CMP+CRMF: fix formatting nits in crypto/, include/, and test/

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19230)

8 files changed, 26 insertions, 34 deletions

diff --git a/crypto/cmp/cmp_asn.c b/crypto/cmp/cmp_asn.c
index c6f37ef4df..e1ecc40838 100644
--- a/crypto/cmp/cmp_asn.c
+++ b/crypto/cmp/cmp_asn.c
@@ -28,7 +28,6 @@ ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = {
 } ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT)
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT)
 
-
 ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = {
     ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR),
     ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING),
@@ -36,19 +35,16 @@ ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = {
 } ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE)
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE)
 
-
 ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) =
     ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
                           OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE)
 ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT)
 
-
 ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) =
     ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
                           OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER)
 ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT)
 
-
 ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = {
     /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
     ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509),
@@ -59,7 +55,6 @@ ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = {
 } ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT)
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT)
 
-
 ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = {
     ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI),
     ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER),
@@ -255,7 +250,6 @@ ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = {
 } ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT)
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT)
 
-
 ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = {
     ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert,
                 OSSL_CMP_CERTORENCCERT),
@@ -266,20 +260,17 @@ ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = {
 } ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR)
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR)
 
-
 ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = {
     ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE),
     ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS)
 } ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS)
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS)
 
-
 ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) =
     ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT,
                           OSSL_CMP_REVDETAILS)
 ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT)
 
-
 ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = {
     ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI),
     ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID,
@@ -288,7 +279,6 @@ ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = {
 } ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT)
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT)
 
-
 ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = {
     ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI),
     ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0),
@@ -298,7 +288,6 @@ ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = {
 } ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT)
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT)
 
-
 ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) =
     ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER)
 ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS)
diff --git a/crypto/cmp/cmp_client.c b/crypto/cmp/cmp_client.c
index 26635db850..cffd258f18 100644
--- a/crypto/cmp/cmp_client.c
+++ b/crypto/cmp/cmp_client.c
@@ -487,6 +487,7 @@ int OSSL_CMP_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
 {
     X509_STORE *out_trusted = OSSL_CMP_CTX_get_certConf_cb_arg(ctx);
     STACK_OF(X509) *chain = NULL;
+
     (void)text; /* make (artificial) use of var to prevent compiler warning */
 
     if (fail_info != 0) /* accept any error flagged by CMP core library */
@@ -702,7 +703,6 @@ int OSSL_CMP_try_certreq(OSSL_CMP_CTX *ctx, int req_type,
 X509 *OSSL_CMP_exec_certreq(OSSL_CMP_CTX *ctx, int req_type,
                             const OSSL_CRMF_MSG *crm)
 {
-
     OSSL_CMP_MSG *rep = NULL;
     int is_p10 = req_type == OSSL_CMP_PKIBODY_P10CR;
     int rid = is_p10 ? -1 : OSSL_CMP_CERTREQID;
@@ -809,7 +809,8 @@ int OSSL_CMP_exec_RR_ses(OSSL_CMP_CTX *ctx)
         OSSL_CRMF_CERTTEMPLATE *tmpl =
             sk_OSSL_CMP_REVDETAILS_value(rr->body->value.rr, rsid)->certDetails;
         const X509_NAME *issuer = OSSL_CRMF_CERTTEMPLATE_get0_issuer(tmpl);
-        const ASN1_INTEGER *serial = OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(tmpl);
+        const ASN1_INTEGER *serial =
+            OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(tmpl);
 
         if (sk_OSSL_CRMF_CERTID_num(rrep->revCerts) != num_RevDetails) {
             ERR_raise(ERR_LIB_CMP, CMP_R_WRONG_RP_COMPONENT_COUNT);
diff --git a/crypto/cmp/cmp_local.h b/crypto/cmp/cmp_local.h
index f51247077d..a20eeac9dc 100644
--- a/crypto/cmp/cmp_local.h
+++ b/crypto/cmp/cmp_local.h
@@ -25,7 +25,7 @@
 # include <openssl/x509v3.h>
 # include "crypto/x509.h"
 
-#define IS_NULL_DN(name) (X509_NAME_get_entry(name, 0) == NULL)
+# define IS_NULL_DN(name) (X509_NAME_get_entry(name, 0) == NULL)
 
 /*
  * this structure is used to store the context for CMP sessions
diff --git a/crypto/cmp/cmp_msg.c b/crypto/cmp/cmp_msg.c
index 837f7523dd..dc33d8d0b3 100644
--- a/crypto/cmp/cmp_msg.c
+++ b/crypto/cmp/cmp_msg.c
@@ -59,7 +59,6 @@ int ossl_cmp_msg_set0_libctx(OSSL_CMP_MSG *msg, OSSL_LIB_CTX *libctx,
     return 1;
 }
 
-
 OSSL_CMP_PKIHEADER *OSSL_CMP_MSG_get0_header(const OSSL_CMP_MSG *msg)
 {
     if (msg == NULL) {
@@ -332,9 +331,9 @@ OSSL_CRMF_MSG *OSSL_CMP_CTX_setup_CRM(OSSL_CMP_CTX *ctx, int for_KUR, int rid)
             && (exts = X509_REQ_get_extensions(ctx->p10CSR)) == NULL)
         goto err;
     if (!ctx->SubjectAltName_nodefault && !HAS_SAN(ctx) && refcert != NULL
-            && (default_sans = X509V3_get_d2i(X509_get0_extensions(refcert),
-                                              NID_subject_alt_name, NULL, NULL))
-            != NULL
+        && (default_sans = X509V3_get_d2i(X509_get0_extensions(refcert),
+                                          NID_subject_alt_name, NULL, NULL))
+        != NULL
             && !add1_extension(&exts, NID_subject_alt_name, crit, default_sans))
         goto err;
     if (ctx->reqExtensions != NULL /* augment/override existing ones */
@@ -543,15 +542,15 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx)
 
     /* Fill the template from the contents of the certificate to be revoked */
     ret = ctx->oldCert != NULL
-    ? OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
-                                  NULL /* pubkey would be redundant */,
-                                  NULL /* subject would be redundant */,
-                                  X509_get_issuer_name(ctx->oldCert),
-                                  X509_get0_serialNumber(ctx->oldCert))
-    : OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
-                                  X509_REQ_get0_pubkey(ctx->p10CSR),
-                                  X509_REQ_get_subject_name(ctx->p10CSR),
-                                  NULL, NULL);
+        ? OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
+                                      NULL /* pubkey would be redundant */,
+                                      NULL /* subject would be redundant */,
+                                      X509_get_issuer_name(ctx->oldCert),
+                                      X509_get0_serialNumber(ctx->oldCert))
+        : OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
+                                      X509_REQ_get0_pubkey(ctx->p10CSR),
+                                      X509_REQ_get_subject_name(ctx->p10CSR),
+                                      NULL, NULL);
     if (!ret)
         goto err;
 
diff --git a/crypto/cmp/cmp_protect.c b/crypto/cmp/cmp_protect.c
index 93b6116ef3..7ff46a6dc1 100644
--- a/crypto/cmp/cmp_protect.c
+++ b/crypto/cmp/cmp_protect.c
@@ -92,7 +92,7 @@ ASN1_BIT_STRING *ossl_cmp_calc_protection(const OSSL_CMP_CTX *ctx,
 
         if ((prot = ASN1_BIT_STRING_new()) == NULL)
             goto end;
-        /* OpenSSL defaults all bit strings to be encoded as ASN.1 NamedBitList */
+        /* OpenSSL by default encodes all bit strings as ASN.1 NamedBitList */
         ossl_asn1_string_set_bits_left(prot, 0);
         if (!ASN1_BIT_STRING_set(prot, protection, sig_len)) {
             ASN1_BIT_STRING_free(prot);
diff --git a/crypto/cmp/cmp_status.c b/crypto/cmp/cmp_status.c
index 46be6b6899..bb93ac9389 100644
--- a/crypto/cmp/cmp_status.c
+++ b/crypto/cmp/cmp_status.c
@@ -180,11 +180,11 @@ char *snprint_PKIStatusInfo_parts(int status, int fail_info,
             || (status_string = ossl_cmp_PKIStatus_to_string(status)) == NULL)
         return NULL;
 
-#define ADVANCE_BUFFER                                         \
-        if (printed_chars < 0 || (size_t)printed_chars >= bufsize) \
-            return NULL; \
-        write_ptr += printed_chars; \
-        bufsize -= printed_chars;
+#define ADVANCE_BUFFER  \
+    if (printed_chars < 0 || (size_t)printed_chars >= bufsize)  \
+        return NULL; \
+    write_ptr += printed_chars; \
+    bufsize -= printed_chars;
 
     printed_chars = BIO_snprintf(write_ptr, bufsize, "%s", status_string);
     ADVANCE_BUFFER;
diff --git a/crypto/cmp/cmp_util.c b/crypto/cmp/cmp_util.c
index 04acf49dee..f3c21c5d91 100644
--- a/crypto/cmp/cmp_util.c
+++ b/crypto/cmp/cmp_util.c
@@ -189,7 +189,7 @@ void OSSL_CMP_print_errors_cb(OSSL_CMP_log_cb_t log_fn)
                 BIO_free(bio);
             }
 #else
-            /* ERR_raise(ERR_LIB_CMP, CMP_R_NO_STDIO) makes no sense during error printing */
+            /* ERR_raise(..., CMP_R_NO_STDIO) would make no sense here */
 #endif
         } else {
             if (log_fn(component, file, line, OSSL_CMP_LOG_ERR, msg) <= 0)
@@ -243,6 +243,7 @@ int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt,
                                     const ASN1_OCTET_STRING *src)
 {
     ASN1_OCTET_STRING *new;
+
     if (tgt == NULL) {
         ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
         return 0;
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index 3e402293c9..cc71c6ce04 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -329,6 +329,7 @@ static int check_cert_path_3gpp(const OSSL_CMP_CTX *ctx,
             ossl_cmp_certrepmessage_get0_certresponse(msg->body->value.ip,
                                                       OSSL_CMP_CERTREQID);
         X509 *newcrt = ossl_cmp_certresponse_get1_cert(crep, ctx, pkey);
+
         /*
          * maybe better use get_cert_status() from cmp_client.c, which catches
          * errors
@@ -421,6 +422,7 @@ static int check_msg_all_certs(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg,
                                      : "no trusted store");
     } else {
         STACK_OF(X509) *trusted = X509_STORE_get1_all_certs(ctx->trusted);
+
         ret = check_msg_with_certs(ctx, trusted,
                                    mode_3gpp ? "self-issued extraCerts"
                                              : "certs in trusted store",