa/crypto_driver_contexts_composites.h"
 
-struct psa_mac_operation_s
+struct psa_mac_operation_s {
-{
     /** Unique ID indicating which driver got assigned to do the
      * operation. Since driver contexts are driver-specific, swapping
      * drivers halfway through the operation is not supported.
@@ -145,11 +142,10 @@ struct psa_mac_operation_s
 static inline struct psa_mac_operation_s psa_mac_operation_init(void)
 {
     const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
-    return( v );
+    return v;
 }
 
-struct psa_aead_operation_s
+struct psa_aead_operation_s {
-{
 
     /** Unique ID indicating which driver got assigned to do the
      * operation. Since driver contexts are driver-specific, swapping
@@ -178,14 +174,13 @@ struct psa_aead_operation_s
 static inline struct psa_aead_operation_s psa_aead_operation_init(void)
 {
     const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
-    return( v );
+    return v;
 }
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
-typedef struct
+typedef struct {
-{
     uint8_t *MBEDTLS_PRIVATE(info);
     size_t MBEDTLS_PRIVATE(info_length);
 #if PSA_HASH_MAX_SIZE > 0xff
@@ -203,16 +198,14 @@ typedef struct
           MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT ||
           MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
-typedef struct
+typedef struct {
-{
     uint8_t MBEDTLS_PRIVATE(data)[PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE];
 } psa_tls12_ecjpake_to_pms_t;
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS)
-typedef enum
+typedef enum {
-{
     PSA_TLS12_PRF_STATE_INIT,             /* no input provided */
     PSA_TLS12_PRF_STATE_SEED_SET,         /* seed has been set */
     PSA_TLS12_PRF_STATE_OTHER_KEY_SET,    /* other key has been set - optional */
@@ -221,8 +214,7 @@ typedef enum
     PSA_TLS12_PRF_STATE_OUTPUT            /* output has been started */
 } psa_tls12_prf_key_derivation_state_t;
 
-typedef struct psa_tls12_prf_key_derivation_s
+typedef struct psa_tls12_prf_key_derivation_s {
-{
 #if PSA_HASH_MAX_SIZE > 0xff
 #error "PSA_HASH_MAX_SIZE does not fit in uint8_t"
 #endif
@@ -255,13 +247,11 @@ typedef struct psa_tls12_prf_key_derivation_s
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) ||
         * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */
 
-struct psa_key_derivation_s
+struct psa_key_derivation_s {
-{
     psa_algorithm_t MBEDTLS_PRIVATE(alg);
     unsigned int MBEDTLS_PRIVATE(can_output_key) : 1;
     size_t MBEDTLS_PRIVATE(capacity);
-    union
+    union {
-    {
         /* Make the union non-empty even with no supported algorithms. */
         uint8_t MBEDTLS_PRIVATE(dummy);
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
@@ -285,11 +275,10 @@ static inline struct psa_key_derivation_s psa_key_derivation_operation_init(
     void)
 {
     const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT;
-    return( v );
+    return v;
 }
 
-struct psa_key_policy_s
+struct psa_key_policy_s {
-{
     psa_key_usage_t MBEDTLS_PRIVATE(usage);
     psa_algorithm_t MBEDTLS_PRIVATE(alg);
     psa_algorithm_t MBEDTLS_PRIVATE(alg2);
@@ -300,7 +289,7 @@ typedef struct psa_key_policy_s psa_key_policy_t;
 static inline struct psa_key_policy_s psa_key_policy_init(void)
 {
     const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT;
-    return( v );
+    return v;
 }
 
 /* The type used internally for key sizes.
@@ -339,8 +328,7 @@ typedef uint16_t psa_key_attributes_flag_t;
 #define MBEDTLS_PSA_KA_MASK_DUAL_USE (          \
         0)
 
-typedef struct
+typedef struct {
-{
     psa_key_type_t MBEDTLS_PRIVATE(type);
     psa_key_bits_t MBEDTLS_PRIVATE(bits);
     psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
@@ -354,8 +342,7 @@ typedef struct
                                        MBEDTLS_SVC_KEY_ID_INIT,         \
                                        PSA_KEY_POLICY_INIT, 0 }
 
-struct psa_key_attributes_s
+struct psa_key_attributes_s {
-{
     psa_core_key_attributes_t MBEDTLS_PRIVATE(core);
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
     psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
@@ -373,7 +360,7 @@ struct psa_key_attributes_s
 static inline struct psa_key_attributes_s psa_key_attributes_init(void)
 {
     const struct psa_key_attributes_s v = PSA_KEY_ATTRIBUTES_INIT;
-    return( v );
+    return v;
 }
 
 static inline void psa_set_key_id(psa_key_attributes_t *attributes,
@@ -383,8 +370,7 @@ static inline void psa_set_key_id( psa_key_attributes_t *attributes,
 
     attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = key;
 
-    if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
+    if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
-    {
         attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) =
             PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
                 PSA_KEY_LIFETIME_PERSISTENT,
@@ -395,7 +381,7 @@ static inline void psa_set_key_id( psa_key_attributes_t *attributes,
 static inline mbedtls_svc_key_id_t psa_get_key_id(
     const psa_key_attributes_t *attributes)
 {
-    return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) );
+    return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id);
 }
 
 #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
@@ -410,8 +396,7 @@ static inline void psa_set_key_lifetime( psa_key_attributes_t *attributes,
                                         psa_key_lifetime_t lifetime)
 {
     attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) = lifetime;
-    if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) )
+    if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
-    {
 #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
         attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = 0;
 #else
@@ -423,17 +408,19 @@ static inline void psa_set_key_lifetime( psa_key_attributes_t *attributes,
 static inline psa_key_lifetime_t psa_get_key_lifetime(
     const psa_key_attributes_t *attributes)
 {
-    return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) );
+    return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime);
 }
 
 static inline void psa_extend_key_usage_flags(psa_key_usage_t *usage_flags)
 {
-    if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH )
+    if (*usage_flags & PSA_KEY_USAGE_SIGN_HASH) {
         *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
+    }
 
-    if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
+    if (*usage_flags & PSA_KEY_USAGE_VERIFY_HASH) {
         *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
     }
+}
 
 static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
                                            psa_key_usage_t usage_flags)
@@ -445,7 +432,7 @@ static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
 static inline psa_key_usage_t psa_get_key_usage_flags(
     const psa_key_attributes_t *attributes)
 {
-    return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) );
+    return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage);
 }
 
 static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
@@ -457,7 +444,7 @@ static inline void psa_set_key_algorithm( psa_key_attributes_t *attributes,
 static inline psa_algorithm_t psa_get_key_algorithm(
     const psa_key_attributes_t *attributes)
 {
-    return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) );
+    return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg);
 }
 
 /* This function is declared in crypto_extra.h, which comes after this
@@ -470,13 +457,10 @@ psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes,
 static inline void psa_set_key_type(psa_key_attributes_t *attributes,
                                     psa_key_type_t type)
 {
-    if( attributes->MBEDTLS_PRIVATE(domain_parameters) == NULL )
+    if (attributes->MBEDTLS_PRIVATE(domain_parameters) == NULL) {
-    {
         /* Common case: quick path */
         attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) = type;
-    }
+    } else {
-    else
-    {
         /* Call the bigger function to free the old domain parameters.
          * Ignore any errors which may arise due to type requiring
          * non-default domain parameters, since this function can't
@@ -488,22 +472,23 @@ static inline void psa_set_key_type( psa_key_attributes_t *attributes,
 static inline psa_key_type_t psa_get_key_type(
     const psa_key_attributes_t *attributes)
 {
-    return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) );
+    return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type);
 }
 
 static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
                                     size_t bits)
 {
-    if( bits > PSA_MAX_KEY_BITS )
+    if (bits > PSA_MAX_KEY_BITS) {
         attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE;
-    else
+    } else {
         attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits;
     }
+}
 
 static inline size_t psa_get_key_bits(
     const psa_key_attributes_t *attributes)
 {
-    return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) );
+    return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits);
 }
 
 #ifdef __cplusplus

include/psa/crypto_types.h

@@ -301,8 +301,7 @@ typedef psa_key_id_t mbedtls_svc_key_id_t;
  * client and encodes the client identity in the key identifier argument of
  * functions such as psa_open_key().
  */
-typedef struct
+typedef struct {
-{
     psa_key_id_t MBEDTLS_PRIVATE(key_id);
     mbedtls_key_owner_id_t MBEDTLS_PRIVATE(owner);
 } mbedtls_svc_key_id_t;

include/psa/crypto_values.h

@@ -2422,7 +2422,7 @@ static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
 {
     (void) unused;
 
-    return( key_id );
+    return key_id;
 }
 
 /** Compare two key identifiers.
@@ -2435,7 +2435,7 @@ static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
 static inline int mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1,
                                            mbedtls_svc_key_id_t id2)
 {
-    return( id1 == id2 );
+    return id1 == id2;
 }
 
 /** Check whether a key identifier is null.
@@ -2446,7 +2446,7 @@ static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
  */
 static inline int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key)
 {
-    return( key == 0 );
+    return key == 0;
 }
 
 #else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
@@ -2463,8 +2463,8 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key )
 static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
     mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id)
 {
-    return( (mbedtls_svc_key_id_t){ .MBEDTLS_PRIVATE(key_id) = key_id,
+    return (mbedtls_svc_key_id_t){ .MBEDTLS_PRIVATE(key_id) = key_id,
-                                    .MBEDTLS_PRIVATE(owner) = owner_id } );
+                                   .MBEDTLS_PRIVATE(owner) = owner_id };
 }
 
 /** Compare two key identifiers.
@@ -2477,8 +2477,8 @@ static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make(
 static inline int mbedtls_svc_key_id_equal(mbedtls_svc_key_id_t id1,
                                            mbedtls_svc_key_id_t id2)
 {
-    return( ( id1.MBEDTLS_PRIVATE(key_id) == id2.MBEDTLS_PRIVATE(key_id) ) &&
+    return (id1.MBEDTLS_PRIVATE(key_id) == id2.MBEDTLS_PRIVATE(key_id)) &&
-            mbedtls_key_owner_id_equal( id1.MBEDTLS_PRIVATE(owner), id2.MBEDTLS_PRIVATE(owner) ) );
+           mbedtls_key_owner_id_equal(id1.MBEDTLS_PRIVATE(owner), id2.MBEDTLS_PRIVATE(owner));
 }
 
 /** Check whether a key identifier is null.
@@ -2489,7 +2489,7 @@ static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1,
  */
 static inline int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key)
 {
-    return( key.MBEDTLS_PRIVATE(key_id) == 0 );
+    return key.MBEDTLS_PRIVATE(key_id) == 0;
 }
 
 #endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */

library/aesni.c

@@ -28,7 +28,8 @@
 
 #if defined(__has_feature)
 #if __has_feature(memory_sanitizer)
-#warning "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
+#warning \
+    "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
 #endif
 #endif
 
@@ -52,8 +53,7 @@ int mbedtls_aesni_has_support( unsigned int what )
     static int done = 0;
     static unsigned int c = 0;
 
-    if( ! done )
+    if (!done) {
-    {
         asm ("movl  $1, %%eax   \n\t"
              "cpuid             \n\t"
              : "=c" (c)
@@ -62,7 +62,7 @@ int mbedtls_aesni_has_support( unsigned int what )
         done = 1;
     }
 
-    return( ( c & what ) != 0 );
+    return (c & what) != 0;
 }
 
 /*
@@ -133,7 +133,7 @@ int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
          : "memory", "cc", "xmm0", "xmm1");
 
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -148,8 +148,7 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16],
     size_t i;
 
     /* The inputs are in big-endian order, so byte-reverse them */
-    for( i = 0; i < 16; i++ )
+    for (i = 0; i < 16; i++) {
-    {
         aa[i] = a[15 - i];
         bb[i] = b[15 - i];
     }
@@ -242,8 +241,9 @@ void mbedtls_aesni_gcm_mult( unsigned char c[16],
          : "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5");
 
     /* Now byte-reverse the outputs */
-    for( i = 0; i < 16; i++ )
+    for (i = 0; i < 16; i++) {
         c[i] = cc[15 - i];
+    }
 
     return;
 }
@@ -259,13 +259,14 @@ void mbedtls_aesni_inverse_key( unsigned char *invkey,
 
     memcpy(ik, fk, 16);
 
-    for( fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16 )
+    for (fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16) {
         asm ("movdqu (%0), %%xmm0       \n\t"
              AESIMC  xmm0_xmm0         "\n\t"
                                        "movdqu %%xmm0, (%1)       \n\t"
              :
              : "r" (fk), "r" (ik)
              : "memory", "xmm0");
+    }
 
     memcpy(ik, fk, 16);
 }
@@ -450,15 +451,14 @@ int mbedtls_aesni_setkey_enc( unsigned char *rk,
                              const unsigned char *key,
                              size_t bits)
 {
-    switch( bits )
+    switch (bits) {
-    {
         case 128: aesni_setkey_enc_128(rk, key); break;
         case 192: aesni_setkey_enc_192(rk, key); break;
         case 256: aesni_setkey_enc_256(rk, key); break;
-        default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
+        default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH;
     }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_HAVE_X86_64 */

library/alignment.h

@@ -169,7 +169,8 @@ inline void mbedtls_put_unaligned_uint64( void *p, uint64_t x )
  * similar instruction.
  */
 #if !defined(MBEDTLS_BSWAP16)
-static inline uint16_t mbedtls_bswap16( uint16_t x ) {
+static inline uint16_t mbedtls_bswap16(uint16_t x)
+{
     return
         (x & 0x00ff) << 8 |
         (x & 0xff00) >> 8;
@@ -178,7 +179,8 @@ static inline uint16_t mbedtls_bswap16( uint16_t x ) {
 #endif /* !defined(MBEDTLS_BSWAP16) */
 
 #if !defined(MBEDTLS_BSWAP32)
-static inline uint32_t mbedtls_bswap32( uint32_t x ) {
+static inline uint32_t mbedtls_bswap32(uint32_t x)
+{
     return
         (x & 0x000000ff) << 24 |
         (x & 0x0000ff00) <<  8 |
@@ -189,7 +191,8 @@ static inline uint32_t mbedtls_bswap32( uint32_t x ) {
 #endif /* !defined(MBEDTLS_BSWAP32) */
 
 #if !defined(MBEDTLS_BSWAP64)
-static inline uint64_t mbedtls_bswap64( uint64_t x ) {
+static inline uint64_t mbedtls_bswap64(uint64_t x)
+{
     return
         (x & 0x00000000000000ff) << 56 |
         (x & 0x000000000000ff00) << 40 |

library/aria.c

@@ -61,7 +61,7 @@ static inline uint32_t aria_p1( uint32_t x )
 {
     uint32_t r;
     __asm("rev16 %0, %1" : "=l" (r) : "l" (x));
-    return( r );
+    return r;
 }
 #define ARIA_P1 aria_p1
 #elif defined(__ARMCC_VERSION) && __ARMCC_VERSION < 6000000 && \
@@ -70,7 +70,7 @@ static inline uint32_t aria_p1( uint32_t x )
 {
     uint32_t r;
     __asm("rev16 r, x");
-    return( r );
+    return r;
 }
 #define ARIA_P1 aria_p1
 #endif
@@ -348,8 +348,7 @@ static void aria_rot128( uint32_t r[4], const uint32_t a[4],
 
     j = (n / 32) % 4;                       // initial word offset
     t = ARIA_P3(b[j]);                      // big endian
-    for( i = 0; i < 4; i++ )
+    for (i = 0; i < 4; i++) {
-    {
         j = (j + 1) % 4;                    // get next word, big endian
         u = ARIA_P3(b[j]);
         t <<= n1;                           // rotate
@@ -379,8 +378,9 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
     ARIA_VALIDATE_RET(ctx != NULL);
     ARIA_VALIDATE_RET(key != NULL);
 
-    if( keybits != 128 && keybits != 192 && keybits != 256 )
+    if (keybits != 128 && keybits != 192 && keybits != 256) {
-        return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
+    }
 
     /* Copy key to W0 (and potential remainder to W1) */
     w[0][0] = MBEDTLS_GET_UINT32_LE(key,  0);
@@ -389,13 +389,11 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
     w[0][3] = MBEDTLS_GET_UINT32_LE(key, 12);
 
     memset(w[1], 0, 16);
-    if( keybits >= 192 )
+    if (keybits >= 192) {
-    {
         w[1][0] = MBEDTLS_GET_UINT32_LE(key, 16);    // 192 bit key
         w[1][1] = MBEDTLS_GET_UINT32_LE(key, 20);
     }
-    if( keybits == 256 )
+    if (keybits == 256) {
-    {
         w[1][2] = MBEDTLS_GET_UINT32_LE(key, 24);    // 256 bit key
         w[1][3] = MBEDTLS_GET_UINT32_LE(key, 28);
     }
@@ -409,8 +407,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
     i = i < 2 ? i + 1 : 0;
     aria_fo_xor(w[3], w[2], rc[i], w[1]);   // W3 = FO(W2, CK3) ^ W1
 
-    for( i = 0; i < 4; i++ )                // create round keys
+    for (i = 0; i < 4; i++) {               // create round keys
-    {
         w2 = w[(i + 1) & 3];
         aria_rot128(ctx->rk[i], w[i], w2, 128 - 19);
         aria_rot128(ctx->rk[i +  4], w[i], w2, 128 - 31);
@@ -422,7 +419,7 @@ int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
     /* w holds enough info to reconstruct the round keys */
     mbedtls_platform_zeroize(w, sizeof(w));
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -436,14 +433,13 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
     ARIA_VALIDATE_RET(key != NULL);
 
     ret = mbedtls_aria_setkey_enc(ctx, key, keybits);
-    if( ret != 0 )
+    if (ret != 0) {
-        return( ret );
+        return ret;
+    }
 
     /* flip the order of round keys */
-    for( i = 0, j = ctx->nr; i < j; i++, j-- )
+    for (i = 0, j = ctx->nr; i < j; i++, j--) {
-    {
+        for (k = 0; k < 4; k++) {
-        for( k = 0; k < 4; k++ )
-        {
             uint32_t t = ctx->rk[i][k];
             ctx->rk[i][k] = ctx->rk[j][k];
             ctx->rk[j][k] = t;
@@ -451,13 +447,12 @@ int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
     }
 
     /* apply affine transform to middle keys */
-    for( i = 1; i < ctx->nr; i++ )
+    for (i = 1; i < ctx->nr; i++) {
-    {
         aria_a(&ctx->rk[i][0], &ctx->rk[i][1],
                &ctx->rk[i][2], &ctx->rk[i][3]);
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -480,8 +475,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
     d = MBEDTLS_GET_UINT32_LE(input, 12);
 
     i = 0;
-    while( 1 )
+    while (1) {
-    {
         a ^= ctx->rk[i][0];
         b ^= ctx->rk[i][1];
         c ^= ctx->rk[i][2];
@@ -498,8 +492,9 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
         i++;
 
         aria_sl(&a, &b, &c, &d, aria_is1, aria_is2, aria_sb1, aria_sb2);
-        if( i >= ctx->nr )
+        if (i >= ctx->nr) {
             break;
+        }
         aria_a(&a, &b, &c, &d);
     }
 
@@ -514,7 +509,7 @@ int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
     MBEDTLS_PUT_UINT32_LE(c, output,  8);
     MBEDTLS_PUT_UINT32_LE(d, output, 12);
 
-    return( 0 );
+    return 0;
 }
 
 /* Initialize context */
@@ -527,8 +522,9 @@ void mbedtls_aria_init( mbedtls_aria_context *ctx )
 /* Clear context */
 void mbedtls_aria_free(mbedtls_aria_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_aria_context));
 }
@@ -553,13 +549,12 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
     ARIA_VALIDATE_RET(length == 0 || output != NULL);
     ARIA_VALIDATE_RET(iv != NULL);
 
-    if( length % MBEDTLS_ARIA_BLOCKSIZE )
+    if (length % MBEDTLS_ARIA_BLOCKSIZE) {
-        return( MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH );
+        return MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH;
+    }
 
-    if( mode == MBEDTLS_ARIA_DECRYPT )
+    if (mode == MBEDTLS_ARIA_DECRYPT) {
-    {
+        while (length > 0) {
-        while( length > 0 )
-        {
             memcpy(temp, input, MBEDTLS_ARIA_BLOCKSIZE);
             mbedtls_aria_crypt_ecb(ctx, input, output);
 
@@ -571,11 +566,8 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
             output += MBEDTLS_ARIA_BLOCKSIZE;
             length -= MBEDTLS_ARIA_BLOCKSIZE;
         }
-    }
+    } else {
-    else
+        while (length > 0) {
-    {
-        while( length > 0 )
-        {
             mbedtls_xor(output, input, iv, MBEDTLS_ARIA_BLOCKSIZE);
 
             mbedtls_aria_crypt_ecb(ctx, output, output);
@@ -587,7 +579,7 @@ int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
         }
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
@@ -619,15 +611,15 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
     /* An overly large value of n can lead to an unlimited
      * buffer overflow. Therefore, guard against this
      * outside of parameter validation. */
-    if( n >= MBEDTLS_ARIA_BLOCKSIZE )
+    if (n >= MBEDTLS_ARIA_BLOCKSIZE) {
-        return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
+    }
 
-    if( mode == MBEDTLS_ARIA_DECRYPT )
+    if (mode == MBEDTLS_ARIA_DECRYPT) {
-    {
+        while (length--) {
-        while( length-- )
+            if (n == 0) {
-        {
-            if( n == 0 )
                 mbedtls_aria_crypt_ecb(ctx, iv, iv);
+            }
 
             c = *input++;
             *output++ = c ^ iv[n];
@@ -635,13 +627,11 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
 
             n = (n + 1) & 0x0F;
         }
-    }
+    } else {
-    else
+        while (length--) {
-    {
+            if (n == 0) {
-        while( length-- )
-        {
-            if( n == 0 )
                 mbedtls_aria_crypt_ecb(ctx, iv, iv);
+            }
 
             iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
 
@@ -651,7 +641,7 @@ int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
 
     *iv_off = n;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
@@ -681,19 +671,21 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
     /* An overly large value of n can lead to an unlimited
      * buffer overflow. Therefore, guard against this
      * outside of parameter validation. */
-    if( n >= MBEDTLS_ARIA_BLOCKSIZE )
+    if (n >= MBEDTLS_ARIA_BLOCKSIZE) {
-        return( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
+    }
 
-    while( length-- )
+    while (length--) {
-    {
         if (n == 0) {
             mbedtls_aria_crypt_ecb(ctx, nonce_counter,
                                    stream_block);
 
-            for( i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i-- )
+            for (i = MBEDTLS_ARIA_BLOCKSIZE; i > 0; i--) {
-                if( ++nonce_counter[i - 1] != 0 )
+                if (++nonce_counter[i - 1] != 0) {
                     break;
                 }
+            }
+        }
         c = *input++;
         *output++ = (unsigned char) (c ^ stream_block[n]);
 
@@ -702,7 +694,7 @@ int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
 
     *nc_off = n;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 #endif /* !MBEDTLS_ARIA_ALT */
@@ -878,11 +870,11 @@ int mbedtls_aria_self_test( int verbose )
     /*
      * Test set 1
      */
-    for( i = 0; i < 3; i++ )
+    for (i = 0; i < 3; i++) {
-    {
         /* test ECB encryption */
-        if( verbose )
+        if (verbose) {
             mbedtls_printf("  ARIA-ECB-%d (enc): ", 128 + 64 * i);
+        }
         mbedtls_aria_setkey_enc(&ctx, aria_test1_ecb_key, 128 + 64 * i);
         mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_pt, blk);
         ARIA_SELF_TEST_ASSERT(
@@ -890,26 +882,28 @@ int mbedtls_aria_self_test( int verbose )
             != 0);
 
         /* test ECB decryption */
-        if( verbose )
+        if (verbose) {
             mbedtls_printf("  ARIA-ECB-%d (dec): ", 128 + 64 * i);
+        }
         mbedtls_aria_setkey_dec(&ctx, aria_test1_ecb_key, 128 + 64 * i);
         mbedtls_aria_crypt_ecb(&ctx, aria_test1_ecb_ct[i], blk);
         ARIA_SELF_TEST_ASSERT(
             memcmp(blk, aria_test1_ecb_pt, MBEDTLS_ARIA_BLOCKSIZE)
             != 0);
     }
-    if( verbose )
+    if (verbose) {
         mbedtls_printf("\n");
+    }
 
     /*
      * Test set 2
      */
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
-    for( i = 0; i < 3; i++ )
+    for (i = 0; i < 3; i++) {
-    {
         /* Test CBC encryption */
-        if( verbose )
+        if (verbose) {
             mbedtls_printf("  ARIA-CBC-%d (enc): ", 128 + 64 * i);
+        }
         mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
         memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
         memset(buf, 0x55, sizeof(buf));
@@ -919,8 +913,9 @@ int mbedtls_aria_self_test( int verbose )
                               != 0);
 
         /* Test CBC decryption */
-        if( verbose )
+        if (verbose) {
             mbedtls_printf("  ARIA-CBC-%d (dec): ", 128 + 64 * i);
+        }
         mbedtls_aria_setkey_dec(&ctx, aria_test2_key, 128 + 64 * i);
         memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
         memset(buf, 0xAA, sizeof(buf));
@@ -928,17 +923,18 @@ int mbedtls_aria_self_test( int verbose )
                                aria_test2_cbc_ct[i], buf);
         ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0);
     }
-    if( verbose )
+    if (verbose) {
         mbedtls_printf("\n");
+    }
 
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
-    for( i = 0; i < 3; i++ )
+    for (i = 0; i < 3; i++) {
-    {
         /* Test CFB encryption */
-        if( verbose )
+        if (verbose) {
             mbedtls_printf("  ARIA-CFB-%d (enc): ", 128 + 64 * i);
+        }
         mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
         memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
         memset(buf, 0x55, sizeof(buf));
@@ -948,8 +944,9 @@ int mbedtls_aria_self_test( int verbose )
         ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_cfb_ct[i], 48) != 0);
 
         /* Test CFB decryption */
-        if( verbose )
+        if (verbose) {
             mbedtls_printf("  ARIA-CFB-%d (dec): ", 128 + 64 * i);
+        }
         mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
         memcpy(iv, aria_test2_iv, MBEDTLS_ARIA_BLOCKSIZE);
         memset(buf, 0xAA, sizeof(buf));
@@ -958,16 +955,17 @@ int mbedtls_aria_self_test( int verbose )
                                   iv, aria_test2_cfb_ct[i], buf);
         ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0);
     }
-    if( verbose )
+    if (verbose) {
         mbedtls_printf("\n");
+    }
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
-    for( i = 0; i < 3; i++ )
+    for (i = 0; i < 3; i++) {
-    {
         /* Test CTR encryption */
-        if( verbose )
+        if (verbose) {
             mbedtls_printf("  ARIA-CTR-%d (enc): ", 128 + 64 * i);
+        }
         mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
         memset(iv, 0, MBEDTLS_ARIA_BLOCKSIZE);                      // IV = 0
         memset(buf, 0x55, sizeof(buf));
@@ -977,8 +975,9 @@ int mbedtls_aria_self_test( int verbose )
         ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_ctr_ct[i], 48) != 0);
 
         /* Test CTR decryption */
-        if( verbose )
+        if (verbose) {
             mbedtls_printf("  ARIA-CTR-%d (dec): ", 128 + 64 * i);
+        }
         mbedtls_aria_setkey_enc(&ctx, aria_test2_key, 128 + 64 * i);
         memset(iv, 0, MBEDTLS_ARIA_BLOCKSIZE);                      // IV = 0
         memset(buf, 0xAA, sizeof(buf));
@@ -987,15 +986,16 @@ int mbedtls_aria_self_test( int verbose )
                                aria_test2_ctr_ct[i], buf);
         ARIA_SELF_TEST_ASSERT(memcmp(buf, aria_test2_pt, 48) != 0);
     }
-    if( verbose )
+    if (verbose) {
         mbedtls_printf("\n");
+    }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
     ret = 0;
 
 exit:
     mbedtls_aria_free(&ctx);
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST */

library/asn1parse.c

@@ -40,34 +40,36 @@ int mbedtls_asn1_get_len( unsigned char **p,
                          const unsigned char *end,
                          size_t *len)
 {
-    if( ( end - *p ) < 1 )
+    if ((end - *p) < 1) {
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+        return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+    }
 
-    if( ( **p & 0x80 ) == 0 )
+    if ((**p & 0x80) == 0) {
         *len = *(*p)++;
-    else
+    } else {
-    {
+        switch (**p & 0x7F) {
-        switch( **p & 0x7F )
-        {
             case 1:
-            if( ( end - *p ) < 2 )
+                if ((end - *p) < 2) {
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+                    return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+                }
 
                 *len = (*p)[1];
                 (*p) += 2;
                 break;
 
             case 2:
-            if( ( end - *p ) < 3 )
+                if ((end - *p) < 3) {
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+                    return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+                }
 
                 *len = ((size_t) (*p)[1] << 8) | (*p)[2];
                 (*p) += 3;
                 break;
 
             case 3:
-            if( ( end - *p ) < 4 )
+                if ((end - *p) < 4) {
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+                    return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+                }
 
                 *len = ((size_t) (*p)[1] << 16) |
                        ((size_t) (*p)[2] << 8) | (*p)[3];
@@ -75,8 +77,9 @@ int mbedtls_asn1_get_len( unsigned char **p,
                 break;
 
             case 4:
-            if( ( end - *p ) < 5 )
+                if ((end - *p) < 5) {
-                return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+                    return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+                }
 
                 *len = ((size_t) (*p)[1] << 24) | ((size_t) (*p)[2] << 16) |
                        ((size_t) (*p)[3] << 8) |           (*p)[4];
@@ -84,29 +87,32 @@ int mbedtls_asn1_get_len( unsigned char **p,
                 break;
 
             default:
-            return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+                return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
         }
     }
 
-    if( *len > (size_t) ( end - *p ) )
+    if (*len > (size_t) (end - *p)) {
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+        return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_asn1_get_tag(unsigned char **p,
                          const unsigned char *end,
                          size_t *len, int tag)
 {
-    if( ( end - *p ) < 1 )
+    if ((end - *p) < 1) {
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+        return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+    }
 
-    if( **p != tag )
+    if (**p != tag) {
-        return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+        return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG;
+    }
 
     (*p)++;
 
-    return( mbedtls_asn1_get_len( p, end, len ) );
+    return mbedtls_asn1_get_len(p, end, len);
 }
 
 int mbedtls_asn1_get_bool(unsigned char **p,
@@ -116,16 +122,18 @@ int mbedtls_asn1_get_bool( unsigned char **p,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_BOOLEAN ) ) != 0 )
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_BOOLEAN)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    if( len != 1 )
+    if (len != 1) {
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+        return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+    }
 
     *val = (**p != 0) ? 1 : 0;
     (*p)++;
 
-    return( 0 );
+    return 0;
 }
 
 static int asn1_get_tagged_int(unsigned char **p,
@@ -135,55 +143,58 @@ static int asn1_get_tagged_int( unsigned char **p,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, tag ) ) != 0 )
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len, tag)) != 0) {
-        return( ret );
+        return ret;
+    }
 
     /*
      * len==0 is malformed (0 must be represented as 020100 for INTEGER,
      * or 0A0100 for ENUMERATED tags
      */
-    if( len == 0 )
+    if (len == 0) {
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+        return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+    }
     /* This is a cryptography library. Reject negative integers. */
-    if( ( **p & 0x80 ) != 0 )
+    if ((**p & 0x80) != 0) {
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+        return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+    }
 
     /* Skip leading zeros. */
-    while( len > 0 && **p == 0 )
+    while (len > 0 && **p == 0) {
-    {
         ++(*p);
         --len;
     }
 
     /* Reject integers that don't fit in an int. This code assumes that
      * the int type has no padding bit. */
-    if( len > sizeof( int ) )
+    if (len > sizeof(int)) {
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+        return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
-    if( len == sizeof( int ) && ( **p & 0x80 ) != 0 )
+    }
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+    if (len == sizeof(int) && (**p & 0x80) != 0) {
+        return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+    }
 
     *val = 0;
-    while( len-- > 0 )
+    while (len-- > 0) {
-    {
         *val = (*val << 8) | **p;
         (*p)++;
     }
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_asn1_get_int(unsigned char **p,
                          const unsigned char *end,
                          int *val)
 {
-    return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_INTEGER, val) );
+    return asn1_get_tagged_int(p, end, MBEDTLS_ASN1_INTEGER, val);
 }
 
 int mbedtls_asn1_get_enum(unsigned char **p,
                           const unsigned char *end,
                           int *val)
 {
-    return( asn1_get_tagged_int( p, end, MBEDTLS_ASN1_ENUMERATED, val) );
+    return asn1_get_tagged_int(p, end, MBEDTLS_ASN1_ENUMERATED, val);
 }
 
 #if defined(MBEDTLS_BIGNUM_C)
@@ -194,14 +205,15 @@ int mbedtls_asn1_get_mpi( unsigned char **p,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
+    if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
-        return( ret );
+        return ret;
+    }
 
     ret = mbedtls_mpi_read_binary(X, *p, len);
 
     *p += len;
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_BIGNUM_C */
 
@@ -211,28 +223,32 @@ int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /* Certificate type is a single byte bitstring */
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
+    if ((ret = mbedtls_asn1_get_tag(p, end, &bs->len, MBEDTLS_ASN1_BIT_STRING)) != 0) {
-        return( ret );
+        return ret;
+    }
 
     /* Check length, subtract one for actual bit string length */
-    if( bs->len < 1 )
+    if (bs->len < 1) {
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+        return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+    }
     bs->len -= 1;
 
     /* Get number of unused bits, ensure unused bits <= 7 */
     bs->unused_bits = **p;
-    if( bs->unused_bits > 7 )
+    if (bs->unused_bits > 7) {
-        return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+        return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
+    }
     (*p)++;
 
     /* Get actual bitstring */
     bs->p = *p;
     *p += bs->len;
 
-    if( *p != end )
+    if (*p != end) {
-        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+        return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -253,38 +269,38 @@ int mbedtls_asn1_traverse_sequence_of(
 
     /* Get main sequence tag */
     if ((ret = mbedtls_asn1_get_tag(p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 
-    if( *p + len != end )
+    if (*p + len != end) {
-        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+        return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+    }
 
-    while( *p < end )
+    while (*p < end) {
-    {
         unsigned char const tag = *(*p)++;
 
-        if( ( tag & tag_must_mask ) != tag_must_val )
+        if ((tag & tag_must_mask) != tag_must_val) {
-            return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
+            return MBEDTLS_ERR_ASN1_UNEXPECTED_TAG;
+        }
 
-        if( ( ret = mbedtls_asn1_get_len( p, end, &len ) ) != 0 )
+        if ((ret = mbedtls_asn1_get_len(p, end, &len)) != 0) {
-            return( ret );
+            return ret;
+        }
 
-        if( ( tag & tag_may_mask ) == tag_may_val )
+        if ((tag & tag_may_mask) == tag_may_val) {
-        {
+            if (cb != NULL) {
-            if( cb != NULL )
-            {
                 ret = cb(ctx, tag, *p, len);
-                if( ret != 0 )
+                if (ret != 0) {
-                    return( ret );
+                    return ret;
+                }
             }
         }
 
         *p += len;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -295,32 +311,33 @@ int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, len, MBEDTLS_ASN1_BIT_STRING ) ) != 0 )
+    if ((ret = mbedtls_asn1_get_tag(p, end, len, MBEDTLS_ASN1_BIT_STRING)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    if( *len == 0 )
+    if (*len == 0) {
-        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
+        return MBEDTLS_ERR_ASN1_INVALID_DATA;
+    }
     --(*len);
 
-    if( **p != 0 )
+    if (**p != 0) {
-        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
+        return MBEDTLS_ERR_ASN1_INVALID_DATA;
+    }
     ++(*p);
 
-    return( 0 );
+    return 0;
 }
 
 void mbedtls_asn1_sequence_free(mbedtls_asn1_sequence *seq)
 {
-    while( seq != NULL )
+    while (seq != NULL) {
-    {
         mbedtls_asn1_sequence *next = seq->next;
         mbedtls_free(seq);
         seq = next;
     }
 }
 
-typedef struct
+typedef struct {
-{
     int tag;
     mbedtls_asn1_sequence *cur;
 } asn1_get_sequence_of_cb_ctx_t;
@@ -335,13 +352,13 @@ static int asn1_get_sequence_of_cb( void *ctx,
     mbedtls_asn1_sequence *cur =
         cb_ctx->cur;
 
-    if( cur->buf.p != NULL )
+    if (cur->buf.p != NULL) {
-    {
         cur->next =
             mbedtls_calloc(1, sizeof(mbedtls_asn1_sequence));
 
-        if( cur->next == NULL )
+        if (cur->next == NULL) {
-            return( MBEDTLS_ERR_ASN1_ALLOC_FAILED );
+            return MBEDTLS_ERR_ASN1_ALLOC_FAILED;
+        }
 
         cur = cur->next;
     }
@@ -351,7 +368,7 @@ static int asn1_get_sequence_of_cb( void *ctx,
     cur->buf.tag = tag;
 
     cb_ctx->cur = cur;
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -364,9 +381,9 @@ int mbedtls_asn1_get_sequence_of( unsigned char **p,
 {
     asn1_get_sequence_of_cb_ctx_t cb_ctx = { tag, cur };
     memset(cur, 0, sizeof(mbedtls_asn1_sequence));
-    return( mbedtls_asn1_traverse_sequence_of(
+    return mbedtls_asn1_traverse_sequence_of(
         p, end, 0xFF, tag, 0, 0,
-                asn1_get_sequence_of_cb, &cb_ctx ) );
+        asn1_get_sequence_of_cb, &cb_ctx);
 }
 
 int mbedtls_asn1_get_alg(unsigned char **p,
@@ -377,40 +394,44 @@ int mbedtls_asn1_get_alg( unsigned char **p,
     size_t len;
 
     if ((ret = mbedtls_asn1_get_tag(p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    if( ( end - *p ) < 1 )
+    if ((end - *p) < 1) {
-        return( MBEDTLS_ERR_ASN1_OUT_OF_DATA );
+        return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+    }
 
     alg->tag = **p;
     end = *p + len;
 
-    if( ( ret = mbedtls_asn1_get_tag( p, end, &alg->len, MBEDTLS_ASN1_OID ) ) != 0 )
+    if ((ret = mbedtls_asn1_get_tag(p, end, &alg->len, MBEDTLS_ASN1_OID)) != 0) {
-        return( ret );
+        return ret;
+    }
 
     alg->p = *p;
     *p += alg->len;
 
-    if( *p == end )
+    if (*p == end) {
-    {
         mbedtls_platform_zeroize(params, sizeof(mbedtls_asn1_buf));
-        return( 0 );
+        return 0;
     }
 
     params->tag = **p;
     (*p)++;
 
-    if( ( ret = mbedtls_asn1_get_len( p, end, &params->len ) ) != 0 )
+    if ((ret = mbedtls_asn1_get_len(p, end, &params->len)) != 0) {
-        return( ret );
+        return ret;
+    }
 
     params->p = *p;
     *p += params->len;
 
-    if( *p != end )
+    if (*p != end) {
-        return( MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
+        return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_asn1_get_alg_null(unsigned char **p,
@@ -422,20 +443,23 @@ int mbedtls_asn1_get_alg_null( unsigned char **p,
 
     memset(&params, 0, sizeof(mbedtls_asn1_buf));
 
-    if( ( ret = mbedtls_asn1_get_alg( p, end, alg, &params ) ) != 0 )
+    if ((ret = mbedtls_asn1_get_alg(p, end, alg, &params)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    if( ( params.tag != MBEDTLS_ASN1_NULL && params.tag != 0 ) || params.len != 0 )
+    if ((params.tag != MBEDTLS_ASN1_NULL && params.tag != 0) || params.len != 0) {
-        return( MBEDTLS_ERR_ASN1_INVALID_DATA );
+        return MBEDTLS_ERR_ASN1_INVALID_DATA;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_asn1_free_named_data(mbedtls_asn1_named_data *cur)
 {
-    if( cur == NULL )
+    if (cur == NULL) {
         return;
+    }
 
     mbedtls_free(cur->oid.p);
     mbedtls_free(cur->val.p);
@@ -448,8 +472,7 @@ void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
 {
     mbedtls_asn1_named_data *cur;
 
-    while( ( cur = *head ) != NULL )
+    while ((cur = *head) != NULL) {
-    {
         *head = cur->next;
         mbedtls_free(cur->oid.p);
         mbedtls_free(cur->val.p);
@@ -459,8 +482,7 @@ void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
 
 void mbedtls_asn1_free_named_data_list_shallow(mbedtls_asn1_named_data *name)
 {
-    for( mbedtls_asn1_named_data *next; name != NULL; name = next )
+    for (mbedtls_asn1_named_data *next; name != NULL; name = next) {
-    {
         next = name->next;
         mbedtls_free(name);
     }
@@ -469,18 +491,16 @@ void mbedtls_asn1_free_named_data_list_shallow( mbedtls_asn1_named_data *name )
 const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data(const mbedtls_asn1_named_data *list,
                                                             const char *oid, size_t len)
 {
-    while( list != NULL )
+    while (list != NULL) {
-    {
         if (list->oid.len == len &&
-            memcmp( list->oid.p, oid, len ) == 0 )
+            memcmp(list->oid.p, oid, len) == 0) {
-        {
             break;
         }
 
         list = list->next;
     }
 
-    return( list );
+    return list;
 }
 
 #endif /* MBEDTLS_ASN1_PARSE_C */

library/asn1write.c

@@ -30,76 +30,77 @@
 
 int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t len)
 {
-    if( len < 0x80 )
+    if (len < 0x80) {
-    {
+        if (*p - start < 1) {
-        if( *p - start < 1 )
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
-
-        *--(*p) = (unsigned char) len;
-        return( 1 );
         }
 
-    if( len <= 0xFF )
+        *--(*p) = (unsigned char) len;
-    {
+        return 1;
-        if( *p - start < 2 )
+    }
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
+    if (len <= 0xFF) {
+        if (*p - start < 2) {
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+        }
 
         *--(*p) = (unsigned char) len;
         *--(*p) = 0x81;
-        return( 2 );
+        return 2;
     }
 
-    if( len <= 0xFFFF )
+    if (len <= 0xFFFF) {
-    {
+        if (*p - start < 3) {
-        if( *p - start < 3 )
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+        }
 
         *--(*p) = MBEDTLS_BYTE_0(len);
         *--(*p) = MBEDTLS_BYTE_1(len);
         *--(*p) = 0x82;
-        return( 3 );
+        return 3;
     }
 
-    if( len <= 0xFFFFFF )
+    if (len <= 0xFFFFFF) {
-    {
+        if (*p - start < 4) {
-        if( *p - start < 4 )
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+        }
 
         *--(*p) = MBEDTLS_BYTE_0(len);
         *--(*p) = MBEDTLS_BYTE_1(len);
         *--(*p) = MBEDTLS_BYTE_2(len);
         *--(*p) = 0x83;
-        return( 4 );
+        return 4;
     }
 
     int len_is_valid = 1;
 #if SIZE_MAX > 0xFFFFFFFF
     len_is_valid = (len <= 0xFFFFFFFF);
 #endif
-    if( len_is_valid )
+    if (len_is_valid) {
-    {
+        if (*p - start < 5) {
-        if( *p - start < 5 )
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+        }
 
         *--(*p) = MBEDTLS_BYTE_0(len);
         *--(*p) = MBEDTLS_BYTE_1(len);
         *--(*p) = MBEDTLS_BYTE_2(len);
         *--(*p) = MBEDTLS_BYTE_3(len);
         *--(*p) = 0x84;
-        return( 5 );
+        return 5;
     }
 
-    return( MBEDTLS_ERR_ASN1_INVALID_LENGTH );
+    return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
 }
 
 int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsigned char tag)
 {
-    if( *p - start < 1 )
+    if (*p - start < 1) {
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     *--(*p) = tag;
 
-    return( 1 );
+    return 1;
 }
 
 int mbedtls_asn1_write_raw_buffer(unsigned char **p, const unsigned char *start,
@@ -107,14 +108,15 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, const unsigned char *start
 {
     size_t len = 0;
 
-    if( *p < start || (size_t)( *p - start ) < size )
+    if (*p < start || (size_t) (*p - start) < size) {
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     len = size;
     (*p) -= len;
     memcpy(*p, buf, len);
 
-    return( (int) len );
+    return (int) len;
 }
 
 #if defined(MBEDTLS_BIGNUM_C)
@@ -129,11 +131,13 @@ int mbedtls_asn1_write_mpi( unsigned char **p, const unsigned char *start, const
 
     /* DER represents 0 with a sign bit (0=nonnegative) and 7 value bits, not
      * as 0 digits. We need to end up with 020100, not with 0200. */
-    if( len == 0 )
+    if (len == 0) {
         len = 1;
+    }
 
-    if( *p < start || (size_t)( *p - start ) < len )
+    if (*p < start || (size_t) (*p - start) < len) {
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     (*p) -= len;
     MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(X, *p, len));
@@ -141,10 +145,10 @@ int mbedtls_asn1_write_mpi( unsigned char **p, const unsigned char *start, const
     // DER format assumes 2s complement for numbers, so the leftmost bit
     // should be 0 for positive numbers and 1 for negative numbers.
     //
-    if( X->s ==1 && **p & 0x80 )
+    if (X->s == 1 && **p & 0x80) {
-    {
+        if (*p - start < 1) {
-        if( *p - start < 1 )
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+        }
 
         *--(*p) = 0x00;
         len += 1;
@@ -156,7 +160,7 @@ int mbedtls_asn1_write_mpi( unsigned char **p, const unsigned char *start, const
     ret = (int) len;
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_BIGNUM_C */
 
@@ -170,7 +174,7 @@ int mbedtls_asn1_write_null( unsigned char **p, const unsigned char *start )
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, 0));
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_NULL));
 
-    return( (int) len );
+    return (int) len;
 }
 
 int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start,
@@ -184,7 +188,7 @@ int mbedtls_asn1_write_oid( unsigned char **p, const unsigned char *start,
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID));
 
-    return( (int) len );
+    return (int) len;
 }
 
 int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, const unsigned char *start,
@@ -194,18 +198,20 @@ int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, const unsigned c
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
-    if( par_len == 0 )
+    if (par_len == 0) {
         MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_null(p, start));
-    else
+    } else {
         len += par_len;
+    }
 
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
 
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
-                                       MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+                                                     MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SEQUENCE));
 
-    return( (int) len );
+    return (int) len;
 }
 
 int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start, int boolean)
@@ -213,8 +219,9 @@ int mbedtls_asn1_write_bool( unsigned char **p, const unsigned char *start, int
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
-    if( *p - start < 1 )
+    if (*p - start < 1) {
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     *--(*p) = (boolean) ? 255 : 0;
     len++;
@@ -222,7 +229,7 @@ int mbedtls_asn1_write_bool( unsigned char **p, const unsigned char *start, int
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BOOLEAN));
 
-    return( (int) len );
+    return (int) len;
 }
 
 static int asn1_write_tagged_int(unsigned char **p, const unsigned char *start, int val, int tag)
@@ -230,20 +237,19 @@ static int asn1_write_tagged_int( unsigned char **p, const unsigned char *start,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len = 0;
 
-    do
+    do {
-    {
+        if (*p - start < 1) {
-        if( *p - start < 1 )
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+        }
         len += 1;
         *--(*p) = val & 0xff;
         val >>= 8;
-    }
+    } while (val > 0);
-    while( val > 0 );
 
-    if( **p & 0x80 )
+    if (**p & 0x80) {
-    {
+        if (*p - start < 1) {
-        if( *p - start < 1 )
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
-            return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+        }
         *--(*p) = 0x00;
         len += 1;
     }
@@ -251,17 +257,17 @@ static int asn1_write_tagged_int( unsigned char **p, const unsigned char *start,
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
 
-    return( (int) len );
+    return (int) len;
 }
 
 int mbedtls_asn1_write_int(unsigned char **p, const unsigned char *start, int val)
 {
-    return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_INTEGER ) );
+    return asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_INTEGER);
 }
 
 int mbedtls_asn1_write_enum(unsigned char **p, const unsigned char *start, int val)
 {
-    return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_ENUMERATED ) );
+    return asn1_write_tagged_int(p, start, val, MBEDTLS_ASN1_ENUMERATED);
 }
 
 int mbedtls_asn1_write_tagged_string(unsigned char **p, const unsigned char *start, int tag,
@@ -271,30 +277,32 @@ int mbedtls_asn1_write_tagged_string( unsigned char **p, const unsigned char *st
     size_t len = 0;
 
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start,
-        (const unsigned char *) text, text_len ) );
+                                                            (const unsigned char *) text,
+                                                            text_len));
 
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag));
 
-    return( (int) len );
+    return (int) len;
 }
 
 int mbedtls_asn1_write_utf8_string(unsigned char **p, const unsigned char *start,
                                    const char *text, size_t text_len)
 {
-    return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len) );
+    return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len);
 }
 
 int mbedtls_asn1_write_printable_string(unsigned char **p, const unsigned char *start,
                                         const char *text, size_t text_len)
 {
-    return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, text_len) );
+    return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text,
+                                            text_len);
 }
 
 int mbedtls_asn1_write_ia5_string(unsigned char **p, const unsigned char *start,
                                   const char *text, size_t text_len)
 {
-    return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len) );
+    return mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len);
 }
 
 int mbedtls_asn1_write_named_bitstring(unsigned char **p,
@@ -315,29 +323,30 @@ int mbedtls_asn1_write_named_bitstring( unsigned char **p,
      * of the bitstring. Trailing 0s are considered part of the 'unused' bits
      * when encoding this value in the first content octet
      */
-    if( bits != 0 )
+    if (bits != 0) {
-    {
         cur_byte = buf + byte_len - 1;
         cur_byte_shifted = *cur_byte >> unused_bits;
 
-        for( ; ; )
+        for (;;) {
-        {
             bit = cur_byte_shifted & 0x1;
             cur_byte_shifted >>= 1;
 
-            if( bit != 0 )
+            if (bit != 0) {
                 break;
+            }
 
             bits--;
-            if( bits == 0 )
+            if (bits == 0) {
                 break;
+            }
 
-            if( bits % 8 == 0 )
+            if (bits % 8 == 0) {
                 cur_byte_shifted = *--cur_byte;
             }
         }
+    }
 
-    return( mbedtls_asn1_write_bitstring( p, start, buf, bits ) );
+    return mbedtls_asn1_write_bitstring(p, start, buf, bits);
 }
 
 int mbedtls_asn1_write_bitstring(unsigned char **p, const unsigned char *start,
@@ -350,14 +359,14 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, const unsigned char *start,
     byte_len = (bits + 7) / 8;
     unused_bits = (byte_len * 8) - bits;
 
-    if( *p < start || (size_t)( *p - start ) < byte_len + 1 )
+    if (*p < start || (size_t) (*p - start) < byte_len + 1) {
-        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     len = byte_len + 1;
 
     /* Write the bitstring. Ensure the unused bits are zeroed */
-    if( byte_len > 0 )
+    if (byte_len > 0) {
-    {
         byte_len--;
         *--(*p) = buf[byte_len] & ~((0x1 << unused_bits) - 1);
         (*p) -= byte_len;
@@ -370,7 +379,7 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, const unsigned char *start,
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING));
 
-    return( (int) len );
+    return (int) len;
 }
 
 int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *start,
@@ -384,7 +393,7 @@ int mbedtls_asn1_write_octet_string( unsigned char **p, const unsigned char *sta
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING));
 
-    return( (int) len );
+    return (int) len;
 }
 
 
@@ -394,18 +403,16 @@ static mbedtls_asn1_named_data *asn1_find_named_data(
     mbedtls_asn1_named_data *list,
     const char *oid, size_t len)
 {
-    while( list != NULL )
+    while (list != NULL) {
-    {
         if (list->oid.len == len &&
-            memcmp( list->oid.p, oid, len ) == 0 )
+            memcmp(list->oid.p, oid, len) == 0) {
-        {
             break;
         }
 
         list = list->next;
     }
 
-    return( list );
+    return list;
 }
 
 mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
@@ -416,64 +423,59 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(
 {
     mbedtls_asn1_named_data *cur;
 
-    if( ( cur = asn1_find_named_data( *head, oid, oid_len ) ) == NULL )
+    if ((cur = asn1_find_named_data(*head, oid, oid_len)) == NULL) {
-    {
         // Add new entry if not present yet based on OID
         //
         cur = (mbedtls_asn1_named_data *) mbedtls_calloc(1,
                                                          sizeof(mbedtls_asn1_named_data));
-        if( cur == NULL )
+        if (cur == NULL) {
-            return( NULL );
+            return NULL;
+        }
 
         cur->oid.len = oid_len;
         cur->oid.p = mbedtls_calloc(1, oid_len);
-        if( cur->oid.p == NULL )
+        if (cur->oid.p == NULL) {
-        {
             mbedtls_free(cur);
-            return( NULL );
+            return NULL;
         }
 
         memcpy(cur->oid.p, oid, oid_len);
 
         cur->val.len = val_len;
-        if( val_len != 0 )
+        if (val_len != 0) {
-        {
             cur->val.p = mbedtls_calloc(1, val_len);
-            if( cur->val.p == NULL )
+            if (cur->val.p == NULL) {
-            {
                 mbedtls_free(cur->oid.p);
                 mbedtls_free(cur);
-                return( NULL );
+                return NULL;
             }
         }
 
         cur->next = *head;
         *head = cur;
-    }
+    } else if (val_len == 0) {
-    else if( val_len == 0 )
-    {
         mbedtls_free(cur->val.p);
         cur->val.p = NULL;
-    }
+    } else if (cur->val.len != val_len) {
-    else if( cur->val.len != val_len )
-    {
         /*
          * Enlarge existing value buffer if needed
          * Preserve old data until the allocation succeeded, to leave list in
          * a consistent state in case allocation fails.
          */
         void *p = mbedtls_calloc(1, val_len);
-        if( p == NULL )
+        if (p == NULL) {
-            return( NULL );
+            return NULL;
+        }
 
         mbedtls_free(cur->val.p);
         cur->val.p = p;
         cur->val.len = val_len;
     }
 
-    if( val != NULL && val_len != 0 )
+    if (val != NULL && val_len != 0) {
         memcpy(cur->val.p, val, val_len);
+    }
 
-    return( cur );
+    return cur;
 }
 #endif /* MBEDTLS_ASN1_WRITE_C */

library/base64.c

@@ -43,32 +43,28 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
     int C1, C2, C3;
     unsigned char *p;
 
-    if( slen == 0 )
+    if (slen == 0) {
-    {
         *olen = 0;
-        return( 0 );
+        return 0;
     }
 
     n = slen / 3 + (slen % 3 != 0);
 
-    if( n > ( BASE64_SIZE_T_MAX - 1 ) / 4 )
+    if (n > (BASE64_SIZE_T_MAX - 1) / 4) {
-    {
         *olen = BASE64_SIZE_T_MAX;
-        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
     }
 
     n *= 4;
 
-    if( ( dlen < n + 1 ) || ( NULL == dst ) )
+    if ((dlen < n + 1) || (NULL == dst)) {
-    {
         *olen = n + 1;
-        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
     }
 
     n = (slen / 3) * 3;
 
-    for( i = 0, p = dst; i < n; i += 3 )
+    for (i = 0, p = dst; i < n; i += 3) {
-    {
         C1 = *src++;
         C2 = *src++;
         C3 = *src++;
@@ -81,8 +77,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
         *p++ = mbedtls_ct_base64_enc_char(C3 & 0x3F);
     }
 
-    if( i < slen )
+    if (i < slen) {
-    {
         C1 = *src++;
         C2 = ((i + 1) < slen) ? *src++ : 0;
 
@@ -90,9 +85,11 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
         *p++ = mbedtls_ct_base64_enc_char((((C1 & 3) << 4) + (C2 >> 4))
                                           & 0x3F);
 
-        if( ( i + 1 ) < slen )
+        if ((i + 1) < slen) {
             *p++ = mbedtls_ct_base64_enc_char(((C2 & 15) << 2) & 0x3F);
-        else *p++ = '=';
+        } else {
+            *p++ = '=';
+        }
 
         *p++ = '=';
     }
@@ -100,7 +97,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
     *olen = p - dst;
     *p = 0;
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -118,53 +115,55 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
     unsigned char *p;
 
     /* First pass: check for validity and get output length */
-    for( i = n = 0; i < slen; i++ )
+    for (i = n = 0; i < slen; i++) {
-    {
         /* Skip spaces before checking for EOL */
         spaces_present = 0;
-        while( i < slen && src[i] == ' ' )
+        while (i < slen && src[i] == ' ') {
-        {
             ++i;
             spaces_present = 1;
         }
 
         /* Spaces at end of buffer are OK */
-        if( i == slen )
+        if (i == slen) {
             break;
+        }
 
         if ((slen - i) >= 2 &&
-            src[i] == '\r' && src[i + 1] == '\n' )
+            src[i] == '\r' && src[i + 1] == '\n') {
             continue;
+        }
 
-        if( src[i] == '\n' )
+        if (src[i] == '\n') {
             continue;
+        }
 
         /* Space inside a line is an error */
-        if( spaces_present )
+        if (spaces_present) {
-            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+            return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
-
+        }
-        if( src[i] > 127 )
+
-            return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+        if (src[i] > 127) {
-
+            return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
-        if( src[i] == '=' )
+        }
-        {
+
-            if( ++equals > 2 )
+        if (src[i] == '=') {
-                return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+            if (++equals > 2) {
+                return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
+            }
+        } else {
+            if (equals != 0) {
+                return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
+            }
+            if (mbedtls_ct_base64_dec_value(src[i]) < 0) {
+                return MBEDTLS_ERR_BASE64_INVALID_CHARACTER;
             }
-        else
-        {
-            if( equals != 0 )
-                return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-            if( mbedtls_ct_base64_dec_value( src[i] ) < 0 )
-                return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
         }
         n++;
     }
 
-    if( n == 0 )
+    if (n == 0) {
-    {
         *olen = 0;
-        return( 0 );
+        return 0;
     }
 
     /* The following expression is to calculate the following formula without
@@ -174,36 +173,39 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
     n = (6 * (n >> 3)) + ((6 * (n & 0x7) + 7) >> 3);
     n -= equals;
 
-    if( dst == NULL || dlen < n )
+    if (dst == NULL || dlen < n) {
-    {
         *olen = n;
-        return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
     }
 
     equals = 0;
-    for( x = 0, p = dst; i > 0; i--, src++ )
+    for (x = 0, p = dst; i > 0; i--, src++) {
-    {
+        if (*src == '\r' || *src == '\n' || *src == ' ') {
-        if( *src == '\r' || *src == '\n' || *src == ' ' )
             continue;
+        }
 
         x = x << 6;
-        if( *src == '=' )
+        if (*src == '=') {
             ++equals;
-        else
+        } else {
             x |= mbedtls_ct_base64_dec_value(*src);
+        }
 
-        if( ++accumulated_digits == 4 )
+        if (++accumulated_digits == 4) {
-        {
             accumulated_digits = 0;
             *p++ = MBEDTLS_BYTE_2(x);
-            if( equals <= 1 ) *p++ = MBEDTLS_BYTE_1( x );
+            if (equals <= 1) {
-            if( equals <= 0 ) *p++ = MBEDTLS_BYTE_0( x );
+                *p++ = MBEDTLS_BYTE_1(x);
+            }
+            if (equals <= 0) {
+                *p++ = MBEDTLS_BYTE_0(x);
+            }
         }
     }
 
     *olen = p - dst;
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -233,38 +235,41 @@ int mbedtls_base64_self_test( int verbose )
     const unsigned char *src;
     unsigned char buffer[128];
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("  Base64 encoding test: ");
+    }
 
     src = base64_test_dec;
 
     if (mbedtls_base64_encode(buffer, sizeof(buffer), &len, src, 64) != 0 ||
-         memcmp( base64_test_enc, buffer, 88 ) != 0 )
+        memcmp(base64_test_enc, buffer, 88) != 0) {
-    {
+        if (verbose != 0) {
-        if( verbose != 0 )
             mbedtls_printf("failed\n");
-
-        return( 1 );
         }
 
-    if( verbose != 0 )
+        return 1;
+    }
+
+    if (verbose != 0) {
         mbedtls_printf("passed\n  Base64 decoding test: ");
+    }
 
     src = base64_test_enc;
 
     if (mbedtls_base64_decode(buffer, sizeof(buffer), &len, src, 88) != 0 ||
-         memcmp( base64_test_dec, buffer, 64 ) != 0 )
+        memcmp(base64_test_dec, buffer, 64) != 0) {
-    {
+        if (verbose != 0) {
-        if( verbose != 0 )
             mbedtls_printf("failed\n");
-
-        return( 1 );
         }
 
-    if( verbose != 0 )
+        return 1;
-        mbedtls_printf( "passed\n\n" );
+    }
 
-    return( 0 );
+    if (verbose != 0) {
+        mbedtls_printf("passed\n\n");
+    }
+
+    return 0;
 }
 
 #endif /* MBEDTLS_SELF_TEST */

library/bignum_core.c

@@ -38,30 +38,34 @@ size_t mbedtls_mpi_core_clz( mbedtls_mpi_uint a )
     size_t j;
     mbedtls_mpi_uint mask = (mbedtls_mpi_uint) 1 << (biL - 1);
 
-    for( j = 0; j < biL; j++ )
+    for (j = 0; j < biL; j++) {
-    {
+        if (a & mask) {
-        if( a & mask ) break;
+            break;
+        }
 
         mask >>= 1;
     }
 
-    return( j );
+    return j;
 }
 
 size_t mbedtls_mpi_core_bitlen(const mbedtls_mpi_uint *A, size_t A_limbs)
 {
     size_t i, j;
 
-    if( A_limbs == 0 )
+    if (A_limbs == 0) {
-        return( 0 );
+        return 0;
+    }
 
-    for( i = A_limbs - 1; i > 0; i-- )
+    for (i = A_limbs - 1; i > 0; i--) {
-        if( A[i] != 0 )
+        if (A[i] != 0) {
             break;
+        }
+    }
 
     j = biL - mbedtls_mpi_core_clz(A[i]);
 
-    return( ( i * biL ) + j );
+    return (i * biL) + j;
 }
 
 /* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint
@@ -72,26 +76,21 @@ static mbedtls_mpi_uint mpi_bigendian_to_host_c( mbedtls_mpi_uint a )
     unsigned char *a_ptr;
     mbedtls_mpi_uint tmp = 0;
 
-    for( i = 0, a_ptr = (unsigned char *) &a; i < ciL; i++, a_ptr++ )
+    for (i = 0, a_ptr = (unsigned char *) &a; i < ciL; i++, a_ptr++) {
-    {
         tmp <<= CHAR_BIT;
         tmp |= (mbedtls_mpi_uint) *a_ptr;
     }
 
-    return( tmp );
+    return tmp;
 }
 
 static mbedtls_mpi_uint mpi_bigendian_to_host(mbedtls_mpi_uint a)
 {
-    if ( MBEDTLS_IS_BIG_ENDIAN )
+    if (MBEDTLS_IS_BIG_ENDIAN) {
-    {
         /* Nothing to do on bigendian systems. */
-        return( a );
+        return a;
-    }
+    } else {
-    else
+        switch (sizeof(mbedtls_mpi_uint)) {
-    {
-        switch( sizeof(mbedtls_mpi_uint) )
-        {
             case 4:
                 return (mbedtls_mpi_uint) MBEDTLS_BSWAP32((uint32_t) a);
             case 8:
@@ -100,7 +99,7 @@ static mbedtls_mpi_uint mpi_bigendian_to_host( mbedtls_mpi_uint a )
 
         /* Fall back to C-based reordering if we don't know the byte order
          * or we couldn't use a compiler-specific builtin. */
-        return( mpi_bigendian_to_host_c( a ) );
+        return mpi_bigendian_to_host_c(a);
     }
 }
 
@@ -109,8 +108,9 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A,
 {
     mbedtls_mpi_uint *cur_limb_left;
     mbedtls_mpi_uint *cur_limb_right;
-    if( A_limbs == 0 )
+    if (A_limbs == 0) {
         return;
+    }
 
     /*
      * Traverse limbs and
@@ -123,8 +123,7 @@ void mbedtls_mpi_core_bigendian_to_host( mbedtls_mpi_uint *A,
      */
     for (cur_limb_left = A, cur_limb_right = A + (A_limbs - 1);
          cur_limb_left <= cur_limb_right;
-         cur_limb_left++, cur_limb_right-- )
+         cur_limb_left++, cur_limb_right--) {
-    {
         mbedtls_mpi_uint tmp;
         /* Note that if cur_limb_left == cur_limb_right,
          * this code effectively swaps the bytes only once. */
@@ -145,14 +144,15 @@ unsigned mbedtls_mpi_core_uint_le_mpi( mbedtls_mpi_uint min,
 
     /* limbs other than the least significant one are all zero? */
     mbedtls_mpi_uint msll_mask = 0;
-    for( size_t i = 1; i < A_limbs; i++ )
+    for (size_t i = 1; i < A_limbs; i++) {
         msll_mask |= A[i];
+    }
     /* The most significant limbs of A are not all zero iff msll_mask != 0. */
     unsigned msll_nonzero = mbedtls_ct_mpi_uint_mask(msll_mask) & 1;
 
     /* min <= A iff the lowest limb of A is >= min or the other limbs
      * are not all zero. */
-    return( min_le_lsl | msll_nonzero );
+    return min_le_lsl | msll_nonzero;
 }
 
 void mbedtls_mpi_core_cond_assign(mbedtls_mpi_uint *X,
@@ -160,8 +160,9 @@ void mbedtls_mpi_core_cond_assign( mbedtls_mpi_uint *X,
                                   size_t limbs,
                                   unsigned char assign)
 {
-    if( X == A )
+    if (X == A) {
         return;
+    }
 
     mbedtls_ct_mpi_uint_cond_assign(limbs, X, A, assign);
 }
@@ -171,14 +172,14 @@ void mbedtls_mpi_core_cond_swap( mbedtls_mpi_uint *X,
                                 size_t limbs,
                                 unsigned char swap)
 {
-    if( X == Y )
+    if (X == Y) {
         return;
+    }
 
     /* all-bits 1 if swap is 1, all-bits 0 if swap is 0 */
     mbedtls_mpi_uint limb_mask = mbedtls_ct_mpi_uint_mask(swap);
 
-    for( size_t i = 0; i < limbs; i++ )
+    for (size_t i = 0; i < limbs; i++) {
-    {
         mbedtls_mpi_uint tmp = X[i];
         X[i] = (X[i] & ~limb_mask) | (Y[i] & limb_mask);
         Y[i] = (Y[i] & ~limb_mask) | (tmp & limb_mask);
@@ -192,21 +193,20 @@ int mbedtls_mpi_core_read_le( mbedtls_mpi_uint *X,
 {
     const size_t limbs = CHARS_TO_LIMBS(input_length);
 
-    if( X_limbs < limbs )
+    if (X_limbs < limbs) {
-        return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
+    }
 
-    if( X != NULL )
+    if (X != NULL) {
-    {
         memset(X, 0, X_limbs * ciL);
 
-        for( size_t i = 0; i < input_length; i++ )
+        for (size_t i = 0; i < input_length; i++) {
-        {
             size_t offset = ((i % ciL) << 3);
             X[i / ciL] |= ((mbedtls_mpi_uint) input[i]) << offset;
         }
     }
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_mpi_core_read_be(mbedtls_mpi_uint *X,
@@ -216,19 +216,20 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X,
 {
     const size_t limbs = CHARS_TO_LIMBS(input_length);
 
-    if( X_limbs < limbs )
+    if (X_limbs < limbs) {
-        return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
+    }
 
     /* If X_limbs is 0, input_length must also be 0 (from previous test).
      * Nothing to do. */
-    if( X_limbs == 0 )
+    if (X_limbs == 0) {
-        return( 0 );
+        return 0;
+    }
 
     memset(X, 0, X_limbs * ciL);
 
     /* memcpy() with (NULL, 0) is undefined behaviour */
-    if( input_length != 0 )
+    if (input_length != 0) {
-    {
         size_t overhead = (X_limbs * ciL) - input_length;
         unsigned char *Xp = (unsigned char *) X;
         memcpy(Xp + overhead, input, input_length);
@@ -236,7 +237,7 @@ int mbedtls_mpi_core_read_be( mbedtls_mpi_uint *X,
 
     mbedtls_mpi_core_bigendian_to_host(X, X_limbs);
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_mpi_core_write_le(const mbedtls_mpi_uint *A,
@@ -247,33 +248,30 @@ int mbedtls_mpi_core_write_le( const mbedtls_mpi_uint *A,
     size_t stored_bytes = A_limbs * ciL;
     size_t bytes_to_copy;
 
-    if( stored_bytes < output_length )
+    if (stored_bytes < output_length) {
-    {
         bytes_to_copy = stored_bytes;
-    }
+    } else {
-    else
-    {
         bytes_to_copy = output_length;
 
         /* The output buffer is smaller than the allocated size of A.
          * However A may fit if its leading bytes are zero. */
-        for( size_t i = bytes_to_copy; i < stored_bytes; i++ )
+        for (size_t i = bytes_to_copy; i < stored_bytes; i++) {
-        {
+            if (GET_BYTE(A, i) != 0) {
-            if( GET_BYTE( A, i ) != 0 )
+                return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
-                return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+            }
         }
     }
 
-    for( size_t i = 0; i < bytes_to_copy; i++ )
+    for (size_t i = 0; i < bytes_to_copy; i++) {
         output[i] = GET_BYTE(A, i);
+    }
 
-    if( stored_bytes < output_length )
+    if (stored_bytes < output_length) {
-    {
         /* Write trailing 0 bytes */
         memset(output + stored_bytes, 0, output_length - stored_bytes);
     }
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_mpi_core_write_be(const mbedtls_mpi_uint *X,
@@ -287,8 +285,7 @@ int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X,
 
     stored_bytes = X_limbs * ciL;
 
-    if( stored_bytes < output_length )
+    if (stored_bytes < output_length) {
-    {
         /* There is enough space in the output buffer. Write initial
          * null bytes and record the position at which to start
          * writing the significant bytes. In this case, the execution
@@ -297,24 +294,23 @@ int mbedtls_mpi_core_write_be( const mbedtls_mpi_uint *X,
         bytes_to_copy = stored_bytes;
         p = output + output_length - stored_bytes;
         memset(output, 0, output_length - stored_bytes);
-    }
+    } else {
-    else
-    {
         /* The output buffer is smaller than the allocated size of X.
          * However X may fit if its leading bytes are zero. */
         bytes_to_copy = output_length;
         p = output;
-        for( size_t i = bytes_to_copy; i < stored_bytes; i++ )
+        for (size_t i = bytes_to_copy; i < stored_bytes; i++) {
-        {
+            if (GET_BYTE(X, i) != 0) {
-            if( GET_BYTE( X, i ) != 0 )
+                return MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL;
-                return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
+            }
         }
     }
 
-    for( size_t i = 0; i < bytes_to_copy; i++ )
+    for (size_t i = 0; i < bytes_to_copy; i++) {
         p[bytes_to_copy - i - 1] = GET_BYTE(X, i);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 void mbedtls_mpi_core_shift_r(mbedtls_mpi_uint *X, size_t limbs,
@@ -326,8 +322,7 @@ void mbedtls_mpi_core_shift_r( mbedtls_mpi_uint *X, size_t limbs,
     v0 = count /  biL;
     v1 = count & (biL - 1);
 
-    if( v0 > limbs || ( v0 == limbs && v1 > 0 ) )
+    if (v0 > limbs || (v0 == limbs && v1 > 0)) {
-    {
         memset(X, 0, limbs * ciL);
         return;
     }
@@ -335,22 +330,21 @@ void mbedtls_mpi_core_shift_r( mbedtls_mpi_uint *X, size_t limbs,
     /*
      * shift by count / limb_size
      */
-    if( v0 > 0 )
+    if (v0 > 0) {
-    {
+        for (i = 0; i < limbs - v0; i++) {
-        for( i = 0; i < limbs - v0; i++ )
             X[i] = X[i + v0];
+        }
 
-        for( ; i < limbs; i++ )
+        for (; i < limbs; i++) {
             X[i] = 0;
         }
+    }
 
     /*
      * shift by count % limb_size
      */
-    if( v1 > 0 )
+    if (v1 > 0) {
-    {
+        for (i = limbs; i > 0; i--) {
-        for( i = limbs; i > 0; i-- )
-        {
             r1 = X[i - 1] << (biL - v1);
             X[i - 1] >>= v1;
             X[i - 1] |= r0;
@@ -366,8 +360,7 @@ mbedtls_mpi_uint mbedtls_mpi_core_add( mbedtls_mpi_uint *X,
 {
     mbedtls_mpi_uint c = 0;
 
-    for( size_t i = 0; i < limbs; i++ )
+    for (size_t i = 0; i < limbs; i++) {
-    {
         mbedtls_mpi_uint t = c + A[i];
         c = (t < A[i]);
         t += B[i];
@@ -375,7 +368,7 @@ mbedtls_mpi_uint mbedtls_mpi_core_add( mbedtls_mpi_uint *X,
         X[i] = t;
     }
 
-    return( c );
+    return c;
 }
 
 mbedtls_mpi_uint mbedtls_mpi_core_add_if(mbedtls_mpi_uint *X,
@@ -388,8 +381,7 @@ mbedtls_mpi_uint mbedtls_mpi_core_add_if( mbedtls_mpi_uint *X,
     /* all-bits 0 if cond is 0, all-bits 1 if cond is non-0 */
     const mbedtls_mpi_uint mask = mbedtls_ct_mpi_uint_mask(cond);
 
-    for( size_t i = 0; i < limbs; i++ )
+    for (size_t i = 0; i < limbs; i++) {
-    {
         mbedtls_mpi_uint add = mask & A[i];
         mbedtls_mpi_uint t = c + X[i];
         c = (t < X[i]);
@@ -398,7 +390,7 @@ mbedtls_mpi_uint mbedtls_mpi_core_add_if( mbedtls_mpi_uint *X,
         X[i] = t;
     }
 
-    return( c );
+    return c;
 }
 
 mbedtls_mpi_uint mbedtls_mpi_core_sub(mbedtls_mpi_uint *X,
@@ -408,15 +400,14 @@ mbedtls_mpi_uint mbedtls_mpi_core_sub( mbedtls_mpi_uint *X,
 {
     mbedtls_mpi_uint c = 0;
 
-    for( size_t i = 0; i < limbs; i++ )
+    for (size_t i = 0; i < limbs; i++) {
-    {
         mbedtls_mpi_uint z = (A[i] < c);
         mbedtls_mpi_uint t = A[i] - c;
         c = (t < B[i]) + z;
         X[i] = t - B[i];
     }
 
-    return( c );
+    return c;
 }
 
 mbedtls_mpi_uint mbedtls_mpi_core_mla(mbedtls_mpi_uint *d, size_t d_len,
@@ -429,34 +420,32 @@ mbedtls_mpi_uint mbedtls_mpi_core_mla( mbedtls_mpi_uint *d, size_t d_len,
      * If that's not the case, we swap these round: this turns what would be
      * a buffer overflow into an incorrect result.
      */
-    if( d_len < s_len )
+    if (d_len < s_len) {
         s_len = d_len;
+    }
     size_t excess_len = d_len - s_len;
     size_t steps_x8 = s_len / 8;
     size_t steps_x1 = s_len & 7;
 
-    while( steps_x8-- )
+    while (steps_x8--) {
-    {
         MULADDC_X8_INIT
         MULADDC_X8_CORE
             MULADDC_X8_STOP
     }
 
-    while( steps_x1-- )
+    while (steps_x1--) {
-    {
         MULADDC_X1_INIT
         MULADDC_X1_CORE
             MULADDC_X1_STOP
     }
 
-    while( excess_len-- )
+    while (excess_len--) {
-    {
         *d += c;
         c = (*d < c);
         d++;
     }
 
-    return( c );
+    return c;
 }
 
 /*
@@ -468,10 +457,11 @@ mbedtls_mpi_uint mbedtls_mpi_core_montmul_init( const mbedtls_mpi_uint *N )
 
     x += ((N[0] + 2) & 4) << 1;
 
-    for( unsigned int i = biL; i >= 8; i /= 2 )
+    for (unsigned int i = biL; i >= 8; i /= 2) {
         x *= (2 - (N[0] * x));
+    }
 
-    return( ~x + 1 );
+    return ~x + 1;
 }
 
 void mbedtls_mpi_core_montmul(mbedtls_mpi_uint *X,
@@ -485,8 +475,7 @@ void mbedtls_mpi_core_montmul( mbedtls_mpi_uint *X,
 {
     memset(T, 0, (2 * AN_limbs + 1) * ciL);
 
-    for( size_t i = 0; i < AN_limbs; i++ )
+    for (size_t i = 0; i < AN_limbs; i++) {
-    {
         /* T = (T + u0*B + u1*N) / 2^biL */
         mbedtls_mpi_uint u0 = A[i];
         mbedtls_mpi_uint u1 = (T[0] + u0 * B[0]) * mm;
@@ -538,7 +527,7 @@ int mbedtls_mpi_core_get_mont_r2_unsafe( mbedtls_mpi *X,
     MBEDTLS_MPI_CHK(mbedtls_mpi_shrink(X, N->n));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 MBEDTLS_STATIC_TESTABLE
@@ -548,8 +537,7 @@ void mbedtls_mpi_core_ct_uint_table_lookup( mbedtls_mpi_uint *dest,
                                            size_t count,
                                            size_t index)
 {
-    for( size_t i = 0; i < count; i++, table += limbs )
+    for (size_t i = 0; i < count; i++, table += limbs) {
-    {
         unsigned char assign = mbedtls_ct_size_bool_eq(i, index);
         mbedtls_mpi_core_cond_assign(dest, table, limbs, assign);
     }
@@ -570,8 +558,9 @@ int mbedtls_mpi_core_fill_random(
     const size_t limbs = CHARS_TO_LIMBS(n_bytes);
     const size_t overhead = (limbs * ciL) - n_bytes;
 
-    if( X_limbs < limbs )
+    if (X_limbs < limbs) {
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
     memset(X, 0, overhead);
     memset((unsigned char *) X + limbs * ciL, 0, (X_limbs - limbs) * ciL);
@@ -579,7 +568,7 @@ int mbedtls_mpi_core_fill_random(
     mbedtls_mpi_core_bigendian_to_host(X, limbs);
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 int mbedtls_mpi_core_random(mbedtls_mpi_uint *X,
@@ -621,26 +610,23 @@ int mbedtls_mpi_core_random( mbedtls_mpi_uint *X,
      * - try until result is in the desired range.
      * This also avoids any bias, which is especially important for ECDSA.
      */
-    do
+    do {
-    {
         MBEDTLS_MPI_CHK(mbedtls_mpi_core_fill_random(X, limbs,
                                                      n_bytes,
                                                      f_rng, p_rng));
         mbedtls_mpi_core_shift_r(X, limbs, 8 * n_bytes - n_bits);
 
-        if( --count == 0 )
+        if (--count == 0) {
-        {
             ret = MBEDTLS_ERR_MPI_NOT_ACCEPTABLE;
             goto cleanup;
         }
 
         ge_lower = mbedtls_mpi_core_uint_le_mpi(min, X, limbs);
         lt_upper = mbedtls_mpi_core_lt_ct(X, N, limbs);
-    }
+    } while (ge_lower == 0 || lt_upper == 0);
-    while( ge_lower == 0 || lt_upper == 0 );
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /* BEGIN MERGE SLOT 1 */
@@ -651,11 +637,12 @@ static size_t exp_mod_get_window_size( size_t Ebits )
                    (Ebits >  79) ? 4 : 1;
 
 #if (MBEDTLS_MPI_WINDOW_SIZE < 6)
-    if( wsize > MBEDTLS_MPI_WINDOW_SIZE )
+    if (wsize > MBEDTLS_MPI_WINDOW_SIZE) {
         wsize = MBEDTLS_MPI_WINDOW_SIZE;
+    }
 #endif
 
-    return( wsize );
+    return wsize;
 }
 
 size_t mbedtls_mpi_core_exp_mod_working_limbs(size_t AN_limbs, size_t E_limbs)
@@ -668,7 +655,7 @@ size_t mbedtls_mpi_core_exp_mod_working_limbs( size_t AN_limbs, size_t E_limbs )
     const size_t select_limbs  = AN_limbs;
     const size_t temp_limbs    = 2 * AN_limbs + 1;
 
-    return( table_limbs + select_limbs + temp_limbs );
+    return table_limbs + select_limbs + temp_limbs;
 }
 
 static void exp_mod_precompute_window(const mbedtls_mpi_uint *A,
@@ -691,8 +678,7 @@ static void exp_mod_precompute_window( const mbedtls_mpi_uint *A,
 
     /* W[i+1] = W[i] * W[1], i >= 2 */
     mbedtls_mpi_uint *Wprev = W1;
-    for( size_t i = 2; i < welem; i++ )
+    for (size_t i = 2; i < welem; i++) {
-    {
         mbedtls_mpi_uint *Wcur = Wprev + AN_limbs;
         mbedtls_mpi_core_montmul(Wcur, Wprev, W1, AN_limbs, N, AN_limbs, mm, temp);
         Wprev = Wcur;
@@ -761,19 +747,15 @@ void mbedtls_mpi_core_exp_mod( mbedtls_mpi_uint *X,
     size_t window_bits = 0;
     mbedtls_mpi_uint window = 0;
 
-    do
+    do {
-    {
         /* Square */
         mbedtls_mpi_core_montmul(X, X, X, AN_limbs, N, AN_limbs, mm, temp);
 
         /* Move to the next bit of the exponent */
-        if( E_bit_index == 0 )
+        if (E_bit_index == 0) {
-        {
             --E_limb_index;
             E_bit_index = biL - 1;
-        }
+        } else {
-        else
-        {
             --E_bit_index;
         }
         /* Insert next exponent bit into window */
@@ -784,8 +766,7 @@ void mbedtls_mpi_core_exp_mod( mbedtls_mpi_uint *X,
         /* Clear window if it's full. Also clear the window at the end,
          * when we've finished processing the exponent. */
         if (window_bits == wsize ||
-            ( E_bit_index == 0 && E_limb_index == 0 ) )
+            (E_bit_index == 0 && E_limb_index == 0)) {
-        {
             /* Select Wtable[window] without leaking window through
              * memory access patterns. */
             mbedtls_mpi_core_ct_uint_table_lookup(Wselect, Wtable,
@@ -796,8 +777,7 @@ void mbedtls_mpi_core_exp_mod( mbedtls_mpi_uint *X,
             window = 0;
             window_bits = 0;
         }
-    }
+    } while (!(E_bit_index == 0 && E_limb_index == 0));
-    while( ! ( E_bit_index == 0 && E_limb_index == 0 ) );
 }
 
 /* END MERGE SLOT 1 */
@@ -813,15 +793,14 @@ mbedtls_mpi_uint mbedtls_mpi_core_sub_int( mbedtls_mpi_uint *X,
                                           mbedtls_mpi_uint c,  /* doubles as carry */
                                           size_t limbs)
 {
-    for( size_t i = 0; i < limbs; i++ )
+    for (size_t i = 0; i < limbs; i++) {
-    {
         mbedtls_mpi_uint s = A[i];
         mbedtls_mpi_uint t = s - c;
         c = (t > s);
         X[i] = t;
     }
 
-    return( c );
+    return c;
 }
 
 mbedtls_mpi_uint mbedtls_mpi_core_check_zero_ct(const mbedtls_mpi_uint *A,
@@ -829,10 +808,11 @@ mbedtls_mpi_uint mbedtls_mpi_core_check_zero_ct( const mbedtls_mpi_uint *A,
 {
     mbedtls_mpi_uint bits = 0;
 
-    for( size_t i = 0; i < limbs; i++ )
+    for (size_t i = 0; i < limbs; i++) {
         bits |= A[i];
+    }
 
-    return( bits );
+    return bits;
 }
 
 void mbedtls_mpi_core_to_mont_rep(mbedtls_mpi_uint *X,

library/bignum_core.h

@@ -656,7 +656,7 @@ mbedtls_mpi_uint mbedtls_mpi_core_check_zero_ct( const mbedtls_mpi_uint *A,
  */
 static inline size_t mbedtls_mpi_core_montmul_working_limbs(size_t AN_limbs)
 {
-    return( 2 * AN_limbs + 1 );
+    return 2 * AN_limbs + 1;
 }
 
 /** Convert an MPI into Montgomery form.

library/bignum_mod.c

@@ -39,19 +39,21 @@ int mbedtls_mpi_mod_residue_setup( mbedtls_mpi_mod_residue *r,
                                   mbedtls_mpi_uint *p,
                                   size_t p_limbs)
 {
-    if( p_limbs != m->limbs || !mbedtls_mpi_core_lt_ct( p, m->p, m->limbs ) )
+    if (p_limbs != m->limbs || !mbedtls_mpi_core_lt_ct(p, m->p, m->limbs)) {
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
     r->limbs = m->limbs;
     r->p = p;
 
-    return( 0 );
+    return 0;
 }
 
 void mbedtls_mpi_mod_residue_release(mbedtls_mpi_mod_residue *r)
 {
-    if( r == NULL )
+    if (r == NULL) {
         return;
+    }
 
     r->limbs = 0;
     r->p = NULL;
@@ -59,8 +61,9 @@ void mbedtls_mpi_mod_residue_release( mbedtls_mpi_mod_residue *r )
 
 void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *m)
 {
-    if( m == NULL )
+    if (m == NULL) {
         return;
+    }
 
     m->p = NULL;
     m->limbs = 0;
@@ -70,14 +73,13 @@ void mbedtls_mpi_mod_modulus_init( mbedtls_mpi_mod_modulus *m )
 
 void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *m)
 {
-    if( m == NULL )
+    if (m == NULL) {
         return;
+    }
 
-    switch( m->int_rep )
+    switch (m->int_rep) {
-    {
         case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
-            if (m->rep.mont.rr != NULL)
+            if (m->rep.mont.rr != NULL) {
-            {
                 mbedtls_platform_zeroize((mbedtls_mpi_uint *) m->rep.mont.rr,
                                          m->limbs * sizeof(mbedtls_mpi_uint));
                 mbedtls_free((mbedtls_mpi_uint *) m->rep.mont.rr);
@@ -110,18 +112,19 @@ static int set_mont_const_square( const mbedtls_mpi_uint **X,
     mbedtls_mpi_init(&N);
     mbedtls_mpi_init(&RR);
 
-    if( A == NULL || limbs == 0 || limbs >= ( MBEDTLS_MPI_MAX_LIMBS / 2 ) - 2 )
+    if (A == NULL || limbs == 0 || limbs >= (MBEDTLS_MPI_MAX_LIMBS / 2) - 2) {
         goto cleanup;
+    }
 
-    if( mbedtls_mpi_grow( &N, limbs ) )
+    if (mbedtls_mpi_grow(&N, limbs)) {
         goto cleanup;
+    }
 
     memcpy(N.p, A, sizeof(mbedtls_mpi_uint) * limbs);
 
     ret = mbedtls_mpi_core_get_mont_r2_unsafe(&RR, &N);
 
-    if( ret == 0 )
+    if (ret == 0) {
-    {
         *X = RR.p;
         RR.p = NULL;
     }
@@ -130,7 +133,7 @@ cleanup:
     mbedtls_mpi_free(&N);
     mbedtls_mpi_free(&RR);
     ret = (ret != 0) ? MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED : 0;
-    return( ret );
+    return ret;
 }
 
 int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *m,
@@ -144,8 +147,7 @@ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m,
     m->limbs = p_limbs;
     m->bits = mbedtls_mpi_core_bitlen(p, p_limbs);
 
-    switch( int_rep )
+    switch (int_rep) {
-    {
         case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
             m->int_rep = int_rep;
             m->rep.mont.mm = mbedtls_mpi_core_montmul_init(m->p);
@@ -162,12 +164,11 @@ int mbedtls_mpi_mod_modulus_setup( mbedtls_mpi_mod_modulus *m,
 
 exit:
 
-    if( ret != 0 )
+    if (ret != 0) {
-    {
         mbedtls_mpi_mod_modulus_free(m);
     }
 
-    return( ret );
+    return ret;
 }
 
 /* BEGIN MERGE SLOT 1 */
@@ -181,21 +182,24 @@ int mbedtls_mpi_mod_mul( mbedtls_mpi_mod_residue *X,
                         const mbedtls_mpi_mod_residue *B,
                         const mbedtls_mpi_mod_modulus *N)
 {
-    if( N->limbs == 0 )
+    if (N->limbs == 0) {
         return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
-    if( X->limbs != N->limbs || A->limbs != N->limbs || B->limbs != N->limbs )
+    if (X->limbs != N->limbs || A->limbs != N->limbs || B->limbs != N->limbs) {
         return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
     mbedtls_mpi_uint *T = mbedtls_calloc(N->limbs * 2 + 1, ciL);
-    if( T == NULL )
+    if (T == NULL) {
         return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+    }
 
     mbedtls_mpi_mod_raw_mul(X->p, A->p, B->p, N, T);
 
     mbedtls_free(T);
 
-    return( 0 );
+    return 0;
 }
 
 /* END MERGE SLOT 2 */
@@ -206,12 +210,13 @@ int mbedtls_mpi_mod_sub( mbedtls_mpi_mod_residue *X,
                         const mbedtls_mpi_mod_residue *B,
                         const mbedtls_mpi_mod_modulus *N)
 {
-    if( X->limbs != N->limbs || A->limbs != N->limbs || B->limbs != N->limbs )
+    if (X->limbs != N->limbs || A->limbs != N->limbs || B->limbs != N->limbs) {
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
     mbedtls_mpi_mod_raw_sub(X->p, A->p, B->p, N);
 
-    return( 0 );
+    return 0;
 }
 
 static int mbedtls_mpi_mod_inv_mont(mbedtls_mpi_mod_residue *X,
@@ -224,7 +229,7 @@ static int mbedtls_mpi_mod_inv_mont( mbedtls_mpi_mod_residue *X,
                                   N->p, N->limbs,
                                   N->rep.mont.rr,
                                   working_memory);
-    return( 0 );
+    return 0;
 }
 
 static int mbedtls_mpi_mod_inv_non_mont(mbedtls_mpi_mod_residue *X,
@@ -259,32 +264,34 @@ static int mbedtls_mpi_mod_inv_non_mont( mbedtls_mpi_mod_residue *X,
 
 cleanup:
     mbedtls_mpi_mod_modulus_free(&Nmont);
-    return( ret );
+    return ret;
 }
 
 int mbedtls_mpi_mod_inv(mbedtls_mpi_mod_residue *X,
                         const mbedtls_mpi_mod_residue *A,
                         const mbedtls_mpi_mod_modulus *N)
 {
-    if( X->limbs != N->limbs || A->limbs != N->limbs )
+    if (X->limbs != N->limbs || A->limbs != N->limbs) {
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
     /* Zero has the same value regardless of Montgomery form or not */
-    if( mbedtls_mpi_core_check_zero_ct( A->p, A->limbs ) == 0 )
+    if (mbedtls_mpi_core_check_zero_ct(A->p, A->limbs) == 0) {
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
     size_t working_limbs =
         mbedtls_mpi_mod_raw_inv_prime_working_limbs(N->limbs);
 
     mbedtls_mpi_uint *working_memory = mbedtls_calloc(working_limbs,
                                                       sizeof(mbedtls_mpi_uint));
-    if( working_memory == NULL )
+    if (working_memory == NULL) {
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+        return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+    }
 
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    switch( N->int_rep )
+    switch (N->int_rep) {
-    {
         case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
             ret = mbedtls_mpi_mod_inv_mont(X, A, N, working_memory);
             break;
@@ -314,12 +321,13 @@ int mbedtls_mpi_mod_add( mbedtls_mpi_mod_residue *X,
                         const mbedtls_mpi_mod_residue *B,
                         const mbedtls_mpi_mod_modulus *N)
 {
-    if( X->limbs != N->limbs || A->limbs != N->limbs || B->limbs != N->limbs )
+    if (X->limbs != N->limbs || A->limbs != N->limbs || B->limbs != N->limbs) {
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
     mbedtls_mpi_mod_raw_add(X->p, A->p, B->p, N);
 
-    return( 0 );
+    return 0;
 }
 /* END MERGE SLOT 5 */
 
@@ -331,9 +339,10 @@ int mbedtls_mpi_mod_random( mbedtls_mpi_mod_residue *X,
                            int (*f_rng)(void *, unsigned char *, size_t),
                            void *p_rng)
 {
-    if( X->limbs != N->limbs )
+    if (X->limbs != N->limbs) {
-        return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-    return( mbedtls_mpi_mod_raw_random( X->p, min, N, f_rng, p_rng ) );
+    }
+    return mbedtls_mpi_mod_raw_random(X->p, min, N, f_rng, p_rng);
 }
 
 /* END MERGE SLOT 6 */
@@ -348,21 +357,24 @@ int mbedtls_mpi_mod_read( mbedtls_mpi_mod_residue *r,
     int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
 
     /* Do our best to check if r and m have been set up */
-    if( r->limbs == 0 || m->limbs == 0 )
+    if (r->limbs == 0 || m->limbs == 0) {
         goto cleanup;
-    if( r->limbs != m->limbs )
+    }
+    if (r->limbs != m->limbs) {
         goto cleanup;
+    }
 
     ret = mbedtls_mpi_mod_raw_read(r->p, m, buf, buflen, ext_rep);
-    if( ret != 0 )
+    if (ret != 0) {
         goto cleanup;
+    }
 
     r->limbs = m->limbs;
 
     ret = mbedtls_mpi_mod_raw_canonical_to_modulus_rep(r->p, m);
 
 cleanup:
-    return ( ret );
+    return ret;
 }
 
 int mbedtls_mpi_mod_write(const mbedtls_mpi_mod_residue *r,
@@ -374,34 +386,36 @@ int mbedtls_mpi_mod_write( const mbedtls_mpi_mod_residue *r,
     int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
 
     /* Do our best to check if r and m have been set up */
-    if( r->limbs == 0 || m->limbs == 0 )
+    if (r->limbs == 0 || m->limbs == 0) {
         goto cleanup;
-    if( r->limbs != m->limbs )
+    }
+    if (r->limbs != m->limbs) {
         goto cleanup;
+    }
 
-    if( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY )
+    if (m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
-    {
         ret = mbedtls_mpi_mod_raw_from_mont_rep(r->p, m);
-        if( ret != 0 )
+        if (ret != 0) {
             goto cleanup;
         }
+    }
 
     ret = mbedtls_mpi_mod_raw_write(r->p, m, buf, buflen, ext_rep);
 
-    if( m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY )
+    if (m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
-    {
         /* If this fails, the value of r is corrupted and we want to return
          * this error (as opposed to the error code from the write above) to
          * let the caller know. If it succeeds, we want to return the error
          * code from write above. */
         int conv_ret = mbedtls_mpi_mod_raw_to_mont_rep(r->p, m);
-        if( ret == 0 )
+        if (ret == 0) {
             ret = conv_ret;
         }
+    }
 
 cleanup:
 
-    return ( ret );
+    return ret;
 }
 /* END MERGE SLOT 7 */
 

library/bignum_mod.h

@@ -92,8 +92,7 @@
  * This also determines which fields of the modulus structure are valid and
  * what their contents are (see #mbedtls_mpi_mod_modulus).
  */
-typedef enum
+typedef enum {
-{
     /** Representation not chosen (makes the modulus structure invalid). */
     MBEDTLS_MPI_MOD_REP_INVALID    = 0,
     /* Skip 1 as it is slightly easier to accidentally pass to functions. */
@@ -108,15 +107,13 @@ typedef enum
 
 /* Make mbedtls_mpi_mod_rep_selector and mbedtls_mpi_mod_ext_rep disjoint to
  * make it easier to catch when they are accidentally swapped. */
-typedef enum
+typedef enum {
-{
     MBEDTLS_MPI_MOD_EXT_REP_INVALID = 0,
     MBEDTLS_MPI_MOD_EXT_REP_LE      = 8,
     MBEDTLS_MPI_MOD_EXT_REP_BE
 } mbedtls_mpi_mod_ext_rep;
 
-typedef struct
+typedef struct {
-{
     mbedtls_mpi_uint *p;
     size_t limbs;
 } mbedtls_mpi_mod_residue;
@@ -133,8 +130,7 @@ typedef struct {
     size_t limbs;                            // number of limbs
     size_t bits;                             // bitlen of p
     mbedtls_mpi_mod_rep_selector int_rep;    // selector to signal the active member of the union
-    union rep
+    union rep {
-    {
         /* if int_rep == #MBEDTLS_MPI_MOD_REP_MONTGOMERY */
         mbedtls_mpi_mont_struct mont;
         /* if int_rep == #MBEDTLS_MPI_MOD_REP_OPT_RED */

library/bignum_mod_raw.c

@@ -57,8 +57,7 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    switch( ext_rep )
+    switch (ext_rep) {
-    {
         case MBEDTLS_MPI_MOD_EXT_REP_LE:
             ret = mbedtls_mpi_core_read_le(X, m->limbs,
                                            input, input_length);
@@ -68,21 +67,21 @@ int mbedtls_mpi_mod_raw_read( mbedtls_mpi_uint *X,
                                            input, input_length);
             break;
         default:
-            return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
 
-    if( ret != 0 )
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    if( !mbedtls_mpi_core_lt_ct( X, m->p, m->limbs ) )
+    if (!mbedtls_mpi_core_lt_ct(X, m->p, m->limbs)) {
-    {
         ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
         goto cleanup;
     }
 
 cleanup:
 
-    return( ret );
+    return ret;
 }
 
 int mbedtls_mpi_mod_raw_write(const mbedtls_mpi_uint *A,
@@ -91,16 +90,15 @@ int mbedtls_mpi_mod_raw_write( const mbedtls_mpi_uint *A,
                               size_t output_length,
                               mbedtls_mpi_mod_ext_rep ext_rep)
 {
-    switch( ext_rep )
+    switch (ext_rep) {
-    {
         case MBEDTLS_MPI_MOD_EXT_REP_LE:
-            return( mbedtls_mpi_core_write_le( A, m->limbs,
+            return mbedtls_mpi_core_write_le(A, m->limbs,
-                                               output, output_length ) );
+                                             output, output_length);
         case MBEDTLS_MPI_MOD_EXT_REP_BE:
-            return( mbedtls_mpi_core_write_be( A, m->limbs,
+            return mbedtls_mpi_core_write_be(A, m->limbs,
-                                               output, output_length ) );
+                                             output, output_length);
         default:
-            return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
 }
 
@@ -139,8 +137,8 @@ size_t mbedtls_mpi_mod_raw_inv_prime_working_limbs( size_t AN_limbs )
     /* mbedtls_mpi_mod_raw_inv_prime() needs a temporary for the exponent,
      * which will be the same size as the modulus and input (AN_limbs),
      * and additional space to pass to mbedtls_mpi_core_exp_mod(). */
-    return( AN_limbs +
+    return AN_limbs +
-            mbedtls_mpi_core_exp_mod_working_limbs( AN_limbs, AN_limbs ) );
+           mbedtls_mpi_core_exp_mod_working_limbs(AN_limbs, AN_limbs);
 }
 
 void mbedtls_mpi_mod_raw_inv_prime(mbedtls_mpi_uint *X,
@@ -190,14 +188,13 @@ int mbedtls_mpi_mod_raw_canonical_to_modulus_rep(
     mbedtls_mpi_uint *X,
     const mbedtls_mpi_mod_modulus *N)
 {
-    switch( N->int_rep )
+    switch (N->int_rep) {
-    {
         case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
-            return( mbedtls_mpi_mod_raw_to_mont_rep( X, N ) );
+            return mbedtls_mpi_mod_raw_to_mont_rep(X, N);
         case MBEDTLS_MPI_MOD_REP_OPT_RED:
-            return( 0 );
+            return 0;
         default:
-            return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
 }
 
@@ -205,14 +202,13 @@ int mbedtls_mpi_mod_raw_modulus_to_canonical_rep(
     mbedtls_mpi_uint *X,
     const mbedtls_mpi_mod_modulus *N)
 {
-    switch( N->int_rep )
+    switch (N->int_rep) {
-    {
         case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
-            return( mbedtls_mpi_mod_raw_from_mont_rep( X, N ) );
+            return mbedtls_mpi_mod_raw_from_mont_rep(X, N);
         case MBEDTLS_MPI_MOD_REP_OPT_RED:
-            return( 0 );
+            return 0;
         default:
-            return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
 }
 
@@ -223,9 +219,10 @@ int mbedtls_mpi_mod_raw_random( mbedtls_mpi_uint *X,
                                void *p_rng)
 {
     int ret = mbedtls_mpi_core_random(X, min, N->p, N->limbs, f_rng, p_rng);
-    if( ret != 0 )
+    if (ret != 0) {
-        return( ret );
+        return ret;
-    return( mbedtls_mpi_mod_raw_canonical_to_modulus_rep( X, N ) );
+    }
+    return mbedtls_mpi_mod_raw_canonical_to_modulus_rep(X, N);
 }
 
 /* END MERGE SLOT 6 */
@@ -237,15 +234,16 @@ int mbedtls_mpi_mod_raw_to_mont_rep( mbedtls_mpi_uint *X,
     mbedtls_mpi_uint *T;
     const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(m->limbs);
 
-    if( ( T = (mbedtls_mpi_uint *) mbedtls_calloc( t_limbs, ciL ) ) == NULL )
+    if ((T = (mbedtls_mpi_uint *) mbedtls_calloc(t_limbs, ciL)) == NULL) {
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+        return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+    }
 
     mbedtls_mpi_core_to_mont_rep(X, X, m->p, m->limbs,
                                  m->rep.mont.mm, m->rep.mont.rr, T);
 
     mbedtls_platform_zeroize(T, t_limbs * ciL);
     mbedtls_free(T);
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_mpi_mod_raw_from_mont_rep(mbedtls_mpi_uint *X,
@@ -254,14 +252,15 @@ int mbedtls_mpi_mod_raw_from_mont_rep( mbedtls_mpi_uint *X,
     const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(m->limbs);
     mbedtls_mpi_uint *T;
 
-    if( ( T = (mbedtls_mpi_uint *) mbedtls_calloc( t_limbs, ciL ) ) == NULL )
+    if ((T = (mbedtls_mpi_uint *) mbedtls_calloc(t_limbs, ciL)) == NULL) {
-        return( MBEDTLS_ERR_MPI_ALLOC_FAILED );
+        return MBEDTLS_ERR_MPI_ALLOC_FAILED;
+    }
 
     mbedtls_mpi_core_from_mont_rep(X, X, m->p, m->limbs, m->rep.mont.mm, T);
 
     mbedtls_platform_zeroize(T, t_limbs * ciL);
     mbedtls_free(T);
-    return( 0 );
+    return 0;
 }
 
 void mbedtls_mpi_mod_raw_neg(mbedtls_mpi_uint *X,

library/camellia.c

@@ -290,8 +290,9 @@ void mbedtls_camellia_init( mbedtls_camellia_context *ctx )
 
 void mbedtls_camellia_free(mbedtls_camellia_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_camellia_context));
 }
@@ -316,21 +317,22 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
     memset(t, 0, 64);
     memset(RK, 0, sizeof(ctx->rk));
 
-    switch( keybits )
+    switch (keybits) {
-    {
         case 128: ctx->nr = 3; idx = 0; break;
         case 192:
         case 256: ctx->nr = 4; idx = 1; break;
-        default : return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
+        default: return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
     }
 
-    for( i = 0; i < keybits / 8; ++i )
+    for (i = 0; i < keybits / 8; ++i) {
         t[i] = key[i];
+    }
 
     if (keybits == 192) {
-        for( i = 0; i < 8; i++ )
+        for (i = 0; i < 8; i++) {
             t[24 + i] = ~t[16 + i];
         }
+    }
 
     /*
      * Prepare SIGMA values
@@ -347,26 +349,30 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
     memset(KC, 0, sizeof(KC));
 
     /* Store KL, KR */
-    for( i = 0; i < 8; i++ )
+    for (i = 0; i < 8; i++) {
         KC[i] = MBEDTLS_GET_UINT32_BE(t, i * 4);
+    }
 
     /* Generate KA */
-    for( i = 0; i < 4; ++i )
+    for (i = 0; i < 4; ++i) {
         KC[8 + i] = KC[i] ^ KC[4 + i];
+    }
 
     camellia_feistel(KC + 8, SIGMA[0], KC + 10);
     camellia_feistel(KC + 10, SIGMA[1], KC + 8);
 
-    for( i = 0; i < 4; ++i )
+    for (i = 0; i < 4; ++i) {
         KC[8 + i] ^= KC[i];
+    }
 
     camellia_feistel(KC + 8, SIGMA[2], KC + 10);
     camellia_feistel(KC + 10, SIGMA[3], KC + 8);
 
     if (keybits > 128) {
         /* Generate KB */
-        for( i = 0; i < 4; ++i )
+        for (i = 0; i < 4; ++i) {
             KC[12 + i] = KC[4 + i] ^ KC[8 + i];
+        }
 
         camellia_feistel(KC + 12, SIGMA[4], KC + 14);
         camellia_feistel(KC + 14, SIGMA[5], KC + 12);
@@ -399,7 +405,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
         }
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -418,8 +424,9 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
     mbedtls_camellia_init(&cty);
 
     /* Also checks keybits */
-    if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 )
+    if ((ret = mbedtls_camellia_setkey_enc(&cty, key, keybits)) != 0) {
         goto exit;
+    }
 
     ctx->nr = cty.nr;
     idx = (ctx->nr == 4);
@@ -432,8 +439,7 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
     *RK++ = *SK++;
     *RK++ = *SK++;
 
-    for( i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4 )
+    for (i = 22 + 8 * idx, SK -= 6; i > 0; i--, SK -= 4) {
-    {
         *RK++ = *SK++;
         *RK++ = *SK++;
     }
@@ -448,7 +454,7 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
 exit:
     mbedtls_camellia_free(&cty);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -461,8 +467,9 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
 {
     int NR;
     uint32_t *RK, X[4];
-    if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+    if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
         return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
+    }
 
     ((void) mode);
 
@@ -512,7 +519,7 @@ int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
     MBEDTLS_PUT_UINT32_BE(X[0], output,  8);
     MBEDTLS_PUT_UINT32_BE(X[1], output, 12);
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
@@ -527,16 +534,16 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
                                unsigned char *output)
 {
     unsigned char temp[16];
-    if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+    if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
         return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
+    }
 
-    if( length % 16 )
+    if (length % 16) {
-        return( MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH );
+        return MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH;
+    }
 
-    if( mode == MBEDTLS_CAMELLIA_DECRYPT )
+    if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
-    {
+        while (length > 0) {
-        while( length > 0 )
-        {
             memcpy(temp, input, 16);
             mbedtls_camellia_crypt_ecb(ctx, mode, input, output);
 
@@ -548,11 +555,8 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
             output += 16;
             length -= 16;
         }
-    }
+    } else {
-    else
+        while (length > 0) {
-    {
-        while( length > 0 )
-        {
             mbedtls_xor(output, input, iv, 16);
 
             mbedtls_camellia_crypt_ecb(ctx, mode, output, output);
@@ -564,7 +568,7 @@ int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
         }
     }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
@@ -582,19 +586,20 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
 {
     int c;
     size_t n;
-    if( mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT )
+    if (mode != MBEDTLS_CAMELLIA_ENCRYPT && mode != MBEDTLS_CAMELLIA_DECRYPT) {
         return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
+    }
 
     n = *iv_off;
-    if( n >= 16 )
+    if (n >= 16) {
-        return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
+    }
 
-    if( mode == MBEDTLS_CAMELLIA_DECRYPT )
+    if (mode == MBEDTLS_CAMELLIA_DECRYPT) {
-    {
+        while (length--) {
-        while( length-- )
+            if (n == 0) {
-        {
-            if( n == 0 )
                 mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
+            }
 
             c = *input++;
             *output++ = (unsigned char) (c ^ iv[n]);
@@ -602,13 +607,11 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
 
             n = (n + 1) & 0x0F;
         }
-    }
+    } else {
-    else
+        while (length--) {
-    {
+            if (n == 0) {
-        while( length-- )
-        {
-            if( n == 0 )
                 mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, iv, iv);
+            }
 
             iv[n] = *output++ = (unsigned char) (iv[n] ^ *input++);
 
@@ -618,7 +621,7 @@ int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
 
     *iv_off = n;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
@@ -638,19 +641,21 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
     size_t n;
 
     n = *nc_off;
-    if( n >= 16 )
+    if (n >= 16) {
-        return( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA;
+    }
 
-    while( length-- )
+    while (length--) {
-    {
         if (n == 0) {
             mbedtls_camellia_crypt_ecb(ctx, MBEDTLS_CAMELLIA_ENCRYPT, nonce_counter,
                                        stream_block);
 
-            for( i = 16; i > 0; i-- )
+            for (i = 16; i > 0; i--) {
-                if( ++nonce_counter[i - 1] != 0 )
+                if (++nonce_counter[i - 1] != 0) {
                     break;
                 }
+            }
+        }
         c = *input++;
         *output++ = (unsigned char) (c ^ stream_block[n]);
 
@@ -659,7 +664,7 @@ int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
 
     *nc_off = n;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 #endif /* !MBEDTLS_CAMELLIA_ALT */
@@ -890,9 +895,10 @@ int mbedtls_camellia_self_test( int verbose )
         u = j >> 1;
         v = j & 1;
 
-    if( verbose != 0 )
+        if (verbose != 0) {
             mbedtls_printf("  CAMELLIA-ECB-%3d (%s): ", 128 + u * 64,
                            (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
+        }
 
         for (i = 0; i < CAMELLIA_TESTS_ECB; i++) {
             memcpy(key, camellia_test_ecb_key[u][i], 16 + 8 * u);
@@ -909,33 +915,35 @@ int mbedtls_camellia_self_test( int verbose )
 
             mbedtls_camellia_crypt_ecb(&ctx, v, src, buf);
 
-        if( memcmp( buf, dst, 16 ) != 0 )
+            if (memcmp(buf, dst, 16) != 0) {
-        {
+                if (verbose != 0) {
-            if( verbose != 0 )
                     mbedtls_printf("failed\n");
+                }
                 goto exit;
             }
         }
 
-    if( verbose != 0 )
+        if (verbose != 0) {
             mbedtls_printf("passed\n");
         }
+    }
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("\n");
+    }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
     /*
      * CBC mode
      */
-    for( j = 0; j < 6; j++ )
+    for (j = 0; j < 6; j++) {
-    {
         u = j >> 1;
         v = j  & 1;
 
-        if( verbose != 0 )
+        if (verbose != 0) {
             mbedtls_printf("  CAMELLIA-CBC-%3d (%s): ", 128 + u * 64,
                            (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
+        }
 
         memcpy(src, camellia_test_cbc_iv, 16);
         memcpy(dst, camellia_test_cbc_iv, 16);
@@ -961,34 +969,36 @@ int mbedtls_camellia_self_test( int verbose )
 
             mbedtls_camellia_crypt_cbc(&ctx, v, 16, iv, src, buf);
 
-            if( memcmp( buf, dst, 16 ) != 0 )
+            if (memcmp(buf, dst, 16) != 0) {
-            {
+                if (verbose != 0) {
-                if( verbose != 0 )
                     mbedtls_printf("failed\n");
+                }
                 goto exit;
             }
         }
 
-        if( verbose != 0 )
+        if (verbose != 0) {
             mbedtls_printf("passed\n");
         }
+    }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("\n");
+    }
 
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
     /*
      * CTR mode
      */
-    for( i = 0; i < 6; i++ )
+    for (i = 0; i < 6; i++) {
-    {
         u = i >> 1;
         v = i  & 1;
 
-        if( verbose != 0 )
+        if (verbose != 0) {
             mbedtls_printf("  CAMELLIA-CTR-128 (%s): ",
                            (v == MBEDTLS_CAMELLIA_DECRYPT) ? "dec" : "enc");
+        }
 
         memcpy(nonce_counter, camellia_test_ctr_nonce_counter[u], 16);
         memcpy(key, camellia_test_ctr_key[u], 16);
@@ -996,50 +1006,49 @@ int mbedtls_camellia_self_test( int verbose )
         offset = 0;
         mbedtls_camellia_setkey_enc(&ctx, key, 128);
 
-        if( v == MBEDTLS_CAMELLIA_DECRYPT )
+        if (v == MBEDTLS_CAMELLIA_DECRYPT) {
-        {
             len = camellia_test_ctr_len[u];
             memcpy(buf, camellia_test_ctr_ct[u], len);
 
             mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
                                        buf, buf);
 
-            if( memcmp( buf, camellia_test_ctr_pt[u], len ) != 0 )
+            if (memcmp(buf, camellia_test_ctr_pt[u], len) != 0) {
-            {
+                if (verbose != 0) {
-                if( verbose != 0 )
                     mbedtls_printf("failed\n");
+                }
                 goto exit;
             }
-        }
+        } else {
-        else
-        {
             len = camellia_test_ctr_len[u];
             memcpy(buf, camellia_test_ctr_pt[u], len);
 
             mbedtls_camellia_crypt_ctr(&ctx, len, &offset, nonce_counter, stream_block,
                                        buf, buf);
 
-            if( memcmp( buf, camellia_test_ctr_ct[u], len ) != 0 )
+            if (memcmp(buf, camellia_test_ctr_ct[u], len) != 0) {
-            {
+                if (verbose != 0) {
-                if( verbose != 0 )
                     mbedtls_printf("failed\n");
+                }
                 goto exit;
             }
         }
 
-        if( verbose != 0 )
+        if (verbose != 0) {
             mbedtls_printf("passed\n");
         }
+    }
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("\n");
+    }
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
     ret = 0;
 
 exit:
     mbedtls_camellia_free(&ctx);
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST */

library/ccm.c

@@ -66,24 +66,26 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
 
     cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
                                                   MBEDTLS_MODE_ECB);
-    if( cipher_info == NULL )
+    if (cipher_info == NULL) {
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
 
-    if( cipher_info->block_size != 16 )
+    if (cipher_info->block_size != 16) {
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
 
     mbedtls_cipher_free(&ctx->cipher_ctx);
 
-    if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
+    if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) {
-        return( ret );
+        return ret;
-
-    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
-                               MBEDTLS_ENCRYPT ) ) != 0 )
-    {
-        return( ret );
     }
 
-    return( 0 );
+    if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits,
+                                     MBEDTLS_ENCRYPT)) != 0) {
+        return ret;
+    }
+
+    return 0;
 }
 
 /*
@@ -91,8 +93,9 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
  */
 void mbedtls_ccm_free(mbedtls_ccm_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
     mbedtls_cipher_free(&ctx->cipher_ctx);
     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ccm_context));
 }
@@ -117,8 +120,7 @@ static int mbedtls_ccm_crypt( mbedtls_ccm_context *ctx,
     unsigned char tmp_buf[16] = { 0 };
 
     if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->ctr, 16, tmp_buf,
-                                       &olen ) ) != 0 )
+                                     &olen)) != 0) {
-    {
         ctx->state |= CCM_STATE__ERROR;
         mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf));
         return ret;
@@ -130,7 +132,8 @@ static int mbedtls_ccm_crypt( mbedtls_ccm_context *ctx,
     return ret;
 }
 
-static void mbedtls_ccm_clear_state(mbedtls_ccm_context *ctx) {
+static void mbedtls_ccm_clear_state(mbedtls_ccm_context *ctx)
+{
     ctx->state = CCM_STATE__CLEAR;
     memset(ctx->y, 0, 16);
     memset(ctx->ctr, 0, 16);
@@ -145,21 +148,18 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
     /* length calculation can be done only after both
      * mbedtls_ccm_starts() and mbedtls_ccm_set_lengths() have been executed
      */
-    if( !(ctx->state & CCM_STATE__STARTED) || !(ctx->state & CCM_STATE__LENGTHS_SET) )
+    if (!(ctx->state & CCM_STATE__STARTED) || !(ctx->state & CCM_STATE__LENGTHS_SET)) {
         return 0;
+    }
 
     /* CCM expects non-empty tag.
      * CCM* allows empty tag. For CCM* without tag, ignore plaintext length.
      */
-    if( ctx->tag_len == 0 )
+    if (ctx->tag_len == 0) {
-    {
+        if (ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT || ctx->mode == MBEDTLS_CCM_STAR_DECRYPT) {
-        if( ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT || ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
-        {
             ctx->plaintext_len = 0;
-        }
+        } else {
-        else
+            return MBEDTLS_ERR_CCM_BAD_INPUT;
-        {
-            return( MBEDTLS_ERR_CCM_BAD_INPUT );
         }
     }
 
@@ -179,23 +179,22 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
     ctx->y[0] |= ((ctx->tag_len - 2) / 2) << 3;
     ctx->y[0] |= ctx->q - 1;
 
-    for( i = 0, len_left = ctx->plaintext_len; i < ctx->q; i++, len_left >>= 8 )
+    for (i = 0, len_left = ctx->plaintext_len; i < ctx->q; i++, len_left >>= 8) {
         ctx->y[15-i] = MBEDTLS_BYTE_0(len_left);
+    }
 
-    if( len_left > 0 )
+    if (len_left > 0) {
-    {
         ctx->state |= CCM_STATE__ERROR;
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
     /* Start CBC-MAC with first block*/
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
+    if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
-    {
         ctx->state |= CCM_STATE__ERROR;
-        return( ret );
+        return ret;
     }
 
-    return (0);
+    return 0;
 }
 
 int mbedtls_ccm_starts(mbedtls_ccm_context *ctx,
@@ -204,8 +203,9 @@ int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
                        size_t iv_len)
 {
     /* Also implies q is within bounds */
-    if( iv_len < 7 || iv_len > 13 )
+    if (iv_len < 7 || iv_len > 13) {
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
 
     ctx->mode = mode;
     ctx->q = 16 - 1 - (unsigned char) iv_len;
@@ -247,11 +247,13 @@ int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
      *
      * Also, loosen the requirements to enable support for CCM* (IEEE 802.15.4).
      */
-    if( tag_len == 2 || tag_len > 16 || tag_len % 2 != 0 )
+    if (tag_len == 2 || tag_len > 16 || tag_len % 2 != 0) {
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
 
-    if( total_ad_len >= 0xFF00 )
+    if (total_ad_len >= 0xFF00) {
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
 
     ctx->plaintext_len = plaintext_len;
     ctx->add_len = total_ad_len;
@@ -269,22 +271,17 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t olen, use_len, offset;
 
-    if( ctx->state & CCM_STATE__ERROR )
+    if (ctx->state & CCM_STATE__ERROR) {
-    {
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
-    if( add_len > 0 )
+    if (add_len > 0) {
-    {
+        if (ctx->state & CCM_STATE__AUTH_DATA_FINISHED) {
-        if( ctx->state & CCM_STATE__AUTH_DATA_FINISHED )
-        {
             return MBEDTLS_ERR_CCM_BAD_INPUT;
         }
 
-        if( !(ctx->state & CCM_STATE__AUTH_DATA_STARTED) )
+        if (!(ctx->state & CCM_STATE__AUTH_DATA_STARTED)) {
-        {
+            if (add_len > ctx->add_len) {
-            if ( add_len > ctx->add_len )
-            {
                 return MBEDTLS_ERR_CCM_BAD_INPUT;
             }
 
@@ -292,20 +289,18 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
             ctx->y[1] ^= (unsigned char) ((ctx->add_len) & 0xFF);
 
             ctx->state |= CCM_STATE__AUTH_DATA_STARTED;
-        }
+        } else if (ctx->processed + add_len > ctx->add_len) {
-        else if ( ctx->processed + add_len > ctx->add_len )
-        {
             return MBEDTLS_ERR_CCM_BAD_INPUT;
         }
 
-        while( add_len > 0 )
+        while (add_len > 0) {
-        {
             offset = (ctx->processed + 2) % 16; /* account for y[0] and y[1]
                                                  * holding total auth data length */
             use_len = 16 - offset;
 
-            if( use_len > add_len )
+            if (use_len > add_len) {
                 use_len = add_len;
+            }
 
             mbedtls_xor(ctx->y + offset, ctx->y + offset, add, use_len);
 
@@ -313,24 +308,22 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
             add_len -= use_len;
             add += use_len;
 
-            if( use_len + offset == 16 || ctx->processed == ctx->add_len )
+            if (use_len + offset == 16 || ctx->processed == ctx->add_len) {
-            {
+                if ((ret =
-                if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
+                         mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
-                {
                     ctx->state |= CCM_STATE__ERROR;
-                    return( ret );
+                    return ret;
                 }
             }
         }
 
-        if( ctx->processed == ctx->add_len )
+        if (ctx->processed == ctx->add_len) {
-        {
             ctx->state |= CCM_STATE__AUTH_DATA_FINISHED;
             ctx->processed = 0; // prepare for mbedtls_ccm_update()
         }
     }
 
-    return (0);
+    return 0;
 }
 
 int mbedtls_ccm_update(mbedtls_ccm_context *ctx,
@@ -344,58 +337,55 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
 
     unsigned char local_output[16];
 
-    if( ctx->state & CCM_STATE__ERROR )
+    if (ctx->state & CCM_STATE__ERROR) {
-    {
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
     /* Check against plaintext length only if performing operation with
      * authentication
      */
-    if( ctx->tag_len != 0 && ctx->processed + input_len > ctx->plaintext_len )
+    if (ctx->tag_len != 0 && ctx->processed + input_len > ctx->plaintext_len) {
-    {
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
-    if( output_size < input_len )
+    if (output_size < input_len) {
-        return( MBEDTLS_ERR_CCM_BAD_INPUT );
+        return MBEDTLS_ERR_CCM_BAD_INPUT;
+    }
     *output_len = input_len;
 
     ret = 0;
 
-    while ( input_len > 0 )
+    while (input_len > 0) {
-    {
         offset = ctx->processed % 16;
 
         use_len = 16 - offset;
 
-        if( use_len > input_len )
+        if (use_len > input_len) {
             use_len = input_len;
+        }
 
         ctx->processed += use_len;
 
         if (ctx->mode == MBEDTLS_CCM_ENCRYPT || \
-            ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT )
+            ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT) {
-        {
             mbedtls_xor(ctx->y + offset, ctx->y + offset, input, use_len);
 
-            if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
+            if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
-            {
+                if ((ret =
-                if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
+                         mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
-                {
                     ctx->state |= CCM_STATE__ERROR;
                     goto exit;
                 }
             }
 
             ret = mbedtls_ccm_crypt(ctx, offset, use_len, input, output);
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
             }
+        }
 
         if (ctx->mode == MBEDTLS_CCM_DECRYPT || \
-            ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
+            ctx->mode == MBEDTLS_CCM_STAR_DECRYPT) {
-        {
             /* Since output may be in shared memory, we cannot be sure that
              * it will contain what we wrote to it. Therefore, we should avoid using
              * it as input to any operations.
@@ -403,30 +393,31 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
              * input in the XOR operation for Y.
              */
             ret = mbedtls_ccm_crypt(ctx, offset, use_len, input, local_output);
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
 
             mbedtls_xor(ctx->y + offset, ctx->y + offset, local_output, use_len);
 
             memcpy(output, local_output, use_len);
             mbedtls_platform_zeroize(local_output, 16);
 
-            if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
+            if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
-            {
+                if ((ret =
-                if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 )
+                         mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen)) != 0) {
-                {
                     ctx->state |= CCM_STATE__ERROR;
                     goto exit;
                 }
             }
         }
 
-        if( use_len + offset == 16 || ctx->processed == ctx->plaintext_len )
+        if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) {
-        {
+            for (i = 0; i < ctx->q; i++) {
-            for( i = 0; i < ctx->q; i++ )
+                if (++(ctx->ctr)[15-i] != 0) {
-            if( ++(ctx->ctr)[15-i] != 0 )
                     break;
                 }
+            }
+        }
 
         input_len -= use_len;
         input += use_len;
@@ -445,35 +436,35 @@ int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char i;
 
-    if( ctx->state & CCM_STATE__ERROR )
+    if (ctx->state & CCM_STATE__ERROR) {
-    {
         return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     }
 
-    if( ctx->add_len > 0 && !( ctx->state & CCM_STATE__AUTH_DATA_FINISHED ) )
+    if (ctx->add_len > 0 && !(ctx->state & CCM_STATE__AUTH_DATA_FINISHED)) {
-    {
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
-    if( ctx->plaintext_len > 0 && ctx->processed != ctx->plaintext_len )
+    if (ctx->plaintext_len > 0 && ctx->processed != ctx->plaintext_len) {
-    {
         return MBEDTLS_ERR_CCM_BAD_INPUT;
     }
 
     /*
      * Authentication: reset counter and crypt/mask internal tag
      */
-    for( i = 0; i < ctx->q; i++ )
+    for (i = 0; i < ctx->q; i++) {
         ctx->ctr[15-i] = 0;
+    }
 
     ret = mbedtls_ccm_crypt(ctx, 0, 16, ctx->y, ctx->y);
-    if( ret != 0 )
+    if (ret != 0) {
         return ret;
-    if( tag != NULL )
+    }
+    if (tag != NULL) {
         memcpy(tag, ctx->y, tag_len);
+    }
     mbedtls_ccm_clear_state(ctx);
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -488,23 +479,28 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t olen;
 
-    if( ( ret = mbedtls_ccm_starts( ctx, mode, iv, iv_len ) ) != 0 )
+    if ((ret = mbedtls_ccm_starts(ctx, mode, iv, iv_len)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    if( ( ret = mbedtls_ccm_set_lengths( ctx, add_len, length, tag_len ) ) != 0 )
+    if ((ret = mbedtls_ccm_set_lengths(ctx, add_len, length, tag_len)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    if( ( ret = mbedtls_ccm_update_ad( ctx, add, add_len ) ) != 0 )
+    if ((ret = mbedtls_ccm_update_ad(ctx, add, add_len)) != 0) {
-        return( ret );
+        return ret;
+    }
 
     if ((ret = mbedtls_ccm_update(ctx, input, length,
-                                    output, length, &olen ) ) != 0 )
+                                  output, length, &olen)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    if( ( ret = mbedtls_ccm_finish( ctx, tag, tag_len ) ) != 0 )
+    if ((ret = mbedtls_ccm_finish(ctx, tag, tag_len)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -516,8 +512,8 @@ int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
                                      const unsigned char *input, unsigned char *output,
                                      unsigned char *tag, size_t tag_len)
 {
-    return( ccm_auth_crypt( ctx, MBEDTLS_CCM_STAR_ENCRYPT, length, iv, iv_len,
+    return ccm_auth_crypt(ctx, MBEDTLS_CCM_STAR_ENCRYPT, length, iv, iv_len,
-                            add, add_len, input, output, tag, tag_len ) );
+                          add, add_len, input, output, tag, tag_len);
 }
 
 int mbedtls_ccm_encrypt_and_tag(mbedtls_ccm_context *ctx, size_t length,
@@ -526,28 +522,30 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
                                 const unsigned char *input, unsigned char *output,
                                 unsigned char *tag, size_t tag_len)
 {
-    return( ccm_auth_crypt( ctx, MBEDTLS_CCM_ENCRYPT, length, iv, iv_len,
+    return ccm_auth_crypt(ctx, MBEDTLS_CCM_ENCRYPT, length, iv, iv_len,
-                            add, add_len, input, output, tag, tag_len ) );
+                          add, add_len, input, output, tag, tag_len);
 }
 
 /*
  * Authenticated decryption
  */
-static int mbedtls_ccm_compare_tags(const unsigned char *tag1, const unsigned char *tag2, size_t tag_len)
+static int mbedtls_ccm_compare_tags(const unsigned char *tag1,
+                                    const unsigned char *tag2,
+                                    size_t tag_len)
 {
     unsigned char i;
     int diff;
 
     /* Check tag in "constant-time" */
-    for( diff = 0, i = 0; i < tag_len; i++ )
+    for (diff = 0, i = 0; i < tag_len; i++) {
         diff |= tag1[i] ^ tag2[i];
-
-    if( diff != 0 )
-    {
-        return( MBEDTLS_ERR_CCM_AUTH_FAILED );
     }
 
-    return( 0 );
+    if (diff != 0) {
+        return MBEDTLS_ERR_CCM_AUTH_FAILED;
+    }
+
+    return 0;
 }
 
 static int ccm_auth_decrypt(mbedtls_ccm_context *ctx, int mode, size_t length,
@@ -561,18 +559,16 @@ static int ccm_auth_decrypt( mbedtls_ccm_context *ctx, int mode, size_t length,
 
     if ((ret = ccm_auth_crypt(ctx, mode, length,
                               iv, iv_len, add, add_len,
-                                input, output, check_tag, tag_len ) ) != 0 )
+                              input, output, check_tag, tag_len)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 
-    if( ( ret = mbedtls_ccm_compare_tags( tag, check_tag, tag_len ) ) != 0 )
+    if ((ret = mbedtls_ccm_compare_tags(tag, check_tag, tag_len)) != 0) {
-    {
         mbedtls_platform_zeroize(output, length);
-        return( ret );
+        return ret;
     }
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx, size_t length,
@@ -663,18 +659,18 @@ int mbedtls_ccm_self_test( int verbose )
     mbedtls_ccm_init(&ctx);
 
     if (mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
-                            8 * sizeof key_test_data ) != 0 )
+                           8 * sizeof key_test_data) != 0) {
-    {
+        if (verbose != 0) {
-        if( verbose != 0 )
             mbedtls_printf("  CCM: setup failed");
-
-        return( 1 );
         }
 
-    for( i = 0; i < NB_TESTS; i++ )
+        return 1;
-    {
+    }
-        if( verbose != 0 )
+
+    for (i = 0; i < NB_TESTS; i++) {
+        if (verbose != 0) {
             mbedtls_printf("  CCM-AES #%u: ", (unsigned int) i + 1);
+        }
 
         memset(plaintext, 0, CCM_SELFTEST_PT_MAX_LEN);
         memset(ciphertext, 0, CCM_SELFTEST_CT_MAX_LEN);
@@ -689,12 +685,12 @@ int mbedtls_ccm_self_test( int verbose )
 
         if (ret != 0 ||
             memcmp(ciphertext, res_test_data[i],
-                    msg_len_test_data[i] + tag_len_test_data[i] ) != 0 )
+                   msg_len_test_data[i] + tag_len_test_data[i]) != 0) {
-        {
+            if (verbose != 0) {
-            if( verbose != 0 )
                 mbedtls_printf("failed\n");
+            }
 
-            return( 1 );
+            return 1;
         }
         memset(plaintext, 0, CCM_SELFTEST_PT_MAX_LEN);
 
@@ -706,24 +702,26 @@ int mbedtls_ccm_self_test( int verbose )
                                        tag_len_test_data[i]);
 
         if (ret != 0 ||
-            memcmp( plaintext, msg_test_data, msg_len_test_data[i] ) != 0 )
+            memcmp(plaintext, msg_test_data, msg_len_test_data[i]) != 0) {
-        {
+            if (verbose != 0) {
-            if( verbose != 0 )
                 mbedtls_printf("failed\n");
-
-            return( 1 );
             }
 
-        if( verbose != 0 )
+            return 1;
+        }
+
+        if (verbose != 0) {
             mbedtls_printf("passed\n");
         }
+    }
 
     mbedtls_ccm_free(&ctx);
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("\n");
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */

library/chacha20.c

@@ -122,8 +122,9 @@ static void chacha20_block( const uint32_t initial_state[16],
            initial_state,
            CHACHA20_BLOCK_SIZE_BYTES);
 
-    for( i = 0U; i < 10U; i++ )
+    for (i = 0U; i < 10U; i++) {
         chacha20_inner_block(working_state);
+    }
 
     working_state[0] += initial_state[0];
     working_state[1] += initial_state[1];
@@ -142,8 +143,7 @@ static void chacha20_block( const uint32_t initial_state[16],
     working_state[14] += initial_state[14];
     working_state[15] += initial_state[15];
 
-    for( i = 0U; i < 16; i++ )
+    for (i = 0U; i < 16; i++) {
-    {
         size_t offset = i * 4U;
 
         MBEDTLS_PUT_UINT32_LE(working_state[i], keystream, offset);
@@ -163,8 +163,7 @@ void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx )
 
 void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx)
 {
-    if( ctx != NULL )
+    if (ctx != NULL) {
-    {
         mbedtls_platform_zeroize(ctx, sizeof(mbedtls_chacha20_context));
     }
 }
@@ -188,7 +187,7 @@ int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
     ctx->state[10] = MBEDTLS_GET_UINT32_LE(key, 24);
     ctx->state[11] = MBEDTLS_GET_UINT32_LE(key, 28);
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx,
@@ -208,7 +207,7 @@ int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
     /* Initially, there's no keystream bytes available */
     ctx->keystream_bytes_used = CHACHA20_BLOCK_SIZE_BYTES;
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx,
@@ -219,8 +218,7 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
     size_t offset = 0U;
 
     /* Use leftover keystream bytes, if available */
-    while( size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES )
+    while (size > 0U && ctx->keystream_bytes_used < CHACHA20_BLOCK_SIZE_BYTES) {
-    {
         output[offset] = input[offset]
                          ^ ctx->keystream8[ctx->keystream_bytes_used];
 
@@ -230,8 +228,7 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
     }
 
     /* Process full blocks */
-    while( size >= CHACHA20_BLOCK_SIZE_BYTES )
+    while (size >= CHACHA20_BLOCK_SIZE_BYTES) {
-    {
         /* Generate new keystream block and increment counter */
         chacha20_block(ctx->state, ctx->keystream8);
         ctx->state[CHACHA20_CTR_INDEX]++;
@@ -243,8 +240,7 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
     }
 
     /* Last (partial) block */
-    if( size > 0U )
+    if (size > 0U) {
-    {
         /* Generate new keystream block and increment counter */
         chacha20_block(ctx->state, ctx->keystream8);
         ctx->state[CHACHA20_CTR_INDEX]++;
@@ -255,7 +251,7 @@ int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
 
     }
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_chacha20_crypt(const unsigned char key[32],
@@ -271,18 +267,20 @@ int mbedtls_chacha20_crypt( const unsigned char key[32],
     mbedtls_chacha20_init(&ctx);
 
     ret = mbedtls_chacha20_setkey(&ctx, key);
-    if( ret != 0 )
+    if (ret != 0) {
         goto cleanup;
+    }
 
     ret = mbedtls_chacha20_starts(&ctx, nonce, counter);
-    if( ret != 0 )
+    if (ret != 0) {
         goto cleanup;
+    }
 
     ret = mbedtls_chacha20_update(&ctx, data_len, input, output);
 
 cleanup:
     mbedtls_chacha20_free(&ctx);
-    return( ret );
+    return ret;
 }
 
 #endif /* !MBEDTLS_CHACHA20_ALT */
@@ -466,7 +464,7 @@ static const size_t test_lengths[2] =
             if (verbose != 0)          \
             mbedtls_printf args;    \
                                         \
-            return( -1 );               \
+            return -1;               \
         }                               \
     }                                   \
     while (0)
@@ -477,10 +475,10 @@ int mbedtls_chacha20_self_test( int verbose )
     unsigned i;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    for( i = 0U; i < 2U; i++ )
+    for (i = 0U; i < 2U; i++) {
-    {
+        if (verbose != 0) {
-        if( verbose != 0 )
             mbedtls_printf("  ChaCha20 test %u ", i);
+        }
 
         ret = mbedtls_chacha20_crypt(test_keys[i],
                                      test_nonces[i],
@@ -494,14 +492,16 @@ int mbedtls_chacha20_self_test( int verbose )
         ASSERT(0 == memcmp(output, test_output[i], test_lengths[i]),
                ("failed (output)\n"));
 
-        if( verbose != 0 )
+        if (verbose != 0) {
             mbedtls_printf("passed\n");
         }
+    }
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("\n");
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_SELF_TEST */

library/chachapoly.c

@@ -47,14 +47,15 @@ static int chachapoly_pad_aad( mbedtls_chachapoly_context *ctx )
     uint32_t partial_block_len = (uint32_t) (ctx->aad_len % 16U);
     unsigned char zeroes[15];
 
-    if( partial_block_len == 0U )
+    if (partial_block_len == 0U) {
-        return( 0 );
+        return 0;
+    }
 
     memset(zeroes, 0, sizeof(zeroes));
 
-    return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
+    return mbedtls_poly1305_update(&ctx->poly1305_ctx,
                                    zeroes,
-                                     16U - partial_block_len ) );
+                                   16U - partial_block_len);
 }
 
 /**
@@ -67,13 +68,14 @@ static int chachapoly_pad_ciphertext( mbedtls_chachapoly_context *ctx )
     uint32_t partial_block_len = (uint32_t) (ctx->ciphertext_len % 16U);
     unsigned char zeroes[15];
 
-    if( partial_block_len == 0U )
+    if (partial_block_len == 0U) {
-        return( 0 );
+        return 0;
+    }
 
     memset(zeroes, 0, sizeof(zeroes));
-    return( mbedtls_poly1305_update( &ctx->poly1305_ctx,
+    return mbedtls_poly1305_update(&ctx->poly1305_ctx,
                                    zeroes,
-                                     16U - partial_block_len ) );
+                                   16U - partial_block_len);
 }
 
 void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx)
@@ -88,8 +90,9 @@ void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx )
 
 void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
     mbedtls_chacha20_free(&ctx->chacha20_ctx);
     mbedtls_poly1305_free(&ctx->poly1305_ctx);
@@ -106,7 +109,7 @@ int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
 
     ret = mbedtls_chacha20_setkey(&ctx->chacha20_ctx, key);
 
-    return( ret );
+    return ret;
 }
 
 int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx,
@@ -118,8 +121,9 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
 
     /* Set counter = 0, will be update to 1 when generating Poly1305 key */
     ret = mbedtls_chacha20_starts(&ctx->chacha20_ctx, nonce, 0U);
-    if( ret != 0 )
+    if (ret != 0) {
         goto cleanup;
+    }
 
     /* Generate the Poly1305 key by getting the ChaCha20 keystream output with
      * counter = 0.  This is the same as encrypting a buffer of zeroes.
@@ -129,13 +133,13 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
     memset(poly1305_key, 0, sizeof(poly1305_key));
     ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, sizeof(poly1305_key),
                                   poly1305_key, poly1305_key);
-    if( ret != 0 )
+    if (ret != 0) {
         goto cleanup;
+    }
 
     ret = mbedtls_poly1305_starts(&ctx->poly1305_ctx, poly1305_key);
 
-    if( ret == 0 )
+    if (ret == 0) {
-    {
         ctx->aad_len        = 0U;
         ctx->ciphertext_len = 0U;
         ctx->state          = CHACHAPOLY_STATE_AAD;
@@ -144,19 +148,20 @@ int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
 
 cleanup:
     mbedtls_platform_zeroize(poly1305_key, 64U);
-    return( ret );
+    return ret;
 }
 
 int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx,
                                   const unsigned char *aad,
                                   size_t aad_len)
 {
-    if( ctx->state != CHACHAPOLY_STATE_AAD )
+    if (ctx->state != CHACHAPOLY_STATE_AAD) {
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
+        return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE;
+    }
 
     ctx->aad_len += aad_len;
 
-    return( mbedtls_poly1305_update( &ctx->poly1305_ctx, aad, aad_len ) );
+    return mbedtls_poly1305_update(&ctx->poly1305_ctx, aad, aad_len);
 }
 
 int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx,
@@ -167,44 +172,44 @@ int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     if ((ctx->state != CHACHAPOLY_STATE_AAD) &&
-        ( ctx->state != CHACHAPOLY_STATE_CIPHERTEXT ) )
+        (ctx->state != CHACHAPOLY_STATE_CIPHERTEXT)) {
-    {
+        return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE;
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
     }
 
-    if( ctx->state == CHACHAPOLY_STATE_AAD )
+    if (ctx->state == CHACHAPOLY_STATE_AAD) {
-    {
         ctx->state = CHACHAPOLY_STATE_CIPHERTEXT;
 
         ret = chachapoly_pad_aad(ctx);
-        if( ret != 0 )
+        if (ret != 0) {
-            return( ret );
+            return ret;
+        }
     }
 
     ctx->ciphertext_len += len;
 
-    if( ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT )
+    if (ctx->mode == MBEDTLS_CHACHAPOLY_ENCRYPT) {
-    {
         ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output);
-        if( ret != 0 )
+        if (ret != 0) {
-            return( ret );
+            return ret;
+        }
 
         ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, output, len);
-        if( ret != 0 )
+        if (ret != 0) {
-            return( ret );
+            return ret;
         }
-    else /* DECRYPT */
+    } else { /* DECRYPT */
-    {
         ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, input, len);
-        if( ret != 0 )
+        if (ret != 0) {
-            return( ret );
+            return ret;
+        }
 
         ret = mbedtls_chacha20_update(&ctx->chacha20_ctx, len, input, output);
-        if( ret != 0 )
+        if (ret != 0) {
-            return( ret );
+            return ret;
+        }
     }
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx,
@@ -213,22 +218,20 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char len_block[16];
 
-    if( ctx->state == CHACHAPOLY_STATE_INIT )
+    if (ctx->state == CHACHAPOLY_STATE_INIT) {
-    {
+        return MBEDTLS_ERR_CHACHAPOLY_BAD_STATE;
-        return( MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
     }
 
-    if( ctx->state == CHACHAPOLY_STATE_AAD )
+    if (ctx->state == CHACHAPOLY_STATE_AAD) {
-    {
         ret = chachapoly_pad_aad(ctx);
-        if( ret != 0 )
+        if (ret != 0) {
-            return( ret );
+            return ret;
         }
-    else if( ctx->state == CHACHAPOLY_STATE_CIPHERTEXT )
+    } else if (ctx->state == CHACHAPOLY_STATE_CIPHERTEXT) {
-    {
         ret = chachapoly_pad_ciphertext(ctx);
-        if( ret != 0 )
+        if (ret != 0) {
-            return( ret );
+            return ret;
+        }
     }
 
     ctx->state = CHACHAPOLY_STATE_FINISHED;
@@ -240,12 +243,13 @@ int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
     MBEDTLS_PUT_UINT64_LE(ctx->ciphertext_len, len_block, 8);
 
     ret = mbedtls_poly1305_update(&ctx->poly1305_ctx, len_block, 16U);
-    if( ret != 0 )
+    if (ret != 0) {
-        return( ret );
+        return ret;
+    }
 
     ret = mbedtls_poly1305_finish(&ctx->poly1305_ctx, mac);
 
-    return( ret );
+    return ret;
 }
 
 static int chachapoly_crypt_and_tag(mbedtls_chachapoly_context *ctx,
@@ -261,21 +265,24 @@ static int chachapoly_crypt_and_tag( mbedtls_chachapoly_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     ret = mbedtls_chachapoly_starts(ctx, nonce, mode);
-    if( ret != 0 )
+    if (ret != 0) {
         goto cleanup;
+    }
 
     ret = mbedtls_chachapoly_update_aad(ctx, aad, aad_len);
-    if( ret != 0 )
+    if (ret != 0) {
         goto cleanup;
+    }
 
     ret = mbedtls_chachapoly_update(ctx, length, input, output);
-    if( ret != 0 )
+    if (ret != 0) {
         goto cleanup;
+    }
 
     ret = mbedtls_chachapoly_finish(ctx, tag);
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx,
@@ -287,9 +294,9 @@ int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
                                        unsigned char *output,
                                        unsigned char tag[16])
 {
-    return( chachapoly_crypt_and_tag( ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
+    return chachapoly_crypt_and_tag(ctx, MBEDTLS_CHACHAPOLY_ENCRYPT,
                                     length, nonce, aad, aad_len,
-                                      input, output, tag ) );
+                                    input, output, tag);
 }
 
 int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx,
@@ -308,22 +315,21 @@ int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
 
     if ((ret = chachapoly_crypt_and_tag(ctx,
                                         MBEDTLS_CHACHAPOLY_DECRYPT, length, nonce,
-                        aad, aad_len, input, output, check_tag ) ) != 0 )
+                                        aad, aad_len, input, output, check_tag)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 
     /* Check tag in "constant-time" */
-    for( diff = 0, i = 0; i < sizeof( check_tag ); i++ )
+    for (diff = 0, i = 0; i < sizeof(check_tag); i++) {
         diff |= tag[i] ^ check_tag[i];
-
-    if( diff != 0 )
-    {
-        mbedtls_platform_zeroize( output, length );
-        return( MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED );
     }
 
-    return( 0 );
+    if (diff != 0) {
+        mbedtls_platform_zeroize(output, length);
+        return MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED;
+    }
+
+    return 0;
 }
 
 #endif /* MBEDTLS_CHACHAPOLY_ALT */
@@ -427,7 +433,7 @@ static const unsigned char test_mac[1][16] =
             if (verbose != 0)          \
             mbedtls_printf args;    \
                                         \
-            return( -1 );               \
+            return -1;               \
         }                               \
     }                                   \
     while (0)
@@ -440,10 +446,10 @@ int mbedtls_chachapoly_self_test( int verbose )
     unsigned char output[200];
     unsigned char mac[16];
 
-    for( i = 0U; i < 1U; i++ )
+    for (i = 0U; i < 1U; i++) {
-    {
+        if (verbose != 0) {
-        if( verbose != 0 )
             mbedtls_printf("  ChaCha20-Poly1305 test %u ", i);
+        }
 
         mbedtls_chachapoly_init(&ctx);
 
@@ -469,14 +475,16 @@ int mbedtls_chachapoly_self_test( int verbose )
 
         mbedtls_chachapoly_free(&ctx);
 
-        if( verbose != 0 )
+        if (verbose != 0) {
             mbedtls_printf("passed\n");
         }
+    }
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("\n");
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_SELF_TEST */

library/cipher_wrap.c

@@ -76,10 +76,11 @@ static void *gcm_ctx_alloc( void )
 {
     void *ctx = mbedtls_calloc(1, sizeof(mbedtls_gcm_context));
 
-    if( ctx != NULL )
+    if (ctx != NULL) {
         mbedtls_gcm_init((mbedtls_gcm_context *) ctx);
+    }
 
-    return( ctx );
+    return ctx;
 }
 
 static void gcm_ctx_free(void *ctx)
@@ -95,10 +96,11 @@ static void *ccm_ctx_alloc( void )
 {
     void *ctx = mbedtls_calloc(1, sizeof(mbedtls_ccm_context));
 
-    if( ctx != NULL )
+    if (ctx != NULL) {
         mbedtls_ccm_init((mbedtls_ccm_context *) ctx);
+    }
 
-    return( ctx );
+    return ctx;
 }
 
 static void ccm_ctx_free(void *ctx)
@@ -164,8 +166,7 @@ static int aes_crypt_xts_wrap( void *ctx, mbedtls_operation_t operation,
     mbedtls_aes_xts_context *xts_ctx = ctx;
     int mode;
 
-    switch( operation )
+    switch (operation) {
-    {
         case MBEDTLS_ENCRYPT:
             mode = MBEDTLS_AES_ENCRYPT;
             break;
@@ -197,12 +198,13 @@ static void * aes_ctx_alloc( void )
 {
     mbedtls_aes_context *aes = mbedtls_calloc(1, sizeof(mbedtls_aes_context));
 
-    if( aes == NULL )
+    if (aes == NULL) {
-        return( NULL );
+        return NULL;
+    }
 
     mbedtls_aes_init(aes);
 
-    return( aes );
+    return aes;
 }
 
 static void aes_ctx_free(void *ctx)
@@ -416,32 +418,34 @@ static int xts_aes_setkey_enc_wrap( void *ctx, const unsigned char *key,
                                    unsigned int key_bitlen)
 {
     mbedtls_aes_xts_context *xts_ctx = ctx;
-    return( mbedtls_aes_xts_setkey_enc( xts_ctx, key, key_bitlen ) );
+    return mbedtls_aes_xts_setkey_enc(xts_ctx, key, key_bitlen);
 }
 
 static int xts_aes_setkey_dec_wrap(void *ctx, const unsigned char *key,
                                    unsigned int key_bitlen)
 {
     mbedtls_aes_xts_context *xts_ctx = ctx;
-    return( mbedtls_aes_xts_setkey_dec( xts_ctx, key, key_bitlen ) );
+    return mbedtls_aes_xts_setkey_dec(xts_ctx, key, key_bitlen);
 }
 
 static void *xts_aes_ctx_alloc(void)
 {
     mbedtls_aes_xts_context *xts_ctx = mbedtls_calloc(1, sizeof(*xts_ctx));
 
-    if( xts_ctx != NULL )
+    if (xts_ctx != NULL) {
         mbedtls_aes_xts_init(xts_ctx);
+    }
 
-    return( xts_ctx );
+    return xts_ctx;
 }
 
 static void xts_aes_ctx_free(void *ctx)
 {
     mbedtls_aes_xts_context *xts_ctx = ctx;
 
-    if( xts_ctx == NULL )
+    if (xts_ctx == NULL) {
         return;
+    }
 
     mbedtls_aes_xts_free(xts_ctx);
     mbedtls_free(xts_ctx);
@@ -726,12 +730,13 @@ static void * camellia_ctx_alloc( void )
     mbedtls_camellia_context *ctx;
     ctx = mbedtls_calloc(1, sizeof(mbedtls_camellia_context));
 
-    if( ctx == NULL )
+    if (ctx == NULL) {
-        return( NULL );
+        return NULL;
+    }
 
     mbedtls_camellia_init(ctx);
 
-    return( ctx );
+    return ctx;
 }
 
 static void camellia_ctx_free(void *ctx)
@@ -1135,12 +1140,13 @@ static void * aria_ctx_alloc( void )
     mbedtls_aria_context *ctx;
     ctx = mbedtls_calloc(1, sizeof(mbedtls_aria_context));
 
-    if( ctx == NULL )
+    if (ctx == NULL) {
-        return( NULL );
+        return NULL;
+    }
 
     mbedtls_aria_init(ctx);
 
-    return( ctx );
+    return ctx;
 }
 
 static void aria_ctx_free(void *ctx)
@@ -1573,12 +1579,13 @@ static void * des_ctx_alloc( void )
 {
     mbedtls_des_context *des = mbedtls_calloc(1, sizeof(mbedtls_des_context));
 
-    if( des == NULL )
+    if (des == NULL) {
-        return( NULL );
+        return NULL;
+    }
 
     mbedtls_des_init(des);
 
-    return( des );
+    return des;
 }
 
 static void des_ctx_free(void *ctx)
@@ -1592,12 +1599,13 @@ static void * des3_ctx_alloc( void )
     mbedtls_des3_context *des3;
     des3 = mbedtls_calloc(1, sizeof(mbedtls_des3_context));
 
-    if( des3 == NULL )
+    if (des3 == NULL) {
-        return( NULL );
+        return NULL;
+    }
 
     mbedtls_des3_init(des3);
 
-    return( des3 );
+    return des3;
 }
 
 static void des3_ctx_free(void *ctx)
@@ -1764,13 +1772,15 @@ static const mbedtls_cipher_info_t des_ede3_cbc_info = {
 static int chacha20_setkey_wrap(void *ctx, const unsigned char *key,
                                 unsigned int key_bitlen)
 {
-    if( key_bitlen != 256U )
+    if (key_bitlen != 256U) {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    if ( 0 != mbedtls_chacha20_setkey( (mbedtls_chacha20_context*)ctx, key ) )
+    if (0 != mbedtls_chacha20_setkey((mbedtls_chacha20_context *) ctx, key)) {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 static int chacha20_stream_wrap(void *ctx,  size_t length,
@@ -1780,10 +1790,11 @@ static int chacha20_stream_wrap( void *ctx,  size_t length,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     ret = mbedtls_chacha20_update(ctx, length, input, output);
-    if( ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA )
+    if (ret == MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA) {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    return( ret );
+    return ret;
 }
 
 static void *chacha20_ctx_alloc(void)
@@ -1791,12 +1802,13 @@ static void * chacha20_ctx_alloc( void )
     mbedtls_chacha20_context *ctx;
     ctx = mbedtls_calloc(1, sizeof(mbedtls_chacha20_context));
 
-    if( ctx == NULL )
+    if (ctx == NULL) {
-        return( NULL );
+        return NULL;
+    }
 
     mbedtls_chacha20_init(ctx);
 
-    return( ctx );
+    return ctx;
 }
 
 static void chacha20_ctx_free(void *ctx)
@@ -1849,13 +1861,15 @@ static int chachapoly_setkey_wrap( void *ctx,
                                   const unsigned char *key,
                                   unsigned int key_bitlen)
 {
-    if( key_bitlen != 256U )
+    if (key_bitlen != 256U) {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    if ( 0 != mbedtls_chachapoly_setkey( (mbedtls_chachapoly_context*)ctx, key ) )
+    if (0 != mbedtls_chachapoly_setkey((mbedtls_chachapoly_context *) ctx, key)) {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 static void *chachapoly_ctx_alloc(void)
@@ -1863,12 +1877,13 @@ static void * chachapoly_ctx_alloc( void )
     mbedtls_chachapoly_context *ctx;
     ctx = mbedtls_calloc(1, sizeof(mbedtls_chachapoly_context));
 
-    if( ctx == NULL )
+    if (ctx == NULL) {
-        return( NULL );
+        return NULL;
+    }
 
     mbedtls_chachapoly_init(ctx);
 
-    return( ctx );
+    return ctx;
 }
 
 static void chachapoly_ctx_free(void *ctx)
@@ -1922,7 +1937,7 @@ static int null_crypt_stream( void *ctx, size_t length,
 {
     ((void) ctx);
     memmove(output, input, length);
-    return( 0 );
+    return 0;
 }
 
 static int null_setkey(void *ctx, const unsigned char *key,
@@ -1932,12 +1947,12 @@ static int null_setkey( void *ctx, const unsigned char *key,
     ((void) key);
     ((void) key_bitlen);
 
-    return( 0 );
+    return 0;
 }
 
 static void *null_ctx_alloc(void)
 {
-    return( (void *) 1 );
+    return (void *) 1;
 }
 
 static void null_ctx_free(void *ctx)
@@ -1989,10 +2004,11 @@ static void *kw_ctx_alloc( void )
 {
     void *ctx = mbedtls_calloc(1, sizeof(mbedtls_nist_kw_context));
 
-    if( ctx != NULL )
+    if (ctx != NULL) {
         mbedtls_nist_kw_init((mbedtls_nist_kw_context *) ctx);
+    }
 
-    return( ctx );
+    return ctx;
 }
 
 static void kw_ctx_free(void *ctx)

library/cipher_wrap.h

@@ -39,8 +39,7 @@ extern "C" {
 /**
  * Base cipher information. The non-mode specific functions and values.
  */
-struct mbedtls_cipher_base_t
+struct mbedtls_cipher_base_t {
-{
     /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
     mbedtls_cipher_id_t cipher;
 
@@ -106,15 +105,13 @@ struct mbedtls_cipher_base_t
 
 };
 
-typedef struct
+typedef struct {
-{
     mbedtls_cipher_type_t type;
     const mbedtls_cipher_info_t *info;
 } mbedtls_cipher_definition_t;
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-typedef enum
+typedef enum {
-{
     MBEDTLS_CIPHER_PSA_KEY_UNSET = 0,
     MBEDTLS_CIPHER_PSA_KEY_OWNED, /* Used for PSA-based cipher contexts which */
                                   /* use raw key material internally imported */
@@ -127,8 +124,7 @@ typedef enum
                                       /* destroyed when the context is freed. */
 } mbedtls_cipher_psa_key_ownership;
 
-typedef struct
+typedef struct {
-{
     psa_algorithm_t alg;
     mbedtls_svc_key_id_t slot;
     mbedtls_cipher_psa_key_ownership slot_state;

library/cmac.c

@@ -73,21 +73,15 @@ static int cmac_multiply_by_u( unsigned char *output,
     unsigned char overflow = 0x00;
     int i;
 
-    if( blocksize == MBEDTLS_AES_BLOCK_SIZE )
+    if (blocksize == MBEDTLS_AES_BLOCK_SIZE) {
-    {
         R_n = R_128;
-    }
+    } else if (blocksize == MBEDTLS_DES3_BLOCK_SIZE) {
-    else if( blocksize == MBEDTLS_DES3_BLOCK_SIZE )
-    {
         R_n = R_64;
-    }
+    } else {
-    else
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
-    {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     }
 
-    for( i = (int)blocksize - 1; i >= 0; i-- )
+    for (i = (int) blocksize - 1; i >= 0; i--) {
-    {
         output[i] = input[i] << 1 | overflow;
         overflow = input[i] >> 7;
     }
@@ -108,7 +102,7 @@ static int cmac_multiply_by_u( unsigned char *output,
 
     output[blocksize - 1] ^= R_n & mask;
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -128,22 +122,25 @@ static int cmac_generate_subkeys( mbedtls_cipher_context_t *ctx,
     block_size = ctx->cipher_info->block_size;
 
     /* Calculate Ek(0) */
-    if( ( ret = mbedtls_cipher_update( ctx, L, block_size, L, &olen ) ) != 0 )
+    if ((ret = mbedtls_cipher_update(ctx, L, block_size, L, &olen)) != 0) {
         goto exit;
+    }
 
     /*
      * Generate K1 and K2
      */
-    if( ( ret = cmac_multiply_by_u( K1, L , block_size ) ) != 0 )
+    if ((ret = cmac_multiply_by_u(K1, L, block_size)) != 0) {
         goto exit;
+    }
 
-    if( ( ret = cmac_multiply_by_u( K2, K1 , block_size ) ) != 0 )
+    if ((ret = cmac_multiply_by_u(K2, K1, block_size)) != 0) {
         goto exit;
+    }
 
 exit:
     mbedtls_platform_zeroize(L, sizeof(L));
 
-    return( ret );
+    return ret;
 }
 #endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */
 
@@ -162,16 +159,16 @@ static void cmac_pad( unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
 {
     size_t j;
 
-    for( j = 0; j < padded_block_len; j++ )
+    for (j = 0; j < padded_block_len; j++) {
-    {
+        if (j < last_block_len) {
-        if( j < last_block_len )
             padded_block[j] = last_block[j];
-        else if( j == last_block_len )
+        } else if (j == last_block_len) {
             padded_block[j] = 0x80;
-        else
+        } else {
             padded_block[j] = 0x00;
         }
     }
+}
 
 int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx,
                                const unsigned char *key, size_t keybits)
@@ -180,31 +177,33 @@ int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
     mbedtls_cmac_context_t *cmac_ctx;
     int retval;
 
-    if( ctx == NULL || ctx->cipher_info == NULL || key == NULL )
+    if (ctx == NULL || ctx->cipher_info == NULL || key == NULL) {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
     if ((retval = mbedtls_cipher_setkey(ctx, key, (int) keybits,
-                                          MBEDTLS_ENCRYPT ) ) != 0 )
+                                        MBEDTLS_ENCRYPT)) != 0) {
-        return( retval );
+        return retval;
+    }
 
     type = ctx->cipher_info->type;
 
-    switch( type )
+    switch (type) {
-    {
         case MBEDTLS_CIPHER_AES_128_ECB:
         case MBEDTLS_CIPHER_AES_192_ECB:
         case MBEDTLS_CIPHER_AES_256_ECB:
         case MBEDTLS_CIPHER_DES_EDE3_ECB:
             break;
         default:
-            return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
     }
 
     /* Allocated and initialise in the cipher context memory for the CMAC
      * context */
     cmac_ctx = mbedtls_calloc(1, sizeof(mbedtls_cmac_context_t));
-    if( cmac_ctx == NULL )
+    if (cmac_ctx == NULL) {
-        return( MBEDTLS_ERR_CIPHER_ALLOC_FAILED );
+        return MBEDTLS_ERR_CIPHER_ALLOC_FAILED;
+    }
 
     ctx->cmac_ctx = cmac_ctx;
 
@@ -222,8 +221,9 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
     size_t n, j, olen, block_size;
 
     if (ctx == NULL || ctx->cipher_info == NULL || input == NULL ||
-        ctx->cmac_ctx == NULL )
+        ctx->cmac_ctx == NULL) {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
     cmac_ctx = ctx->cmac_ctx;
     block_size = ctx->cipher_info->block_size;
@@ -232,8 +232,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
     /* Is there data still to process from the last call, that's greater in
      * size than a block? */
     if (cmac_ctx->unprocessed_len > 0 &&
-        ilen > block_size - cmac_ctx->unprocessed_len )
+        ilen > block_size - cmac_ctx->unprocessed_len) {
-    {
         memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
                input,
                block_size - cmac_ctx->unprocessed_len);
@@ -241,8 +240,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
         mbedtls_xor(state, cmac_ctx->unprocessed_block, state, block_size);
 
         if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
-                                           &olen ) ) != 0 )
+                                         &olen)) != 0) {
-        {
             goto exit;
         }
 
@@ -256,21 +254,20 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
 
     /* Iterate across the input data in block sized chunks, excluding any
      * final partial or complete block */
-    for( j = 1; j < n; j++ )
+    for (j = 1; j < n; j++) {
-    {
         mbedtls_xor(state, input, state, block_size);
 
         if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
-                                           &olen ) ) != 0 )
+                                         &olen)) != 0) {
             goto exit;
+        }
 
         ilen -= block_size;
         input += block_size;
     }
 
     /* If there is data left over that wasn't aligned to a block */
-    if( ilen > 0 )
+    if (ilen > 0) {
-    {
         memcpy(&cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
                input,
                ilen);
@@ -278,7 +275,7 @@ int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
     }
 
 exit:
-    return( ret );
+    return ret;
 }
 
 int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx,
@@ -293,8 +290,9 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
     size_t olen, block_size;
 
     if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL ||
-        output == NULL )
+        output == NULL) {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
     cmac_ctx = ctx->cmac_ctx;
     block_size = ctx->cipher_info->block_size;
@@ -307,13 +305,10 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
     last_block = cmac_ctx->unprocessed_block;
 
     /* Calculate last block */
-    if( cmac_ctx->unprocessed_len < block_size )
+    if (cmac_ctx->unprocessed_len < block_size) {
-    {
         cmac_pad(M_last, block_size, last_block, cmac_ctx->unprocessed_len);
         mbedtls_xor(M_last, M_last, K2, block_size);
-    }
+    } else {
-    else
-    {
         /* Last block is complete block */
         mbedtls_xor(M_last, last_block, K1, block_size);
     }
@@ -321,8 +316,7 @@ int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
 
     mbedtls_xor(state, M_last, state, block_size);
     if ((ret = mbedtls_cipher_update(ctx, state, block_size, state,
-                                       &olen ) ) != 0 )
+                                     &olen)) != 0) {
-    {
         goto exit;
     }
 
@@ -339,15 +333,16 @@ exit:
                              sizeof(cmac_ctx->unprocessed_block));
 
     mbedtls_platform_zeroize(state, MBEDTLS_CIPHER_BLKSIZE_MAX);
-    return( ret );
+    return ret;
 }
 
 int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx)
 {
     mbedtls_cmac_context_t *cmac_ctx;
 
-    if( ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL )
+    if (ctx == NULL || ctx->cipher_info == NULL || ctx->cmac_ctx == NULL) {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
     cmac_ctx = ctx->cmac_ctx;
 
@@ -358,7 +353,7 @@ int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx )
     mbedtls_platform_zeroize(cmac_ctx->state,
                              sizeof(cmac_ctx->state));
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_cipher_cmac(const mbedtls_cipher_info_t *cipher_info,
@@ -369,28 +364,32 @@ int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
     mbedtls_cipher_context_t ctx;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( cipher_info == NULL || key == NULL || input == NULL || output == NULL )
+    if (cipher_info == NULL || key == NULL || input == NULL || output == NULL) {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
     mbedtls_cipher_init(&ctx);
 
-    if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
+    if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) {
         goto exit;
+    }
 
     ret = mbedtls_cipher_cmac_starts(&ctx, key, keylen);
-    if( ret != 0 )
+    if (ret != 0) {
         goto exit;
+    }
 
     ret = mbedtls_cipher_cmac_update(&ctx, input, ilen);
-    if( ret != 0 )
+    if (ret != 0) {
         goto exit;
+    }
 
     ret = mbedtls_cipher_cmac_finish(&ctx, output);
 
 exit:
     mbedtls_cipher_free(&ctx);
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_AES_C)
@@ -406,31 +405,29 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
     unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE];
     unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE];
 
-    if( key == NULL || input == NULL || output == NULL )
+    if (key == NULL || input == NULL || output == NULL) {
-        return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+    }
 
     cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB);
-    if( cipher_info == NULL )
+    if (cipher_info == NULL) {
-    {
         /* Failing at this point must be due to a build issue */
         ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
         goto exit;
     }
 
-    if( key_length == MBEDTLS_AES_BLOCK_SIZE )
+    if (key_length == MBEDTLS_AES_BLOCK_SIZE) {
-    {
         /* Use key as is */
         memcpy(int_key, key, MBEDTLS_AES_BLOCK_SIZE);
-    }
+    } else {
-    else
-    {
         memset(zero_key, 0, MBEDTLS_AES_BLOCK_SIZE);
 
         ret = mbedtls_cipher_cmac(cipher_info, zero_key, 128, key,
                                   key_length, int_key);
-        if( ret != 0 )
+        if (ret != 0) {
             goto exit;
         }
+    }
 
     ret = mbedtls_cipher_cmac(cipher_info, int_key, 128, input, in_len,
                               output);
@@ -438,7 +435,7 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_length,
 exit:
     mbedtls_platform_zeroize(int_key, sizeof(int_key));
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_AES_C */
 
@@ -499,7 +496,8 @@ static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
         0xf9, 0x0b, 0xc1, 0x1e,     0xe4, 0x6d, 0x51, 0x3b
     }
 };
-static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
+static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] =
+{
     {
         /* Example #1 */
         0xbb, 0x1d, 0x69, 0x29,     0xe9, 0x59, 0x37, 0x28,
@@ -540,7 +538,8 @@ static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
         0x7d, 0xcc, 0x87, 0x3b,     0xa9, 0xb5, 0x45, 0x2c
     }
 };
-static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
+static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] =
+{
     {
         /* Example #1 */
         0xd1, 0x7d, 0xdf, 0x46,     0xad, 0xaa, 0xcd, 0xe5,
@@ -582,7 +581,8 @@ static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
         0x5d, 0x35, 0x33, 0x01,     0x0c, 0x42, 0xa0, 0xd9
     }
 };
-static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
+static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] =
+{
     {
         /* Example #1 */
         0x02, 0x89, 0x62, 0xf6,     0x1b, 0x7b, 0xf8, 0x9e,
@@ -634,7 +634,8 @@ static const unsigned char des3_2key_subkeys[2][8] = {
         0x1b, 0xa5, 0x96, 0xf4,     0x7b, 0x11, 0x11, 0xb2
     }
 };
-static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
+static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE]
+    = {
     {
         /* Sample #1 */
         0x79, 0xce, 0x52, 0xa7,     0xf7, 0x86, 0xa9, 0x60
@@ -672,7 +673,8 @@ static const unsigned char des3_3key_subkeys[2][8] = {
         0x3a, 0xe9, 0xce, 0x72,     0x66, 0x2f, 0x2d, 0x9b
     }
 };
-static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
+static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE]
+    = {
     {
         /* Sample #1 */
         0x7d, 0xb0, 0xd3, 0x7d,     0xf9, 0x36, 0xc5, 0x50
@@ -748,30 +750,28 @@ static int cmac_test_subkeys( int verbose,
     unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
 
     cipher_info = mbedtls_cipher_info_from_type(cipher_type);
-    if( cipher_info == NULL )
+    if (cipher_info == NULL) {
-    {
         /* Failing at this point must be due to a build issue */
-        return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
+        return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
     }
 
-    for( i = 0; i < num_tests; i++ )
+    for (i = 0; i < num_tests; i++) {
-    {
+        if (verbose != 0) {
-        if( verbose != 0 )
             mbedtls_printf("  %s CMAC subkey #%d: ", testname, i + 1);
+        }
 
         mbedtls_cipher_init(&ctx);
 
-        if( ( ret = mbedtls_cipher_setup( &ctx, cipher_info ) ) != 0 )
+        if ((ret = mbedtls_cipher_setup(&ctx, cipher_info)) != 0) {
-        {
+            if (verbose != 0) {
-            if( verbose != 0 )
                 mbedtls_printf("test execution failed\n");
+            }
 
             goto cleanup;
         }
 
         if ((ret = mbedtls_cipher_setkey(&ctx, key, keybits,
-                                       MBEDTLS_ENCRYPT ) ) != 0 )
+                                         MBEDTLS_ENCRYPT)) != 0) {
-        {
             /* When CMAC is implemented by an alternative implementation, or
              * the underlying primitive itself is implemented alternatively,
              * AES-192 may be unavailable. This should not cause the selftest
@@ -779,37 +779,40 @@ static int cmac_test_subkeys( int verbose,
             if ((ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED ||
                  ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) &&
                 cipher_type == MBEDTLS_CIPHER_AES_192_ECB) {
-                if( verbose != 0 )
+                if (verbose != 0) {
                     mbedtls_printf("skipped\n");
+                }
                 goto next_test;
             }
 
-            if( verbose != 0 )
+            if (verbose != 0) {
                 mbedtls_printf("test execution failed\n");
+            }
 
             goto cleanup;
         }
 
         ret = cmac_generate_subkeys(&ctx, K1, K2);
-        if( ret != 0 )
+        if (ret != 0) {
-        {
+            if (verbose != 0) {
-           if( verbose != 0 )
                 mbedtls_printf("failed\n");
+            }
 
             goto cleanup;
         }
 
         if ((ret = memcmp(K1, subkeys, block_size)) != 0  ||
-            ( ret = memcmp( K2, &subkeys[block_size], block_size ) ) != 0 )
+            (ret = memcmp(K2, &subkeys[block_size], block_size)) != 0) {
-        {
+            if (verbose != 0) {
-            if( verbose != 0 )
                 mbedtls_printf("failed\n");
+            }
 
             goto cleanup;
         }
 
-        if( verbose != 0 )
+        if (verbose != 0) {
             mbedtls_printf("passed\n");
+        }
 
 next_test:
         mbedtls_cipher_free(&ctx);
@@ -822,7 +825,7 @@ cleanup:
     mbedtls_cipher_free(&ctx);
 
 exit:
-    return( ret );
+    return ret;
 }
 
 static int cmac_test_wth_cipher(int verbose,
@@ -841,21 +844,19 @@ static int cmac_test_wth_cipher( int verbose,
     unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
 
     cipher_info = mbedtls_cipher_info_from_type(cipher_type);
-    if( cipher_info == NULL )
+    if (cipher_info == NULL) {
-    {
         /* Failing at this point must be due to a build issue */
         ret = MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
         goto exit;
     }
 
-    for( i = 0; i < num_tests; i++ )
+    for (i = 0; i < num_tests; i++) {
-    {
+        if (verbose != 0) {
-        if( verbose != 0 )
             mbedtls_printf("  %s CMAC #%d: ", testname, i + 1);
+        }
 
         if ((ret = mbedtls_cipher_cmac(cipher_info, key, keybits, messages,
-                                         message_lengths[i], output ) ) != 0 )
+                                       message_lengths[i], output)) != 0) {
-        {
             /* When CMAC is implemented by an alternative implementation, or
              * the underlying primitive itself is implemented alternatively,
              * AES-192 and/or 3DES may be unavailable. This should not cause
@@ -864,30 +865,33 @@ static int cmac_test_wth_cipher( int verbose,
                  ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE) &&
                 (cipher_type == MBEDTLS_CIPHER_AES_192_ECB ||
                  cipher_type == MBEDTLS_CIPHER_DES_EDE3_ECB)) {
-                if( verbose != 0 )
+                if (verbose != 0) {
                     mbedtls_printf("skipped\n");
+                }
                 continue;
             }
 
-            if( verbose != 0 )
+            if (verbose != 0) {
                 mbedtls_printf("failed\n");
+            }
             goto exit;
         }
 
-        if( ( ret = memcmp( output, &expected_result[i * block_size], block_size ) ) != 0 )
+        if ((ret = memcmp(output, &expected_result[i * block_size], block_size)) != 0) {
-        {
+            if (verbose != 0) {
-            if( verbose != 0 )
                 mbedtls_printf("failed\n");
+            }
             goto exit;
         }
 
-        if( verbose != 0 )
+        if (verbose != 0) {
             mbedtls_printf("passed\n");
         }
+    }
     ret = 0;
 
 exit:
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_AES_C)
@@ -897,25 +901,22 @@ static int test_aes128_cmac_prf( int verbose )
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char output[MBEDTLS_AES_BLOCK_SIZE];
 
-    for( i = 0; i < NB_PRF_TESTS; i++ )
+    for (i = 0; i < NB_PRF_TESTS; i++) {
-    {
         mbedtls_printf("  AES CMAC 128 PRF #%d: ", i);
         ret = mbedtls_aes_cmac_prf_128(PRFK, PRFKlen[i], PRFM, 20, output);
         if (ret != 0 ||
-            memcmp( output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE ) != 0 )
+            memcmp(output, PRFT[i], MBEDTLS_AES_BLOCK_SIZE) != 0) {
-        {
 
-            if( verbose != 0 )
+            if (verbose != 0) {
                 mbedtls_printf("failed\n");
-
-            return( ret );
             }
-        else if( verbose != 0 )
+
-        {
+            return ret;
+        } else if (verbose != 0) {
             mbedtls_printf("passed\n");
         }
     }
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_AES_C */
 
@@ -932,9 +933,8 @@ int mbedtls_cmac_self_test( int verbose )
                                  (const unsigned char *) aes_128_subkeys,
                                  MBEDTLS_CIPHER_AES_128_ECB,
                                  MBEDTLS_AES_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
+                                 NB_CMAC_TESTS_PER_KEY)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 
     if ((ret = cmac_test_wth_cipher(verbose,
@@ -946,9 +946,8 @@ int mbedtls_cmac_self_test( int verbose )
                                     (const unsigned char *) aes_128_expected_result,
                                     MBEDTLS_CIPHER_AES_128_ECB,
                                     MBEDTLS_AES_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
+                                    NB_CMAC_TESTS_PER_KEY)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 
     /* AES-192 */
@@ -959,9 +958,8 @@ int mbedtls_cmac_self_test( int verbose )
                                  (const unsigned char *) aes_192_subkeys,
                                  MBEDTLS_CIPHER_AES_192_ECB,
                                  MBEDTLS_AES_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
+                                 NB_CMAC_TESTS_PER_KEY)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 
     if ((ret = cmac_test_wth_cipher(verbose,
@@ -973,9 +971,8 @@ int mbedtls_cmac_self_test( int verbose )
                                     (const unsigned char *) aes_192_expected_result,
                                     MBEDTLS_CIPHER_AES_192_ECB,
                                     MBEDTLS_AES_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
+                                    NB_CMAC_TESTS_PER_KEY)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 
     /* AES-256 */
@@ -986,9 +983,8 @@ int mbedtls_cmac_self_test( int verbose )
                                  (const unsigned char *) aes_256_subkeys,
                                  MBEDTLS_CIPHER_AES_256_ECB,
                                  MBEDTLS_AES_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
+                                 NB_CMAC_TESTS_PER_KEY)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 
     if ((ret = cmac_test_wth_cipher(verbose,
@@ -1000,9 +996,8 @@ int mbedtls_cmac_self_test( int verbose )
                                     (const unsigned char *) aes_256_expected_result,
                                     MBEDTLS_CIPHER_AES_256_ECB,
                                     MBEDTLS_AES_BLOCK_SIZE,
-                                       NB_CMAC_TESTS_PER_KEY ) ) != 0 )
+                                    NB_CMAC_TESTS_PER_KEY)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 #endif /* MBEDTLS_AES_C */
 
@@ -1015,9 +1010,8 @@ int mbedtls_cmac_self_test( int verbose )
                                  (const unsigned char *) des3_2key_subkeys,
                                  MBEDTLS_CIPHER_DES_EDE3_ECB,
                                  MBEDTLS_DES3_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
+                                 NB_CMAC_TESTS_PER_KEY)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 
     if ((ret = cmac_test_wth_cipher(verbose,
@@ -1029,9 +1023,8 @@ int mbedtls_cmac_self_test( int verbose )
                                     (const unsigned char *) des3_2key_expected_result,
                                     MBEDTLS_CIPHER_DES_EDE3_ECB,
                                     MBEDTLS_DES3_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
+                                    NB_CMAC_TESTS_PER_KEY)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 
     /* 3DES 3 key */
@@ -1042,9 +1035,8 @@ int mbedtls_cmac_self_test( int verbose )
                                  (const unsigned char *) des3_3key_subkeys,
                                  MBEDTLS_CIPHER_DES_EDE3_ECB,
                                  MBEDTLS_DES3_BLOCK_SIZE,
-                                   NB_CMAC_TESTS_PER_KEY ) ) != 0 )
+                                 NB_CMAC_TESTS_PER_KEY)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 
     if ((ret = cmac_test_wth_cipher(verbose,
@@ -1056,21 +1048,22 @@ int mbedtls_cmac_self_test( int verbose )
                                     (const unsigned char *) des3_3key_expected_result,
                                     MBEDTLS_CIPHER_DES_EDE3_ECB,
                                     MBEDTLS_DES3_BLOCK_SIZE,
-                                      NB_CMAC_TESTS_PER_KEY ) ) != 0 )
+                                    NB_CMAC_TESTS_PER_KEY)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 #endif /* MBEDTLS_DES_C */
 
 #if defined(MBEDTLS_AES_C)
-    if( ( ret = test_aes128_cmac_prf( verbose ) ) != 0 )
+    if ((ret = test_aes128_cmac_prf(verbose)) != 0) {
-        return( ret );
+        return ret;
+    }
 #endif /* MBEDTLS_AES_C */
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("\n");
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_SELF_TEST */

library/common.h

@@ -89,7 +89,7 @@ extern void (*mbedtls_test_hook_test_fail)( const char * test, int line, const c
 static inline unsigned char *mbedtls_buffer_offset(
     unsigned char *p, size_t n)
 {
-    return( p == NULL ? NULL : p + n );
+    return p == NULL ? NULL : p + n;
 }
 
 /** Return an offset into a read-only buffer.
@@ -106,7 +106,7 @@ static inline unsigned char *mbedtls_buffer_offset(
 static inline const unsigned char *mbedtls_buffer_offset_const(
     const unsigned char *p, size_t n)
 {
-    return( p == NULL ? NULL : p + n );
+    return p == NULL ? NULL : p + n;
 }
 
 /**
@@ -123,13 +123,11 @@ static inline const unsigned char *mbedtls_buffer_offset_const(
 inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned char *b, size_t n)
 {
     size_t i;
-    for ( i = 0; ( i + 4 ) <= n; i += 4 )
+    for (i = 0; (i + 4) <= n; i += 4) {
-    {
         uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i);
         mbedtls_put_unaligned_uint32(r + i, x);
     }
-    for ( ; i < n; i++ )
+    for (; i < n; i++) {
-    {
         r[i] = a[i] ^ b[i];
     }
 }

library/constant_time.c

@@ -56,8 +56,7 @@ int mbedtls_ct_memcmp( const void *a,
     volatile const unsigned char *B = (volatile const unsigned char *) b;
     volatile unsigned char diff = 0;
 
-    for( i = 0; i < n; i++ )
+    for (i = 0; i < n; i++) {
-    {
         /* Read volatile data in order before computing diff.
          * This avoids IAR compiler warning:
          * 'the order of volatile accesses is undefined ..' */
@@ -65,7 +64,7 @@ int mbedtls_ct_memcmp( const void *a,
         diff |= x ^ y;
     }
 
-    return( (int)diff );
+    return (int) diff;
 }
 
 unsigned mbedtls_ct_uint_mask(unsigned value)
@@ -76,7 +75,7 @@ unsigned mbedtls_ct_uint_mask( unsigned value )
 #pragma warning( push )
 #pragma warning( disable : 4146 )
 #endif
-    return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
+    return -((value | -value) >> (sizeof(value) * 8 - 1));
 #if defined(_MSC_VER)
 #pragma warning( pop )
 #endif
@@ -92,7 +91,7 @@ size_t mbedtls_ct_size_mask( size_t value )
 #pragma warning( push )
 #pragma warning( disable : 4146 )
 #endif
-    return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
+    return -((value | -value) >> (sizeof(value) * 8 - 1));
 #if defined(_MSC_VER)
 #pragma warning( pop )
 #endif
@@ -110,7 +109,7 @@ mbedtls_mpi_uint mbedtls_ct_mpi_uint_mask( mbedtls_mpi_uint value )
 #pragma warning( push )
 #pragma warning( disable : 4146 )
 #endif
-    return( - ( ( value | - value ) >> ( sizeof( value ) * 8 - 1 ) ) );
+    return -((value | -value) >> (sizeof(value) * 8 - 1));
 #if defined(_MSC_VER)
 #pragma warning( pop )
 #endif
@@ -144,13 +143,13 @@ static size_t mbedtls_ct_size_mask_lt( size_t x,
     /* mask = (x < y) ? 0xff... : 0x00... */
     const size_t mask = mbedtls_ct_size_mask(sub1);
 
-    return( mask );
+    return mask;
 }
 
 size_t mbedtls_ct_size_mask_ge(size_t x,
                                size_t y)
 {
-    return( ~mbedtls_ct_size_mask_lt( x, y ) );
+    return ~mbedtls_ct_size_mask_lt(x, y);
 }
 
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
@@ -170,7 +169,7 @@ unsigned char mbedtls_ct_uchar_mask_of_range( unsigned char low,
     unsigned low_mask = ((unsigned) c - low) >> 8;
     /* high_mask is: 0 if c <= high, 0x...ff if c > high */
     unsigned high_mask = ((unsigned) high - c) >> 8;
-    return( ~( low_mask | high_mask ) & 0xff );
+    return ~(low_mask | high_mask) & 0xff;
 }
 
 #endif /* MBEDTLS_BASE64_C */
@@ -198,7 +197,7 @@ unsigned mbedtls_ct_size_bool_eq( size_t x,
     /* diff1 = (x != y) ? 1 : 0 */
     const unsigned diff1 = diff_msb >> (sizeof(diff_msb) * 8 - 1);
 
-    return( 1 ^ diff1 );
+    return 1 ^ diff1;
 }
 
 #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
@@ -218,7 +217,7 @@ static unsigned mbedtls_ct_size_gt( size_t x,
                                    size_t y)
 {
     /* Return the sign bit (1 for negative) of (y - x). */
-    return( ( y - x ) >> ( sizeof( size_t ) * 8 - 1 ) );
+    return (y - x) >> (sizeof(size_t) * 8 - 1);
 }
 
 #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
@@ -260,7 +259,7 @@ unsigned mbedtls_ct_uint_if( unsigned condition,
                             unsigned if0)
 {
     unsigned mask = mbedtls_ct_uint_mask(condition);
-    return( ( mask & if1 ) | (~mask & if0 ) );
+    return (mask & if1) | (~mask & if0);
 }
 
 #if defined(MBEDTLS_BIGNUM_C)
@@ -296,7 +295,7 @@ static int mbedtls_ct_cond_select_sign( unsigned char condition,
     unsigned ur = (uif0 & ~mask) | (uif1 & mask);
 
     /* ur is now 0 or 2, convert back to -1 or +1 */
-    return( (int) ur - 1 );
+    return (int) ur - 1;
 }
 
 void mbedtls_ct_mpi_uint_cond_assign(size_t n,
@@ -320,9 +319,10 @@ void mbedtls_ct_mpi_uint_cond_assign( size_t n,
 #pragma warning( pop )
 #endif
 
-    for( i = 0; i < n; i++ )
+    for (i = 0; i < n; i++) {
         dest[i] = (src[i] & mask) | (dest[i] & ~mask);
     }
+}
 
 #endif /* MBEDTLS_BIGNUM_C */
 
@@ -339,7 +339,7 @@ unsigned char mbedtls_ct_base64_enc_char( unsigned char value )
     digit |= mbedtls_ct_uchar_mask_of_range(52, 61, value) & ('0' + value - 52);
     digit |= mbedtls_ct_uchar_mask_of_range(62, 62, value) & '+';
     digit |= mbedtls_ct_uchar_mask_of_range(63, 63, value) & '/';
-    return( digit );
+    return digit;
 }
 
 signed char mbedtls_ct_base64_dec_value(unsigned char c)
@@ -356,7 +356,7 @@ signed char mbedtls_ct_base64_dec_value( unsigned char c )
     val |= mbedtls_ct_uchar_mask_of_range('/', '/', c) & (c - '/' + 63 + 1);
     /* At this point, val is 0 if c is an invalid digit and v+1 if c is
      * a digit with the value v. */
-    return( val - 1 );
+    return val - 1;
 }
 
 #endif /* MBEDTLS_BASE64_C */
@@ -385,16 +385,15 @@ static void mbedtls_ct_mem_move_to_left( void *start,
 {
     volatile unsigned char *buf = start;
     size_t i, n;
-    if( total == 0 )
+    if (total == 0) {
         return;
-    for( i = 0; i < total; i++ )
+    }
-    {
+    for (i = 0; i < total; i++) {
         unsigned no_op = mbedtls_ct_size_gt(total - offset, i);
         /* The first `total - offset` passes are a no-op. The last
          * `offset` passes shift the data one byte to the left and
          * zero out the last byte. */
-        for( n = 0; n < total - 1; n++ )
+        for (n = 0; n < total - 1; n++) {
-        {
             unsigned char current = buf[n];
             unsigned char next = buf[n+1];
             buf[n] = mbedtls_ct_uint_if(no_op, current, next);
@@ -418,9 +417,10 @@ void mbedtls_ct_memcpy_if_eq( unsigned char *dest,
     const unsigned char mask = (unsigned char) mbedtls_ct_size_mask(equal);
 
     /* dest[i] = c1 == c2 ? src[i] : dest[i] */
-    for( size_t i = 0; i < len; i++ )
+    for (size_t i = 0; i < len; i++) {
         dest[i] = (src[i] & mask) | (dest[i] & ~mask);
     }
+}
 
 void mbedtls_ct_memcpy_offset(unsigned char *dest,
                               const unsigned char *src,
@@ -431,8 +431,7 @@ void mbedtls_ct_memcpy_offset( unsigned char *dest,
 {
     size_t offsetval;
 
-    for( offsetval = offset_min; offsetval <= offset_max; offsetval++ )
+    for (offsetval = offset_min; offsetval <= offset_max; offsetval++) {
-    {
         mbedtls_ct_memcpy_if_eq(dest, src + offsetval, len,
                                 offsetval, offset);
     }
@@ -503,10 +502,12 @@ int mbedtls_ct_hmac( mbedtls_svc_key_id_t key,
     PSA_CHK(psa_export_key(key, key_buf, block_size, &mac_key_length));
 
     /* Calculate ikey */
-    for( i = 0; i < mac_key_length; i++ )
+    for (i = 0; i < mac_key_length; i++) {
         key_buf[i] = (unsigned char) (key_buf[i] ^ 0x36);
-    for(; i < block_size; ++i )
+    }
+    for (; i < block_size; ++i) {
         key_buf[i] = 0x36;
+    }
 
     PSA_CHK(psa_hash_setup(&operation, hash_alg));
 
@@ -522,8 +523,7 @@ int mbedtls_ct_hmac( mbedtls_svc_key_id_t key,
     memset(output, '!', hash_size);
 
     /* For each possible length, compute the hash up to that point */
-    for( offset = min_data_len; offset <= max_data_len; offset++ )
+    for (offset = min_data_len; offset <= max_data_len; offset++) {
-    {
         PSA_CHK(psa_hash_clone(&operation, &aux_operation));
         PSA_CHK(psa_hash_finish(&aux_operation, aux_out,
                                 PSA_HASH_MAX_SIZE, &hash_length));
@@ -531,18 +531,21 @@ int mbedtls_ct_hmac( mbedtls_svc_key_id_t key,
         mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size,
                                 offset, data_len_secret);
 
-        if( offset < max_data_len )
+        if (offset < max_data_len) {
             PSA_CHK(psa_hash_update(&operation, data + offset, 1));
         }
+    }
 
     /* Abort current operation to prepare for final operation */
     PSA_CHK(psa_hash_abort(&operation));
 
     /* Calculate okey */
-    for( i = 0; i < mac_key_length; i++ )
+    for (i = 0; i < mac_key_length; i++) {
         key_buf[i] = (unsigned char) ((key_buf[i] ^ 0x36) ^ 0x5C);
-    for(; i < block_size; ++i )
+    }
+    for (; i < block_size; ++i) {
         key_buf[i] = 0x5C;
+    }
 
     /* Now compute HASH(okey + inner_hash) */
     PSA_CHK(psa_hash_setup(&operation, hash_alg));
@@ -558,7 +561,7 @@ cleanup:
 
     psa_hash_abort(&operation);
     psa_hash_abort(&aux_operation);
-    return( psa_ssl_status_to_mbedtls( status ) );
+    return psa_ssl_status_to_mbedtls(status);
 }
 
 #undef MAX_HASH_BLOCK_LENGTH
@@ -623,17 +626,17 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
     memset(output, '!', hash_size);
 
     /* For each possible length, compute the hash up to that point */
-    for( offset = min_data_len; offset <= max_data_len; offset++ )
+    for (offset = min_data_len; offset <= max_data_len; offset++) {
-    {
         MD_CHK(mbedtls_md_clone(&aux, ctx));
         MD_CHK(mbedtls_md_finish(&aux, aux_out));
         /* Keep only the correct inner_hash in the output buffer */
         mbedtls_ct_memcpy_if_eq(output, aux_out, hash_size,
                                 offset, data_len_secret);
 
-        if( offset < max_data_len )
+        if (offset < max_data_len) {
             MD_CHK(mbedtls_md_update(ctx, data + offset, 1));
         }
+    }
 
     /* The context needs to finish() before it starts() again */
     MD_CHK(mbedtls_md_finish(ctx, aux_out));
@@ -651,7 +654,7 @@ int mbedtls_ct_hmac( mbedtls_md_context_t *ctx,
 
 cleanup:
     mbedtls_md_free(&aux);
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
@@ -691,11 +694,12 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X,
 
     mbedtls_mpi_core_cond_assign(X->p, Y->p, Y->n, assign);
 
-    for( size_t i = Y->n; i < X->n; i++ )
+    for (size_t i = Y->n; i < X->n; i++) {
         X->p[i] &= ~limb_mask;
+    }
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
@@ -713,8 +717,9 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X,
     MPI_VALIDATE_RET(X != NULL);
     MPI_VALIDATE_RET(Y != NULL);
 
-    if( X == Y )
+    if (X == Y) {
-        return( 0 );
+        return 0;
+    }
 
     MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n));
     MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n));
@@ -726,7 +731,7 @@ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X,
     mbedtls_mpi_core_cond_swap(X->p, Y->p, X->n, swap);
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
@@ -742,8 +747,7 @@ unsigned mbedtls_mpi_core_lt_ct( const mbedtls_mpi_uint *A,
      * their scope. */
     ret = cond = done = 0;
 
-    for( size_t i = limbs; i > 0; i-- )
+    for (size_t i = limbs; i > 0; i--) {
-    {
         /*
          * If B[i - 1] < A[i - 1] then A < B is false and the result must
          * remain 0.
@@ -770,7 +774,7 @@ unsigned mbedtls_mpi_core_lt_ct( const mbedtls_mpi_uint *A,
      * and leaving the result 0 is correct.
      */
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -788,8 +792,9 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X,
     MPI_VALIDATE_RET(Y != NULL);
     MPI_VALIDATE_RET(ret != NULL);
 
-    if( X->n != Y->n )
+    if (X->n != Y->n) {
         return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
+    }
 
     /*
      * Set sign_N to 1 if N >= 0, 0 if N < 0.
@@ -812,8 +817,7 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X,
      */
     done = cond;
 
-    for( i = X->n; i > 0; i-- )
+    for (i = X->n; i > 0; i--) {
-    {
         /*
          * If Y->p[i - 1] < X->p[i - 1] then X < Y is true if and only if both
          * X and Y are negative.
@@ -837,7 +841,7 @@ int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X,
         done |= cond;
     }
 
-    return( 0 );
+    return 0;
 }
 
 #endif /* MBEDTLS_BIGNUM_C */
@@ -883,8 +887,7 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( unsigned char *input,
 
     /* Read the whole buffer. Set pad_done to nonzero if we find
      * the 0x00 byte and remember the padding length in pad_count. */
-    for( i = 2; i < ilen; i++ )
+    for (i = 2; i < ilen; i++) {
-    {
         pad_done  |= ((input[i] | (unsigned char) -input[i]) >> 7) ^ 1;
         pad_count += ((pad_done | (unsigned char) -pad_done) >> 7) ^ 1;
     }
@@ -930,8 +933,9 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( unsigned char *input,
      * avoid leaking the padding validity through overall timing or
      * through memory or cache access patterns. */
     bad = mbedtls_ct_uint_mask(bad | output_too_large);
-    for( i = 11; i < ilen; i++ )
+    for (i = 11; i < ilen; i++) {
         input[i] &= ~bad;
+    }
 
     /* If the plaintext is too large, truncate it to the buffer size.
      * Copy anyway to avoid revealing the length through timing, because
@@ -958,8 +962,9 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( unsigned char *input,
      * user-provided output buffer), which is independent from plaintext
      * length, validity of padding, success of the decryption, and other
      * secrets. */
-    if( output_max_len != 0 )
+    if (output_max_len != 0) {
         memcpy(output, input + ilen - plaintext_max_size, plaintext_max_size);
+    }
 
     /* Report the amount of data we copied to the output buffer. In case
      * of errors (bad padding or output too large), the value of *olen
@@ -967,7 +972,7 @@ int mbedtls_ct_rsaes_pkcs1_v15_unpadding( unsigned char *input,
      * to the good case limits the risks of leaking the padding validity. */
     *olen = plaintext_size;
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */

library/ctr_drbg.c

@@ -58,13 +58,15 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx )
  */
 void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
 #if defined(MBEDTLS_THREADING_C)
     /* The mutex is initialized iff f_entropy is set. */
-    if( ctx->f_entropy != NULL )
+    if (ctx->f_entropy != NULL) {
         mbedtls_mutex_free(&ctx->mutex);
+    }
 #endif
     mbedtls_aes_free(&ctx->aes_ctx);
     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_ctr_drbg_context));
@@ -89,17 +91,20 @@ int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
 {
     /* If mbedtls_ctr_drbg_seed() has already been called, it's
      * too late. Return the error code that's closest to making sense. */
-    if( ctx->f_entropy != NULL )
+    if (ctx->f_entropy != NULL) {
-        return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
+        return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
+    }
 
-    if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
+    if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+        return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+    }
 #if SIZE_MAX > INT_MAX
     /* This shouldn't be an issue because
      * MBEDTLS_CTR_DRBG_MAX_SEED_INPUT < INT_MAX in any sensible
      * configuration, but make sure anyway. */
-    if( len > INT_MAX )
+    if (len > INT_MAX) {
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+        return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+    }
 #endif
 
     /* For backward compatibility with Mbed TLS <= 2.19, store the
@@ -107,7 +112,7 @@ int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
      * used until after the initial seeding. */
     /* Due to the capping of len above, the value fits in an int. */
     ctx->reseed_counter = (int) len;
-    return( 0 );
+    return 0;
 }
 
 void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx,
@@ -131,8 +136,9 @@ static int block_cipher_df( unsigned char *output,
     int i, j;
     size_t buf_len, use_len;
 
-    if( data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
+    if (data_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+        return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+    }
 
     memset(buf, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT +
            MBEDTLS_CTR_DRBG_BLOCKSIZE + 16);
@@ -154,34 +160,31 @@ static int block_cipher_df( unsigned char *output,
 
     buf_len = MBEDTLS_CTR_DRBG_BLOCKSIZE + 8 + data_len + 1;
 
-    for( i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++ )
+    for (i = 0; i < MBEDTLS_CTR_DRBG_KEYSIZE; i++) {
         key[i] = i;
+    }
 
     if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, key,
-                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
+                                      MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
-    {
         goto exit;
     }
 
     /*
      * Reduce data to MBEDTLS_CTR_DRBG_SEEDLEN bytes of data
      */
-    for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
+    for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
-    {
         p = buf;
         memset(chain, 0, MBEDTLS_CTR_DRBG_BLOCKSIZE);
         use_len = buf_len;
 
-        while( use_len > 0 )
+        while (use_len > 0) {
-        {
             mbedtls_xor(chain, chain, p, MBEDTLS_CTR_DRBG_BLOCKSIZE);
             p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
             use_len -= (use_len >= MBEDTLS_CTR_DRBG_BLOCKSIZE) ?
                        MBEDTLS_CTR_DRBG_BLOCKSIZE : use_len;
 
             if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
-                                               chain, chain ) ) != 0 )
+                                             chain, chain)) != 0) {
-            {
                 goto exit;
             }
         }
@@ -198,18 +201,15 @@ static int block_cipher_df( unsigned char *output,
      * Do final encryption with reduced data
      */
     if ((ret = mbedtls_aes_setkey_enc(&aes_ctx, tmp,
-                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
+                                      MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
-    {
         goto exit;
     }
     iv = tmp + MBEDTLS_CTR_DRBG_KEYSIZE;
     p = output;
 
-    for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
+    for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
-    {
         if ((ret = mbedtls_aes_crypt_ecb(&aes_ctx, MBEDTLS_AES_ENCRYPT,
-                                           iv, iv ) ) != 0 )
+                                         iv, iv)) != 0) {
-        {
             goto exit;
         }
         memcpy(p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE);
@@ -224,15 +224,14 @@ exit:
     mbedtls_platform_zeroize(tmp, sizeof(tmp));
     mbedtls_platform_zeroize(key, sizeof(key));
     mbedtls_platform_zeroize(chain, sizeof(chain));
-    if( 0 != ret )
+    if (0 != ret) {
-    {
         /*
          * wipe partial seed from memory
          */
         mbedtls_platform_zeroize(output, MBEDTLS_CTR_DRBG_SEEDLEN);
     }
 
-    return( ret );
+    return ret;
 }
 
 /* CTR_DRBG_Update (SP 800-90A &sect;10.2.1.2)
@@ -253,36 +252,36 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
 
     memset(tmp, 0, MBEDTLS_CTR_DRBG_SEEDLEN);
 
-    for( j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE )
+    for (j = 0; j < MBEDTLS_CTR_DRBG_SEEDLEN; j += MBEDTLS_CTR_DRBG_BLOCKSIZE) {
-    {
         /*
          * Increase counter
          */
-        for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
+        for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) {
-            if( ++ctx->counter[i - 1] != 0 )
+            if (++ctx->counter[i - 1] != 0) {
                 break;
+            }
+        }
 
         /*
          * Crypt counter block
          */
         if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
-                                           ctx->counter, p ) ) != 0 )
+                                         ctx->counter, p)) != 0) {
-        {
             goto exit;
         }
 
         p += MBEDTLS_CTR_DRBG_BLOCKSIZE;
     }
 
-    for( i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++ )
+    for (i = 0; i < MBEDTLS_CTR_DRBG_SEEDLEN; i++) {
         tmp[i] ^= data[i];
+    }
 
     /*
      * Update key and counter
      */
     if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, tmp,
-                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
+                                      MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
-    {
         goto exit;
     }
     memcpy(ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE,
@@ -290,7 +289,7 @@ static int ctr_drbg_update_internal( mbedtls_ctr_drbg_context *ctx,
 
 exit:
     mbedtls_platform_zeroize(tmp, sizeof(tmp));
-    return( ret );
+    return ret;
 }
 
 /* CTR_DRBG_Instantiate with derivation function (SP 800-90A &sect;10.2.1.3.2)
@@ -312,17 +311,20 @@ int mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
     unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( add_len == 0 )
+    if (add_len == 0) {
-        return( 0 );
+        return 0;
+    }
 
-    if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
+    if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) {
         goto exit;
-    if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
+    }
+    if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
         goto exit;
+    }
 
 exit:
     mbedtls_platform_zeroize(add_input, sizeof(add_input));
-    return( ret );
+    return ret;
 }
 
 /* CTR_DRBG_Reseed with derivation function (SP 800-90A &sect;10.2.1.4.2)
@@ -347,57 +349,58 @@ static int mbedtls_ctr_drbg_reseed_internal( mbedtls_ctr_drbg_context *ctx,
     size_t seedlen = 0;
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT )
+    if (ctx->entropy_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT) {
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+        return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
-    if( nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len )
+    }
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+    if (nonce_len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len) {
-    if( len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len )
+        return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+    }
+    if (len > MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - ctx->entropy_len - nonce_len) {
+        return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+    }
 
     memset(seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT);
 
     /* Gather entropy_len bytes of entropy to seed state. */
-    if( 0 != ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) )
+    if (0 != ctx->f_entropy(ctx->p_entropy, seed, ctx->entropy_len)) {
-    {
+        return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
-        return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
     }
     seedlen += ctx->entropy_len;
 
     /* Gather entropy for a nonce if requested. */
-    if( nonce_len != 0 )
+    if (nonce_len != 0) {
-    {
+        if (0 != ctx->f_entropy(ctx->p_entropy, seed + seedlen, nonce_len)) {
-        if( 0 != ctx->f_entropy( ctx->p_entropy, seed + seedlen, nonce_len ) )
+            return MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED;
-        {
-            return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED );
         }
         seedlen += nonce_len;
     }
 
     /* Add additional data if provided. */
-    if( additional != NULL && len != 0 )
+    if (additional != NULL && len != 0) {
-    {
         memcpy(seed + seedlen, additional, len);
         seedlen += len;
     }
 
     /* Reduce to 384 bits. */
-    if( ( ret = block_cipher_df( seed, seed, seedlen ) ) != 0 )
+    if ((ret = block_cipher_df(seed, seed, seedlen)) != 0) {
         goto exit;
+    }
 
     /* Update state. */
-    if( ( ret = ctr_drbg_update_internal( ctx, seed ) ) != 0 )
+    if ((ret = ctr_drbg_update_internal(ctx, seed)) != 0) {
         goto exit;
+    }
     ctx->reseed_counter = 1;
 
 exit:
     mbedtls_platform_zeroize(seed, sizeof(seed));
-    return( ret );
+    return ret;
 }
 
 int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx,
                             const unsigned char *additional, size_t len)
 {
-    return( mbedtls_ctr_drbg_reseed_internal( ctx, additional, len, 0 ) );
+    return mbedtls_ctr_drbg_reseed_internal(ctx, additional, len, 0);
 }
 
 /* Return a "good" nonce length for CTR_DRBG. The chosen nonce length
@@ -407,10 +410,11 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
  * the nonce, don't make a second call to get a nonce. */
 static size_t good_nonce_len(size_t entropy_len)
 {
-    if( entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2 )
+    if (entropy_len >= MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2) {
-        return( 0 );
+        return 0;
-    else
+    } else {
-        return( ( entropy_len + 1 ) / 2 );
+        return (entropy_len + 1) / 2;
+    }
 }
 
 /* CTR_DRBG_Instantiate with derivation function (SP 800-90A &sect;10.2.1.3.2)
@@ -444,8 +448,9 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
     ctx->f_entropy = f_entropy;
     ctx->p_entropy = p_entropy;
 
-    if( ctx->entropy_len == 0 )
+    if (ctx->entropy_len == 0) {
         ctx->entropy_len = MBEDTLS_CTR_DRBG_ENTROPY_LEN;
+    }
     /* ctx->reseed_counter contains the desired amount of entropy to
      * grab for a nonce (see mbedtls_ctr_drbg_set_nonce_len()).
      * If it's -1, indicating that the entropy nonce length was not set
@@ -456,18 +461,16 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
 
     /* Initialize with an empty key. */
     if ((ret = mbedtls_aes_setkey_enc(&ctx->aes_ctx, key,
-                                        MBEDTLS_CTR_DRBG_KEYBITS ) ) != 0 )
+                                      MBEDTLS_CTR_DRBG_KEYBITS)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 
     /* Do the initial seeding. */
     if ((ret = mbedtls_ctr_drbg_reseed_internal(ctx, custom, len,
-                                                  nonce_len ) ) != 0 )
+                                                nonce_len)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
-    return( 0 );
+    return 0;
 }
 
 /* CTR_DRBG_Generate with derivation function (SP 800-90A &sect;10.2.1.5.2)
@@ -501,47 +504,48 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
     int i;
     size_t use_len;
 
-    if( output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST )
+    if (output_len > MBEDTLS_CTR_DRBG_MAX_REQUEST) {
-        return( MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG );
+        return MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG;
+    }
 
-    if( add_len > MBEDTLS_CTR_DRBG_MAX_INPUT )
+    if (add_len > MBEDTLS_CTR_DRBG_MAX_INPUT) {
-        return( MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG );
+        return MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
+    }
 
     memset(add_input, 0, MBEDTLS_CTR_DRBG_SEEDLEN);
 
     if (ctx->reseed_counter > ctx->reseed_interval ||
-        ctx->prediction_resistance )
+        ctx->prediction_resistance) {
-    {
+        if ((ret = mbedtls_ctr_drbg_reseed(ctx, additional, add_len)) != 0) {
-        if( ( ret = mbedtls_ctr_drbg_reseed( ctx, additional, add_len ) ) != 0 )
+            return ret;
-        {
-            return( ret );
         }
         add_len = 0;
     }
 
-    if( add_len > 0 )
+    if (add_len > 0) {
-    {
+        if ((ret = block_cipher_df(add_input, additional, add_len)) != 0) {
-        if( ( ret = block_cipher_df( add_input, additional, add_len ) ) != 0 )
-            goto exit;
-        if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
             goto exit;
         }
+        if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
+            goto exit;
+        }
+    }
 
-    while( output_len > 0 )
+    while (output_len > 0) {
-    {
         /*
          * Increase counter
          */
-        for( i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i-- )
+        for (i = MBEDTLS_CTR_DRBG_BLOCKSIZE; i > 0; i--) {
-            if( ++ctx->counter[i - 1] != 0 )
+            if (++ctx->counter[i - 1] != 0) {
                 break;
+            }
+        }
 
         /*
          * Crypt counter block
          */
         if ((ret = mbedtls_aes_crypt_ecb(&ctx->aes_ctx, MBEDTLS_AES_ENCRYPT,
-                                           ctx->counter, tmp ) ) != 0 )
+                                         ctx->counter, tmp)) != 0) {
-        {
             goto exit;
         }
 
@@ -555,15 +559,16 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
         output_len -= use_len;
     }
 
-    if( ( ret = ctr_drbg_update_internal( ctx, add_input ) ) != 0 )
+    if ((ret = ctr_drbg_update_internal(ctx, add_input)) != 0) {
         goto exit;
+    }
 
     ctx->reseed_counter++;
 
 exit:
     mbedtls_platform_zeroize(add_input, sizeof(add_input));
     mbedtls_platform_zeroize(tmp, sizeof(tmp));
-    return( ret );
+    return ret;
 }
 
 int mbedtls_ctr_drbg_random(void *p_rng, unsigned char *output,
@@ -573,18 +578,20 @@ int mbedtls_ctr_drbg_random( void *p_rng, unsigned char *output,
     mbedtls_ctr_drbg_context *ctx = (mbedtls_ctr_drbg_context *) p_rng;
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
-        return( ret );
+        return ret;
+    }
 #endif
 
     ret = mbedtls_ctr_drbg_random_with_add(ctx, output, output_len, NULL, 0);
 
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_FS_IO)
@@ -595,23 +602,22 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx,
     FILE *f;
     unsigned char buf[MBEDTLS_CTR_DRBG_MAX_INPUT];
 
-    if( ( f = fopen( path, "wb" ) ) == NULL )
+    if ((f = fopen(path, "wb")) == NULL) {
-        return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
+        return MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
+    }
 
     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
     mbedtls_setbuf(f, NULL);
 
     if ((ret = mbedtls_ctr_drbg_random(ctx, buf,
-                                         MBEDTLS_CTR_DRBG_MAX_INPUT ) ) != 0 )
+                                       MBEDTLS_CTR_DRBG_MAX_INPUT)) != 0) {
         goto exit;
+    }
 
     if (fwrite(buf, 1, MBEDTLS_CTR_DRBG_MAX_INPUT, f) !=
-        MBEDTLS_CTR_DRBG_MAX_INPUT )
+        MBEDTLS_CTR_DRBG_MAX_INPUT) {
-    {
         ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
-    }
+    } else {
-    else
-    {
         ret = 0;
     }
 
@@ -619,7 +625,7 @@ exit:
     mbedtls_platform_zeroize(buf, sizeof(buf));
 
     fclose(f);
-    return( ret );
+    return ret;
 }
 
 int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx,
@@ -631,20 +637,19 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx,
     unsigned char buf[MBEDTLS_CTR_DRBG_MAX_INPUT];
     unsigned char c;
 
-    if( ( f = fopen( path, "rb" ) ) == NULL )
+    if ((f = fopen(path, "rb")) == NULL) {
-        return( MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR );
+        return MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
+    }
 
     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
     mbedtls_setbuf(f, NULL);
 
     n = fread(buf, 1, sizeof(buf), f);
-    if( fread( &c, 1, 1, f ) != 0 )
+    if (fread(&c, 1, 1, f) != 0) {
-    {
         ret = MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG;
         goto exit;
     }
-    if( n == 0 || ferror( f ) )
+    if (n == 0 || ferror(f)) {
-    {
         ret = MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR;
         goto exit;
     }
@@ -655,11 +660,13 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx,
 
 exit:
     mbedtls_platform_zeroize(buf, sizeof(buf));
-    if( f != NULL )
+    if (f != NULL) {
         fclose(f);
-    if( ret != 0 )
+    }
-        return( ret );
+    if (ret != 0) {
-    return( mbedtls_ctr_drbg_write_seed_file( ctx, path ) );
+        return ret;
+    }
+    return mbedtls_ctr_drbg_write_seed_file(ctx, path);
 }
 #endif /* MBEDTLS_FS_IO */
 
@@ -802,14 +809,14 @@ static int ctr_drbg_self_test_entropy( void *data, unsigned char *buf,
     const unsigned char *p = data;
     memcpy(buf, p + test_offset, len);
     test_offset += len;
-    return( 0 );
+    return 0;
 }
 
 #define CHK(c)    if ((c) != 0)                          \
     {                                       \
         if (verbose != 0)                  \
         mbedtls_printf("failed\n");  \
-                        return( 1 );                        \
+        return 1;                        \
     }
 
 #define SELF_TEST_OUTPUT_DISCARD_LENGTH 64
@@ -827,8 +834,9 @@ int mbedtls_ctr_drbg_self_test( int verbose )
     /*
      * Based on a NIST CTR_DRBG test vector (PR = True)
      */
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("  CTR_DRBG (PR = TRUE) : ");
+    }
 
     test_offset = 0;
     mbedtls_ctr_drbg_set_entropy_len(&ctx, MBEDTLS_CTR_DRBG_KEYSIZE);
@@ -844,14 +852,16 @@ int mbedtls_ctr_drbg_self_test( int verbose )
 
     mbedtls_ctr_drbg_free(&ctx);
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("passed\n");
+    }
 
     /*
      * Based on a NIST CTR_DRBG test vector (PR = FALSE)
      */
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("  CTR_DRBG (PR = FALSE): ");
+    }
 
     mbedtls_ctr_drbg_init(&ctx);
 
@@ -869,13 +879,15 @@ int mbedtls_ctr_drbg_self_test( int verbose )
 
     mbedtls_ctr_drbg_free(&ctx);
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("passed\n");
+    }
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("\n");
+    }
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_SELF_TEST */
 

library/debug.c

@@ -72,8 +72,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
     if (NULL == ssl              ||
         NULL == ssl->conf        ||
         NULL == ssl->conf->f_dbg ||
-        level > debug_threshold )
+        level > debug_threshold) {
-    {
         return;
     }
 
@@ -81,8 +80,7 @@ void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
     ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp);
     va_end(argp);
 
-    if( ret >= 0 && ret < DEBUG_BUF_SIZE - 1 )
+    if (ret >= 0 && ret < DEBUG_BUF_SIZE - 1) {
-    {
         str[ret]     = '\n';
         str[ret + 1] = '\0';
     }
@@ -99,8 +97,7 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
     if (NULL == ssl              ||
         NULL == ssl->conf        ||
         NULL == ssl->conf->f_dbg ||
-        level > debug_threshold )
+        level > debug_threshold) {
-    {
         return;
     }
 
@@ -109,8 +106,9 @@ void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
      * the logs would be quickly flooded with WANT_READ, so ignore that.
      * Don't ignore WANT_WRITE however, since it is usually rare.
      */
-    if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+    if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
         return;
+    }
 
     mbedtls_snprintf(str, sizeof(str), "%s() returned %d (-0x%04x)\n",
                      text, ret, (unsigned int) -ret);
@@ -129,8 +127,7 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
     if (NULL == ssl              ||
         NULL == ssl->conf        ||
         NULL == ssl->conf->f_dbg ||
-        level > debug_threshold )
+        level > debug_threshold) {
-    {
         return;
     }
 
@@ -141,15 +138,13 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
 
     idx = 0;
     memset(txt, 0, sizeof(txt));
-    for( i = 0; i < len; i++ )
+    for (i = 0; i < len; i++) {
-    {
+        if (i >= 4096) {
-        if( i >= 4096 )
             break;
+        }
 
-        if( i % 16 == 0 )
+        if (i % 16 == 0) {
-        {
+            if (i > 0) {
-            if( i > 0 )
-            {
                 mbedtls_snprintf(str + idx, sizeof(str) - idx, "  %s\n", txt);
                 debug_send_line(ssl, level, file, line, str);
 
@@ -167,10 +162,10 @@ void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
         txt[i % 16] = (buf[i] > 31 && buf[i] < 127) ? buf[i] : '.';
     }
 
-    if( len > 0 )
+    if (len > 0) {
-    {
+        for (/* i = i */; i % 16 != 0; i++) {
-        for( /* i = i */; i % 16 != 0; i++ )
             idx += mbedtls_snprintf(str + idx, sizeof(str) - idx, "   ");
+        }
 
         mbedtls_snprintf(str + idx, sizeof(str) - idx, "  %s\n", txt);
         debug_send_line(ssl, level, file, line, str);
@@ -187,8 +182,7 @@ void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
     if (NULL == ssl              ||
         NULL == ssl->conf        ||
         NULL == ssl->conf->f_dbg ||
-        level > debug_threshold )
+        level > debug_threshold) {
-    {
         return;
     }
 
@@ -213,8 +207,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
         NULL == ssl->conf        ||
         NULL == ssl->conf->f_dbg ||
         NULL == X                ||
-        level > debug_threshold )
+        level > debug_threshold) {
-    {
         return;
     }
 
@@ -224,16 +217,12 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
                      text, (unsigned) bitlen);
     debug_send_line(ssl, level, file, line, str);
 
-    if( bitlen == 0 )
+    if (bitlen == 0) {
-    {
         str[0] = ' '; str[1] = '0'; str[2] = '0';
         idx = 3;
-    }
+    } else {
-    else
-    {
         int n;
-        for( n = (int) ( ( bitlen - 1 ) / 8 ); n >= 0; n-- )
+        for (n = (int) ((bitlen - 1) / 8); n >= 0; n--) {
-        {
             size_t limb_offset = n / sizeof(mbedtls_mpi_uint);
             size_t offset_in_limb = n % sizeof(mbedtls_mpi_uint);
             unsigned char octet =
@@ -241,8 +230,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
             mbedtls_snprintf(str + idx, sizeof(str) - idx, " %02x", octet);
             idx += 3;
             /* Wrap lines after 16 octets that each take 3 columns */
-            if( idx >= 3 * 16 )
+            if (idx >= 3 * 16) {
-            {
                 mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
                 debug_send_line(ssl, level, file, line, str);
                 idx = 0;
@@ -250,8 +238,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
         }
     }
 
-    if( idx != 0 )
+    if (idx != 0) {
-    {
         mbedtls_snprintf(str + idx, sizeof(str) - idx, "\n");
         debug_send_line(ssl, level, file, line, str);
     }
@@ -269,31 +256,30 @@ static void debug_print_pk( const mbedtls_ssl_context *ssl, int level,
 
     memset(items, 0, sizeof(items));
 
-    if( mbedtls_pk_debug( pk, items ) != 0 )
+    if (mbedtls_pk_debug(pk, items) != 0) {
-    {
         debug_send_line(ssl, level, file, line,
                         "invalid PK context\n");
         return;
     }
 
-    for( i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++ )
+    for (i = 0; i < MBEDTLS_PK_DEBUG_MAX_ITEMS; i++) {
-    {
+        if (items[i].type == MBEDTLS_PK_DEBUG_NONE) {
-        if( items[i].type == MBEDTLS_PK_DEBUG_NONE )
             return;
+        }
 
         mbedtls_snprintf(name, sizeof(name), "%s%s", text, items[i].name);
         name[sizeof(name) - 1] = '\0';
 
-        if( items[i].type == MBEDTLS_PK_DEBUG_MPI )
+        if (items[i].type == MBEDTLS_PK_DEBUG_MPI) {
             mbedtls_debug_print_mpi(ssl, level, file, line, name, items[i].value);
-        else
+        } else
 #if defined(MBEDTLS_ECP_C)
-        if( items[i].type == MBEDTLS_PK_DEBUG_ECP )
+        if (items[i].type == MBEDTLS_PK_DEBUG_ECP) {
             mbedtls_debug_print_ecp(ssl, level, file, line, name, items[i].value);
-        else
+        } else
 #endif
-            debug_send_line( ssl, level, file, line,
+        { debug_send_line(ssl, level, file, line,
-                              "should not happen\n" );
+                          "should not happen\n"); }
     }
 }
 
@@ -304,13 +290,12 @@ static void debug_print_line_by_line( const mbedtls_ssl_context *ssl, int level,
     const char *start, *cur;
 
     start = text;
-    for( cur = text; *cur != '\0'; cur++ )
+    for (cur = text; *cur != '\0'; cur++) {
-    {
+        if (*cur == '\n') {
-        if( *cur == '\n' )
-        {
             size_t len = cur - start + 1;
-            if( len > DEBUG_BUF_SIZE - 1 )
+            if (len > DEBUG_BUF_SIZE - 1) {
                 len = DEBUG_BUF_SIZE - 1;
+            }
 
             memcpy(str, start, len);
             str[len] = '\0';
@@ -333,13 +318,11 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
         NULL == ssl->conf        ||
         NULL == ssl->conf->f_dbg ||
         NULL == crt              ||
-        level > debug_threshold )
+        level > debug_threshold) {
-    {
         return;
     }
 
-    while( crt != NULL )
+    while (crt != NULL) {
-    {
         char buf[1024];
 
         mbedtls_snprintf(str, sizeof(str), "%s #%d:\n", text, ++i);
@@ -368,8 +351,7 @@ static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl,
     const mbedtls_ecdh_context_mbed *ctx = &ecdh->ctx.mbed_ecdh;
 #endif
 
-    switch( attr )
+    switch (attr) {
-    {
         case MBEDTLS_DEBUG_ECDH_Q:
             mbedtls_debug_print_ecp(ssl, level, file, line, "ECDH: Q",
                                     &ctx->Q);
@@ -395,8 +377,7 @@ void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
     mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh, attr);
 #else
-    switch( ecdh->var )
+    switch (ecdh->var) {
-    {
         default:
             mbedtls_debug_printf_ecdh_internal(ssl, level, file, line, ecdh,
                                                attr);

library/des.c

@@ -281,8 +281,9 @@ void mbedtls_des_init( mbedtls_des_context *ctx )
 
 void mbedtls_des_free(mbedtls_des_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des_context));
 }
@@ -294,30 +295,40 @@ void mbedtls_des3_init( mbedtls_des3_context *ctx )
 
 void mbedtls_des3_free(mbedtls_des3_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_des3_context));
 }
 
 static const unsigned char odd_parity_table[128] = { 1,  2,  4,  7,  8,
-        11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
+                                                     11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32,
-        47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
+                                                     35, 37, 38, 41, 42, 44,
-        82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
+                                                     47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69,
-        115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
+                                                     70, 73, 74, 76, 79, 81,
-        143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
+                                                     82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103,
-        171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
+                                                     104, 107, 109, 110, 112,
-        199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
+                                                     115, 117, 118, 121, 122, 124, 127, 128, 131,
-        227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
+                                                     133, 134, 137, 138, 140,
+                                                     143, 145, 146, 148, 151, 152, 155, 157, 158,
+                                                     161, 162, 164, 167, 168,
+                                                     171, 173, 174, 176, 179, 181, 182, 185, 186,
+                                                     188, 191, 193, 194, 196,
+                                                     199, 200, 203, 205, 206, 208, 211, 213, 214,
+                                                     217, 218, 220, 223, 224,
+                                                     227, 229, 230, 233, 234, 236, 239, 241, 242,
+                                                     244, 247, 248, 251, 253,
                                                      254 };
 
 void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE])
 {
     int i;
 
-    for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
+    for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) {
         key[i] = odd_parity_table[key[i] / 2];
     }
+}
 
 /*
  * Check the given key's parity, returns 1 on failure, 0 on SUCCESS
@@ -326,11 +337,13 @@ int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SI
 {
     int i;
 
-    for( i = 0; i < MBEDTLS_DES_KEY_SIZE; i++ )
+    for (i = 0; i < MBEDTLS_DES_KEY_SIZE; i++) {
-        if( key[i] != odd_parity_table[key[i] / 2] )
+        if (key[i] != odd_parity_table[key[i] / 2]) {
-            return( 1 );
+            return 1;
+        }
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -381,11 +394,13 @@ int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
 {
     int i;
 
-    for( i = 0; i < WEAK_KEY_COUNT; i++ )
+    for (i = 0; i < WEAK_KEY_COUNT; i++) {
-        if( memcmp( weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0 )
+        if (memcmp(weak_key_table[i], key, MBEDTLS_DES_KEY_SIZE) == 0) {
-            return( 1 );
+            return 1;
+        }
+    }
 
-    return( 0 );
+    return 0;
 }
 
 #if !defined(MBEDTLS_DES_SETKEY_ALT)
@@ -419,15 +434,11 @@ void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KE
     /*
      * calculate subkeys
      */
-    for( i = 0; i < 16; i++ )
+    for (i = 0; i < 16; i++) {
-    {
+        if (i < 2 || i == 8 || i == 15) {
-        if( i < 2 || i == 8 || i == 15 )
-        {
             X = ((X <<  1) | (X >> 27)) & 0x0FFFFFFF;
             Y = ((Y <<  1) | (Y >> 27)) & 0x0FFFFFFF;
-        }
+        } else {
-        else
-        {
             X = ((X <<  2) | (X >> 26)) & 0x0FFFFFFF;
             Y = ((Y <<  2) | (Y >> 26)) & 0x0FFFFFFF;
         }
@@ -466,7 +477,7 @@ int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MB
 {
     mbedtls_des_setkey(ctx->sk, key);
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -478,13 +489,12 @@ int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MB
 
     mbedtls_des_setkey(ctx->sk, key);
 
-    for( i = 0; i < 16; i += 2 )
+    for (i = 0; i < 16; i += 2) {
-    {
         SWAP(ctx->sk[i], ctx->sk[30 - i]);
         SWAP(ctx->sk[i + 1], ctx->sk[31 - i]);
     }
 
-    return( 0 );
+    return 0;
 }
 
 static void des3_set2key(uint32_t esk[96],
@@ -496,8 +506,7 @@ static void des3_set2key( uint32_t esk[96],
     mbedtls_des_setkey(esk, key);
     mbedtls_des_setkey(dsk + 32, key + 8);
 
-    for( i = 0; i < 32; i += 2 )
+    for (i = 0; i < 32; i += 2) {
-    {
         dsk[i] = esk[30 - i];
         dsk[i +  1] = esk[31 - i];
 
@@ -523,7 +532,7 @@ int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
     des3_set2key(ctx->sk, sk, key);
     mbedtls_platform_zeroize(sk,  sizeof(sk));
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -537,7 +546,7 @@ int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
     des3_set2key(sk, ctx->sk, key);
     mbedtls_platform_zeroize(sk,  sizeof(sk));
 
-    return( 0 );
+    return 0;
 }
 
 static void des3_set3key(uint32_t esk[96],
@@ -550,8 +559,7 @@ static void des3_set3key( uint32_t esk[96],
     mbedtls_des_setkey(dsk + 32, key +  8);
     mbedtls_des_setkey(esk + 64, key + 16);
 
-    for( i = 0; i < 32; i += 2 )
+    for (i = 0; i < 32; i += 2) {
-    {
         dsk[i] = esk[94 - i];
         dsk[i +  1] = esk[95 - i];
 
@@ -574,7 +582,7 @@ int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
     des3_set3key(ctx->sk, sk, key);
     mbedtls_platform_zeroize(sk,  sizeof(sk));
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -588,7 +596,7 @@ int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
     des3_set3key(sk, ctx->sk, key);
     mbedtls_platform_zeroize(sk,  sizeof(sk));
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -609,8 +617,7 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
 
     DES_IP(X, Y);
 
-    for( i = 0; i < 8; i++ )
+    for (i = 0; i < 8; i++) {
-    {
         DES_ROUND(Y, X);
         DES_ROUND(X, Y);
     }
@@ -620,7 +627,7 @@ int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
     MBEDTLS_PUT_UINT32_BE(Y, output, 0);
     MBEDTLS_PUT_UINT32_BE(X, output, 4);
 
-    return( 0 );
+    return 0;
 }
 #endif /* !MBEDTLS_DES_CRYPT_ECB_ALT */
 
@@ -638,33 +645,31 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char temp[8];
 
-    if( length % 8 )
+    if (length % 8) {
-        return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
+        return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH;
+    }
 
-    if( mode == MBEDTLS_DES_ENCRYPT )
+    if (mode == MBEDTLS_DES_ENCRYPT) {
-    {
+        while (length > 0) {
-        while( length > 0 )
-        {
             mbedtls_xor(output, input, iv, 8);
 
             ret = mbedtls_des_crypt_ecb(ctx, output, output);
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
             memcpy(iv, output, 8);
 
             input  += 8;
             output += 8;
             length -= 8;
         }
-    }
+    } else { /* MBEDTLS_DES_DECRYPT */
-    else /* MBEDTLS_DES_DECRYPT */
+        while (length > 0) {
-    {
-        while( length > 0 )
-        {
             memcpy(temp, input, 8);
             ret = mbedtls_des_crypt_ecb(ctx, input, output);
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
 
             mbedtls_xor(output, output, iv, 8);
 
@@ -678,7 +683,7 @@ int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
     ret = 0;
 
 exit:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
@@ -700,20 +705,17 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
 
     DES_IP(X, Y);
 
-    for( i = 0; i < 8; i++ )
+    for (i = 0; i < 8; i++) {
-    {
         DES_ROUND(Y, X);
         DES_ROUND(X, Y);
     }
 
-    for( i = 0; i < 8; i++ )
+    for (i = 0; i < 8; i++) {
-    {
         DES_ROUND(X, Y);
         DES_ROUND(Y, X);
     }
 
-    for( i = 0; i < 8; i++ )
+    for (i = 0; i < 8; i++) {
-    {
         DES_ROUND(Y, X);
         DES_ROUND(X, Y);
     }
@@ -723,7 +725,7 @@ int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
     MBEDTLS_PUT_UINT32_BE(Y, output, 0);
     MBEDTLS_PUT_UINT32_BE(X, output, 4);
 
-    return( 0 );
+    return 0;
 }
 #endif /* !MBEDTLS_DES3_CRYPT_ECB_ALT */
 
@@ -741,33 +743,31 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     unsigned char temp[8];
 
-    if( length % 8 )
+    if (length % 8) {
-        return( MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH );
+        return MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH;
+    }
 
-    if( mode == MBEDTLS_DES_ENCRYPT )
+    if (mode == MBEDTLS_DES_ENCRYPT) {
-    {
+        while (length > 0) {
-        while( length > 0 )
-        {
             mbedtls_xor(output, input, iv, 8);
 
             ret = mbedtls_des3_crypt_ecb(ctx, output, output);
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
             memcpy(iv, output, 8);
 
             input  += 8;
             output += 8;
             length -= 8;
         }
-    }
+    } else { /* MBEDTLS_DES_DECRYPT */
-    else /* MBEDTLS_DES_DECRYPT */
+        while (length > 0) {
-    {
-        while( length > 0 )
-        {
             memcpy(temp, input, 8);
             ret = mbedtls_des3_crypt_ecb(ctx, input, output);
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
 
             mbedtls_xor(output, output, iv, 8);
 
@@ -781,7 +781,7 @@ int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
     ret = 0;
 
 exit:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
@@ -859,20 +859,19 @@ int mbedtls_des_self_test( int verbose )
     /*
      * ECB mode
      */
-    for( i = 0; i < 6; i++ )
+    for (i = 0; i < 6; i++) {
-    {
         u = i >> 1;
         v = i  & 1;
 
-        if( verbose != 0 )
+        if (verbose != 0) {
             mbedtls_printf("  DES%c-ECB-%3d (%s): ",
                            (u == 0) ? ' ' : '3', 56 + u * 56,
                            (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc");
+        }
 
         memcpy(buf, des3_test_buf, 8);
 
-        switch( i )
+        switch (i) {
-        {
             case 0:
                 ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys);
                 break;
@@ -898,60 +897,63 @@ int mbedtls_des_self_test( int verbose )
                 break;
 
             default:
-            return( 1 );
+                return 1;
         }
-        if( ret != 0 )
+        if (ret != 0) {
             goto exit;
+        }
 
-        for( j = 0; j < 100; j++ )
+        for (j = 0; j < 100; j++) {
-        {
+            if (u == 0) {
-            if( u == 0 )
                 ret = mbedtls_des_crypt_ecb(&ctx, buf, buf);
-            else
+            } else {
                 ret = mbedtls_des3_crypt_ecb(&ctx3, buf, buf);
-            if( ret != 0 )
+            }
+            if (ret != 0) {
                 goto exit;
             }
+        }
 
         if ((v == MBEDTLS_DES_DECRYPT &&
              memcmp(buf, des3_test_ecb_dec[u], 8) != 0) ||
             (v != MBEDTLS_DES_DECRYPT &&
-                memcmp( buf, des3_test_ecb_enc[u], 8 ) != 0 ) )
+             memcmp(buf, des3_test_ecb_enc[u], 8) != 0)) {
-        {
+            if (verbose != 0) {
-            if( verbose != 0 )
                 mbedtls_printf("failed\n");
+            }
 
             ret = 1;
             goto exit;
         }
 
-        if( verbose != 0 )
+        if (verbose != 0) {
             mbedtls_printf("passed\n");
         }
+    }
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("\n");
+    }
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
     /*
      * CBC mode
      */
-    for( i = 0; i < 6; i++ )
+    for (i = 0; i < 6; i++) {
-    {
         u = i >> 1;
         v = i  & 1;
 
-        if( verbose != 0 )
+        if (verbose != 0) {
             mbedtls_printf("  DES%c-CBC-%3d (%s): ",
                            (u == 0) ? ' ' : '3', 56 + u * 56,
                            (v == MBEDTLS_DES_DECRYPT) ? "dec" : "enc");
+        }
 
         memcpy(iv,  des3_test_iv,  8);
         memcpy(prv, des3_test_iv,  8);
         memcpy(buf, des3_test_buf, 8);
 
-        switch( i )
+        switch (i) {
-        {
             case 0:
                 ret = mbedtls_des_setkey_dec(&ctx, des3_test_keys);
                 break;
@@ -977,35 +979,35 @@ int mbedtls_des_self_test( int verbose )
                 break;
 
             default:
-            return( 1 );
+                return 1;
         }
-        if( ret != 0 )
+        if (ret != 0) {
             goto exit;
+        }
 
-        if( v == MBEDTLS_DES_DECRYPT )
+        if (v == MBEDTLS_DES_DECRYPT) {
-        {
+            for (j = 0; j < 100; j++) {
-            for( j = 0; j < 100; j++ )
+                if (u == 0) {
-            {
-                if( u == 0 )
                     ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf);
-                else
+                } else {
                     ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf);
-                if( ret != 0 )
+                }
+                if (ret != 0) {
                     goto exit;
                 }
             }
-        else
+        } else {
-        {
+            for (j = 0; j < 100; j++) {
-            for( j = 0; j < 100; j++ )
-            {
                 unsigned char tmp[8];
 
-                if( u == 0 )
+                if (u == 0) {
                     ret = mbedtls_des_crypt_cbc(&ctx, v, 8, iv, buf, buf);
-                else
+                } else {
                     ret = mbedtls_des3_crypt_cbc(&ctx3, v, 8, iv, buf, buf);
-                if( ret != 0 )
+                }
+                if (ret != 0) {
                     goto exit;
+                }
 
                 memcpy(tmp, prv, 8);
                 memcpy(prv, buf, 8);
@@ -1018,30 +1020,33 @@ int mbedtls_des_self_test( int verbose )
         if ((v == MBEDTLS_DES_DECRYPT &&
              memcmp(buf, des3_test_cbc_dec[u], 8) != 0) ||
             (v != MBEDTLS_DES_DECRYPT &&
-                memcmp( buf, des3_test_cbc_enc[u], 8 ) != 0 ) )
+             memcmp(buf, des3_test_cbc_enc[u], 8) != 0)) {
-        {
+            if (verbose != 0) {
-            if( verbose != 0 )
                 mbedtls_printf("failed\n");
+            }
 
             ret = 1;
             goto exit;
         }
 
-        if( verbose != 0 )
+        if (verbose != 0) {
             mbedtls_printf("passed\n");
         }
+    }
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("\n");
+    }
 
 exit:
     mbedtls_des_free(&ctx);
     mbedtls_des3_free(&ctx3);
 
-    if( ret != 0 )
+    if (ret != 0) {
         ret = 1;
-    return( ret );
+    }
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST */

library/dhm.c

@@ -56,21 +56,24 @@ static int dhm_read_bignum( mbedtls_mpi *X,
 {
     int ret, n;
 
-    if( end - *p < 2 )
+    if (end - *p < 2) {
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+    }
 
     n = ((*p)[0] << 8) | (*p)[1];
     (*p) += 2;
 
-    if( (int)( end - *p ) < n )
+    if ((int) (end - *p) < n) {
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+    }
 
-    if( ( ret = mbedtls_mpi_read_binary( X, *p, n ) ) != 0 )
+    if ((ret = mbedtls_mpi_read_binary(X, *p, n)) != 0) {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PARAMS_FAILED, ret ) );
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_READ_PARAMS_FAILED, ret);
+    }
 
     (*p) += n;
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -95,14 +98,13 @@ static int dhm_check_range( const mbedtls_mpi *param, const mbedtls_mpi *P )
     MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&U, P, 2));
 
     if (mbedtls_mpi_cmp_int(param, 2) < 0 ||
-        mbedtls_mpi_cmp_mpi( param, &U ) > 0 )
+        mbedtls_mpi_cmp_mpi(param, &U) > 0) {
-    {
         ret = MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
     }
 
 cleanup:
     mbedtls_mpi_free(&U);
-    return( ret );
+    return ret;
 }
 
 void mbedtls_dhm_init(mbedtls_dhm_context *ctx)
@@ -112,12 +114,12 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx )
 
 size_t mbedtls_dhm_get_bitlen(const mbedtls_dhm_context *ctx)
 {
-    return( mbedtls_mpi_bitlen( &ctx->P ) );
+    return mbedtls_mpi_bitlen(&ctx->P);
 }
 
 size_t mbedtls_dhm_get_len(const mbedtls_dhm_context *ctx)
 {
-    return( mbedtls_mpi_size( &ctx->P ) );
+    return mbedtls_mpi_size(&ctx->P);
 }
 
 int mbedtls_dhm_get_value(const mbedtls_dhm_context *ctx,
@@ -125,8 +127,7 @@ int mbedtls_dhm_get_value( const mbedtls_dhm_context *ctx,
                           mbedtls_mpi *dest)
 {
     const mbedtls_mpi *src = NULL;
-    switch( param )
+    switch (param) {
-    {
         case MBEDTLS_DHM_PARAM_P:
             src = &ctx->P;
             break;
@@ -146,9 +147,9 @@ int mbedtls_dhm_get_value( const mbedtls_dhm_context *ctx,
             src = &ctx->K;
             break;
         default:
-            return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
     }
-    return( mbedtls_mpi_copy( dest, src ) );
+    return mbedtls_mpi_copy(dest, src);
 }
 
 /*
@@ -162,13 +163,15 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
 
     if ((ret = dhm_read_bignum(&ctx->P,  p, end)) != 0 ||
         (ret = dhm_read_bignum(&ctx->G,  p, end)) != 0 ||
-        ( ret = dhm_read_bignum( &ctx->GY, p, end ) ) != 0 )
+        (ret = dhm_read_bignum(&ctx->GY, p, end)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
+    if ((ret = dhm_check_range(&ctx->GY, &ctx->P)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -183,7 +186,7 @@ static int dhm_random_below( mbedtls_mpi *R, const mbedtls_mpi *M,
     MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(R, R, 1));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 static int dhm_make_common(mbedtls_dhm_context *ctx, int x_size,
@@ -192,23 +195,24 @@ static int dhm_make_common( mbedtls_dhm_context *ctx, int x_size,
 {
     int ret = 0;
 
-    if( mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 )
+    if (mbedtls_mpi_cmp_int(&ctx->P, 0) == 0) {
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
-    if( x_size < 0 )
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
-
-    if( (unsigned) x_size < mbedtls_mpi_size( &ctx->P ) )
-    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) );
     }
-    else
+    if (x_size < 0) {
-    {
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+    }
+
+    if ((unsigned) x_size < mbedtls_mpi_size(&ctx->P)) {
+        MBEDTLS_MPI_CHK(mbedtls_mpi_fill_random(&ctx->X, x_size, f_rng, p_rng));
+    } else {
         /* Generate X as large as possible ( <= P - 2 ) */
         ret = dhm_random_below(&ctx->X, &ctx->P, f_rng, p_rng);
-        if( ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE )
+        if (ret == MBEDTLS_ERR_MPI_NOT_ACCEPTABLE) {
-            return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED );
+            return MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED;
-        if( ret != 0 )
+        }
-            return( ret );
+        if (ret != 0) {
+            return ret;
+        }
     }
 
     /*
@@ -217,11 +221,12 @@ static int dhm_make_common( mbedtls_dhm_context *ctx, int x_size,
     MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&ctx->GX, &ctx->G, &ctx->X,
                                         &ctx->P, &ctx->RP));
 
-    if( ( ret = dhm_check_range( &ctx->GX, &ctx->P ) ) != 0 )
+    if ((ret = dhm_check_range(&ctx->GX, &ctx->P)) != 0) {
-        return( ret );
+        return ret;
+    }
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
@@ -237,8 +242,9 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
     unsigned char *p;
 
     ret = dhm_make_common(ctx, x_size, f_rng, p_rng);
-    if( ret != 0 )
+    if (ret != 0) {
         goto cleanup;
+    }
 
     /*
      * Export P, G, GX. RFC 5246 §4.4 states that "leading zero octets are
@@ -266,9 +272,10 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
     *olen = p - output;
 
 cleanup:
-    if( ret != 0 && ret > -128 )
+    if (ret != 0 && ret > -128) {
         ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret);
-    return( ret );
+    }
+    return ret;
 }
 
 /*
@@ -281,12 +288,11 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     if ((ret = mbedtls_mpi_copy(&ctx->P, P)) != 0 ||
-        ( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
+        (ret = mbedtls_mpi_copy(&ctx->G, G)) != 0) {
-    {
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret);
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret ) );
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -297,13 +303,15 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( ilen < 1 || ilen > mbedtls_dhm_get_len( ctx ) )
+    if (ilen < 1 || ilen > mbedtls_dhm_get_len(ctx)) {
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+    }
 
-    if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
+    if ((ret = mbedtls_mpi_read_binary(&ctx->GY, input, ilen)) != 0) {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED, ret ) );
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED, ret);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -316,21 +324,25 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
 {
     int ret;
 
-    if( olen < 1 || olen > mbedtls_dhm_get_len( ctx ) )
+    if (olen < 1 || olen > mbedtls_dhm_get_len(ctx)) {
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+    }
 
     ret = dhm_make_common(ctx, x_size, f_rng, p_rng);
-    if( ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED )
+    if (ret == MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED) {
-        return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED );
+        return MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED;
-    if( ret != 0 )
+    }
+    if (ret != 0) {
         goto cleanup;
+    }
 
     MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&ctx->GX, output, olen));
 
 cleanup:
-    if( ret != 0 && ret > -128 )
+    if (ret != 0 && ret > -128) {
         ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret);
-    return( ret );
+    }
+    return ret;
 }
 
 
@@ -352,28 +364,26 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx,
      * Don't use any blinding the first time a particular X is used,
      * but remember it to use blinding next time.
      */
-    if( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->pX ) != 0 )
+    if (mbedtls_mpi_cmp_mpi(&ctx->X, &ctx->pX) != 0) {
-    {
         MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&ctx->pX, &ctx->X));
         MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vi, 1));
         MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ctx->Vf, 1));
 
-        return( 0 );
+        return 0;
     }
 
     /*
      * Ok, we need blinding. Can we re-use existing values?
      * If yes, just update them by squaring them.
      */
-    if( mbedtls_mpi_cmp_int( &ctx->Vi, 1 ) != 0 )
+    if (mbedtls_mpi_cmp_int(&ctx->Vi, 1) != 0) {
-    {
         MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vi, &ctx->Vi, &ctx->Vi));
         MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vi, &ctx->Vi, &ctx->P));
 
         MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&ctx->Vf, &ctx->Vf, &ctx->Vf));
         MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(&ctx->Vf, &ctx->Vf, &ctx->P));
 
-        return( 0 );
+        return 0;
     }
 
     /*
@@ -398,7 +408,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx,
 cleanup:
     mbedtls_mpi_free(&R);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -412,14 +422,17 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi GYb;
 
-    if( f_rng == NULL )
+    if (f_rng == NULL) {
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+    }
 
-    if( output_size < mbedtls_dhm_get_len( ctx ) )
+    if (output_size < mbedtls_dhm_get_len(ctx)) {
-        return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_DHM_BAD_INPUT_DATA;
+    }
 
-    if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 )
+    if ((ret = dhm_check_range(&ctx->GY, &ctx->P)) != 0) {
-        return( ret );
+        return ret;
+    }
 
     mbedtls_mpi_init(&GYb);
 
@@ -444,10 +457,11 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
 cleanup:
     mbedtls_mpi_free(&GYb);
 
-    if( ret != 0 )
+    if (ret != 0) {
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_CALC_SECRET_FAILED, ret ) );
+        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_CALC_SECRET_FAILED, ret);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -455,8 +469,9 @@ cleanup:
  */
 void mbedtls_dhm_free(mbedtls_dhm_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
     mbedtls_mpi_free(&ctx->pX);
     mbedtls_mpi_free(&ctx->Vf);
@@ -490,23 +505,23 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
     mbedtls_pem_init(&pem);
 
     /* Avoid calling mbedtls_pem_read_buffer() on non-null-terminated string */
-    if( dhminlen == 0 || dhmin[dhminlen - 1] != '\0' )
+    if (dhminlen == 0 || dhmin[dhminlen - 1] != '\0') {
         ret = MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT;
-    else
+    } else {
         ret = mbedtls_pem_read_buffer(&pem,
                                       "-----BEGIN DH PARAMETERS-----",
                                       "-----END DH PARAMETERS-----",
                                       dhmin, NULL, 0, &dhminlen);
+    }
 
-    if( ret == 0 )
+    if (ret == 0) {
-    {
         /*
          * Was PEM encoded
          */
         dhminlen = pem.buflen;
-    }
+    } else if (ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT) {
-    else if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
         goto exit;
+    }
 
     p = (ret == 0) ? pem.buf : (unsigned char *) dhmin;
 #else
@@ -522,8 +537,7 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
      *  }
      */
     if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
-            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
-    {
         ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);
         goto exit;
     }
@@ -531,27 +545,23 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
     end = p + len;
 
     if ((ret = mbedtls_asn1_get_mpi(&p, end, &dhm->P)) != 0 ||
-        ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
+        (ret = mbedtls_asn1_get_mpi(&p, end, &dhm->G)) != 0) {
-    {
         ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);
         goto exit;
     }
 
-    if( p != end )
+    if (p != end) {
-    {
         /* This might be the optional privateValueLength.
          * If so, we can cleanly discard it */
         mbedtls_mpi rec;
         mbedtls_mpi_init(&rec);
         ret = mbedtls_asn1_get_mpi(&p, end, &rec);
         mbedtls_mpi_free(&rec);
-        if ( ret != 0 )
+        if (ret != 0) {
-        {
             ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT, ret);
             goto exit;
         }
-        if ( p != end )
+        if (p != end) {
-        {
             ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_DHM_INVALID_FORMAT,
                                     MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
             goto exit;
@@ -564,10 +574,11 @@ exit:
 #if defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_pem_free(&pem);
 #endif
-    if( ret != 0 )
+    if (ret != 0) {
         mbedtls_dhm_free(dhm);
+    }
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_FS_IO)
@@ -583,45 +594,44 @@ static int load_file( const char *path, unsigned char **buf, size_t *n )
     FILE *f;
     long size;
 
-    if( ( f = fopen( path, "rb" ) ) == NULL )
+    if ((f = fopen(path, "rb")) == NULL) {
-        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
+        return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
+    }
     /* The data loaded here is public, so don't bother disabling buffering. */
 
     fseek(f, 0, SEEK_END);
-    if( ( size = ftell( f ) ) == -1 )
+    if ((size = ftell(f)) == -1) {
-    {
         fclose(f);
-        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
+        return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
     }
     fseek(f, 0, SEEK_SET);
 
     *n = (size_t) size;
 
     if (*n + 1 == 0 ||
-        ( *buf = mbedtls_calloc( 1, *n + 1 ) ) == NULL )
+        (*buf = mbedtls_calloc(1, *n + 1)) == NULL) {
-    {
         fclose(f);
-        return( MBEDTLS_ERR_DHM_ALLOC_FAILED );
+        return MBEDTLS_ERR_DHM_ALLOC_FAILED;
     }
 
-    if( fread( *buf, 1, *n, f ) != *n )
+    if (fread(*buf, 1, *n, f) != *n) {
-    {
         fclose(f);
 
         mbedtls_platform_zeroize(*buf, *n + 1);
         mbedtls_free(*buf);
 
-        return( MBEDTLS_ERR_DHM_FILE_IO_ERROR );
+        return MBEDTLS_ERR_DHM_FILE_IO_ERROR;
     }
 
     fclose(f);
 
     (*buf)[*n] = '\0';
 
-    if( strstr( (const char *) *buf, "-----BEGIN " ) != NULL )
+    if (strstr((const char *) *buf, "-----BEGIN ") != NULL) {
         ++*n;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -633,15 +643,16 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
     size_t n;
     unsigned char *buf;
 
-    if( ( ret = load_file( path, &buf, &n ) ) != 0 )
+    if ((ret = load_file(path, &buf, &n)) != 0) {
-        return( ret );
+        return ret;
+    }
 
     ret = mbedtls_dhm_parse_dhm(dhm, buf, n);
 
     mbedtls_platform_zeroize(buf, n);
     mbedtls_free(buf);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_FS_IO */
 #endif /* MBEDTLS_ASN1_PARSE_C */
@@ -669,7 +680,8 @@ static const char mbedtls_test_dhm_params[] = {
     0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64,
     0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8,
     0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f,
-  0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 };
+    0x49, 0x75, 0xb3, 0x02, 0x01, 0x02
+};
 #endif /* MBEDTLS_PEM_PARSE_C */
 
 static const size_t mbedtls_test_dhm_params_len = sizeof(mbedtls_test_dhm_params);
@@ -684,27 +696,29 @@ int mbedtls_dhm_self_test( int verbose )
 
     mbedtls_dhm_init(&dhm);
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("  DHM parameter load: ");
+    }
 
     if ((ret = mbedtls_dhm_parse_dhm(&dhm,
                                      (const unsigned char *) mbedtls_test_dhm_params,
-                    mbedtls_test_dhm_params_len ) ) != 0 )
+                                     mbedtls_test_dhm_params_len)) != 0) {
-    {
+        if (verbose != 0) {
-        if( verbose != 0 )
             mbedtls_printf("failed\n");
+        }
 
         ret = 1;
         goto exit;
     }
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("passed\n\n");
+    }
 
 exit:
     mbedtls_dhm_free(&dhm);
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST */

library/ecdh.c

@@ -42,9 +42,9 @@ static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
     const mbedtls_ecdh_context *ctx)
 {
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ctx->grp.id );
+    return ctx->grp.id;
 #else
-    return( ctx->grp_id );
+    return ctx->grp_id;
 #endif
 }
 
@@ -52,7 +52,7 @@ int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid )
 {
     /* At this time, all groups support ECDH. */
     (void) gid;
-    return( 1 );
+    return 1;
 }
 
 #if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
@@ -76,14 +76,15 @@ static int ecdh_gen_public_restartable( mbedtls_ecp_group *grp,
     restarting = (rs_ctx != NULL && rs_ctx->rsm != NULL);
 #endif
     /* If multiplication is in progress, we already generated a privkey */
-    if( !restarting )
+    if (!restarting) {
         MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, d, f_rng, p_rng));
+    }
 
     MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, Q, d, &grp->G,
                                                 f_rng, p_rng, rs_ctx));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
@@ -93,7 +94,7 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
                             int (*f_rng)(void *, unsigned char *, size_t),
                             void *p_rng)
 {
-    return( ecdh_gen_public_restartable( grp, d, Q, f_rng, p_rng, NULL ) );
+    return ecdh_gen_public_restartable(grp, d, Q, f_rng, p_rng, NULL);
 }
 #endif /* !MBEDTLS_ECDH_GEN_PUBLIC_ALT */
 
@@ -116,8 +117,7 @@ static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp,
     MBEDTLS_MPI_CHK(mbedtls_ecp_mul_restartable(grp, &P, d, Q,
                                                 f_rng, p_rng, rs_ctx));
 
-    if( mbedtls_ecp_is_zero( &P ) )
+    if (mbedtls_ecp_is_zero(&P)) {
-    {
         ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         goto cleanup;
     }
@@ -127,7 +127,7 @@ static int ecdh_compute_shared_restartable( mbedtls_ecp_group *grp,
 cleanup:
     mbedtls_ecp_point_free(&P);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -138,8 +138,8 @@ int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
                                 int (*f_rng)(void *, unsigned char *, size_t),
                                 void *p_rng)
 {
-    return( ecdh_compute_shared_restartable( grp, z, Q, d,
+    return ecdh_compute_shared_restartable(grp, z, Q, d,
-                                             f_rng, p_rng, NULL ) );
+                                           f_rng, p_rng, NULL);
 }
 #endif /* !MBEDTLS_ECDH_COMPUTE_SHARED_ALT */
 
@@ -183,12 +183,11 @@ static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     ret = mbedtls_ecp_group_load(&ctx->grp, grp_id);
-    if( ret != 0 )
+    if (ret != 0) {
-    {
+        return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
-        return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -197,23 +196,22 @@ static int ecdh_setup_internal( mbedtls_ecdh_context_mbed *ctx,
 int mbedtls_ecdh_setup(mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id)
 {
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_setup_internal( ctx, grp_id ) );
+    return ecdh_setup_internal(ctx, grp_id);
 #else
-    switch( grp_id )
+    switch (grp_id) {
-    {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECP_DP_CURVE25519:
             ctx->point_format = MBEDTLS_ECP_PF_COMPRESSED;
             ctx->var = MBEDTLS_ECDH_VARIANT_EVEREST;
             ctx->grp_id = grp_id;
-            return( mbedtls_everest_setup( &ctx->ctx.everest_ecdh, grp_id ) );
+            return mbedtls_everest_setup(&ctx->ctx.everest_ecdh, grp_id);
 #endif
         default:
             ctx->point_format = MBEDTLS_ECP_PF_UNCOMPRESSED;
             ctx->var = MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0;
             ctx->grp_id = grp_id;
             ecdh_init_internal(&ctx->ctx.mbed_ecdh);
-            return( ecdh_setup_internal( &ctx->ctx.mbed_ecdh, grp_id ) );
+            return ecdh_setup_internal(&ctx->ctx.mbed_ecdh, grp_id);
     }
 #endif
 }
@@ -246,8 +244,9 @@ void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx )
  */
 void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
     mbedtls_ecp_point_free(&ctx->Vi);
@@ -255,8 +254,7 @@ void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx )
     mbedtls_mpi_free(&ctx->_d);
     ecdh_free_internal(ctx);
 #else
-    switch( ctx->var )
+    switch (ctx->var) {
-    {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
             mbedtls_everest_free(&ctx->ctx.everest_ecdh);
@@ -290,12 +288,14 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
     mbedtls_ecp_restart_ctx *rs_ctx = NULL;
 #endif
 
-    if( ctx->grp.pbits == 0 )
+    if (ctx->grp.pbits == 0) {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( restart_enabled )
+    if (restart_enabled) {
         rs_ctx = &ctx->rs;
+    }
 #else
     (void) restart_enabled;
 #endif
@@ -303,27 +303,31 @@ static int ecdh_make_params_internal( mbedtls_ecdh_context_mbed *ctx,
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q,
-                                             f_rng, p_rng, rs_ctx ) ) != 0 )
+                                           f_rng, p_rng, rs_ctx)) != 0) {
-        return( ret );
+        return ret;
+    }
 #else
     if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q,
-                                         f_rng, p_rng ) ) != 0 )
+                                       f_rng, p_rng)) != 0) {
-        return( ret );
+        return ret;
+    }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
     if ((ret = mbedtls_ecp_tls_write_group(&ctx->grp, &grp_len, buf,
-                                             blen ) ) != 0 )
+                                           blen)) != 0) {
-        return( ret );
+        return ret;
+    }
 
     buf += grp_len;
     blen -= grp_len;
 
     if ((ret = mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format,
-                                             &pt_len, buf, blen ) ) != 0 )
+                                           &pt_len, buf, blen)) != 0) {
-        return( ret );
+        return ret;
+    }
 
     *olen = grp_len + pt_len;
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -346,21 +350,20 @@ int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
 #endif
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_make_params_internal( ctx, olen, ctx->point_format, buf, blen,
+    return ecdh_make_params_internal(ctx, olen, ctx->point_format, buf, blen,
-                                       f_rng, p_rng, restart_enabled ) );
+                                     f_rng, p_rng, restart_enabled);
 #else
-    switch( ctx->var )
+    switch (ctx->var) {
-    {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_make_params( &ctx->ctx.everest_ecdh, olen,
+            return mbedtls_everest_make_params(&ctx->ctx.everest_ecdh, olen,
-                                                 buf, blen, f_rng, p_rng ) );
+                                               buf, blen, f_rng, p_rng);
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_make_params_internal( &ctx->ctx.mbed_ecdh, olen,
+            return ecdh_make_params_internal(&ctx->ctx.mbed_ecdh, olen,
                                              ctx->point_format, buf, blen,
                                              f_rng, p_rng,
-                                               restart_enabled ) );
+                                             restart_enabled);
         default:
             return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
@@ -371,8 +374,8 @@ static int ecdh_read_params_internal( mbedtls_ecdh_context_mbed *ctx,
                                      const unsigned char **buf,
                                      const unsigned char *end)
 {
-    return( mbedtls_ecp_tls_read_point( &ctx->grp, &ctx->Qp, buf,
+    return mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, buf,
-                                        end - *buf ) );
+                                      end - *buf);
 }
 
 /*
@@ -389,25 +392,26 @@ int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_ecp_group_id grp_id;
     if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, end - *buf))
-            != 0 )
+        != 0) {
-        return( ret );
+        return ret;
+    }
 
-    if( ( ret = mbedtls_ecdh_setup( ctx, grp_id ) ) != 0 )
+    if ((ret = mbedtls_ecdh_setup(ctx, grp_id)) != 0) {
-        return( ret );
+        return ret;
+    }
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_read_params_internal( ctx, buf, end ) );
+    return ecdh_read_params_internal(ctx, buf, end);
 #else
-    switch( ctx->var )
+    switch (ctx->var) {
-    {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_read_params( &ctx->ctx.everest_ecdh,
+            return mbedtls_everest_read_params(&ctx->ctx.everest_ecdh,
-                                                 buf, end) );
+                                               buf, end);
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_read_params_internal( &ctx->ctx.mbed_ecdh,
+            return ecdh_read_params_internal(&ctx->ctx.mbed_ecdh,
-                                               buf, end ) );
+                                             buf, end);
         default:
             return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
@@ -421,18 +425,21 @@ static int ecdh_get_params_internal( mbedtls_ecdh_context_mbed *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     /* If it's not our key, just import the public part as Qp */
-    if( side == MBEDTLS_ECDH_THEIRS )
+    if (side == MBEDTLS_ECDH_THEIRS) {
-        return( mbedtls_ecp_copy( &ctx->Qp, &key->Q ) );
+        return mbedtls_ecp_copy(&ctx->Qp, &key->Q);
+    }
 
     /* Our key: import public (as Q) and private parts */
-    if( side != MBEDTLS_ECDH_OURS )
+    if (side != MBEDTLS_ECDH_OURS) {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     if ((ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0 ||
-        ( ret = mbedtls_mpi_copy( &ctx->d, &key->d ) ) != 0 )
+        (ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -443,43 +450,42 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
                             mbedtls_ecdh_side side)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    if( side != MBEDTLS_ECDH_OURS && side != MBEDTLS_ECDH_THEIRS )
+    if (side != MBEDTLS_ECDH_OURS && side != MBEDTLS_ECDH_THEIRS) {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
+    if (mbedtls_ecdh_grp_id(ctx) == MBEDTLS_ECP_DP_NONE) {
-    {
         /* This is the first call to get_params(). Set up the context
          * for use with the group. */
-        if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
+        if ((ret = mbedtls_ecdh_setup(ctx, key->grp.id)) != 0) {
-            return( ret );
+            return ret;
         }
-    else
+    } else {
-    {
         /* This is not the first call to get_params(). Check that the
          * current key's group is the same as the context's, which was set
          * from the first key's group. */
-        if( mbedtls_ecdh_grp_id( ctx ) != key->grp.id )
+        if (mbedtls_ecdh_grp_id(ctx) != key->grp.id) {
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+        }
     }
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_get_params_internal( ctx, key, side ) );
+    return ecdh_get_params_internal(ctx, key, side);
 #else
-    switch( ctx->var )
+    switch (ctx->var) {
-    {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
         {
             mbedtls_everest_ecdh_side s = side == MBEDTLS_ECDH_OURS ?
                                           MBEDTLS_EVEREST_ECDH_OURS :
                                           MBEDTLS_EVEREST_ECDH_THEIRS;
-            return( mbedtls_everest_get_params( &ctx->ctx.everest_ecdh,
+            return mbedtls_everest_get_params(&ctx->ctx.everest_ecdh,
-                                                key, s) );
+                                              key, s);
         }
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_get_params_internal( &ctx->ctx.mbed_ecdh,
+            return ecdh_get_params_internal(&ctx->ctx.mbed_ecdh,
-                                              key, side ) );
+                                            key, side);
         default:
             return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
@@ -500,24 +506,28 @@ static int ecdh_make_public_internal( mbedtls_ecdh_context_mbed *ctx,
     mbedtls_ecp_restart_ctx *rs_ctx = NULL;
 #endif
 
-    if( ctx->grp.pbits == 0 )
+    if (ctx->grp.pbits == 0) {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( restart_enabled )
+    if (restart_enabled) {
         rs_ctx = &ctx->rs;
+    }
 #else
     (void) restart_enabled;
 #endif
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     if ((ret = ecdh_gen_public_restartable(&ctx->grp, &ctx->d, &ctx->Q,
-                                             f_rng, p_rng, rs_ctx ) ) != 0 )
+                                           f_rng, p_rng, rs_ctx)) != 0) {
-        return( ret );
+        return ret;
+    }
 #else
     if ((ret = mbedtls_ecdh_gen_public(&ctx->grp, &ctx->d, &ctx->Q,
-                                         f_rng, p_rng ) ) != 0 )
+                                       f_rng, p_rng)) != 0) {
-        return( ret );
+        return ret;
+    }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
     return mbedtls_ecp_tls_write_point(&ctx->grp, &ctx->Q, point_format, olen,
@@ -538,21 +548,20 @@ int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
 #endif
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_make_public_internal( ctx, olen, ctx->point_format, buf, blen,
+    return ecdh_make_public_internal(ctx, olen, ctx->point_format, buf, blen,
-                                       f_rng, p_rng, restart_enabled ) );
+                                     f_rng, p_rng, restart_enabled);
 #else
-    switch( ctx->var )
+    switch (ctx->var) {
-    {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_make_public( &ctx->ctx.everest_ecdh, olen,
+            return mbedtls_everest_make_public(&ctx->ctx.everest_ecdh, olen,
-                                                 buf, blen, f_rng, p_rng ) );
+                                               buf, blen, f_rng, p_rng);
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_make_public_internal( &ctx->ctx.mbed_ecdh, olen,
+            return ecdh_make_public_internal(&ctx->ctx.mbed_ecdh, olen,
                                              ctx->point_format, buf, blen,
                                              f_rng, p_rng,
-                                               restart_enabled ) );
+                                             restart_enabled);
         default:
             return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
@@ -566,13 +575,15 @@ static int ecdh_read_public_internal( mbedtls_ecdh_context_mbed *ctx,
     const unsigned char *p = buf;
 
     if ((ret = mbedtls_ecp_tls_read_point(&ctx->grp, &ctx->Qp, &p,
-                                            blen ) ) != 0 )
+                                          blen)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    if( (size_t)( p - buf ) != blen )
+    if ((size_t) (p - buf) != blen) {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -582,18 +593,17 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
                              const unsigned char *buf, size_t blen)
 {
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_read_public_internal( ctx, buf, blen ) );
+    return ecdh_read_public_internal(ctx, buf, blen);
 #else
-    switch( ctx->var )
+    switch (ctx->var) {
-    {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_read_public( &ctx->ctx.everest_ecdh,
+            return mbedtls_everest_read_public(&ctx->ctx.everest_ecdh,
-                                                 buf, blen ) );
+                                               buf, blen);
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_read_public_internal( &ctx->ctx.mbed_ecdh,
+            return ecdh_read_public_internal(&ctx->ctx.mbed_ecdh,
-                                                       buf, blen ) );
+                                             buf, blen);
         default:
             return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
@@ -614,12 +624,14 @@ static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
     mbedtls_ecp_restart_ctx *rs_ctx = NULL;
 #endif
 
-    if( ctx == NULL || ctx->grp.pbits == 0 )
+    if (ctx == NULL || ctx->grp.pbits == 0) {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( restart_enabled )
+    if (restart_enabled) {
         rs_ctx = &ctx->rs;
+    }
 #else
     (void) restart_enabled;
 #endif
@@ -627,25 +639,25 @@ static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
 #if defined(MBEDTLS_ECP_RESTARTABLE)
     if ((ret = ecdh_compute_shared_restartable(&ctx->grp, &ctx->z, &ctx->Qp,
                                                &ctx->d, f_rng, p_rng,
-                                                 rs_ctx ) ) != 0 )
+                                               rs_ctx)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 #else
     if ((ret = mbedtls_ecdh_compute_shared(&ctx->grp, &ctx->z, &ctx->Qp,
-                                             &ctx->d, f_rng, p_rng ) ) != 0 )
+                                           &ctx->d, f_rng, p_rng)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
-    if( mbedtls_mpi_size( &ctx->z ) > blen )
+    if (mbedtls_mpi_size(&ctx->z) > blen) {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     *olen = ctx->grp.pbits / 8 + ((ctx->grp.pbits % 8) != 0);
 
-    if( mbedtls_ecp_get_type( &ctx->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
+    if (mbedtls_ecp_get_type(&ctx->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
         return mbedtls_mpi_write_binary_le(&ctx->z, buf, *olen);
+    }
 
     return mbedtls_mpi_write_binary(&ctx->z, buf, *olen);
 }
@@ -664,22 +676,21 @@ int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
 #endif
 
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    return( ecdh_calc_secret_internal( ctx, olen, buf, blen, f_rng, p_rng,
+    return ecdh_calc_secret_internal(ctx, olen, buf, blen, f_rng, p_rng,
-                                       restart_enabled ) );
+                                     restart_enabled);
 #else
-    switch( ctx->var )
+    switch (ctx->var) {
-    {
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         case MBEDTLS_ECDH_VARIANT_EVEREST:
-            return( mbedtls_everest_calc_secret( &ctx->ctx.everest_ecdh, olen,
+            return mbedtls_everest_calc_secret(&ctx->ctx.everest_ecdh, olen,
-                                                 buf, blen, f_rng, p_rng ) );
+                                               buf, blen, f_rng, p_rng);
 #endif
         case MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0:
-            return( ecdh_calc_secret_internal( &ctx->ctx.mbed_ecdh, olen, buf,
+            return ecdh_calc_secret_internal(&ctx->ctx.mbed_ecdh, olen, buf,
                                              blen, f_rng, p_rng,
-                                               restart_enabled ) );
+                                             restart_enabled);
         default:
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
 #endif
 }

library/ecdsa.c

@@ -46,8 +46,7 @@
 /*
  * Sub-context for ecdsa_verify()
  */
-struct mbedtls_ecdsa_restart_ver
+struct mbedtls_ecdsa_restart_ver {
-{
     mbedtls_mpi u1, u2;     /* intermediate values  */
     enum {                  /* what to do next?     */
         ecdsa_ver_init = 0, /* getting started      */
@@ -70,8 +69,9 @@ static void ecdsa_restart_ver_init( mbedtls_ecdsa_restart_ver_ctx *ctx )
  */
 static void ecdsa_restart_ver_free(mbedtls_ecdsa_restart_ver_ctx *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
     mbedtls_mpi_free(&ctx->u1);
     mbedtls_mpi_free(&ctx->u2);
@@ -82,8 +82,7 @@ static void ecdsa_restart_ver_free( mbedtls_ecdsa_restart_ver_ctx *ctx )
 /*
  * Sub-context for ecdsa_sign()
  */
-struct mbedtls_ecdsa_restart_sig
+struct mbedtls_ecdsa_restart_sig {
-{
     int sign_tries;
     int key_tries;
     mbedtls_mpi k;          /* per-signature random */
@@ -112,8 +111,9 @@ static void ecdsa_restart_sig_init( mbedtls_ecdsa_restart_sig_ctx *ctx )
  */
 static void ecdsa_restart_sig_free(mbedtls_ecdsa_restart_sig_ctx *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
     mbedtls_mpi_free(&ctx->k);
     mbedtls_mpi_free(&ctx->r);
@@ -123,8 +123,7 @@ static void ecdsa_restart_sig_free( mbedtls_ecdsa_restart_sig_ctx *ctx )
 /*
  * Sub-context for ecdsa_sign_det()
  */
-struct mbedtls_ecdsa_restart_det
+struct mbedtls_ecdsa_restart_det {
-{
     mbedtls_hmac_drbg_context rng_ctx;  /* DRBG state   */
     enum {                      /* what to do next?     */
         ecdsa_det_init = 0,     /* getting started      */
@@ -146,8 +145,9 @@ static void ecdsa_restart_det_init( mbedtls_ecdsa_restart_det_ctx *ctx )
  */
 static void ecdsa_restart_det_free(mbedtls_ecdsa_restart_det_ctx *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
     mbedtls_hmac_drbg_free(&ctx->rng_ctx);
 
@@ -173,7 +173,7 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx )
         {                                                                \
             rs_ctx->SUB = mbedtls_calloc(1, sizeof(*rs_ctx->SUB));   \
             if (rs_ctx->SUB == NULL)                                    \
-            return( MBEDTLS_ERR_ECP_ALLOC_FAILED );                  \
+            return MBEDTLS_ERR_ECP_ALLOC_FAILED;                  \
                                                                    \
             ecdsa_restart_## SUB ##_init(rs_ctx->SUB);                 \
         }                                                                \
@@ -220,15 +220,17 @@ static int derive_mpi( const mbedtls_ecp_group *grp, mbedtls_mpi *x,
     size_t use_size = blen > n_size ? n_size : blen;
 
     MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(x, buf, use_size));
-    if( use_size * 8 > grp->nbits )
+    if (use_size * 8 > grp->nbits) {
         MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(x, use_size * 8 - grp->nbits));
+    }
 
     /* While at it, reduce modulo N */
-    if( mbedtls_mpi_cmp_mpi( x, &grp->N ) >= 0 )
+    if (mbedtls_mpi_cmp_mpi(x, &grp->N) >= 0) {
         MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(x, x, &grp->N));
+    }
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* ECDSA_DETERMINISTIC || !ECDSA_SIGN_ALT || !ECDSA_VERIFY_ALT */
 
@@ -252,12 +254,14 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
     mbedtls_mpi *pk = &k, *pr = r;
 
     /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
-    if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL )
+    if (!mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     /* Make sure d is in range 1..n-1 */
-    if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
+    if (mbedtls_mpi_cmp_int(d, 1) < 0 || mbedtls_mpi_cmp_mpi(d, &grp->N) >= 0) {
-        return( MBEDTLS_ERR_ECP_INVALID_KEY );
+        return MBEDTLS_ERR_ECP_INVALID_KEY;
+    }
 
     mbedtls_ecp_point_init(&R);
     mbedtls_mpi_init(&k); mbedtls_mpi_init(&e); mbedtls_mpi_init(&t);
@@ -265,8 +269,7 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
     ECDSA_RS_ENTER(sig);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->sig != NULL )
+    if (rs_ctx != NULL && rs_ctx->sig != NULL) {
-    {
         /* redirect to our context */
         p_sign_tries = &rs_ctx->sig->sign_tries;
         p_key_tries = &rs_ctx->sig->key_tries;
@@ -274,18 +277,18 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
         pr = &rs_ctx->sig->r;
 
         /* jump to current step */
-        if( rs_ctx->sig->state == ecdsa_sig_mul )
+        if (rs_ctx->sig->state == ecdsa_sig_mul) {
             goto mul;
-        if( rs_ctx->sig->state == ecdsa_sig_modn )
+        }
+        if (rs_ctx->sig->state == ecdsa_sig_modn) {
             goto modn;
         }
+    }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
     *p_sign_tries = 0;
-    do
+    do {
-    {
+        if ((*p_sign_tries)++ > 10) {
-        if( (*p_sign_tries)++ > 10 )
-        {
             ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
             goto cleanup;
         }
@@ -295,10 +298,8 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
          * and set r = xR mod n
          */
         *p_key_tries = 0;
-        do
+        do {
-        {
+            if ((*p_key_tries)++ > 10) {
-            if( (*p_key_tries)++ > 10 )
-            {
                 ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
                 goto cleanup;
             }
@@ -306,8 +307,9 @@ static int ecdsa_sign_restartable( mbedtls_ecp_group *grp,
             MBEDTLS_MPI_CHK(mbedtls_ecp_gen_privkey(grp, pk, f_rng, p_rng));
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-            if( rs_ctx != NULL && rs_ctx->sig != NULL )
+            if (rs_ctx != NULL && rs_ctx->sig != NULL) {
                 rs_ctx->sig->state = ecdsa_sig_mul;
+            }
 
 mul:
 #endif
@@ -316,12 +318,12 @@ mul:
                                                         p_rng_blind,
                                                         ECDSA_RS_ECP));
             MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pr, &R.X, &grp->N));
-        }
+        } while (mbedtls_mpi_cmp_int(pr, 0) == 0);
-        while( mbedtls_mpi_cmp_int( pr, 0 ) == 0 );
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-        if( rs_ctx != NULL && rs_ctx->sig != NULL )
+        if (rs_ctx != NULL && rs_ctx->sig != NULL) {
             rs_ctx->sig->state = ecdsa_sig_modn;
+        }
 
 modn:
 #endif
@@ -354,12 +356,12 @@ modn:
         MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(s, pk, &grp->N));
         MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(s, s, &e));
         MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(s, s, &grp->N));
-    }
+    } while (mbedtls_mpi_cmp_int(s, 0) == 0);
-    while( mbedtls_mpi_cmp_int( s, 0 ) == 0 );
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->sig != NULL )
+    if (rs_ctx != NULL && rs_ctx->sig != NULL) {
         mbedtls_mpi_copy(r, pr);
+    }
 #endif
 
 cleanup:
@@ -368,13 +370,12 @@ cleanup:
 
     ECDSA_RS_LEAVE(sig);
 
-    return( ret );
+    return ret;
 }
 
 int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid)
 {
-    switch( gid )
+    switch (gid) {
-    {
 #ifdef MBEDTLS_ECP_DP_CURVE25519_ENABLED
         case MBEDTLS_ECP_DP_CURVE25519: return 0;
 #endif
@@ -393,8 +394,8 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
                        int (*f_rng)(void *, unsigned char *, size_t), void *p_rng)
 {
     /* Use the same RNG for both blinding and ephemeral key generation */
-    return( ecdsa_sign_restartable( grp, r, s, d, buf, blen,
+    return ecdsa_sign_restartable(grp, r, s, d, buf, blen,
-                                    f_rng, p_rng, f_rng, p_rng, NULL ) );
+                                  f_rng, p_rng, f_rng, p_rng, NULL);
 }
 #endif /* !MBEDTLS_ECDSA_SIGN_ALT */
 
@@ -421,8 +422,9 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
     const mbedtls_md_info_t *md_info;
     mbedtls_mpi h;
 
-    if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL )
+    if ((md_info = mbedtls_md_info_from_type(md_alg)) == NULL) {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     mbedtls_mpi_init(&h);
     mbedtls_hmac_drbg_init(&rng_ctx);
@@ -430,15 +432,15 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
     ECDSA_RS_ENTER(det);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->det != NULL )
+    if (rs_ctx != NULL && rs_ctx->det != NULL) {
-    {
         /* redirect to our context */
         p_rng = &rs_ctx->det->rng_ctx;
 
         /* jump to current step */
-        if( rs_ctx->det->state == ecdsa_det_sign )
+        if (rs_ctx->det->state == ecdsa_det_sign) {
             goto sign;
         }
+    }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
     /* Use private key and message hash (reduced) to initialize HMAC_DRBG */
@@ -448,8 +450,9 @@ static int ecdsa_sign_det_restartable( mbedtls_ecp_group *grp,
     mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->det != NULL )
+    if (rs_ctx != NULL && rs_ctx->det != NULL) {
         rs_ctx->det->state = ecdsa_det_sign;
+    }
 
 sign:
 #endif
@@ -470,7 +473,7 @@ cleanup:
 
     ECDSA_RS_LEAVE(det);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -484,8 +487,8 @@ int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
                                                   size_t),
                                void *p_rng_blind)
 {
-    return( ecdsa_sign_det_restartable( grp, r, s, d, buf, blen, md_alg,
+    return ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg,
-                                        f_rng_blind, p_rng_blind, NULL ) );
+                                      f_rng_blind, p_rng_blind, NULL);
 }
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
 
@@ -510,30 +513,30 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
     mbedtls_mpi_init(&u1); mbedtls_mpi_init(&u2);
 
     /* Fail cleanly on curves such as Curve25519 that can't be used for ECDSA */
-    if( ! mbedtls_ecdsa_can_do( grp->id ) || grp->N.p == NULL )
+    if (!mbedtls_ecdsa_can_do(grp->id) || grp->N.p == NULL) {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     ECDSA_RS_ENTER(ver);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ver != NULL )
+    if (rs_ctx != NULL && rs_ctx->ver != NULL) {
-    {
         /* redirect to our context */
         pu1 = &rs_ctx->ver->u1;
         pu2 = &rs_ctx->ver->u2;
 
         /* jump to current step */
-        if( rs_ctx->ver->state == ecdsa_ver_muladd )
+        if (rs_ctx->ver->state == ecdsa_ver_muladd) {
             goto muladd;
         }
+    }
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
     /*
      * Step 1: make sure r and s are in range 1..n-1
      */
     if (mbedtls_mpi_cmp_int(r, 1) < 0 || mbedtls_mpi_cmp_mpi(r, &grp->N) >= 0 ||
-        mbedtls_mpi_cmp_int( s, 1 ) < 0 || mbedtls_mpi_cmp_mpi( s, &grp->N ) >= 0 )
+        mbedtls_mpi_cmp_int(s, 1) < 0 || mbedtls_mpi_cmp_mpi(s, &grp->N) >= 0) {
-    {
         ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
         goto cleanup;
     }
@@ -557,8 +560,9 @@ static int ecdsa_verify_restartable( mbedtls_ecp_group *grp,
     MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(pu2, pu2, &grp->N));
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if( rs_ctx != NULL && rs_ctx->ver != NULL )
+    if (rs_ctx != NULL && rs_ctx->ver != NULL) {
         rs_ctx->ver->state = ecdsa_ver_muladd;
+    }
 
 muladd:
 #endif
@@ -568,8 +572,7 @@ muladd:
     MBEDTLS_MPI_CHK(mbedtls_ecp_muladd_restartable(grp,
                                                    &R, pu1, &grp->G, pu2, Q, ECDSA_RS_ECP));
 
-    if( mbedtls_ecp_is_zero( &R ) )
+    if (mbedtls_ecp_is_zero(&R)) {
-    {
         ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
         goto cleanup;
     }
@@ -583,8 +586,7 @@ muladd:
     /*
      * Step 8: check if v (that is, R.X) is equal to r
      */
-    if( mbedtls_mpi_cmp_mpi( &R.X, r ) != 0 )
+    if (mbedtls_mpi_cmp_mpi(&R.X, r) != 0) {
-    {
         ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
         goto cleanup;
     }
@@ -596,7 +598,7 @@ cleanup:
 
     ECDSA_RS_LEAVE(ver);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -608,7 +610,7 @@ int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
                          const mbedtls_mpi *r,
                          const mbedtls_mpi *s)
 {
-    return( ecdsa_verify_restartable( grp, buf, blen, Q, r, s, NULL ) );
+    return ecdsa_verify_restartable(grp, buf, blen, Q, r, s, NULL);
 }
 #endif /* !MBEDTLS_ECDSA_VERIFY_ALT */
 
@@ -629,15 +631,17 @@ static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s,
 
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, buf, len));
     MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, buf,
-                                       MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) );
+                                                     MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SEQUENCE));
 
-    if( len > sig_size )
+    if (len > sig_size) {
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+    }
 
     memcpy(sig, p, len);
     *slen = len;
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -653,8 +657,9 @@ int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi r, s;
-    if( f_rng == NULL )
+    if (f_rng == NULL) {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     mbedtls_mpi_init(&r);
     mbedtls_mpi_init(&s);
@@ -685,7 +690,7 @@ cleanup:
     mbedtls_mpi_free(&r);
     mbedtls_mpi_free(&s);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -698,9 +703,9 @@ int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
                                   int (*f_rng)(void *, unsigned char *, size_t),
                                   void *p_rng)
 {
-    return( mbedtls_ecdsa_write_signature_restartable(
+    return mbedtls_ecdsa_write_signature_restartable(
         ctx, md_alg, hash, hlen, sig, sig_size, slen,
-                f_rng, p_rng, NULL ) );
+        f_rng, p_rng, NULL);
 }
 
 /*
@@ -710,8 +715,8 @@ int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
                                  const unsigned char *hash, size_t hlen,
                                  const unsigned char *sig, size_t slen)
 {
-    return( mbedtls_ecdsa_read_signature_restartable(
+    return mbedtls_ecdsa_read_signature_restartable(
-                ctx, hash, hlen, sig, slen, NULL ) );
+        ctx, hash, hlen, sig, slen, NULL);
 }
 
 /*
@@ -731,22 +736,19 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
     mbedtls_mpi_init(&s);
 
     if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
-                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
-    {
         ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         goto cleanup;
     }
 
-    if( p + len != end )
+    if (p + len != end) {
-    {
         ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
         goto cleanup;
     }
 
     if ((ret = mbedtls_asn1_get_mpi(&p, end, &r)) != 0 ||
-        ( ret = mbedtls_asn1_get_mpi( &p, end, &s ) ) != 0 )
+        (ret = mbedtls_asn1_get_mpi(&p, end, &s)) != 0) {
-    {
         ret += MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         goto cleanup;
     }
@@ -754,25 +756,28 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
     (void) rs_ctx;
 
     if ((ret = mbedtls_ecdsa_verify(&ctx->grp, hash, hlen,
-                                      &ctx->Q, &r, &s ) ) != 0 )
+                                    &ctx->Q, &r, &s)) != 0) {
         goto cleanup;
+    }
 #else
     if ((ret = ecdsa_verify_restartable(&ctx->grp, hash, hlen,
-                              &ctx->Q, &r, &s, rs_ctx ) ) != 0 )
+                                        &ctx->Q, &r, &s, rs_ctx)) != 0) {
         goto cleanup;
+    }
 #endif /* MBEDTLS_ECDSA_VERIFY_ALT */
 
     /* At this point we know that the buffer starts with a valid signature.
      * Return 0 if the buffer just contains the signature, and a specific
      * error code if the valid signature is followed by more data. */
-    if( p != end )
+    if (p != end) {
         ret = MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH;
+    }
 
 cleanup:
     mbedtls_mpi_free(&r);
     mbedtls_mpi_free(&s);
 
-    return( ret );
+    return ret;
 }
 
 #if !defined(MBEDTLS_ECDSA_GENKEY_ALT)
@@ -784,11 +789,12 @@ int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
 {
     int ret = 0;
     ret = mbedtls_ecp_group_load(&ctx->grp, gid);
-    if( ret != 0 )
+    if (ret != 0) {
-        return( ret );
+        return ret;
+    }
 
-   return( mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d,
+    return mbedtls_ecp_gen_keypair(&ctx->grp, &ctx->d,
-                                    &ctx->Q, f_rng, p_rng ) );
+                                   &ctx->Q, f_rng, p_rng);
 }
 #endif /* !MBEDTLS_ECDSA_GENKEY_ALT */
 
@@ -800,12 +806,11 @@ int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_ke
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     if ((ret = mbedtls_ecp_group_copy(&ctx->grp, &key->grp)) != 0 ||
         (ret = mbedtls_mpi_copy(&ctx->d, &key->d)) != 0 ||
-        ( ret = mbedtls_ecp_copy( &ctx->Q, &key->Q ) ) != 0 )
+        (ret = mbedtls_ecp_copy(&ctx->Q, &key->Q)) != 0) {
-    {
         mbedtls_ecdsa_free(ctx);
     }
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -821,8 +826,9 @@ void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx )
  */
 void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
     mbedtls_ecp_keypair_free(ctx);
 }
@@ -847,8 +853,9 @@ void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx )
  */
 void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
     mbedtls_ecp_restart_free(&ctx->ecp);
 

library/ecjpake.c

@@ -62,8 +62,8 @@ static int mbedtls_ecjpake_compute_hash( mbedtls_md_type_t md_type,
                                         unsigned char *output)
 {
 #if defined(MBEDTLS_MD_C)
-    return( mbedtls_md( mbedtls_md_info_from_type( md_type ),
+    return mbedtls_md(mbedtls_md_info_from_type(md_type),
-                        input, ilen, output ) );
+                      input, ilen, output);
 #else
     psa_algorithm_t alg = mbedtls_psa_translate_md(md_type);
     psa_status_t status;
@@ -72,7 +72,7 @@ static int mbedtls_ecjpake_compute_hash( mbedtls_md_type_t md_type,
 
     status = psa_hash_compute(alg, input, ilen, output, out_size, &out_len);
 
-    return( mbedtls_md_error_from_psa( status ) );
+    return mbedtls_md_error_from_psa(status);
 #endif /* !MBEDTLS_MD_C */
 }
 
@@ -101,8 +101,9 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx )
  */
 void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
 
     ctx->md_type = MBEDTLS_MD_NONE;
     mbedtls_ecp_group_free(&ctx->grp);
@@ -130,17 +131,20 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( role != MBEDTLS_ECJPAKE_CLIENT && role != MBEDTLS_ECJPAKE_SERVER )
+    if (role != MBEDTLS_ECJPAKE_CLIENT && role != MBEDTLS_ECJPAKE_SERVER) {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     ctx->role = role;
 
 #if defined(MBEDTLS_MD_C)
-    if( ( mbedtls_md_info_from_type( hash ) ) == NULL )
+    if ((mbedtls_md_info_from_type(hash)) == NULL) {
-        return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
+        return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
+    }
 #else
-    if( mbedtls_psa_translate_md( hash ) == MBEDTLS_MD_NONE )
+    if (mbedtls_psa_translate_md(hash) == MBEDTLS_MD_NONE) {
-        return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
+        return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
+    }
 #endif
 
     ctx->md_type = hash;
@@ -150,23 +154,23 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
     MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ctx->s, secret, len));
 
 cleanup:
-    if( ret != 0 )
+    if (ret != 0) {
         mbedtls_ecjpake_free(ctx);
+    }
 
-    return( ret );
+    return ret;
 }
 
 int mbedtls_ecjpake_set_point_format(mbedtls_ecjpake_context *ctx,
                                      int point_format)
 {
-    switch( point_format )
+    switch (point_format) {
-    {
         case MBEDTLS_ECP_PF_UNCOMPRESSED:
         case MBEDTLS_ECP_PF_COMPRESSED:
             ctx->point_format = point_format;
-            return( 0 );
+            return 0;
         default:
-            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
     }
 }
 
@@ -177,12 +181,11 @@ int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx )
 {
     if (ctx->md_type == MBEDTLS_MD_NONE ||
         ctx->grp.id == MBEDTLS_ECP_DP_NONE ||
-        ctx->s.p == NULL )
+        ctx->s.p == NULL) {
-    {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
     }
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -198,19 +201,21 @@ static int ecjpake_write_len_point( unsigned char **p,
     size_t len;
 
     /* Need at least 4 for length plus 1 for point */
-    if( end < *p || end - *p < 5 )
+    if (end < *p || end - *p < 5) {
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+    }
 
     ret = mbedtls_ecp_point_write_binary(grp, P, pf,
                                          &len, *p + 4, end - (*p + 4));
-    if( ret != 0 )
+    if (ret != 0) {
-        return( ret );
+        return ret;
+    }
 
     MBEDTLS_PUT_UINT32_BE(len, *p, 0);
 
     *p += 4 + len;
 
-    return( 0 );
+    return 0;
 }
 
 /*
@@ -243,14 +248,16 @@ static int ecjpake_hash( const mbedtls_md_type_t md_type,
     MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, V));
     MBEDTLS_MPI_CHK(ecjpake_write_len_point(&p, end, grp, pf, X));
 
-    if( end - p < 4 )
+    if (end - p < 4) {
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+    }
 
     MBEDTLS_PUT_UINT32_BE(id_len, p, 0);
     p += 4;
 
-    if( end < p || (size_t)( end - p ) < id_len )
+    if (end < p || (size_t) (end - p) < id_len) {
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+    }
 
     memcpy(p, id, id_len);
     p += id_len;
@@ -265,7 +272,7 @@ static int ecjpake_hash( const mbedtls_md_type_t md_type,
     MBEDTLS_MPI_CHK(mbedtls_mpi_mod_mpi(h, h, &grp->N));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
@@ -296,21 +303,20 @@ static int ecjpake_zkp_read( const mbedtls_md_type_t md_type,
      *     opaque r<1..2^8-1>;
      * } ECSchnorrZKP;
      */
-    if( end < *p )
+    if (end < *p) {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, &V, p, end - *p));
 
-    if( end < *p || (size_t)( end - *p ) < 1 )
+    if (end < *p || (size_t) (end - *p) < 1) {
-    {
         ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         goto cleanup;
     }
 
     r_len = *(*p)++;
 
-    if( end < *p || (size_t)( end - *p ) < r_len || r_len == 0 )
+    if (end < *p || (size_t) (end - *p) < r_len || r_len == 0) {
-    {
         ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         goto cleanup;
     }
@@ -325,8 +331,7 @@ static int ecjpake_zkp_read( const mbedtls_md_type_t md_type,
     MBEDTLS_MPI_CHK(mbedtls_ecp_muladd((mbedtls_ecp_group *) grp,
                                        &VV, &h, X, &r, G));
 
-    if( mbedtls_ecp_point_cmp( &VV, &V ) != 0 )
+    if (mbedtls_ecp_point_cmp(&VV, &V) != 0) {
-    {
         ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
         goto cleanup;
     }
@@ -337,7 +342,7 @@ cleanup:
     mbedtls_mpi_free(&r);
     mbedtls_mpi_free(&h);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -361,8 +366,9 @@ static int ecjpake_zkp_write( const mbedtls_md_type_t md_type,
     mbedtls_mpi h; /* later recycled to hold r */
     size_t len;
 
-    if( end < *p )
+    if (end < *p) {
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+    }
 
     mbedtls_ecp_point_init(&V);
     mbedtls_mpi_init(&v);
@@ -382,8 +388,7 @@ static int ecjpake_zkp_write( const mbedtls_md_type_t md_type,
     *p += len;
 
     len = mbedtls_mpi_size(&h);   /* actually r */
-    if( end < *p || (size_t)( end - *p ) < 1 + len || len > 255 )
+    if (end < *p || (size_t) (end - *p) < 1 + len || len > 255) {
-    {
         ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
         goto cleanup;
     }
@@ -397,7 +402,7 @@ cleanup:
     mbedtls_mpi_free(&v);
     mbedtls_mpi_free(&h);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -415,8 +420,9 @@ static int ecjpake_kkp_read( const mbedtls_md_type_t md_type,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if( end < *p )
+    if (end < *p) {
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     /*
      * struct {
@@ -425,8 +431,7 @@ static int ecjpake_kkp_read( const mbedtls_md_type_t md_type,
      * } ECJPAKEKeyKP;
      */
     MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_point(grp, X, p, end - *p));
-    if( mbedtls_ecp_is_zero( X ) )
+    if (mbedtls_ecp_is_zero(X)) {
-    {
         ret = MBEDTLS_ERR_ECP_INVALID_KEY;
         goto cleanup;
     }
@@ -434,7 +439,7 @@ static int ecjpake_kkp_read( const mbedtls_md_type_t md_type,
     MBEDTLS_MPI_CHK(ecjpake_zkp_read(md_type, grp, pf, G, X, id, p, end));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
@@ -456,8 +461,9 @@ static int ecjpake_kkp_write( const mbedtls_md_type_t md_type,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t len;
 
-    if( end < *p )
+    if (end < *p) {
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+    }
 
     /* Generate key (7.4.2.3.1) and write it out */
     MBEDTLS_MPI_CHK(mbedtls_ecp_gen_keypair_base((mbedtls_ecp_group *) grp, G, x, X,
@@ -471,7 +477,7 @@ static int ecjpake_kkp_write( const mbedtls_md_type_t md_type,
                                       p, end, f_rng, p_rng));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
@@ -500,11 +506,12 @@ static int ecjpake_kkpp_read( const mbedtls_md_type_t md_type,
     MBEDTLS_MPI_CHK(ecjpake_kkp_read(md_type, grp, pf, G, Xa, id, &p, end));
     MBEDTLS_MPI_CHK(ecjpake_kkp_read(md_type, grp, pf, G, Xb, id, &p, end));
 
-    if( p != end )
+    if (p != end) {
         ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
@@ -538,7 +545,7 @@ static int ecjpake_kkpp_write( const mbedtls_md_type_t md_type,
     *olen = p - buf;
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 /*
@@ -548,10 +555,10 @@ int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
                                    const unsigned char *buf,
                                    size_t len)
 {
-    return( ecjpake_kkpp_read( ctx->md_type, &ctx->grp, ctx->point_format,
+    return ecjpake_kkpp_read(ctx->md_type, &ctx->grp, ctx->point_format,
                              &ctx->grp.G,
                              &ctx->Xp1, &ctx->Xp2, ID_PEER,
-                               buf, len ) );
+                             buf, len);
 }
 
 /*
@@ -562,10 +569,10 @@ int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
                                     int (*f_rng)(void *, unsigned char *, size_t),
                                     void *p_rng)
 {
-    return( ecjpake_kkpp_write( ctx->md_type, &ctx->grp, ctx->point_format,
+    return ecjpake_kkpp_write(ctx->md_type, &ctx->grp, ctx->point_format,
                               &ctx->grp.G,
                               &ctx->xm1, &ctx->Xm1, &ctx->xm2, &ctx->Xm2,
-                                ID_MINE, buf, len, olen, f_rng, p_rng ) );
+                              ID_MINE, buf, len, olen, f_rng, p_rng);
 }
 
 /*
@@ -588,7 +595,7 @@ static int ecjpake_ecp_add3( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
 cleanup:
     mbedtls_mpi_free(&one);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -622,11 +629,9 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
      *     ECJPAKEKeyKP ecjpake_key_kp;
      * } Client/ServerECJPAKEParams;
      */
-    if( ctx->role == MBEDTLS_ECJPAKE_CLIENT )
+    if (ctx->role == MBEDTLS_ECJPAKE_CLIENT) {
-    {
         MBEDTLS_MPI_CHK(mbedtls_ecp_tls_read_group(&grp, &p, len));
-        if( grp.id != ctx->grp.id )
+        if (grp.id != ctx->grp.id) {
-        {
             ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
             goto cleanup;
         }
@@ -636,8 +641,7 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
                                      ctx->point_format,
                                      &G, &ctx->Xp, ID_PEER, &p, end));
 
-    if( p != end )
+    if (p != end) {
-    {
         ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
         goto cleanup;
     }
@@ -646,7 +650,7 @@ cleanup:
     mbedtls_ecp_group_free(&grp);
     mbedtls_ecp_point_free(&G);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -677,7 +681,7 @@ static int ecjpake_mul_secret( mbedtls_mpi *R, int sign,
 cleanup:
     mbedtls_mpi_free(&b);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -721,10 +725,8 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
      *     ECJPAKEKeyKP ecjpake_key_kp;
      * } Client/ServerECJPAKEParams;
      */
-    if( ctx->role == MBEDTLS_ECJPAKE_SERVER )
+    if (ctx->role == MBEDTLS_ECJPAKE_SERVER) {
-    {
+        if (end < p) {
-        if( end < p )
-        {
             ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
             goto cleanup;
         }
@@ -733,8 +735,7 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
         p += ec_len;
     }
 
-    if( end < p )
+    if (end < p) {
-    {
         ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
         goto cleanup;
     }
@@ -754,7 +755,7 @@ cleanup:
     mbedtls_ecp_point_free(&Xm);
     mbedtls_mpi_free(&xm);
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -790,7 +791,7 @@ cleanup:
     mbedtls_mpi_free(&m_xm2_s);
     mbedtls_mpi_free(&one);
 
-    return( ret );
+    return ret;
 }
 
 int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx,
@@ -804,14 +805,16 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
     size_t x_bytes;
 
     *olen = mbedtls_hash_info_get_size(ctx->md_type);
-    if( len < *olen )
+    if (len < *olen) {
-        return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
+    }
 
     mbedtls_ecp_point_init(&K);
 
     ret = mbedtls_ecjpake_derive_k(ctx, &K, f_rng, p_rng);
-    if( ret )
+    if (ret) {
         goto cleanup;
+    }
 
     /* PMS = SHA-256( K.X ) */
     x_bytes = (ctx->grp.pbits + 7) / 8;
@@ -822,7 +825,7 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
 cleanup:
     mbedtls_ecp_point_free(&K);
 
-    return( ret );
+    return ret;
 }
 
 int mbedtls_ecjpake_write_shared_key(mbedtls_ecjpake_context *ctx,
@@ -836,18 +839,20 @@ int mbedtls_ecjpake_write_shared_key( mbedtls_ecjpake_context *ctx,
     mbedtls_ecp_point_init(&K);
 
     ret = mbedtls_ecjpake_derive_k(ctx, &K, f_rng, p_rng);
-    if( ret )
+    if (ret) {
         goto cleanup;
+    }
 
     ret = mbedtls_ecp_point_write_binary(&ctx->grp, &K, ctx->point_format,
                                          olen, buf, len);
-    if( ret != 0 )
+    if (ret != 0) {
         goto cleanup;
+    }
 
 cleanup:
     mbedtls_ecp_point_free(&K);
 
-    return( ret );
+    return ret;
 }
 
 #undef ID_MINE
@@ -864,7 +869,7 @@ cleanup:
 int mbedtls_ecjpake_self_test(int verbose)
 {
     (void) verbose;
-    return( 0 );
+    return 0;
 }
 #else
 
@@ -1023,13 +1028,12 @@ static int self_test_rng( void *ctx, unsigned char *out, size_t len )
 
     (void) ctx;
 
-    for( size_t i = 0; i < len; i++ )
+    for (size_t i = 0; i < len; i++) {
-    {
         state = state * 1664525u + 1013904223u;
         out[i] = (unsigned char) state;
     }
 
-    return( 0 );
+    return 0;
 }
 
 /* Load my private keys and generate the corresponding public keys */
@@ -1047,7 +1051,7 @@ static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
                                     &ctx->grp.G, self_test_rng, NULL));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 #endif /* ! MBEDTLS_ECJPAKE_ALT */
@@ -1059,8 +1063,7 @@ static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
     static uint32_t x = 42;
     (void) p;
 
-    while( len > 0 )
+    while (len > 0) {
-    {
         size_t use_len = len > 4 ? 4 : len;
         x = 1664525 * x + 1013904223;
         memcpy(out, &x, use_len);
@@ -1068,7 +1071,7 @@ static int ecjpake_lgc( void *p, unsigned char *out, size_t len )
         len -= use_len;
     }
 
-    return( 0 );
+    return 0;
 }
 
 #define TEST_ASSERT(x)    \
@@ -1096,8 +1099,9 @@ int mbedtls_ecjpake_self_test( int verbose )
     mbedtls_ecjpake_init(&cli);
     mbedtls_ecjpake_init(&srv);
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("  ECJPAKE test #0 (setup): ");
+    }
 
     TEST_ASSERT(mbedtls_ecjpake_setup(&cli, MBEDTLS_ECJPAKE_CLIENT,
                                       MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1,
@@ -1109,11 +1113,13 @@ int mbedtls_ecjpake_self_test( int verbose )
                                       ecjpake_test_password,
                                       sizeof(ecjpake_test_password)) == 0);
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("passed\n");
+    }
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("  ECJPAKE test #1 (random handshake): ");
+    }
 
     TEST_ASSERT(mbedtls_ecjpake_write_round_one(&cli,
                                                 buf, sizeof(buf), &len, ecjpake_lgc, NULL) == 0);
@@ -1144,8 +1150,9 @@ int mbedtls_ecjpake_self_test( int verbose )
     TEST_ASSERT(len == pmslen);
     TEST_ASSERT(memcmp(buf, pms, len) == 0);
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("passed\n");
+    }
 
 #if !defined(MBEDTLS_ECJPAKE_ALT)
     /* 'reference handshake' tests can only be run against implementations
@@ -1153,8 +1160,9 @@ int mbedtls_ecjpake_self_test( int verbose )
      * are generated. This is only the case for the internal mbed TLS
      * implementation, so these tests are skipped in case the internal
      * implementation is swapped out for an alternative one. */
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("  ECJPAKE test #2 (reference handshake): ");
+    }
 
     /* Simulate generation of round one */
     MBEDTLS_MPI_CHK(ecjpake_test_load(&cli,
@@ -1213,26 +1221,28 @@ int mbedtls_ecjpake_self_test( int verbose )
     TEST_ASSERT(len == sizeof(ecjpake_test_shared_key));
     TEST_ASSERT(memcmp(buf, ecjpake_test_shared_key, len) == 0);
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("passed\n");
+    }
 #endif /* ! MBEDTLS_ECJPAKE_ALT */
 
 cleanup:
     mbedtls_ecjpake_free(&cli);
     mbedtls_ecjpake_free(&srv);
 
-    if( ret != 0 )
+    if (ret != 0) {
-    {
+        if (verbose != 0) {
-        if( verbose != 0 )
             mbedtls_printf("failed\n");
+        }
 
         ret = 1;
     }
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("\n");
+    }
 
-    return( ret );
+    return ret;
 }
 
 #undef TEST_ASSERT

library/ecp_curves.c

@@ -4537,8 +4537,9 @@ static int ecp_group_load( mbedtls_ecp_group *grp,
                           const mbedtls_ecp_point *T)
 {
     ecp_mpi_load(&grp->P, p, plen);
-    if( a != NULL )
+    if (a != NULL) {
         ecp_mpi_load(&grp->A, a, alen);
+    }
     ecp_mpi_load(&grp->B, b, blen);
     ecp_mpi_load(&grp->N, n, nlen);
 
@@ -4557,7 +4558,7 @@ static int ecp_group_load( mbedtls_ecp_group *grp,
      */
     grp->T_size = 0;
 
-    return( 0 );
+    return 0;
 }
 #endif /* ECP_LOAD_GROUP */
 
@@ -4662,10 +4663,11 @@ static int ecp_use_curve25519( mbedtls_ecp_group *grp )
     grp->nbits = 254;
 
 cleanup:
-    if( ret != 0 )
+    if (ret != 0) {
         mbedtls_ecp_group_free(grp);
+    }
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
 
@@ -4717,10 +4719,11 @@ static int ecp_use_curve448( mbedtls_ecp_group *grp )
 
 cleanup:
     mbedtls_mpi_free(&Ns);
-    if( ret != 0 )
+    if (ret != 0) {
         mbedtls_ecp_group_free(grp);
+    }
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
 
@@ -4736,86 +4739,85 @@ int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id )
 
     grp->id = id;
 
-    switch( id )
+    switch (id) {
-    {
 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
         case MBEDTLS_ECP_DP_SECP192R1:
             NIST_MODP(p192);
-            return( LOAD_GROUP( secp192r1 ) );
+            return LOAD_GROUP(secp192r1);
 #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
         case MBEDTLS_ECP_DP_SECP224R1:
             NIST_MODP(p224);
-            return( LOAD_GROUP( secp224r1 ) );
+            return LOAD_GROUP(secp224r1);
 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
         case MBEDTLS_ECP_DP_SECP256R1:
             NIST_MODP(p256);
-            return( LOAD_GROUP( secp256r1 ) );
+            return LOAD_GROUP(secp256r1);
 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
         case MBEDTLS_ECP_DP_SECP384R1:
             NIST_MODP(p384);
-            return( LOAD_GROUP( secp384r1 ) );
+            return LOAD_GROUP(secp384r1);
 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
         case MBEDTLS_ECP_DP_SECP521R1:
             NIST_MODP(p521);
-            return( LOAD_GROUP( secp521r1 ) );
+            return LOAD_GROUP(secp521r1);
 #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
         case MBEDTLS_ECP_DP_SECP192K1:
             grp->modp = ecp_mod_p192k1;
-            return( LOAD_GROUP_A( secp192k1 ) );
+            return LOAD_GROUP_A(secp192k1);
 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
         case MBEDTLS_ECP_DP_SECP224K1:
             grp->modp = ecp_mod_p224k1;
-            return( LOAD_GROUP_A( secp224k1 ) );
+            return LOAD_GROUP_A(secp224k1);
 #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
         case MBEDTLS_ECP_DP_SECP256K1:
             grp->modp = ecp_mod_p256k1;
-            return( LOAD_GROUP_A( secp256k1 ) );
+            return LOAD_GROUP_A(secp256k1);
 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
         case MBEDTLS_ECP_DP_BP256R1:
-            return( LOAD_GROUP_A( brainpoolP256r1 ) );
+            return LOAD_GROUP_A(brainpoolP256r1);
 #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
         case MBEDTLS_ECP_DP_BP384R1:
-            return( LOAD_GROUP_A( brainpoolP384r1 ) );
+            return LOAD_GROUP_A(brainpoolP384r1);
 #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
         case MBEDTLS_ECP_DP_BP512R1:
-            return( LOAD_GROUP_A( brainpoolP512r1 ) );
+            return LOAD_GROUP_A(brainpoolP512r1);
 #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
         case MBEDTLS_ECP_DP_CURVE25519:
             grp->modp = ecp_mod_p255;
-            return( ecp_use_curve25519( grp ) );
+            return ecp_use_curve25519(grp);
 #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
 
 #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
         case MBEDTLS_ECP_DP_CURVE448:
             grp->modp = ecp_mod_p448;
-            return( ecp_use_curve448( grp ) );
+            return ecp_use_curve448(grp);
 #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
 
         default:
             grp->id = MBEDTLS_ECP_DP_NONE;
-            return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+            return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
     }
 }
 
@@ -4848,8 +4850,7 @@ static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_
 {
     unsigned char i;
     mbedtls_mpi_uint c = 0;
-    for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++, src++ )
+    for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++, src++) {
-    {
         *dst += c;      c  = (*dst < c);
         *dst += *src;   c += (*dst < *src);
     }
@@ -4860,8 +4861,7 @@ static inline void add64( mbedtls_mpi_uint *dst, mbedtls_mpi_uint *src, mbedtls_
 static inline void carry64(mbedtls_mpi_uint *dst, mbedtls_mpi_uint *carry)
 {
     unsigned char i;
-    for( i = 0; i < 8 / sizeof( mbedtls_mpi_uint ); i++, dst++ )
+    for (i = 0; i < 8 / sizeof(mbedtls_mpi_uint); i++, dst++) {
-    {
         *dst += *carry;
         *carry  = (*dst < *carry);
     }
@@ -4893,7 +4893,7 @@ static int ecp_mod_p192( mbedtls_mpi *N )
     ADD(4); ADD(5);             LAST;     // A2 += A4 + A5
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 #undef WIDTH
@@ -5003,15 +5003,14 @@ void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits )
     /* Set N := 2^bits - 1 - N. We know that 0 <= N < 2^bits, so
      * set the absolute value to 0xfff...fff - N. There is no carry
      * since we're subtracting from all-bits-one.  */
-    for( i = 0; i <= bits / 8 / sizeof( mbedtls_mpi_uint ); i++ )
+    for (i = 0; i <= bits / 8 / sizeof(mbedtls_mpi_uint); i++) {
-    {
         N->p[i] = ~(mbedtls_mpi_uint) 0 - N->p[i];
     }
     /* Add 1, taking care of the carry. */
     i = 0;
-    do
+    do {
         ++N->p[i];
-    while( N->p[i++] == 0 && i <= bits / 8 / sizeof( mbedtls_mpi_uint ) );
+    } while (N->p[i++] == 0 && i <= bits / 8 / sizeof(mbedtls_mpi_uint));
     /* Invert the sign.
      * Now N = N0 - 2^bits where N0 is the initial value of N. */
     N->s = -1;
@@ -5020,8 +5019,9 @@ void mbedtls_ecp_fix_negative( mbedtls_mpi *N, signed char c, size_t bits )
      * negative, this adds c * 2^bits. */
     mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c;
 #if defined(MBEDTLS_HAVE_INT64)
-    if( bits == 224 )
+    if (bits == 224) {
         msw <<= 32;
+    }
 #endif
     N->p[bits / 8 / sizeof(mbedtls_mpi_uint)] += msw;
 }
@@ -5043,7 +5043,7 @@ static int ecp_mod_p224( mbedtls_mpi *N )
     SUB(13); ADD(10);               LAST;     // A6 += -A13 + A10
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
 
@@ -5080,7 +5080,7 @@ static int ecp_mod_p256( mbedtls_mpi *N )
     SUB(10); SUB(11); SUB(12); SUB(13);             LAST;         // A7
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
 
@@ -5129,7 +5129,7 @@ static int ecp_mod_p384( mbedtls_mpi *N )
     SUB(22);                                              LAST;   // A11
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
 
@@ -5171,28 +5171,31 @@ static int ecp_mod_p521( mbedtls_mpi *N )
      * we need to hold bits 513 to 1056, which is 34 limbs, that is
      * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */
 
-    if( N->n < P521_WIDTH )
+    if (N->n < P521_WIDTH) {
-        return( 0 );
+        return 0;
+    }
 
     /* M = A1 */
     M.s = 1;
     M.n = N->n - (P521_WIDTH - 1);
-    if( M.n > P521_WIDTH + 1 )
+    if (M.n > P521_WIDTH + 1) {
         M.n = P521_WIDTH + 1;
+    }
     M.p = Mp;
     memcpy(Mp, N->p + P521_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint));
     MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 521 % (8 * sizeof(mbedtls_mpi_uint))));
 
     /* N = A0 */
     N->p[P521_WIDTH - 1] &= P521_MASK;
-    for( i = P521_WIDTH; i < N->n; i++ )
+    for (i = P521_WIDTH; i < N->n; i++) {
         N->p[i] = 0;
+    }
 
     /* N = A0 + A1 */
     MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 
 #undef P521_WIDTH
@@ -5217,10 +5220,12 @@ static int ecp_mod_p255( mbedtls_mpi *N )
     /* Helper references for top part of N */
     mbedtls_mpi_uint * const NT_p = N->p + P255_WIDTH;
     const size_t NT_n = N->n - P255_WIDTH;
-    if( N->n <= P255_WIDTH )
+    if (N->n <= P255_WIDTH) {
-        return( 0 );
+        return 0;
-    if( NT_n > P255_WIDTH )
+    }
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+    if (NT_n > P255_WIDTH) {
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
 
     /* Split N as N + 2^256 M */
     memcpy(Mp,   NT_p, sizeof(mbedtls_mpi_uint) * NT_n);
@@ -5231,7 +5236,7 @@ static int ecp_mod_p255( mbedtls_mpi *N )
                          Mp, NT_n,
                          38);
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_ECP_DP_CURVE25519_ENABLED */
 
@@ -5264,22 +5269,25 @@ static int ecp_mod_p448( mbedtls_mpi *N )
     mbedtls_mpi M, Q;
     mbedtls_mpi_uint Mp[P448_WIDTH + 1], Qp[P448_WIDTH];
 
-    if( N->n <= P448_WIDTH )
+    if (N->n <= P448_WIDTH) {
-        return( 0 );
+        return 0;
+    }
 
     /* M = A1 */
     M.s = 1;
     M.n = N->n - (P448_WIDTH);
-    if( M.n > P448_WIDTH )
+    if (M.n > P448_WIDTH) {
         /* Shouldn't be called with N larger than 2^896! */
-        return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+    }
     M.p = Mp;
     memset(Mp, 0, sizeof(Mp));
     memcpy(Mp, N->p + P448_WIDTH, M.n * sizeof(mbedtls_mpi_uint));
 
     /* N = A0 */
-    for( i = P448_WIDTH; i < N->n; i++ )
+    for (i = P448_WIDTH; i < N->n; i++) {
         N->p[i] = 0;
+    }
 
     /* N += A1 */
     MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));
@@ -5292,17 +5300,19 @@ static int ecp_mod_p448( mbedtls_mpi *N )
     MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &Q));
 
     /* M = (B0 + B1) * 2^224, N += M */
-    if( sizeof( mbedtls_mpi_uint ) > 4 )
+    if (sizeof(mbedtls_mpi_uint) > 4) {
         Mp[P224_WIDTH_MIN] &= ((mbedtls_mpi_uint)-1) >> (P224_UNUSED_BITS);
-    for( i = P224_WIDTH_MAX; i < M.n; ++i )
+    }
+    for (i = P224_WIDTH_MAX; i < M.n; ++i) {
         Mp[i] = 0;
+    }
     MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(&M, &M, &Q));
     M.n = P448_WIDTH + 1; /* Make room for shifted carry bit from the addition */
     MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&M, 224));
     MBEDTLS_MPI_CHK(mbedtls_mpi_add_mpi(N, N, &M));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_DP_CURVE448_ENABLED */
 
@@ -5326,8 +5336,9 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t
     mbedtls_mpi M, R;
     mbedtls_mpi_uint Mp[P_KOBLITZ_MAX + P_KOBLITZ_R + 1];
 
-    if( N->n < p_limbs )
+    if (N->n < p_limbs) {
-        return( 0 );
+        return 0;
+    }
 
     /* Init R */
     R.s = 1;
@@ -5340,19 +5351,23 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t
 
     /* M = A1 */
     M.n = N->n - (p_limbs - adjust);
-    if( M.n > p_limbs + adjust )
+    if (M.n > p_limbs + adjust) {
         M.n = p_limbs + adjust;
+    }
     memset(Mp, 0, sizeof Mp);
     memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
-    if( shift != 0 )
+    if (shift != 0) {
         MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
+    }
     M.n += R.n; /* Make room for multiplication by R */
 
     /* N = A0 */
-    if( mask != 0 )
+    if (mask != 0) {
         N->p[p_limbs - 1] &= mask;
-    for( i = p_limbs; i < N->n; i++ )
+    }
+    for (i = p_limbs; i < N->n; i++) {
         N->p[i] = 0;
+    }
 
     /* N = A0 + R * A1 */
     MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
@@ -5362,26 +5377,30 @@ static inline int ecp_mod_koblitz( mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t
 
     /* M = A1 */
     M.n = N->n - (p_limbs - adjust);
-    if( M.n > p_limbs + adjust )
+    if (M.n > p_limbs + adjust) {
         M.n = p_limbs + adjust;
+    }
     memset(Mp, 0, sizeof Mp);
     memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
-    if( shift != 0 )
+    if (shift != 0) {
         MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
+    }
     M.n += R.n; /* Make room for multiplication by R */
 
     /* N = A0 */
-    if( mask != 0 )
+    if (mask != 0) {
         N->p[p_limbs - 1] &= mask;
-    for( i = p_limbs; i < N->n; i++ )
+    }
+    for (i = p_limbs; i < N->n; i++) {
         N->p[i] = 0;
+    }
 
     /* N = A0 + R * A1 */
     MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&M, &M, &R));
     MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M));
 
 cleanup:
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED) ||
           MBEDTLS_ECP_DP_SECP224K1_ENABLED) ||
@@ -5396,10 +5415,11 @@ static int ecp_mod_p192k1( mbedtls_mpi *N )
 {
     static mbedtls_mpi_uint Rp[] = {
         MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
-                                   0x00 ) };
+                                  0x00)
+    };
 
-    return( ecp_mod_koblitz( N, Rp, 192 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
+    return ecp_mod_koblitz(N, Rp, 192 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
-                             0 ) );
+                           0);
 }
 #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
 
@@ -5412,13 +5432,14 @@ static int ecp_mod_p224k1( mbedtls_mpi *N )
 {
     static mbedtls_mpi_uint Rp[] = {
         MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
-                                   0x00 ) };
+                                  0x00)
+    };
 
 #if defined(MBEDTLS_HAVE_INT64)
-    return( ecp_mod_koblitz( N, Rp, 4, 1, 32, 0xFFFFFFFF ) );
+    return ecp_mod_koblitz(N, Rp, 4, 1, 32, 0xFFFFFFFF);
 #else
-    return( ecp_mod_koblitz( N, Rp, 224 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
+    return ecp_mod_koblitz(N, Rp, 224 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
-                             0 ) );
+                           0);
 #endif
 }
 
@@ -5433,9 +5454,10 @@ static int ecp_mod_p256k1( mbedtls_mpi *N )
 {
     static mbedtls_mpi_uint Rp[] = {
         MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
-                                   0x00 ) };
+                                  0x00)
-    return( ecp_mod_koblitz( N, Rp, 256 / 8 / sizeof( mbedtls_mpi_uint ), 0, 0,
+    };
-                             0 ) );
+    return ecp_mod_koblitz(N, Rp, 256 / 8 / sizeof(mbedtls_mpi_uint), 0, 0,
+                           0);
 }
 #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
 

library/ecp_internal_alt.h

@@ -118,7 +118,9 @@ void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp );
  * \return          0 if successful.
  */
 int mbedtls_internal_ecp_randomize_jac(const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *pt, int (*f_rng)(void *, unsigned char *, size_t),
+                                       mbedtls_ecp_point *pt, int (*f_rng)(void *,
+                                                                           unsigned char *,
+                                                                           size_t),
                                        void *p_rng);
 #endif
 
@@ -245,8 +247,11 @@ int mbedtls_internal_ecp_normalize_jac( const mbedtls_ecp_group *grp,
 
 #if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
 int mbedtls_internal_ecp_double_add_mxz(const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *R, mbedtls_ecp_point *S, const mbedtls_ecp_point *P,
+                                        mbedtls_ecp_point *R,
-        const mbedtls_ecp_point *Q, const mbedtls_mpi *d );
+                                        mbedtls_ecp_point *S,
+                                        const mbedtls_ecp_point *P,
+                                        const mbedtls_ecp_point *Q,
+                                        const mbedtls_mpi *d);
 #endif
 
 /**
@@ -266,7 +271,9 @@ int mbedtls_internal_ecp_double_add_mxz( const mbedtls_ecp_group *grp,
  */
 #if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
 int mbedtls_internal_ecp_randomize_mxz(const mbedtls_ecp_group *grp,
-        mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t),
+                                       mbedtls_ecp_point *P, int (*f_rng)(void *,
+                                                                          unsigned char *,
+                                                                          size_t),
                                        void *p_rng);
 #endif
 
@@ -290,4 +297,3 @@ int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp,
 #endif /* MBEDTLS_ECP_INTERNAL_ALT */
 
 #endif /* ecp_internal_alt.h */
-

library/entropy.c

@@ -82,8 +82,9 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
 {
     /* If the context was already free, don't call free() again.
      * This is important for mutexes which don't allow double-free. */
-    if( ctx->accumulator_started == -1 )
+    if (ctx->accumulator_started == -1) {
         return;
+    }
 
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_mutex_free(&ctx->mutex);
@@ -108,13 +109,13 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
     int idx, ret = 0;
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
-        return( ret );
+        return ret;
+    }
 #endif
 
     idx = ctx->source_count;
-    if( idx >= MBEDTLS_ENTROPY_MAX_SOURCES )
+    if (idx >= MBEDTLS_ENTROPY_MAX_SOURCES) {
-    {
         ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES;
         goto exit;
     }
@@ -128,11 +129,12 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
 
 exit:
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -147,14 +149,15 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id
     const unsigned char *p = data;
     int ret = 0;
 
-    if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE )
+    if (use_len > MBEDTLS_ENTROPY_BLOCK_SIZE) {
-    {
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-        if( ( ret = mbedtls_sha512( data, len, tmp, 0 ) ) != 0 )
+        if ((ret = mbedtls_sha512(data, len, tmp, 0)) != 0) {
             goto cleanup;
+        }
 #else
-        if( ( ret = mbedtls_sha256( data, len, tmp, 0 ) ) != 0 )
+        if ((ret = mbedtls_sha256(data, len, tmp, 0)) != 0) {
             goto cleanup;
+        }
 #endif
         p = tmp;
         use_len = MBEDTLS_ENTROPY_BLOCK_SIZE;
@@ -170,28 +173,32 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id
      */
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
     if (ctx->accumulator_started == 0 &&
-        ( ret = mbedtls_sha512_starts( &ctx->accumulator, 0 ) ) != 0 )
+        (ret = mbedtls_sha512_starts(&ctx->accumulator, 0)) != 0) {
         goto cleanup;
-    else
+    } else {
         ctx->accumulator_started = 1;
-    if( ( ret = mbedtls_sha512_update( &ctx->accumulator, header, 2 ) ) != 0 )
+    }
+    if ((ret = mbedtls_sha512_update(&ctx->accumulator, header, 2)) != 0) {
         goto cleanup;
+    }
     ret = mbedtls_sha512_update(&ctx->accumulator, p, use_len);
 #else
     if (ctx->accumulator_started == 0 &&
-        ( ret = mbedtls_sha256_starts( &ctx->accumulator, 0 ) ) != 0 )
+        (ret = mbedtls_sha256_starts(&ctx->accumulator, 0)) != 0) {
         goto cleanup;
-    else
+    } else {
         ctx->accumulator_started = 1;
-    if( ( ret = mbedtls_sha256_update( &ctx->accumulator, header, 2 ) ) != 0 )
+    }
+    if ((ret = mbedtls_sha256_update(&ctx->accumulator, header, 2)) != 0) {
         goto cleanup;
+    }
     ret = mbedtls_sha256_update(&ctx->accumulator, p, use_len);
 #endif
 
 cleanup:
     mbedtls_platform_zeroize(tmp, sizeof(tmp));
 
-    return( ret );
+    return ret;
 }
 
 int mbedtls_entropy_update_manual(mbedtls_entropy_context *ctx,
@@ -200,18 +207,20 @@ int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
-        return( ret );
+        return ret;
+    }
 #endif
 
     ret = entropy_update(ctx, MBEDTLS_ENTROPY_SOURCE_MANUAL, data, len);
 
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -225,43 +234,44 @@ static int entropy_gather_internal( mbedtls_entropy_context *ctx )
     unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER];
     size_t olen;
 
-    if( ctx->source_count == 0 )
+    if (ctx->source_count == 0) {
-        return( MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED );
+        return MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED;
+    }
 
     /*
      * Run through our entropy sources
      */
-    for( i = 0; i < ctx->source_count; i++ )
+    for (i = 0; i < ctx->source_count; i++) {
-    {
+        if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG) {
-        if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG )
             have_one_strong = 1;
+        }
 
         olen = 0;
         if ((ret = ctx->source[i].f_source(ctx->source[i].p_source,
-                        buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen ) ) != 0 )
+                                           buf, MBEDTLS_ENTROPY_MAX_GATHER, &olen)) != 0) {
-        {
             goto cleanup;
         }
 
         /*
          * Add if we actually gathered something
          */
-        if( olen > 0 )
+        if (olen > 0) {
-        {
             if ((ret = entropy_update(ctx, (unsigned char) i,
-                                        buf, olen ) ) != 0 )
+                                      buf, olen)) != 0) {
-                return( ret );
+                return ret;
+            }
             ctx->source[i].size += olen;
         }
     }
 
-    if( have_one_strong == 0 )
+    if (have_one_strong == 0) {
         ret = MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE;
+    }
 
 cleanup:
     mbedtls_platform_zeroize(buf, sizeof(buf));
 
-    return( ret );
+    return ret;
 }
 
 /*
@@ -272,18 +282,20 @@ int mbedtls_entropy_gather( mbedtls_entropy_context *ctx )
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
-        return( ret );
+        return ret;
+    }
 #endif
 
     ret = entropy_gather_internal(ctx);
 
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 int mbedtls_entropy_func(void *data, unsigned char *output, size_t len)
@@ -293,51 +305,52 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
     mbedtls_entropy_context *ctx = (mbedtls_entropy_context *) data;
     unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
 
-    if( len > MBEDTLS_ENTROPY_BLOCK_SIZE )
+    if (len > MBEDTLS_ENTROPY_BLOCK_SIZE) {
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+    }
 
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
     /* Update the NV entropy seed before generating any entropy for outside
      * use.
      */
-    if( ctx->initial_entropy_run == 0 )
+    if (ctx->initial_entropy_run == 0) {
-    {
         ctx->initial_entropy_run = 1;
-        if( ( ret = mbedtls_entropy_update_nv_seed( ctx ) ) != 0 )
+        if ((ret = mbedtls_entropy_update_nv_seed(ctx)) != 0) {
-            return( ret );
+            return ret;
+        }
     }
 #endif
 
 #if defined(MBEDTLS_THREADING_C)
-    if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
+    if ((ret = mbedtls_mutex_lock(&ctx->mutex)) != 0) {
-        return( ret );
+        return ret;
+    }
 #endif
 
     /*
      * Always gather extra entropy before a call
      */
-    do
+    do {
-    {
+        if (count++ > ENTROPY_MAX_LOOP) {
-        if( count++ > ENTROPY_MAX_LOOP )
-        {
             ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
             goto exit;
         }
 
-        if( ( ret = entropy_gather_internal( ctx ) ) != 0 )
+        if ((ret = entropy_gather_internal(ctx)) != 0) {
             goto exit;
+        }
 
         thresholds_reached = 1;
         strong_size = 0;
-        for( i = 0; i < ctx->source_count; i++ )
+        for (i = 0; i < ctx->source_count; i++) {
-        {
+            if (ctx->source[i].size < ctx->source[i].threshold) {
-            if( ctx->source[i].size < ctx->source[i].threshold )
                 thresholds_reached = 0;
-            if( ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG )
+            }
+            if (ctx->source[i].strong == MBEDTLS_ENTROPY_SOURCE_STRONG) {
                 strong_size += ctx->source[i].size;
             }
         }
-    while( ! thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE );
+    } while (!thresholds_reached || strong_size < MBEDTLS_ENTROPY_BLOCK_SIZE);
 
     memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
 
@@ -347,51 +360,60 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len )
      * in a previous call to entropy_update(). If this is not guaranteed, the
      * code below will fail.
      */
-    if( ( ret = mbedtls_sha512_finish( &ctx->accumulator, buf ) ) != 0 )
+    if ((ret = mbedtls_sha512_finish(&ctx->accumulator, buf)) != 0) {
         goto exit;
+    }
 
     /*
      * Reset accumulator and counters and recycle existing entropy
      */
     mbedtls_sha512_free(&ctx->accumulator);
     mbedtls_sha512_init(&ctx->accumulator);
-    if( ( ret = mbedtls_sha512_starts( &ctx->accumulator, 0 ) ) != 0 )
+    if ((ret = mbedtls_sha512_starts(&ctx->accumulator, 0)) != 0) {
         goto exit;
+    }
     if ((ret = mbedtls_sha512_update(&ctx->accumulator, buf,
-                                           MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
+                                     MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
         goto exit;
+    }
 
     /*
      * Perform second SHA-512 on entropy
      */
     if ((ret = mbedtls_sha512(buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
-                                    buf, 0 ) ) != 0 )
+                              buf, 0)) != 0) {
         goto exit;
+    }
 #else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
-    if( ( ret = mbedtls_sha256_finish( &ctx->accumulator, buf ) ) != 0 )
+    if ((ret = mbedtls_sha256_finish(&ctx->accumulator, buf)) != 0) {
         goto exit;
+    }
 
     /*
      * Reset accumulator and counters and recycle existing entropy
      */
     mbedtls_sha256_free(&ctx->accumulator);
     mbedtls_sha256_init(&ctx->accumulator);
-    if( ( ret = mbedtls_sha256_starts( &ctx->accumulator, 0 ) ) != 0 )
+    if ((ret = mbedtls_sha256_starts(&ctx->accumulator, 0)) != 0) {
         goto exit;
+    }
     if ((ret = mbedtls_sha256_update(&ctx->accumulator, buf,
-                                           MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
+                                     MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
         goto exit;
+    }
 
     /*
      * Perform second SHA-256 on entropy
      */
     if ((ret = mbedtls_sha256(buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
-                                    buf, 0 ) ) != 0 )
+                              buf, 0)) != 0) {
         goto exit;
+    }
 #endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
 
-    for( i = 0; i < ctx->source_count; i++ )
+    for (i = 0; i < ctx->source_count; i++) {
         ctx->source[i].size = 0;
+    }
 
     memcpy(output, buf, len);
 
@@ -401,11 +423,12 @@ exit:
     mbedtls_platform_zeroize(buf, sizeof(buf));
 
 #if defined(MBEDTLS_THREADING_C)
-    if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
+    if (mbedtls_mutex_unlock(&ctx->mutex) != 0) {
-        return( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+        return MBEDTLS_ERR_THREADING_MUTEX_ERROR;
+    }
 #endif
 
-    return( ret );
+    return ret;
 }
 
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
@@ -415,17 +438,19 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
     unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
 
     /* Read new seed  and write it to NV */
-    if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
+    if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    if( mbedtls_nv_seed_write( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
+    if (mbedtls_nv_seed_write(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) {
-        return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
+        return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+    }
 
     /* Manually update the remaining stream with a separator value to diverge */
     memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
     ret = mbedtls_entropy_update_manual(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE);
 
-    return( ret );
+    return ret;
 }
 #endif /* MBEDTLS_ENTROPY_NV_SEED */
 
@@ -436,14 +461,12 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
     FILE *f = NULL;
     unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
 
-    if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
+    if ((ret = mbedtls_entropy_func(ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE)) != 0) {
-    {
         ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
         goto exit;
     }
 
-    if( ( f = fopen( path, "wb" ) ) == NULL )
+    if ((f = fopen(path, "wb")) == NULL) {
-    {
         ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
         goto exit;
     }
@@ -451,8 +474,7 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
     mbedtls_setbuf(f, NULL);
 
-    if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE )
+    if (fwrite(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) != MBEDTLS_ENTROPY_BLOCK_SIZE) {
-    {
         ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
         goto exit;
     }
@@ -462,10 +484,11 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
 exit:
     mbedtls_platform_zeroize(buf, sizeof(buf));
 
-    if( f != NULL )
+    if (f != NULL) {
         fclose(f);
+    }
 
-    return( ret );
+    return ret;
 }
 
 int mbedtls_entropy_update_seed_file(mbedtls_entropy_context *ctx, const char *path)
@@ -475,8 +498,9 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *
     size_t n;
     unsigned char buf[MBEDTLS_ENTROPY_MAX_SEED_SIZE];
 
-    if( ( f = fopen( path, "rb" ) ) == NULL )
+    if ((f = fopen(path, "rb")) == NULL) {
-        return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
+        return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+    }
 
     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
     mbedtls_setbuf(f, NULL);
@@ -485,22 +509,25 @@ int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *
     n = (size_t) ftell(f);
     fseek(f, 0, SEEK_SET);
 
-    if( n > MBEDTLS_ENTROPY_MAX_SEED_SIZE )
+    if (n > MBEDTLS_ENTROPY_MAX_SEED_SIZE) {
         n = MBEDTLS_ENTROPY_MAX_SEED_SIZE;
+    }
 
-    if( fread( buf, 1, n, f ) != n )
+    if (fread(buf, 1, n, f) != n) {
         ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
-    else
+    } else {
         ret = mbedtls_entropy_update_manual(ctx, buf, n);
+    }
 
     fclose(f);
 
     mbedtls_platform_zeroize(buf, sizeof(buf));
 
-    if( ret != 0 )
+    if (ret != 0) {
-        return( ret );
+        return ret;
+    }
 
-    return( mbedtls_entropy_write_seed_file( ctx, path ) );
+    return mbedtls_entropy_write_seed_file(ctx, path);
 }
 #endif /* MBEDTLS_FS_IO */
 
@@ -516,7 +543,7 @@ static int entropy_dummy_source( void *data, unsigned char *output,
     memset(output, 0x2a, len);
     *olen = len;
 
-    return( 0 );
+    return 0;
 }
 
 #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
@@ -528,22 +555,21 @@ static int mbedtls_entropy_source_self_test_gather( unsigned char *buf, size_t b
     size_t olen = 0;
     size_t attempts = buf_len;
 
-    while( attempts > 0 && entropy_len < buf_len )
+    while (attempts > 0 && entropy_len < buf_len) {
-    {
         if ((ret = mbedtls_hardware_poll(NULL, buf + entropy_len,
-            buf_len - entropy_len, &olen ) ) != 0 )
+                                         buf_len - entropy_len, &olen)) != 0) {
-            return( ret );
+            return ret;
+        }
 
         entropy_len += olen;
         attempts--;
     }
 
-    if( entropy_len < buf_len )
+    if (entropy_len < buf_len) {
-    {
         ret = 1;
     }
 
-    return( ret );
+    return ret;
 }
 
 
@@ -554,13 +580,12 @@ static int mbedtls_entropy_source_self_test_check_bits( const unsigned char *buf
     unsigned char unset = 0x00;
     size_t i;
 
-    for( i = 0; i < buf_len; i++ )
+    for (i = 0; i < buf_len; i++) {
-    {
         set &= buf[i];
         unset |= buf[i];
     }
 
-    return( set == 0xFF || unset == 0x00 );
+    return set == 0xFF || unset == 0x00;
 }
 
 /*
@@ -580,39 +605,44 @@ int mbedtls_entropy_source_self_test( int verbose )
     unsigned char buf0[2 * sizeof(unsigned long long int)];
     unsigned char buf1[2 * sizeof(unsigned long long int)];
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("  ENTROPY_BIAS test: ");
+    }
 
     memset(buf0, 0x00, sizeof(buf0));
     memset(buf1, 0x00, sizeof(buf1));
 
-    if( ( ret = mbedtls_entropy_source_self_test_gather( buf0, sizeof( buf0 ) ) ) != 0 )
+    if ((ret = mbedtls_entropy_source_self_test_gather(buf0, sizeof(buf0))) != 0) {
         goto cleanup;
-    if( ( ret = mbedtls_entropy_source_self_test_gather( buf1, sizeof( buf1 ) ) ) != 0 )
+    }
+    if ((ret = mbedtls_entropy_source_self_test_gather(buf1, sizeof(buf1))) != 0) {
         goto cleanup;
+    }
 
     /* Make sure that the returned values are not all 0 or 1 */
-    if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf0, sizeof( buf0 ) ) ) != 0 )
+    if ((ret = mbedtls_entropy_source_self_test_check_bits(buf0, sizeof(buf0))) != 0) {
         goto cleanup;
-    if( ( ret = mbedtls_entropy_source_self_test_check_bits( buf1, sizeof( buf1 ) ) ) != 0 )
+    }
+    if ((ret = mbedtls_entropy_source_self_test_check_bits(buf1, sizeof(buf1))) != 0) {
         goto cleanup;
+    }
 
     /* Make sure that the entropy source is not returning values in a
      * pattern */
     ret = memcmp(buf0, buf1, sizeof(buf0)) == 0;
 
 cleanup:
-    if( verbose != 0 )
+    if (verbose != 0) {
-    {
+        if (ret != 0) {
-        if( ret != 0 )
             mbedtls_printf("failed\n");
-        else
+        } else {
             mbedtls_printf("passed\n");
+        }
 
         mbedtls_printf("\n");
     }
 
-    return( ret != 0 );
+    return ret != 0;
 }
 
 #endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
@@ -630,22 +660,26 @@ int mbedtls_entropy_self_test( int verbose )
     unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
     size_t i, j;
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("  ENTROPY test: ");
+    }
 
     mbedtls_entropy_init(&ctx);
 
     /* First do a gather to make sure we have default sources */
-    if( ( ret = mbedtls_entropy_gather( &ctx ) ) != 0 )
+    if ((ret = mbedtls_entropy_gather(&ctx)) != 0) {
         goto cleanup;
+    }
 
     ret = mbedtls_entropy_add_source(&ctx, entropy_dummy_source, NULL, 16,
                                      MBEDTLS_ENTROPY_SOURCE_WEAK);
-    if( ret != 0 )
+    if (ret != 0) {
         goto cleanup;
+    }
 
-    if( ( ret = mbedtls_entropy_update_manual( &ctx, buf, sizeof buf ) ) != 0 )
+    if ((ret = mbedtls_entropy_update_manual(&ctx, buf, sizeof buf)) != 0) {
         goto cleanup;
+    }
 
     /*
      * To test that mbedtls_entropy_func writes correct number of bytes:
@@ -655,43 +689,43 @@ int mbedtls_entropy_self_test( int verbose )
      *   each of the 32 or 64 bytes to be non-zero has a false failure rate
      *   of at most 2^(-58) which is acceptable.
      */
-    for( i = 0; i < 8; i++ )
+    for (i = 0; i < 8; i++) {
-    {
+        if ((ret = mbedtls_entropy_func(&ctx, buf, sizeof(buf))) != 0) {
-        if( ( ret = mbedtls_entropy_func( &ctx, buf, sizeof( buf ) ) ) != 0 )
             goto cleanup;
-
-        for( j = 0; j < sizeof( buf ); j++ )
-            acc[j] |= buf[j];
         }
 
-    for( j = 0; j < sizeof( buf ); j++ )
+        for (j = 0; j < sizeof(buf); j++) {
-    {
+            acc[j] |= buf[j];
-        if( acc[j] == 0 )
+        }
-        {
+    }
+
+    for (j = 0; j < sizeof(buf); j++) {
+        if (acc[j] == 0) {
             ret = 1;
             goto cleanup;
         }
     }
 
 #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
-    if( ( ret = mbedtls_entropy_source_self_test( 0 ) ) != 0 )
+    if ((ret = mbedtls_entropy_source_self_test(0)) != 0) {
         goto cleanup;
+    }
 #endif
 
 cleanup:
     mbedtls_entropy_free(&ctx);
 
-    if( verbose != 0 )
+    if (verbose != 0) {
-    {
+        if (ret != 0) {
-        if( ret != 0 )
             mbedtls_printf("failed\n");
-        else
+        } else {
             mbedtls_printf("passed\n");
+        }
 
         mbedtls_printf("\n");
     }
 
-    return( ret != 0 );
+    return ret != 0;
 }
 #endif /* MBEDTLS_SELF_TEST */
 

library/entropy_poll.c

@@ -42,7 +42,8 @@
 #if !defined(unix) && !defined(__unix__) && !defined(__unix) && \
     !defined(__APPLE__) && !defined(_WIN32) && !defined(__QNXNTO__) && \
     !defined(__HAIKU__) && !defined(__midipix__)
-#error "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h"
+#error \
+    "Platform entropy sources only work on Unix and Windows, see MBEDTLS_NO_PLATFORM_ENTROPY in mbedtls_config.h"
 #endif
 
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
@@ -61,21 +62,19 @@ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len
     *olen = 0;
 
     if (CryptAcquireContext(&provider, NULL, NULL,
-                              PROV_RSA_FULL, CRYPT_VERIFYCONTEXT ) == FALSE )
+                            PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) == FALSE) {
-    {
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
     }
 
-    if( CryptGenRandom( provider, (DWORD) len, output ) == FALSE )
+    if (CryptGenRandom(provider, (DWORD) len, output) == FALSE) {
-    {
         CryptReleaseContext(provider, 0);
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
     }
 
     CryptReleaseContext(provider, 0);
     *olen = len;
 
-    return( 0 );
+    return 0;
 }
 #else /* _WIN32 && !EFIX64 && !EFI32 */
 
@@ -99,7 +98,7 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags )
     memset(buf, 0, buflen);
 #endif
 #endif
-    return( syscall( SYS_getrandom, buf, buflen, flags ) );
+    return syscall(SYS_getrandom, buf, buflen, flags);
 }
 #endif /* SYS_getrandom */
 #endif /* __linux__ || __midipix__ */
@@ -141,15 +140,15 @@ static int sysctl_arnd_wrapper( unsigned char *buf, size_t buflen )
     name[0] = CTL_KERN;
     name[1] = KERN_ARND;
 
-    while( buflen > 0 )
+    while (buflen > 0) {
-    {
         len = buflen > 256 ? 256 : buflen;
-        if( sysctl(name, 2, buf, &len, NULL, 0) == -1 )
+        if (sysctl(name, 2, buf, &len, NULL, 0) == -1) {
-            return( -1 );
+            return -1;
+        }
         buflen -= len;
         buf += len;
     }
-    return( 0 );
+    return 0;
 }
 #endif /* KERN_ARND */
 #endif /* __FreeBSD__ || __NetBSD__ */
@@ -166,13 +165,12 @@ int mbedtls_platform_entropy_poll( void *data,
 
 #if defined(HAVE_GETRANDOM)
     ret = getrandom_wrapper(output, len, 0);
-    if( ret >= 0 )
+    if (ret >= 0) {
-    {
         *olen = ret;
-        return( 0 );
+        return 0;
+    } else if (errno != ENOSYS) {
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
     }
-    else if( errno != ENOSYS )
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
     /* Fall through if the system call isn't known. */
 #else
     ((void) ret);
@@ -181,32 +179,33 @@ int mbedtls_platform_entropy_poll( void *data,
 #if defined(HAVE_SYSCTL_ARND)
     ((void) file);
     ((void) read_len);
-    if( sysctl_arnd_wrapper( output, len ) == -1 )
+    if (sysctl_arnd_wrapper(output, len) == -1) {
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+    }
     *olen = len;
-    return( 0 );
+    return 0;
 #else
 
     *olen = 0;
 
     file = fopen("/dev/urandom", "rb");
-    if( file == NULL )
+    if (file == NULL) {
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+    }
 
     /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
     mbedtls_setbuf(file, NULL);
 
     read_len = fread(output, 1, len, file);
-    if( read_len != len )
+    if (read_len != len) {
-    {
         fclose(file);
-        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
     }
 
     fclose(file);
     *olen = len;
 
-    return( 0 );
+    return 0;
 #endif /* HAVE_SYSCTL_ARND */
 }
 #endif /* _WIN32 && !EFIX64 && !EFI32 */
@@ -222,16 +221,18 @@ int mbedtls_nv_seed_poll( void *data,
 
     memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE);
 
-    if( mbedtls_nv_seed_read( buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) < 0 )
+    if (mbedtls_nv_seed_read(buf, MBEDTLS_ENTROPY_BLOCK_SIZE) < 0) {
-      return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
+        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+    }
 
-    if( len < use_len )
+    if (len < use_len) {
         use_len = len;
+    }
 
     memcpy(output, buf, use_len);
     *olen = use_len;
 
-    return( 0 );
+    return 0;
 }
 #endif /* MBEDTLS_ENTROPY_NV_SEED */
 

library/gcm.c

@@ -69,8 +69,9 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
     size_t olen = 0;
 
     memset(h, 0, 16);
-    if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, h, 16, h, &olen ) ) != 0 )
+    if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, h, 16, h, &olen)) != 0) {
-        return( ret );
+        return ret;
+    }
 
     /* pack h as two 64-bits ints, big-endian */
     hi = MBEDTLS_GET_UINT32_BE(h,  0);
@@ -87,16 +88,16 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
 
 #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
     /* With CLMUL support, we need only h, not the rest of the table */
-    if( mbedtls_aesni_has_support( MBEDTLS_AESNI_CLMUL ) )
+    if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
-        return( 0 );
+        return 0;
+    }
 #endif
 
     /* 0 corresponds to 0 in GF(2^128) */
     ctx->HH[0] = 0;
     ctx->HL[0] = 0;
 
-    for( i = 4; i > 0; i >>= 1 )
+    for (i = 4; i > 0; i >>= 1) {
-    {
         uint32_t T = (vl & 1) * 0xe1000000U;
         vl  = (vh << 63) | (vl >> 1);
         vh  = (vh >> 1) ^ ((uint64_t) T << 32);
@@ -105,19 +106,17 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
         ctx->HH[i] = vh;
     }
 
-    for( i = 2; i <= 8; i *= 2 )
+    for (i = 2; i <= 8; i *= 2) {
-    {
         uint64_t *HiL = ctx->HL + i, *HiH = ctx->HH + i;
         vh = *HiH;
         vl = *HiL;
-        for( j = 1; j < i; j++ )
+        for (j = 1; j < i; j++) {
-        {
             HiH[j] = vh ^ ctx->HH[j];
             HiL[j] = vl ^ ctx->HL[j];
         }
     }
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx,
@@ -128,32 +127,36 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const mbedtls_cipher_info_t *cipher_info;
 
-    if( keybits != 128 && keybits != 192 && keybits != 256 )
+    if (keybits != 128 && keybits != 192 && keybits != 256) {
         return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
 
     cipher_info = mbedtls_cipher_info_from_values(cipher, keybits,
                                                   MBEDTLS_MODE_ECB);
-    if( cipher_info == NULL )
+    if (cipher_info == NULL) {
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
 
-    if( cipher_info->block_size != 16 )
+    if (cipher_info->block_size != 16) {
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
 
     mbedtls_cipher_free(&ctx->cipher_ctx);
 
-    if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
+    if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) {
-        return( ret );
+        return ret;
-
-    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
-                               MBEDTLS_ENCRYPT ) ) != 0 )
-    {
-        return( ret );
     }
 
-    if( ( ret = gcm_gen_table( ctx ) ) != 0 )
+    if ((ret = mbedtls_cipher_setkey(&ctx->cipher_ctx, key, keybits,
-        return( ret );
+                                     MBEDTLS_ENCRYPT)) != 0) {
+        return ret;
+    }
 
-    return( 0 );
+    if ((ret = gcm_gen_table(ctx)) != 0) {
+        return ret;
+    }
+
+    return 0;
 }
 
 /*
@@ -199,13 +202,11 @@ static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
     zh = ctx->HH[lo];
     zl = ctx->HL[lo];
 
-    for( i = 15; i >= 0; i-- )
+    for (i = 15; i >= 0; i--) {
-    {
         lo = x[i] & 0xf;
         hi = (x[i] >> 4) & 0xf;
 
-        if( i != 15 )
+        if (i != 15) {
-        {
             rem = (unsigned char) zl & 0xf;
             zl = (zh << 60) | (zl >> 4);
             zh = (zh >> 4);
@@ -241,8 +242,9 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
 
     /* IV is limited to 2^64 bits, so 2^61 bytes */
     /* IV is not allowed to be zero length */
-    if( iv_len == 0 || (uint64_t) iv_len >> 61 != 0 )
+    if (iv_len == 0 || (uint64_t) iv_len >> 61 != 0) {
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
 
     memset(ctx->y, 0x00, sizeof(ctx->y));
     memset(ctx->buf, 0x00, sizeof(ctx->buf));
@@ -251,20 +253,16 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
     ctx->len = 0;
     ctx->add_len = 0;
 
-    if( iv_len == 12 )
+    if (iv_len == 12) {
-    {
         memcpy(ctx->y, iv, iv_len);
         ctx->y[15] = 1;
-    }
+    } else {
-    else
-    {
         memset(work_buf, 0x00, 16);
         iv_bits = (uint64_t) iv_len * 8;
         MBEDTLS_PUT_UINT64_BE(iv_bits, work_buf, 8);
 
         p = iv;
-        while( iv_len > 0 )
+        while (iv_len > 0) {
-        {
             use_len = (iv_len < 16) ? iv_len : 16;
 
             mbedtls_xor(ctx->y, ctx->y, p, use_len);
@@ -281,12 +279,11 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
     }
 
     if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16,
-                                       ctx->base_ectr, &olen ) ) != 0 )
+                                     ctx->base_ectr, &olen)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 
-    return( 0 );
+    return 0;
 }
 
 /**
@@ -313,22 +310,24 @@ int mbedtls_gcm_update_ad( mbedtls_gcm_context *ctx,
     size_t use_len, offset;
 
     /* IV is limited to 2^64 bits, so 2^61 bytes */
-    if( (uint64_t) add_len >> 61 != 0 )
+    if ((uint64_t) add_len >> 61 != 0) {
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
 
     offset = ctx->add_len % 16;
     p = add;
 
-    if( offset != 0 )
+    if (offset != 0) {
-    {
         use_len = 16 - offset;
-        if( use_len > add_len )
+        if (use_len > add_len) {
             use_len = add_len;
+        }
 
         mbedtls_xor(ctx->buf + offset, ctx->buf + offset, p, use_len);
 
-        if( offset + use_len == 16 )
+        if (offset + use_len == 16) {
             gcm_mult(ctx, ctx->buf, ctx->buf);
+        }
 
         ctx->add_len += use_len;
         add_len -= use_len;
@@ -337,8 +336,7 @@ int mbedtls_gcm_update_ad( mbedtls_gcm_context *ctx,
 
     ctx->add_len += add_len;
 
-    while( add_len >= 16 )
+    while (add_len >= 16) {
-    {
         mbedtls_xor(ctx->buf, ctx->buf, p, 16);
 
         gcm_mult(ctx, ctx->buf, ctx->buf);
@@ -347,22 +345,23 @@ int mbedtls_gcm_update_ad( mbedtls_gcm_context *ctx,
         p += 16;
     }
 
-    if( add_len > 0 )
+    if (add_len > 0) {
-    {
         mbedtls_xor(ctx->buf, ctx->buf, p, add_len);
     }
 
-    return( 0 );
+    return 0;
 }
 
 /* Increment the counter. */
 static void gcm_incr(unsigned char y[16])
 {
     size_t i;
-    for( i = 16; i > 12; i-- )
+    for (i = 16; i > 12; i--) {
-        if( ++y[i - 1] != 0 )
+        if (++y[i - 1] != 0) {
             break;
         }
+    }
+}
 
 /* Calculate and apply the encryption mask. Process use_len bytes of data,
  * starting at position offset in the mask block. */
@@ -376,19 +375,20 @@ static int gcm_mask( mbedtls_gcm_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
     if ((ret = mbedtls_cipher_update(&ctx->cipher_ctx, ctx->y, 16, ectr,
-                                       &olen ) ) != 0 )
+                                     &olen)) != 0) {
-    {
         mbedtls_platform_zeroize(ectr, 16);
-        return( ret );
+        return ret;
     }
 
-    if( ctx->mode == MBEDTLS_GCM_DECRYPT )
+    if (ctx->mode == MBEDTLS_GCM_DECRYPT) {
         mbedtls_xor(ctx->buf + offset, ctx->buf + offset, input, use_len);
+    }
     mbedtls_xor(output, ectr + offset, input, use_len);
-    if( ctx->mode == MBEDTLS_GCM_ENCRYPT )
+    if (ctx->mode == MBEDTLS_GCM_ENCRYPT) {
         mbedtls_xor(ctx->buf + offset, ctx->buf + offset, output, use_len);
+    }
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_gcm_update(mbedtls_gcm_context *ctx,
@@ -402,45 +402,48 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
     size_t offset;
     unsigned char ectr[16] = { 0 };
 
-    if( output_size < input_length )
+    if (output_size < input_length) {
-        return( MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL );
+        return MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL;
+    }
     *output_length = input_length;
 
     /* Exit early if input_length==0 so that we don't do any pointer arithmetic
      * on a potentially null pointer.
      * Returning early also means that the last partial block of AD remains
      * untouched for mbedtls_gcm_finish */
-    if( input_length == 0 )
+    if (input_length == 0) {
-        return( 0 );
+        return 0;
+    }
 
-    if( output > input && (size_t) ( output - input ) < input_length )
+    if (output > input && (size_t) (output - input) < input_length) {
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
 
     /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
      * Also check for possible overflow */
     if (ctx->len + input_length < ctx->len ||
-        (uint64_t) ctx->len + input_length > 0xFFFFFFFE0ull )
+        (uint64_t) ctx->len + input_length > 0xFFFFFFFE0ull) {
-    {
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
     }
 
-    if( ctx->len == 0 && ctx->add_len % 16 != 0 )
+    if (ctx->len == 0 && ctx->add_len % 16 != 0) {
-    {
         gcm_mult(ctx, ctx->buf, ctx->buf);
     }
 
     offset = ctx->len % 16;
-    if( offset != 0 )
+    if (offset != 0) {
-    {
         size_t use_len = 16 - offset;
-        if( use_len > input_length )
+        if (use_len > input_length) {
             use_len = input_length;
+        }
 
-        if( ( ret = gcm_mask( ctx, ectr, offset, use_len, p, out_p ) ) != 0 )
+        if ((ret = gcm_mask(ctx, ectr, offset, use_len, p, out_p)) != 0) {
-            return( ret );
+            return ret;
+        }
 
-        if( offset + use_len == 16 )
+        if (offset + use_len == 16) {
             gcm_mult(ctx, ctx->buf, ctx->buf);
+        }
 
         ctx->len += use_len;
         input_length -= use_len;
@@ -450,11 +453,11 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
 
     ctx->len += input_length;
 
-    while( input_length >= 16 )
+    while (input_length >= 16) {
-    {
         gcm_incr(ctx->y);
-        if( ( ret = gcm_mask( ctx, ectr, 0, 16, p, out_p ) ) != 0 )
+        if ((ret = gcm_mask(ctx, ectr, 0, 16, p, out_p)) != 0) {
-            return( ret );
+            return ret;
+        }
 
         gcm_mult(ctx, ctx->buf, ctx->buf);
 
@@ -463,15 +466,15 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
         out_p += 16;
     }
 
-    if( input_length > 0 )
+    if (input_length > 0) {
-    {
         gcm_incr(ctx->y);
-        if( ( ret = gcm_mask( ctx, ectr, 0, input_length, p, out_p ) ) != 0 )
+        if ((ret = gcm_mask(ctx, ectr, 0, input_length, p, out_p)) != 0) {
-            return( ret );
+            return ret;
+        }
     }
 
     mbedtls_platform_zeroize(ectr, sizeof(ectr));
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_gcm_finish(mbedtls_gcm_context *ctx,
@@ -492,21 +495,21 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
     orig_len = ctx->len * 8;
     orig_add_len = ctx->add_len * 8;
 
-    if( ctx->len == 0 && ctx->add_len % 16 != 0 )
+    if (ctx->len == 0 && ctx->add_len % 16 != 0) {
-    {
         gcm_mult(ctx, ctx->buf, ctx->buf);
     }
 
-    if( tag_len > 16 || tag_len < 4 )
+    if (tag_len > 16 || tag_len < 4) {
-        return( MBEDTLS_ERR_GCM_BAD_INPUT );
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
 
-    if( ctx->len % 16 != 0 )
+    if (ctx->len % 16 != 0) {
         gcm_mult(ctx, ctx->buf, ctx->buf);
+    }
 
     memcpy(tag, ctx->base_ectr, tag_len);
 
-    if( orig_len || orig_add_len )
+    if (orig_len || orig_add_len) {
-    {
         memset(work_buf, 0x00, 16);
 
         MBEDTLS_PUT_UINT32_BE((orig_add_len >> 32), work_buf, 0);
@@ -521,7 +524,7 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
         mbedtls_xor(tag, tag, ctx->buf, tag_len);
     }
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx,
@@ -539,20 +542,24 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t olen;
 
-    if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len ) ) != 0 )
+    if ((ret = mbedtls_gcm_starts(ctx, mode, iv, iv_len)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    if( ( ret = mbedtls_gcm_update_ad( ctx, add, add_len ) ) != 0 )
+    if ((ret = mbedtls_gcm_update_ad(ctx, add, add_len)) != 0) {
-        return( ret );
+        return ret;
+    }
 
     if ((ret = mbedtls_gcm_update(ctx, input, length,
-                                    output, length, &olen ) ) != 0 )
+                                  output, length, &olen)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    if( ( ret = mbedtls_gcm_finish( ctx, NULL, 0, &olen, tag, tag_len ) ) != 0 )
+    if ((ret = mbedtls_gcm_finish(ctx, NULL, 0, &olen, tag, tag_len)) != 0) {
-        return( ret );
+        return ret;
+    }
 
-    return( 0 );
+    return 0;
 }
 
 int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx,
@@ -573,28 +580,28 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
 
     if ((ret = mbedtls_gcm_crypt_and_tag(ctx, MBEDTLS_GCM_DECRYPT, length,
                                          iv, iv_len, add, add_len,
-                                   input, output, tag_len, check_tag ) ) != 0 )
+                                         input, output, tag_len, check_tag)) != 0) {
-    {
+        return ret;
-        return( ret );
     }
 
     /* Check tag in "constant-time" */
-    for( diff = 0, i = 0; i < tag_len; i++ )
+    for (diff = 0, i = 0; i < tag_len; i++) {
         diff |= tag[i] ^ check_tag[i];
-
-    if( diff != 0 )
-    {
-        mbedtls_platform_zeroize( output, length );
-        return( MBEDTLS_ERR_GCM_AUTH_FAILED );
     }
 
-    return( 0 );
+    if (diff != 0) {
+        mbedtls_platform_zeroize(output, length);
+        return MBEDTLS_ERR_GCM_AUTH_FAILED;
+    }
+
+    return 0;
 }
 
 void mbedtls_gcm_free(mbedtls_gcm_context *ctx)
 {
-    if( ctx == NULL )
+    if (ctx == NULL) {
         return;
+    }
     mbedtls_cipher_free(&ctx->cipher_ctx);
     mbedtls_platform_zeroize(ctx, sizeof(mbedtls_gcm_context));
 }
@@ -838,17 +845,16 @@ int mbedtls_gcm_self_test( int verbose )
     mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
     size_t olen;
 
-    for( j = 0; j < 3; j++ )
+    for (j = 0; j < 3; j++) {
-    {
         int key_len = 128 + 64 * j;
 
-        for( i = 0; i < MAX_TESTS; i++ )
+        for (i = 0; i < MAX_TESTS; i++) {
-        {
             mbedtls_gcm_init(&ctx);
 
-            if( verbose != 0 )
+            if (verbose != 0) {
                 mbedtls_printf("  AES-GCM-%3d #%d (%s): ",
                                key_len, i, "enc");
+            }
 
             ret = mbedtls_gcm_setkey(&ctx, cipher,
                                      key_test_data[key_index_test_data[i]],
@@ -858,13 +864,10 @@ int mbedtls_gcm_self_test( int verbose )
              * there is an alternative underlying implementation i.e. when
              * MBEDTLS_AES_ALT is defined.
              */
-            if( ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192 )
+            if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED && key_len == 192) {
-            {
                 mbedtls_printf("skipped\n");
                 break;
-            }
+            } else if (ret != 0) {
-            else if( ret != 0 )
-            {
                 goto exit;
             }
 
@@ -879,39 +882,41 @@ int mbedtls_gcm_self_test( int verbose )
 #if defined(MBEDTLS_GCM_ALT)
             /* Allow alternative implementations to only support 12-byte nonces. */
             if (ret == MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED &&
-                iv_len_test_data[i] != 12 )
+                iv_len_test_data[i] != 12) {
-            {
                 mbedtls_printf("skipped\n");
                 break;
             }
 #endif /* defined(MBEDTLS_GCM_ALT) */
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
 
             if (memcmp(buf, ct_test_data[j * 6 + i],
                        pt_len_test_data[i]) != 0 ||
-                 memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
+                memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
-            {
                 ret = 1;
                 goto exit;
             }
 
             mbedtls_gcm_free(&ctx);
 
-            if( verbose != 0 )
+            if (verbose != 0) {
                 mbedtls_printf("passed\n");
+            }
 
             mbedtls_gcm_init(&ctx);
 
-            if( verbose != 0 )
+            if (verbose != 0) {
                 mbedtls_printf("  AES-GCM-%3d #%d (%s): ",
                                key_len, i, "dec");
+            }
 
             ret = mbedtls_gcm_setkey(&ctx, cipher,
                                      key_test_data[key_index_test_data[i]],
                                      key_len);
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
 
             ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_DECRYPT,
                                             pt_len_test_data[i],
@@ -921,184 +926,202 @@ int mbedtls_gcm_self_test( int verbose )
                                             add_len_test_data[i],
                                             ct_test_data[j * 6 + i], buf, 16, tag_buf);
 
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
 
             if (memcmp(buf, pt_test_data[pt_index_test_data[i]],
                        pt_len_test_data[i]) != 0 ||
-                memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
+                memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
-            {
                 ret = 1;
                 goto exit;
             }
 
             mbedtls_gcm_free(&ctx);
 
-            if( verbose != 0 )
+            if (verbose != 0) {
                 mbedtls_printf("passed\n");
+            }
 
             mbedtls_gcm_init(&ctx);
 
-            if( verbose != 0 )
+            if (verbose != 0) {
                 mbedtls_printf("  AES-GCM-%3d #%d split (%s): ",
                                key_len, i, "enc");
+            }
 
             ret = mbedtls_gcm_setkey(&ctx, cipher,
                                      key_test_data[key_index_test_data[i]],
                                      key_len);
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
 
             ret = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_ENCRYPT,
                                      iv_test_data[iv_index_test_data[i]],
                                      iv_len_test_data[i]);
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
 
             ret = mbedtls_gcm_update_ad(&ctx,
                                         additional_test_data[add_index_test_data[i]],
                                         add_len_test_data[i]);
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
 
-            if( pt_len_test_data[i] > 32 )
+            if (pt_len_test_data[i] > 32) {
-            {
                 size_t rest_len = pt_len_test_data[i] - 32;
                 ret = mbedtls_gcm_update(&ctx,
                                          pt_test_data[pt_index_test_data[i]],
                                          32,
                                          buf, sizeof(buf), &olen);
-                if( ret != 0 )
+                if (ret != 0) {
                     goto exit;
-                if( olen != 32 )
+                }
+                if (olen != 32) {
                     goto exit;
+                }
 
                 ret = mbedtls_gcm_update(&ctx,
                                          pt_test_data[pt_index_test_data[i]] + 32,
                                          rest_len,
                                          buf + 32, sizeof(buf) - 32, &olen);
-                if( ret != 0 )
+                if (ret != 0) {
-                    goto exit;
-                if( olen != rest_len )
                     goto exit;
                 }
-            else
+                if (olen != rest_len) {
-            {
+                    goto exit;
+                }
+            } else {
                 ret = mbedtls_gcm_update(&ctx,
                                          pt_test_data[pt_index_test_data[i]],
                                          pt_len_test_data[i],
                                          buf, sizeof(buf), &olen);
-                if( ret != 0 )
+                if (ret != 0) {
                     goto exit;
-                if( olen != pt_len_test_data[i] )
+                }
+                if (olen != pt_len_test_data[i]) {
                     goto exit;
                 }
+            }
 
             ret = mbedtls_gcm_finish(&ctx, NULL, 0, &olen, tag_buf, 16);
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
 
             if (memcmp(buf, ct_test_data[j * 6 + i],
                        pt_len_test_data[i]) != 0 ||
-                memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
+                memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
-            {
                 ret = 1;
                 goto exit;
             }
 
             mbedtls_gcm_free(&ctx);
 
-            if( verbose != 0 )
+            if (verbose != 0) {
                 mbedtls_printf("passed\n");
+            }
 
             mbedtls_gcm_init(&ctx);
 
-            if( verbose != 0 )
+            if (verbose != 0) {
                 mbedtls_printf("  AES-GCM-%3d #%d split (%s): ",
                                key_len, i, "dec");
+            }
 
             ret = mbedtls_gcm_setkey(&ctx, cipher,
                                      key_test_data[key_index_test_data[i]],
                                      key_len);
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
 
             ret = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT,
                                      iv_test_data[iv_index_test_data[i]],
                                      iv_len_test_data[i]);
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
             ret = mbedtls_gcm_update_ad(&ctx,
                                         additional_test_data[add_index_test_data[i]],
                                         add_len_test_data[i]);
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
 
-            if( pt_len_test_data[i] > 32 )
+            if (pt_len_test_data[i] > 32) {
-            {
                 size_t rest_len = pt_len_test_data[i] - 32;
                 ret = mbedtls_gcm_update(&ctx,
                                          ct_test_data[j * 6 + i], 32,
                                          buf, sizeof(buf), &olen);
-                if( ret != 0 )
+                if (ret != 0) {
                     goto exit;
-                if( olen != 32 )
+                }
+                if (olen != 32) {
                     goto exit;
+                }
 
                 ret = mbedtls_gcm_update(&ctx,
                                          ct_test_data[j * 6 + i] + 32,
                                          rest_len,
                                          buf + 32, sizeof(buf) - 32, &olen);
-                if( ret != 0 )
+                if (ret != 0) {
-                    goto exit;
-                if( olen != rest_len )
                     goto exit;
                 }
-            else
+                if (olen != rest_len) {
-            {
+                    goto exit;
+                }
+            } else {
                 ret = mbedtls_gcm_update(&ctx,
                                          ct_test_data[j * 6 + i],
                                          pt_len_test_data[i],
                                          buf, sizeof(buf), &olen);
-                if( ret != 0 )
+                if (ret != 0) {
                     goto exit;
-                if( olen != pt_len_test_data[i] )
+                }
+                if (olen != pt_len_test_data[i]) {
                     goto exit;
                 }
+            }
 
             ret = mbedtls_gcm_finish(&ctx, NULL, 0, &olen, tag_buf, 16);
-            if( ret != 0 )
+            if (ret != 0) {
                 goto exit;
+            }
 
             if (memcmp(buf, pt_test_data[pt_index_test_data[i]],
                        pt_len_test_data[i]) != 0 ||
-                memcmp( tag_buf, tag_test_data[j * 6 + i], 16 ) != 0 )
+                memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) {
-            {
                 ret = 1;
                 goto exit;
             }
 
             mbedtls_gcm_free(&ctx);
 
-            if( verbose != 0 )
+            if (verbose != 0) {
                 mbedtls_printf("passed\n");
             }
         }
+    }
 
-    if( verbose != 0 )
+    if (verbose != 0) {
         mbedtls_printf("\n");
+    }
 
     ret = 0;
 
 exit:
-    if( ret != 0 )
+    if (ret != 0) {
-    {
+        if (verbose != 0) {
-        if( verbose != 0 )
             mbedtls_printf("failed\n");
+        }
         mbedtls_gcm_free(&ctx);
     }
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */

library/hash_info.c

@@ -24,8 +24,7 @@
 #include "mbedtls/legacy_or_psa.h"
 #include "mbedtls/error.h"
 
-typedef struct
+typedef struct {
-{
     psa_algorithm_t psa_alg;
     mbedtls_md_type_t md_type;
     unsigned char size;
@@ -62,8 +61,7 @@ unsigned char mbedtls_hash_info_get_size( mbedtls_md_type_t md_type )
 {
     const hash_entry *entry = hash_table;
     while (entry->md_type != MBEDTLS_MD_NONE &&
-           entry->md_type != md_type )
+           entry->md_type != md_type) {
-    {
         entry++;
     }
 
@@ -75,8 +73,7 @@ unsigned char mbedtls_hash_info_get_block_size( mbedtls_md_type_t md_type )
 {
     const hash_entry *entry = hash_table;
     while (entry->md_type != MBEDTLS_MD_NONE &&
-           entry->md_type != md_type )
+           entry->md_type != md_type) {
-    {
         entry++;
     }
 
@@ -88,8 +85,7 @@ psa_algorithm_t mbedtls_hash_info_psa_from_md( mbedtls_md_type_t md_type )
 {
     const hash_entry *entry = hash_table;
     while (entry->md_type != MBEDTLS_MD_NONE &&
-           entry->md_type != md_type )
+           entry->md_type != md_type) {
-    {
         entry++;
     }
 
@@ -101,8 +97,7 @@ mbedtls_md_type_t mbedtls_hash_info_md_from_psa( psa_algorithm_t psa_alg )
 {
     const hash_entry *entry = hash_table;
     while (entry->md_type != MBEDTLS_MD_NONE &&
-           entry->psa_alg != psa_alg )
+           entry->psa_alg != psa_alg) {
-    {
         entry++;
     }
 
@@ -111,17 +106,16 @@ mbedtls_md_type_t mbedtls_hash_info_md_from_psa( psa_algorithm_t psa_alg )
 
 int mbedtls_md_error_from_psa(psa_status_t status)
 {
-    switch( status )
+    switch (status) {
-    {
         case PSA_SUCCESS:
-            return( 0 );
+            return 0;
         case PSA_ERROR_NOT_SUPPORTED:
-            return( MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE );
+            return MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE;
         case PSA_ERROR_INVALID_ARGUMENT:
-            return( MBEDTLS_ERR_MD_BAD_INPUT_DATA );
+            return MBEDTLS_ERR_MD_BAD_INPUT_DATA;
         case PSA_ERROR_INSUFFICIENT_MEMORY:
-            return( MBEDTLS_ERR_MD_ALLOC_FAILED );
+            return MBEDTLS_ERR_MD_ALLOC_FAILED;
         default:
-            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
     }
 }

library/hkdf.c

@@ -35,15 +35,14 @@ int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
 
     ret = mbedtls_hkdf_extract(md, salt, salt_len, ikm, ikm_len, prk);
 
-    if( ret == 0 )
+    if (ret == 0) {
-    {
         ret = mbedtls_hkdf_expand(md, prk, mbedtls_md_get_size(md),
                                   info, info_len, okm, okm_len);
     }
 
     mbedtls_platform_zeroize(prk, sizeof(prk));
 
-    return( ret );
+    return ret;
 }
 
 int mbedtls_hkdf_extract(const mbedtls_md_info_t *md,
@@ -53,19 +52,16 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
 {
     unsigned char null_salt[MBEDTLS_MD_MAX_SIZE] = { '\0' };
 
-    if( salt == NULL )
+    if (salt == NULL) {
-    {
         size_t hash_len;
 
-        if( salt_len != 0 )
+        if (salt_len != 0) {
-        {
             return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
         }
 
         hash_len = mbedtls_md_get_size(md);
 
-        if( hash_len == 0 )
+        if (hash_len == 0) {
-        {
             return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
         }
 
@@ -73,7 +69,7 @@ int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
         salt_len = hash_len;
     }
 
-    return( mbedtls_md_hmac( md, salt, salt_len, ikm, ikm_len, prk ) );
+    return mbedtls_md_hmac(md, salt, salt_len, ikm, ikm_len, prk);
 }
 
 int mbedtls_hkdf_expand(const mbedtls_md_info_t *md, const unsigned char *prk,
@@ -89,28 +85,24 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
     mbedtls_md_context_t ctx;
     unsigned char t[MBEDTLS_MD_MAX_SIZE];
 
-    if( okm == NULL )
+    if (okm == NULL) {
-    {
+        return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
-        return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
     }
 
     hash_len = mbedtls_md_get_size(md);
 
-    if( prk_len < hash_len || hash_len == 0 )
+    if (prk_len < hash_len || hash_len == 0) {
-    {
+        return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
-        return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
     }
 
-    if( info == NULL )
+    if (info == NULL) {
-    {
         info = (const unsigned char *) "";
         info_len = 0;
     }
 
     n = okm_len / hash_len;
 
-    if( okm_len % hash_len != 0 )
+    if (okm_len % hash_len != 0) {
-    {
         n++;
     }
 
@@ -118,15 +110,13 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
      * Per RFC 5869 Section 2.3, okm_len must not exceed
      * 255 times the hash length
      */
-    if( n > 255 )
+    if (n > 255) {
-    {
+        return MBEDTLS_ERR_HKDF_BAD_INPUT_DATA;
-        return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA );
     }
 
     mbedtls_md_init(&ctx);
 
-    if( ( ret = mbedtls_md_setup( &ctx, md, 1 ) ) != 0 )
+    if ((ret = mbedtls_md_setup(&ctx, md, 1)) != 0) {
-    {
         goto exit;
     }
 
@@ -136,40 +126,34 @@ int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
      * Compute T = T(1) | T(2) | T(3) | ... | T(N)
      * Where T(N) is defined in RFC 5869 Section 2.3
      */
-    for( i = 1; i <= n; i++ )
+    for (i = 1; i <= n; i++) {
-    {
         size_t num_to_copy;
         unsigned char c = i & 0xff;
 
         ret = mbedtls_md_hmac_starts(&ctx, prk, prk_len);
-        if( ret != 0 )
+        if (ret != 0) {
-        {
             goto exit;
         }
 
         ret = mbedtls_md_hmac_update(&ctx, t, t_len);
-        if( ret != 0 )
+        if (ret != 0) {
-        {
             goto exit;
         }
 
         ret = mbedtls_md_hmac_update(&ctx, info, info_len);
-        if( ret != 0 )
+        if (ret != 0) {
-        {
             goto exit;
         }
 
         /* The constant concatenated to the end of each T(n) is a single octet.
          * */
         ret = mbedtls_md_hmac_update(&ctx, &c, 1);
-        if( ret != 0 )
+        if (ret != 0) {
-        {
             goto exit;
         }
 
         ret = mbedtls_md_hmac_finish(&ctx, t);
-        if( ret != 0 )
+        if (ret != 0) {
-        {
             goto exit;
         }
 
@@ -183,7 +167,7 @@ exit:
     mbedtls_md_free(&ctx);
     mbedtls_platform_zeroize(t, sizeof(t));
 
-    return( ret );
+    return ret;
 }
 
 #endif /* MBEDTLS_HKDF_C */