fix various formatting nits in CMP contribution chunks 1-6 found by the new util/check-format.pl

in addition:
correct wording in doc, comments, and parameter names: self-signed -> self-issued where appropriate
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/10620)

crypto/cmp/cmp_asn.c

@@ -73,7 +73,8 @@ ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = {
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT)
 
 ASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(OSSL_CMP_ITAV,
-        infoValue.other, ASN1_ANY);
+                                                       infoValue.other,
+                                                       ASN1_ANY);
 /* ITAV means InfoTypeAndValue */
 ASN1_ADB(OSSL_CMP_ITAV) = {
     /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */

crypto/cmp/cmp_ctx.c

@@ -80,7 +80,7 @@ int OSSL_CMP_CTX_set1_untrusted_certs(OSSL_CMP_CTX *ctx, STACK_OF(X509) *certs)
     sk_X509_pop_free(ctx->untrusted_certs, X509_free);
     ctx->untrusted_certs = untrusted_certs;
     return 1;
-err:
+ err:
     sk_X509_pop_free(untrusted_certs, X509_free);
     return 0;
 }

crypto/cmp/cmp_local.h

@@ -48,16 +48,23 @@ struct ossl_cmp_ctx_st {
     void *http_cb_arg; /* allows to store optional argument to cb */
 
     /* server authentication */
-    int unprotectedErrors; /* accept neg. response with no/invalid protection */
-                           /* to cope with broken server */
+    /*
+     * unprotectedErrors may be set as workaround for broken server responses:
+     * accept missing or invalid protection of regular error messages, negative
+     * certificate responses (ip/cp/kup), revocation responses (rp), and PKIConf
+     */
+    int unprotectedErrors;
     X509 *srvCert; /* certificate used to identify the server */
     X509 *validatedSrvCert; /* caches any already validated server cert */
     X509_NAME *expected_sender; /* expected sender in pkiheader of response */
     X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */
     STACK_OF(X509) *untrusted_certs; /* untrusted (intermediate) certs */
     int ignore_keyusage; /* ignore key usage entry when validating certs */
-    int permitTAInExtraCertsForIR; /* allow use of root certs in extracerts */
-             /* when validating message protection; used for 3GPP-style E.7 */
+    /*
+     * permitTAInExtraCertsForIR allows use of root certs in extracerts
+     * when validating message protection; this is used for 3GPP-style E.7
+     */
+    int permitTAInExtraCertsForIR;
 
     /* client authentication */
     int unprotectedSend; /* send unprotected PKI messages */
@@ -536,68 +543,108 @@ typedef struct ossl_cmp_pkibody_st {
         OSSL_CMP_CERTREPMESSAGE *ip; /* 1 */
         OSSL_CRMF_MSGS *cr; /* 2 */
         OSSL_CMP_CERTREPMESSAGE *cp; /* 3 */
-        /* p10cr      [4]  CertificationRequest,     --imported from [PKCS10] */
-        /*
+        /*-
+         * p10cr      [4]  CertificationRequest,     --imported from [PKCS10]
+         *
          * PKCS10_CERTIFICATIONREQUEST is effectively X509_REQ
          * so it is used directly
          */
         X509_REQ *p10cr; /* 4 */
-        /* popdecc    [5]  POPODecKeyChallContent, --pop Challenge */
-        /* POPODecKeyChallContent ::= SEQUENCE OF Challenge */
+        /*-
+         * popdecc    [5]  POPODecKeyChallContent, --pop Challenge
+         *
+         * POPODecKeyChallContent ::= SEQUENCE OF Challenge
+         */
         OSSL_CMP_POPODECKEYCHALLCONTENT *popdecc; /* 5 */
-        /* popdecr    [6]  POPODecKeyRespContent,  --pop Response */
-        /* POPODecKeyRespContent ::= SEQUENCE OF INTEGER */
+        /*-
+         * popdecr    [6]  POPODecKeyRespContent,  --pop Response
+         *
+         * POPODecKeyRespContent ::= SEQUENCE OF INTEGER
+         */
         OSSL_CMP_POPODECKEYRESPCONTENT *popdecr; /* 6 */
         OSSL_CRMF_MSGS *kur; /* 7 */
         OSSL_CMP_CERTREPMESSAGE *kup; /* 8 */
         OSSL_CRMF_MSGS *krr; /* 9 */
 
-        /* krp        [10] KeyRecRepContent,         --Key Recovery Response */
+        /*-
+         * krp        [10] KeyRecRepContent,         --Key Recovery Response
+         */
         OSSL_CMP_KEYRECREPCONTENT *krp; /* 10 */
-        /* rr         [11] RevReqContent,            --Revocation Request */
+        /*-
+         * rr         [11] RevReqContent,            --Revocation Request
+         */
         OSSL_CMP_REVREQCONTENT *rr; /* 11 */
-        /* rp         [12] RevRepContent,            --Revocation Response */
+        /*-
+         * rp         [12] RevRepContent,            --Revocation Response
+         */
         OSSL_CMP_REVREPCONTENT *rp; /* 12 */
-        /* ccr        [13] CertReqMessages,          --Cross-Cert. Request */
+        /*-
+         * ccr        [13] CertReqMessages,          --Cross-Cert. Request
+         */
         OSSL_CRMF_MSGS *ccr; /* 13 */
-        /* ccp        [14] CertRepMessage,           --Cross-Cert. Response */
+        /*-
+         * ccp        [14] CertRepMessage,           --Cross-Cert. Response
+         */
         OSSL_CMP_CERTREPMESSAGE *ccp; /* 14 */
-        /* ckuann     [15] CAKeyUpdAnnContent,       --CA Key Update Ann. */
+        /*-
+         * ckuann     [15] CAKeyUpdAnnContent,       --CA Key Update Ann.
+         */
         OSSL_CMP_CAKEYUPDANNCONTENT *ckuann; /* 15 */
-        /* cann       [16] CertAnnContent,           --Certificate Ann. */
-        /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
-        X509 *cann;         /* 16 */
-        /* rann       [17] RevAnnContent,            --Revocation Ann. */
+        /*-
+         * cann       [16] CertAnnContent,           --Certificate Ann.
+         * OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly
+         */
+        X509 *cann; /* 16 */
+        /*-
+         * rann       [17] RevAnnContent,            --Revocation Ann.
+         */
         OSSL_CMP_REVANNCONTENT *rann; /* 17 */
-        /* crlann     [18] CRLAnnContent,            --CRL Announcement */
-        /* CRLAnnContent ::= SEQUENCE OF CertificateList */
-        OSSL_CMP_CRLANNCONTENT *crlann;
-        /* PKIConfirmContent ::= NULL */
-        /* pkiconf    [19] PKIConfirmContent,        --Confirmation */
-        /* OSSL_CMP_PKICONFIRMCONTENT would be only a typedef of ASN1_NULL */
-        /* OSSL_CMP_CONFIRMCONTENT *pkiconf; */
-        /*
+        /*-
+         * crlann     [18] CRLAnnContent,            --CRL Announcement
+         * CRLAnnContent ::= SEQUENCE OF CertificateList
+         */
+        OSSL_CMP_CRLANNCONTENT *crlann; /* 18 */
+        /*-
+         * PKIConfirmContent ::= NULL
+         * pkiconf    [19] PKIConfirmContent,        --Confirmation
+         * OSSL_CMP_PKICONFIRMCONTENT would be only a typedef of ASN1_NULL
+         * OSSL_CMP_CONFIRMCONTENT *pkiconf;
+         *
          * NOTE: this should ASN1_NULL according to the RFC
          * but there might be a struct in it when sent from faulty servers...
          */
         ASN1_TYPE *pkiconf; /* 19 */
-        /* nested     [20] NestedMessageContent,     --Nested Message */
-        /* NestedMessageContent ::= PKIMessages */
+        /*-
+         * nested     [20] NestedMessageContent,     --Nested Message
+         * NestedMessageContent ::= PKIMessages
+         */
         OSSL_CMP_MSGS *nested; /* 20 */
-        /* genm       [21] GenMsgContent,            --General Message */
-        /* GenMsgContent ::= SEQUENCE OF InfoTypeAndValue */
+        /*-
+         * genm       [21] GenMsgContent,            --General Message
+         * GenMsgContent ::= SEQUENCE OF InfoTypeAndValue
+         */
         OSSL_CMP_GENMSGCONTENT *genm; /* 21 */
-        /* genp       [22] GenRepContent,            --General Response */
-        /* GenRepContent ::= SEQUENCE OF InfoTypeAndValue */
+        /*-
+         * genp       [22] GenRepContent,            --General Response
+         * GenRepContent ::= SEQUENCE OF InfoTypeAndValue
+         */
         OSSL_CMP_GENREPCONTENT *genp; /* 22 */
-        /* error      [23] ErrorMsgContent,          --Error Message */
+        /*-
+         * error      [23] ErrorMsgContent,          --Error Message
+         */
         OSSL_CMP_ERRORMSGCONTENT *error; /* 23 */
-        /* certConf [24] CertConfirmContent,     --Certificate confirm */
+        /*-
+         * certConf [24] CertConfirmContent,     --Certificate confirm
+         */
         OSSL_CMP_CERTCONFIRMCONTENT *certConf; /* 24 */
-        /* pollReq    [25] PollReqContent,           --Polling request */
-        OSSL_CMP_POLLREQCONTENT *pollReq;
-        /* pollRep    [26] PollRepContent            --Polling response */
-        OSSL_CMP_POLLREPCONTENT *pollRep;
+        /*-
+         * pollReq    [25] PollReqContent,           --Polling request
+         */
+        OSSL_CMP_POLLREQCONTENT *pollReq; /* 25 */
+        /*-
+         * pollRep    [26] PollRepContent            --Polling response
+         */
+        OSSL_CMP_POLLREPCONTENT *pollRep; /* 26 */
     } value;
 } OSSL_CMP_PKIBODY;
 DECLARE_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY)
@@ -704,13 +751,12 @@ void ossl_cmp_add_error_txt(const char *separator, const char *txt);
 # define ossl_cmp_add_error_data(txt) ossl_cmp_add_error_txt(" : ", txt)
 # define ossl_cmp_add_error_line(txt) ossl_cmp_add_error_txt("\n", txt)
 /* functions manipulating lists of certificates etc could be generally useful */
-int ossl_cmp_sk_X509_add1_cert (STACK_OF(X509) *sk, X509 *cert,
-                                int no_dup, int prepend);
+int ossl_cmp_sk_X509_add1_cert(STACK_OF(X509) *sk, X509 *cert,
+                               int no_dup, int prepend);
 int ossl_cmp_sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs,
-                                int no_self_signed, int no_dups, int prepend);
+                                int no_self_issued, int no_dups, int prepend);
 int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs,
-                                   int only_self_signed);
-STACK_OF(X509) *ossl_cmp_X509_STORE_get1_certs(X509_STORE *store);
+                                   int only_self_issued);
 int ossl_cmp_asn1_octet_string_set1(ASN1_OCTET_STRING **tgt,
                                     const ASN1_OCTET_STRING *src);
 int ossl_cmp_asn1_octet_string_set1_bytes(ASN1_OCTET_STRING **tgt,
@@ -850,7 +896,7 @@ OSSL_CMP_MSG *ossl_cmp_pollRep_new(OSSL_CMP_CTX *ctx, int crid,
 OSSL_CMP_PKISI *
 ossl_cmp_revrepcontent_get_pkistatusinfo(OSSL_CMP_REVREPCONTENT *rrep, int rsid);
 OSSL_CRMF_CERTID *ossl_cmp_revrepcontent_get_CertId(OSSL_CMP_REVREPCONTENT *rrep,
-                                               int rsid);
+                                                    int rsid);
 OSSL_CMP_POLLREP *
 ossl_cmp_pollrepcontent_get0_pollrep(const OSSL_CMP_POLLREPCONTENT *prc,
                                      int rid);
@@ -861,9 +907,9 @@ X509 *ossl_cmp_certresponse_get1_certificate(EVP_PKEY *privkey,
                                              const OSSL_CMP_CERTRESPONSE *crep);
 OSSL_CMP_MSG *ossl_cmp_msg_load(const char *file);
 /* BIO definitions */
-#  define OSSL_d2i_CMP_MSG_bio(bp, p) \
+# define OSSL_d2i_CMP_MSG_bio(bp, p) \
     ASN1_d2i_bio_of(OSSL_CMP_MSG, OSSL_CMP_MSG_new, d2i_OSSL_CMP_MSG, bp, p)
-#  define OSSL_i2d_CMP_MSG_bio(bp, o) \
+# define OSSL_i2d_CMP_MSG_bio(bp, o) \
     ASN1_i2d_bio_of(OSSL_CMP_MSG, i2d_OSSL_CMP_MSG, bp, o)
 
 /* from cmp_protect.c */

crypto/cmp/cmp_msg.c

@@ -232,7 +232,7 @@ static OSSL_CRMF_MSG *crm_new(OSSL_CMP_CTX *ctx, int bodytype,
              */
             || !OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_MSG_get0_tmpl(crm), rkey,
                                             subject, ctx->issuer,
-                                            NULL/* serial */))
+                                            NULL /* serial */))
         goto err;
     if (ctx->days != 0) {
         time_t notBefore, notAfter;
@@ -442,8 +442,8 @@ OSSL_CMP_MSG *ossl_cmp_rr_new(OSSL_CMP_CTX *ctx)
 
     /* Fill the template from the contents of the certificate to be revoked */
     if (!OSSL_CRMF_CERTTEMPLATE_fill(rd->certDetails,
-                                     NULL/* pubkey would be redundant */,
-                                     NULL/* subject would be redundant */,
+                                     NULL /* pubkey would be redundant */,
+                                     NULL /* subject would be redundant */,
                                      X509_get_issuer_name(ctx->oldCert),
                                      X509_get_serialNumber(ctx->oldCert)))
         goto err;
@@ -569,7 +569,7 @@ int ossl_cmp_msg_gen_push1_ITAVs(OSSL_CMP_MSG *msg,
         return 0;
 
     for (i = 0; i < sk_OSSL_CMP_ITAV_num(itavs); i++) {
-        if ((itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs,i))) == NULL)
+        if ((itav = OSSL_CMP_ITAV_dup(sk_OSSL_CMP_ITAV_value(itavs, i))) == NULL)
             return 0;
         if (!ossl_cmp_msg_gen_push0_ITAV(msg, itav)) {
             OSSL_CMP_ITAV_free(itav);
@@ -643,8 +643,8 @@ OSSL_CMP_MSG *ossl_cmp_error_new(OSSL_CMP_CTX *ctx, OSSL_CMP_PKISI *si,
     }
     if (errorDetails != NULL)
         if ((msg->body->value.error->errorDetails =
-            sk_ASN1_UTF8STRING_deep_copy(errorDetails, ASN1_STRING_dup,
-                                         ASN1_STRING_free)) == NULL)
+             sk_ASN1_UTF8STRING_deep_copy(errorDetails, ASN1_STRING_dup,
+                                          ASN1_STRING_free)) == NULL)
             goto err;
 
     if (!unprotected && !ossl_cmp_msg_protect(ctx, msg))

crypto/cmp/cmp_protect.c

@@ -156,7 +156,7 @@ int ossl_cmp_msg_add_extraCerts(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
             STACK_OF(X509) *chain =
                 ossl_cmp_build_cert_chain(ctx->untrusted_certs, ctx->clCert);
             int res = ossl_cmp_sk_X509_add1_certs(msg->extraCerts, chain,
-                                                  1 /* no self-signed */,
+                                                  1 /* no self-issued */,
                                                   1 /* no duplicates */, 0);
             sk_X509_pop_free(chain, X509_free);
             if (res == 0)

crypto/cmp/cmp_status.c

@@ -61,7 +61,7 @@ const char *ossl_cmp_PKIStatus_to_string(int status)
             char buf[40];
             BIO_snprintf(buf, sizeof(buf), "PKIStatus: invalid=%d", status);
             CMPerr(0, CMP_R_ERROR_PARSING_PKISTATUS);
-            ossl_cmp_add_error_data(buf);
+            ERR_add_error_data(1, buf);
             return NULL;
         }
     }
@@ -195,7 +195,7 @@ char *OSSL_CMP_CTX_snprint_PKIStatus(OSSL_CMP_CTX *ctx, char *buf,
     int printed_chars;
     int failinfo_found = 0;
     int n_status_strings;
-    char* write_ptr = buf;
+    char *write_ptr = buf;
 
 #define ADVANCE_BUFFER                                         \
     if (printed_chars < 0 || (size_t)printed_chars >= bufsize) \

crypto/cmp/cmp_util.c

@@ -120,7 +120,7 @@ static const char *improve_location_name(const char *func, const char *fallback)
         ? fallback : func;
 }
 
-int OSSL_CMP_print_to_bio(BIO* bio, const char *component, const char *file,
+int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file,
                           int line, OSSL_CMP_severity level, const char *msg)
 {
     const char *level_string =

crypto/crmf/crmf_asn.c

@@ -141,8 +141,8 @@ ASN1_CHOICE(OSSL_CRMF_POPO) = {
 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPO)
 
 
-ASN1_ADB_TEMPLATE(attributetypeandvalue_default) = ASN1_OPT(
-        OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY);
+ASN1_ADB_TEMPLATE(attributetypeandvalue_default) =
+    ASN1_OPT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY);
 ASN1_ADB(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = {
     ADB_ENTRY(NID_id_regCtrl_regToken,
               ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE,
@@ -187,7 +187,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY)
 
 
 ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = {
-    ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, version,      ASN1_INTEGER, 0),
+    ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, version, ASN1_INTEGER, 0),
     /*
      * serialNumber MUST be omitted. This field is assigned by the CA
      * during certificate creation.
@@ -197,16 +197,16 @@ ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = {
      * signingAlg MUST be omitted. This field is assigned by the CA
      * during certificate creation.
      */
-    ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, signingAlg,   X509_ALGOR, 2),
-    ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, issuer,       X509_NAME, 3),
+    ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, signingAlg, X509_ALGOR, 2),
+    ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, issuer, X509_NAME, 3),
     ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, validity,
                  OSSL_CRMF_OPTIONALVALIDITY, 4),
-    ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, subject,      X509_NAME, 5),
-    ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, publicKey,    X509_PUBKEY, 6),
+    ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, subject, X509_NAME, 5),
+    ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, publicKey, X509_PUBKEY, 6),
     /* issuerUID is deprecated in version 2 */
-    ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, issuerUID,    ASN1_BIT_STRING, 7),
+    ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, issuerUID, ASN1_BIT_STRING, 7),
     /* subjectUID is deprecated in version 2 */
-    ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, subjectUID,   ASN1_BIT_STRING, 8),
+    ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, subjectUID, ASN1_BIT_STRING, 8),
     ASN1_IMP_SEQUENCE_OF_OPT(OSSL_CRMF_CERTTEMPLATE, extensions,
                              X509_EXTENSION, 9),
 } ASN1_SEQUENCE_END(OSSL_CRMF_CERTTEMPLATE)

crypto/crmf/crmf_lib.c

@@ -47,7 +47,7 @@ int OSSL_CRMF_MSG_set1_##ctrlinf##_##atyp(OSSL_CRMF_MSG *msg,             \
 {                                                                         \
     OSSL_CRMF_ATTRIBUTETYPEANDVALUE *atav = NULL;                         \
                                                                           \
-    if (msg == NULL || in  == NULL)                                       \
+    if (msg == NULL || in == NULL)                                       \
         goto err;                                                         \
     if ((atav = OSSL_CRMF_ATTRIBUTETYPEANDVALUE_new()) == NULL)           \
         goto err;                                                         \
@@ -122,9 +122,9 @@ int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
     return 1;
 }
 
-int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(
-                                 OSSL_CRMF_PKIPUBLICATIONINFO *pi,
-                                 OSSL_CRMF_SINGLEPUBINFO *spi)
+int
+OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
+                                                     OSSL_CRMF_SINGLEPUBINFO *spi)
 {
     if (pi == NULL || spi == NULL) {
         CRMFerr(CRMF_F_OSSL_CRMF_MSG_PKIPUBLICATIONINFO_PUSH0_SINGLEPUBINFO,
@@ -139,8 +139,8 @@ int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(
     return sk_OSSL_CRMF_SINGLEPUBINFO_push(pi->pubInfos, spi);
 }
 
-int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(
-                                 OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action)
+int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
+                                                int action)
 {
     if (pi == NULL
             || action < OSSL_CRMF_PUB_ACTION_DONTPUBLISH
@@ -457,7 +457,7 @@ int OSSL_CRMF_MSG_create_popo(OSSL_CRMF_MSG *crm, EVP_PKEY *pkey,
         {
             OSSL_CRMF_POPOSIGNINGKEY *ps = OSSL_CRMF_POPOSIGNINGKEY_new();
             if (ps == NULL
-                    || !CRMF_poposigningkey_init(ps, crm->certReq, pkey, dgst)){
+                    || !CRMF_poposigningkey_init(ps, crm->certReq, pkey, dgst)) {
                 OSSL_CRMF_POPOSIGNINGKEY_free(ps);
                 goto err;
             }
@@ -542,21 +542,23 @@ int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
              * the public key from the certificate template. This MUST be
              * exactly the same value as contained in the certificate template.
              */
+            const ASN1_ITEM *rptr = ASN1_ITEM_rptr(OSSL_CRMF_POPOSIGNINGKEYINPUT);
+
             if (pubkey == NULL
                     || sig->poposkInput->publicKey == NULL
                     || X509_PUBKEY_cmp(pubkey, sig->poposkInput->publicKey)
-                    || ASN1_item_verify(
-                           ASN1_ITEM_rptr(OSSL_CRMF_POPOSIGNINGKEYINPUT),
-                           sig->algorithmIdentifier, sig->signature,
-                           sig->poposkInput, X509_PUBKEY_get0(pubkey)) < 1)
+                    || ASN1_item_verify(rptr, sig->algorithmIdentifier,
+                                        sig->signature, sig->poposkInput,
+                                        X509_PUBKEY_get0(pubkey)) < 1)
                 break;
         } else {
             if (pubkey == NULL
                     || req->certReq->certTemplate->subject == NULL
                     || ASN1_item_verify(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST),
-                                    sig->algorithmIdentifier, sig->signature,
-                                    req->certReq,
-                                    X509_PUBKEY_get0(pubkey)) < 1)
+                                        sig->algorithmIdentifier,
+                                        sig->signature,
+                                        req->certReq,
+                                        X509_PUBKEY_get0(pubkey)) < 1)
                 break;
         }
         return 1;

crypto/crmf/crmf_local.h

@@ -185,9 +185,9 @@ DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKMACVALUE)
 typedef struct ossl_crmf_popoprivkey_st {
     int type;
     union {
-        ASN1_BIT_STRING *thisMessage; /* 0 */     /* Deprecated */
+        ASN1_BIT_STRING *thisMessage; /* 0 */ /* Deprecated */
         ASN1_INTEGER *subsequentMessage; /* 1 */
-        ASN1_BIT_STRING *dhMAC; /* 2 */           /* Deprecated */
+        ASN1_BIT_STRING *dhMAC; /* 2 */ /* Deprecated */
         OSSL_CRMF_PKMACVALUE *agreeMAC; /* 3 */
         /*
          * TODO: This is not ASN1_NULL but CMS_ENVELOPEDDATA which should be
@@ -310,20 +310,20 @@ DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY)
  * }
  */
 struct ossl_crmf_certtemplate_st {
-    ASN1_INTEGER *version;           /* 0 */
-    ASN1_INTEGER *serialNumber;      /* 1 */ /* serialNumber MUST be omitted  */
-             /* This field is assigned by the CA during certificate creation  */
-    X509_ALGOR *signingAlg;          /* 2 */  /* signingAlg MUST be omitted   */
-             /* This field is assigned by the CA during certificate creation  */
-    X509_NAME *issuer;               /* 3 */
-    OSSL_CRMF_OPTIONALVALIDITY *validity; /* 4 */
-    X509_NAME *subject;              /* 5 */
-    X509_PUBKEY *publicKey;          /* 6 */
-    ASN1_BIT_STRING *issuerUID;      /* 7 */  /* deprecated in version 2      */
-                  /* According to rfc 3280: UniqueIdentifier  ::=  BIT STRING */
-    ASN1_BIT_STRING *subjectUID;     /* 8 */  /* deprecated in version 2      */
-                      /* Could be X509_EXTENSION*S*, but that's only cosmetic */
-    STACK_OF(X509_EXTENSION) *extensions; /* 9 */
+    ASN1_INTEGER *version;
+    ASN1_INTEGER *serialNumber; /* serialNumber MUST be omitted */
+    /* This field is assigned by the CA during certificate creation */
+    X509_ALGOR *signingAlg; /* signingAlg MUST be omitted */
+    /* This field is assigned by the CA during certificate creation */
+    X509_NAME *issuer;
+    OSSL_CRMF_OPTIONALVALIDITY *validity;
+    X509_NAME *subject;
+    X509_PUBKEY *publicKey;
+    ASN1_BIT_STRING *issuerUID; /* deprecated in version 2 */
+    /* According to rfc 3280: UniqueIdentifier ::= BIT STRING */
+    ASN1_BIT_STRING *subjectUID; /* deprecated in version 2 */
+    /* Could be X509_EXTENSION*S*, but that's only cosmetic */
+    STACK_OF(X509_EXTENSION) *extensions;
 } /* OSSL_CRMF_CERTTEMPLATE */;
 
 /*-

crypto/crmf/crmf_pbm.c

@@ -71,7 +71,7 @@ OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(size_t slen, int owfnid,
     /*
      * iterationCount identifies the number of times the hash is applied
      * during the key computation process.  The iterationCount MUST be a
-     * minimum of 100.      Many people suggest using values as high as 1000
+     * minimum of 100. Many people suggest using values as high as 1000
      * iterations as the minimum value.  The trade off here is between
      * protection of the password from attacks and the time spent by the
      * server processing all of the different iterations in deriving

doc/internal/man3/ossl_cmp_sk_X509_add1_cert.pod

@@ -15,9 +15,9 @@ ossl_cmp_X509_STORE_get1_certs
   int ossl_cmp_sk_X509_add1_cert(STACK_OF(X509) *sk, X509 *cert,
                                  int no_dup, int prepend);
   int ossl_cmp_sk_X509_add1_certs(STACK_OF(X509) *sk, STACK_OF(X509) *certs,
-                                  int no_self_signed, int no_dups, int prepend);
+                                  int no_self_issued, int no_dups, int prepend);
   int ossl_cmp_X509_STORE_add1_certs(X509_STORE *store, STACK_OF(X509) *certs,
-                                     int only_self_signed);
+                                     int only_self_issued);
   STACK_OF(X509) *ossl_cmp_X509_STORE_get1_certs(X509_STORE *store);
 
 =head1 DESCRIPTION
@@ -29,10 +29,10 @@ On success the reference count of the certificate is increased.
 
 ossl_cmp_sk_X509_add1_certs() appends or prepends (depending on the I<prepend>
 argument) a list of certificates to the given list,
-optionally only if not self-signed and optionally only if not already contained.
+optionally only if not self-issued and optionally only if not already contained.
 The reference counts of those certificates appended successfully are increased.
 
-ossl_cmp_X509_STORE_add1_certs() adds all or only self-signed certificates from
+ossl_cmp_X509_STORE_add1_certs() adds all or only self-issued certificates from
 the given stack to given store. The I<certs> parameter may be NULL.
 
 ossl_cmp_X509_STORE_get1_certs() retrieves a copy of all certificates in the

include/openssl/cmp.h

@@ -26,7 +26,7 @@
 #  include <openssl/x509.h>
 #  include <openssl/x509v3.h>
 
-#  ifdef  __cplusplus
+#  ifdef __cplusplus
 extern "C" {
 #  endif
 
@@ -128,9 +128,9 @@ extern "C" {
 #  define OSSL_CMP_PKIFAILUREINFO_duplicateCertReq 26
 #  define OSSL_CMP_PKIFAILUREINFO_MAX 26
 #  define OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN \
-    ( (1<<(OSSL_CMP_PKIFAILUREINFO_MAX+1)) - 1)
+    ((1 << (OSSL_CMP_PKIFAILUREINFO_MAX + 1)) - 1)
 #  if OSSL_CMP_PKIFAILUREINFO_MAX_BIT_PATTERN > INT_MAX
-#   error  CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
+#   error CMP_PKIFAILUREINFO_MAX bit pattern does not fit in type int
 #  endif
 
 typedef ASN1_BIT_STRING OSSL_CMP_PKIFAILUREINFO;

include/openssl/cmp_util.h

@@ -42,7 +42,7 @@ typedef int OSSL_CMP_severity;
 typedef int (*OSSL_cmp_log_cb_t)(const char *func, const char *file, int line,
                                  OSSL_CMP_severity level, const char *msg);
 
-int OSSL_CMP_print_to_bio(BIO* bio, const char *component, const char *file,
+int OSSL_CMP_print_to_bio(BIO *bio, const char *component, const char *file,
                           int line, OSSL_CMP_severity level, const char *msg);
 /* use of the logging callback for outputting error queue */
 void OSSL_CMP_print_errors_cb(OSSL_cmp_log_cb_t log_fn);

include/openssl/cmperr.h

@@ -19,7 +19,7 @@
 
 # ifndef OPENSSL_NO_CMP
 
-#  ifdef  __cplusplus
+#  ifdef __cplusplus
 extern "C"
 #  endif
 int ERR_load_CMP_strings(void);
@@ -27,8 +27,8 @@ int ERR_load_CMP_strings(void);
 /*
  * CMP function codes.
  */
-# ifndef OPENSSL_NO_DEPRECATED_3_0
-# endif
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
+#  endif
 
 /*
  * CMP reason codes.

include/openssl/crmf.h

@@ -26,7 +26,7 @@
 #  include <openssl/types.h>
 #  include <openssl/x509.h>
 
-#  ifdef  __cplusplus
+#  ifdef __cplusplus
 extern "C" {
 #  endif
 
@@ -77,9 +77,9 @@ int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
                                         const ASN1_UTF8STRING *tok);
 int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
                                              const ASN1_UTF8STRING *auth);
-int OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(
-                                               OSSL_CRMF_PKIPUBLICATIONINFO *pi,
-                                               OSSL_CRMF_SINGLEPUBINFO *spi);
+int
+OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
+                                                     OSSL_CRMF_SINGLEPUBINFO *spi);
 #  define OSSL_CRMF_PUB_METHOD_DONTCARE 0
 #  define OSSL_CRMF_PUB_METHOD_X500     1
 #  define OSSL_CRMF_PUB_METHOD_WEB      2
@@ -88,10 +88,10 @@ int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
                                      int method, GENERAL_NAME *nm);
 #  define OSSL_CRMF_PUB_ACTION_DONTPUBLISH   0
 #  define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1
-int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(
-                                  OSSL_CRMF_PKIPUBLICATIONINFO *pi, int action);
+int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
+                                                int action);
 int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
-                                        const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
+                                                  const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
 int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
                                                const X509_PUBKEY *pubkey);
 int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
@@ -110,7 +110,7 @@ int OSSL_CRMF_MSG_get_certReqId(OSSL_CRMF_MSG *crm);
 int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts);
 
 int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext);
-#  define OSSL_CRMF_POPO_NONE      -1
+#  define OSSL_CRMF_POPO_NONE       -1
 #  define OSSL_CRMF_POPO_RAVERIFIED 0
 #  define OSSL_CRMF_POPO_SIGNATURE  1
 #  define OSSL_CRMF_POPO_KEYENC     2

include/openssl/crmferr.h

@@ -19,7 +19,7 @@
 
 # ifndef OPENSSL_NO_CRMF
 
-#  ifdef  __cplusplus
+#  ifdef __cplusplus
 extern "C"
 #  endif
 int ERR_load_CRMF_strings(void);
@@ -27,7 +27,7 @@ int ERR_load_CRMF_strings(void);
 /*
  * CRMF function codes.
  */
-# ifndef OPENSSL_NO_DEPRECATED_3_0
+#  ifndef OPENSSL_NO_DEPRECATED_3_0
 #   define CRMF_F_CRMF_POPOSIGNINGKEY_INIT                  0
 #   define CRMF_F_OSSL_CRMF_CERTID_GEN                      0
 #   define CRMF_F_OSSL_CRMF_CERTTEMPLATE_FILL               0
@@ -47,7 +47,7 @@ int ERR_load_CRMF_strings(void);
 #   define CRMF_F_OSSL_CRMF_MSG_SET_VALIDITY                0
 #   define CRMF_F_OSSL_CRMF_PBMP_NEW                        0
 #   define CRMF_F_OSSL_CRMF_PBM_NEW                         0
-# endif
+#  endif
 
 /*
  * CRMF reason codes.

test/cmp_ctx_test.c

@@ -190,8 +190,8 @@ static int test_CTX_print_errors(void)
 }
 #endif
 
-static int execute_CTX_reqExtensions_have_SAN_test(
-                                             OSSL_CMP_CTX_TEST_FIXTURE *fixture)
+static
+int execute_CTX_reqExtensions_have_SAN_test(OSSL_CMP_CTX_TEST_FIXTURE *fixture)
 {
     OSSL_CMP_CTX *ctx = fixture->ctx;
     const int len = 16;
@@ -240,10 +240,10 @@ static int test_log_cb(const char *func, const char *file, int line,
                        OSSL_CMP_severity level, const char *msg)
 {
     test_log_cb_res =
-# ifndef PEDANTIC
+#ifndef PEDANTIC
         (TEST_str_eq(func, "execute_cmp_ctx_log_cb_test")
          || TEST_str_eq(func, "(unknown function)")) &&
-# endif
+#endif
         (TEST_str_eq(file, OPENSSL_FILE)
          || TEST_str_eq(file, "(no file)"))
         && (TEST_int_eq(line, test_log_line) || TEST_int_eq(line, 0))
@@ -327,13 +327,13 @@ typedef OSSL_CMP_CTX CMP_CTX; /* prevents rewriting type name by below macro */
 
 #define DEFINE_SET_GET_BASE_TEST(PREFIX, SETN, GETN, DUP, FIELD, TYPE, ERR, \
                                  DEFAULT, NEW, FREE) \
-static int execute_CTX_##SETN##_##GETN##_##FIELD( \
-    OSSL_CMP_CTX_TEST_FIXTURE *fixture) \
+static int \
+execute_CTX_##SETN##_##GETN##_##FIELD(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \
 { \
     CMP_CTX *ctx = fixture->ctx; \
     int (*set_fn)(CMP_CTX *ctx, TYPE) = \
         (int (*)(CMP_CTX *ctx, TYPE))PREFIX##_##SETN##_##FIELD; \
-    /* need type cast in above assignment because TYPE arg sometimes is const */ \
+    /* need type cast in above assignment as TYPE arg sometimes is const */ \
     TYPE (*get_fn)(const CMP_CTX *ctx) = OSSL_CMP_CTX_##GETN##_##FIELD; \
     TYPE val1_to_free = NEW; \
     TYPE val1 = val1_to_free; \
@@ -437,7 +437,7 @@ static int execute_CTX_##SETN##_##GETN##_##FIELD( \
             TEST_error("third get gave different value"); \
             res = 0; \
         } \
-    } else  { \
+    } else { \
         if (DUP && val3_read == val2_read) { \
             TEST_error("third get did not create a new dup"); \
             res = 0; \
@@ -486,8 +486,8 @@ static X509_STORE *X509_STORE_new_1(void)
     return store;
 }
 
-#define DEFAULT_STORE(x) ((x) == NULL \
-    || X509_VERIFY_PARAM_get_flags(X509_STORE_get0_param(x)) == 0)
+#define DEFAULT_STORE(x) \
+    ((x) == NULL || X509_VERIFY_PARAM_get_flags(X509_STORE_get0_param(x)) == 0)
 
 #define IS_NEG(x) ((x) < 0)
 #define IS_0(x) ((x) == 0) /* for any type */
@@ -498,7 +498,7 @@ static X509_STORE *X509_STORE_new_1(void)
 
 #define DEFINE_SET_GET_TEST(OSSL_CMP, CTX, N, M, DUP, FIELD, TYPE) \
     DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get##M, DUP, FIELD, \
-                             TYPE*, NULL, IS_0, TYPE##_new(), TYPE##_free)
+                             TYPE *, NULL, IS_0, TYPE##_new(), TYPE##_free)
 
 #define DEFINE_SET_GET_SK_TEST_DEFAULT(OSSL_CMP, CTX, N, M, FIELD, ELEM_TYPE, \
                                        DEFAULT, NEW, FREE) \
@@ -515,7 +515,7 @@ static X509_STORE *X509_STORE_new_1(void)
 #define DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, N, M, DUP, FIELD, TYPE, \
                                     DEFAULT) \
     DEFINE_SET_GET_BASE_TEST(OSSL_CMP##_##CTX, set##N, get##M, DUP, FIELD, \
-                             TYPE*, NULL, DEFAULT, TYPE##_new(), TYPE##_free)
+                             TYPE *, NULL, DEFAULT, TYPE##_new(), TYPE##_free)
 #define DEFINE_SET_TEST_DEFAULT(OSSL_CMP, CTX, N, DUP, FIELD, TYPE, DEFAULT) \
     static TYPE *OSSL_CMP_CTX_get0_##FIELD(const CMP_CTX *ctx) \
     { \
@@ -546,7 +546,7 @@ typedef OSSL_HTTP_bio_cb_t OSSL_cmp_http_cb_t;
                              OSSL_cmp_##FIELD##_t, NULL, IS_0, \
                              test_##FIELD, DROP)
 #define DEFINE_SET_GET_P_VOID_TEST(FIELD) \
-    DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, FIELD, void*, \
+    DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set, get, 0, FIELD, void *, \
                              NULL, IS_0, ((void *)1), DROP)
 
 #define DEFINE_SET_GET_INT_TEST_DEFAULT(OSSL_CMP, CTX, FIELD, DEFAULT) \
@@ -576,7 +576,7 @@ typedef OSSL_HTTP_bio_cb_t OSSL_cmp_http_cb_t;
     static int OSSL_CMP_CTX_##SETN##_##FIELD##_str(CMP_CTX *ctx, char *val)\
     { \
         return OSSL_CMP_CTX_##SETN##_##FIELD(ctx, (unsigned char *)val, \
-                                            strlen(val)); \
+                                             strlen(val));              \
     } \
     \
     static char *OSSL_CMP_CTX_get1_##FIELD##_str(const CMP_CTX *ctx) \
@@ -681,7 +681,7 @@ static int execute_CTX_##PUSHN##_##ELEM(OSSL_CMP_CTX_TEST_FIXTURE *fixture) \
             res = 0; \
         } \
     } \
-    /* this does not check that all remaining fields and elems are untouched */\
+    /* this does not check if all remaining fields and elems are untouched */ \
     \
     if (!TEST_int_eq(ERR_peek_error(), 0)) \
         res = 0; \
@@ -699,7 +699,7 @@ static int test_CTX_##PUSHN##_##ELEM(void) \
 } \
 
 #define DEFINE_PUSH_TEST(N, DUP, FIELD, ELEM, TYPE) \
-    DEFINE_PUSH_BASE_TEST(push##N, DUP, FIELD, ELEM, TYPE*, TYPE, \
+    DEFINE_PUSH_BASE_TEST(push##N, DUP, FIELD, ELEM, TYPE *, TYPE, \
                           IS_0, TYPE##_new(), TYPE##_free)
 
 void cleanup_tests(void)
@@ -728,7 +728,7 @@ DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, srvCert, X509)
 DEFINE_SET_TEST(ossl_cmp, ctx, 0, 0, validatedSrvCert, X509)
 DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, expected_sender, X509_NAME)
 DEFINE_SET_GET_BASE_TEST(OSSL_CMP_CTX, set0, get0, 0, trustedStore,
-                         X509_STORE*, NULL,
+                         X509_STORE *, NULL,
                          DEFAULT_STORE, X509_STORE_new_1(), X509_STORE_free)
 DEFINE_SET_GET_SK_X509_TEST(OSSL_CMP, CTX, 1, 0, untrusted_certs)
 
@@ -738,9 +738,9 @@ DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 0, pkey, EVP_PKEY)
 DEFINE_SET_TEST(OSSL_CMP, CTX, 1, 1, recipient, X509_NAME)
 DEFINE_PUSH_TEST(0, 0, geninfo_ITAVs, geninfo_ITAV, OSSL_CMP_ITAV)
 DEFINE_SET_SK_TEST(OSSL_CMP, CTX, 1, extraCertsOut, X509)
-DEFINE_SET_GET_ARG_FN(set0, get0, newPkey, 1, EVP_PKEY*) /* priv == 1 */
+DEFINE_SET_GET_ARG_FN(set0, get0, newPkey, 1, EVP_PKEY *) /* priv == 1 */
 DEFINE_SET_GET_TEST(OSSL_CMP, CTX, 0, 0, 0, newPkey_1, EVP_PKEY)
-DEFINE_SET_GET_ARG_FN(set0, get0, newPkey, 0, EVP_PKEY*) /* priv == 0 */
+DEFINE_SET_GET_ARG_FN(set0, get0, newPkey, 0, EVP_PKEY *) /* priv == 0 */
 DEFINE_SET_GET_TEST(OSSL_CMP, CTX, 0, 0, 0, newPkey_0, EVP_PKEY)
 DEFINE_SET_GET1_STR_FN(set1, referenceValue)
 DEFINE_SET_GET_TEST_DEFAULT(OSSL_CMP, CTX, 1, 1, 1, referenceValue_str, char,

test/cmp_hdr_test.c

@@ -65,8 +65,9 @@ static int test_HDR_set_get_pvno(void)
     return result;
 }
 
-#define X509_NAME_ADD(n, rd, s) X509_NAME_add_entry_by_txt((n), (rd),          \
-                                MBSTRING_ASC, (unsigned char *)(s), -1, -1, 0)
+#define X509_NAME_ADD(n, rd, s) \
+    X509_NAME_add_entry_by_txt((n), (rd), MBSTRING_ASC, (unsigned char *)(s), \
+                               -1, -1, 0)
 
 static int execute_HDR_get0_senderNonce_test(CMP_HDR_TEST_FIXTURE *fixture)
 {
@@ -112,8 +113,8 @@ static int execute_HDR_set1_sender_test(CMP_HDR_TEST_FIXTURE *fixture)
     if (!TEST_int_eq(fixture->hdr->sender->type, GEN_DIRNAME))
         return 0;
 
-    if (!TEST_int_eq(
-            X509_NAME_cmp(fixture->hdr->sender->d.directoryName, x509name), 0))
+    if (!TEST_int_eq(X509_NAME_cmp(fixture->hdr->sender->d.directoryName,
+                                   x509name), 0))
         return 0;
 
     X509_NAME_free(x509name);
@@ -142,8 +143,8 @@ static int execute_HDR_set1_recipient_test(CMP_HDR_TEST_FIXTURE *fixture)
     if (!TEST_int_eq(fixture->hdr->recipient->type, GEN_DIRNAME))
         return 0;
 
-    if (!TEST_int_eq(
-            X509_NAME_cmp(fixture->hdr->recipient->d.directoryName, x509name),0))
+    if (!TEST_int_eq(X509_NAME_cmp(fixture->hdr->recipient->d.directoryName,
+                                   x509name), 0))
         return 0;
 
     X509_NAME_free(x509name);
@@ -188,7 +189,7 @@ static int test_HDR_update_messageTime(void)
 
 static int execute_HDR_set1_senderKID_test(CMP_HDR_TEST_FIXTURE *fixture)
 {
-    ASN1_OCTET_STRING* senderKID = ASN1_OCTET_STRING_new();
+    ASN1_OCTET_STRING *senderKID = ASN1_OCTET_STRING_new();
 
     if (!TEST_ptr(senderKID))
         return 0;
@@ -198,8 +199,8 @@ static int execute_HDR_set1_senderKID_test(CMP_HDR_TEST_FIXTURE *fixture)
         return 0;
     if (!TEST_int_eq(ossl_cmp_hdr_set1_senderKID(fixture->hdr, senderKID), 1))
         return 0;
-    if (!TEST_int_eq(
-            ASN1_OCTET_STRING_cmp(fixture->hdr->senderKID, senderKID), 0))
+    if (!TEST_int_eq(ASN1_OCTET_STRING_cmp(fixture->hdr->senderKID,
+                                           senderKID), 0))
         return 0;
 
     ASN1_OCTET_STRING_free(senderKID);
@@ -216,7 +217,7 @@ static int test_HDR_set1_senderKID(void)
 
 static int execute_HDR_push0_freeText_test(CMP_HDR_TEST_FIXTURE *fixture)
 {
-    ASN1_UTF8STRING* text = ASN1_UTF8STRING_new();
+    ASN1_UTF8STRING *text = ASN1_UTF8STRING_new();
 
     if (!TEST_ptr(text))
         return 0;
@@ -224,11 +225,10 @@ static int execute_HDR_push0_freeText_test(CMP_HDR_TEST_FIXTURE *fixture)
     if (!ASN1_STRING_set(text, "A free text", -1))
         return 0;
 
-    if (!TEST_int_eq(
-            ossl_cmp_hdr_push0_freeText(fixture->hdr, text), 1))
+    if (!TEST_int_eq(ossl_cmp_hdr_push0_freeText(fixture->hdr, text), 1))
         return 0;
-    if (!TEST_true(text == sk_ASN1_UTF8STRING_value(
-            fixture->hdr->freeText, 0)))
+
+    if (!TEST_true(text == sk_ASN1_UTF8STRING_value(fixture->hdr->freeText, 0)))
         return 0;
 
     return 1;
@@ -244,7 +244,8 @@ static int test_HDR_push0_freeText(void)
 
 static int execute_HDR_push1_freeText_test(CMP_HDR_TEST_FIXTURE *fixture)
 {
-    ASN1_UTF8STRING* text = ASN1_UTF8STRING_new();
+    ASN1_UTF8STRING *text = ASN1_UTF8STRING_new();
+    ASN1_UTF8STRING *pushed_text;
 
     if (!TEST_ptr(text))
         return 0;
@@ -252,11 +253,11 @@ static int execute_HDR_push1_freeText_test(CMP_HDR_TEST_FIXTURE *fixture)
     if (!ASN1_STRING_set(text, "A free text", -1))
         return 0;
 
-    if (!TEST_int_eq(
-            ossl_cmp_hdr_push1_freeText(fixture->hdr, text), 1))
+    if (!TEST_int_eq(ossl_cmp_hdr_push1_freeText(fixture->hdr, text), 1))
         return 0;
-    if (!TEST_int_eq(ASN1_STRING_cmp(
-            sk_ASN1_UTF8STRING_value(fixture->hdr->freeText, 0), text), 0))
+
+    pushed_text = sk_ASN1_UTF8STRING_value(fixture->hdr->freeText, 0);
+    if (!TEST_int_eq(ASN1_STRING_cmp(text, pushed_text), 0))
         return 0;
 
     ASN1_UTF8STRING_free(text);
@@ -279,11 +280,12 @@ execute_HDR_generalInfo_push0_item_test(CMP_HDR_TEST_FIXTURE *fixture)
     if (!TEST_ptr(itav))
         return 0;
 
-    if (!TEST_int_eq(
-            ossl_cmp_hdr_generalInfo_push0_item(fixture->hdr, itav), 1))
+    if (!TEST_int_eq(ossl_cmp_hdr_generalInfo_push0_item(fixture->hdr, itav),
+                     1))
         return 0;
-    if (!TEST_true(itav == sk_OSSL_CMP_ITAV_value(
-            fixture->hdr->generalInfo, 0)))
+
+    if (!TEST_true(itav == sk_OSSL_CMP_ITAV_value(fixture->hdr->generalInfo,
+                                                  0)))
         return 0;
 
     return 1;
@@ -302,10 +304,11 @@ execute_HDR_generalInfo_push1_items_test(CMP_HDR_TEST_FIXTURE *fixture)
 {
     const char oid[] = "1.2.3.4";
     char buf[20];
-    OSSL_CMP_ITAV *itav;
-    STACK_OF(OSSL_CMP_ITAV) *itavs = NULL;
+    OSSL_CMP_ITAV *itav, *pushed_itav;
+    STACK_OF(OSSL_CMP_ITAV) *itavs = NULL, *ginfo;
     ASN1_INTEGER *asn1int = ASN1_INTEGER_new();
     ASN1_TYPE *val = ASN1_TYPE_new();
+    ASN1_TYPE *pushed_val;
 
     if (!TEST_ptr(asn1int))
         return 0;
@@ -318,17 +321,17 @@ execute_HDR_generalInfo_push1_items_test(CMP_HDR_TEST_FIXTURE *fixture)
     itav = OSSL_CMP_ITAV_create(OBJ_txt2obj(oid, 1), val);
     OSSL_CMP_ITAV_push0_stack_item(&itavs, itav);
 
-    if (!TEST_int_eq(
-        ossl_cmp_hdr_generalInfo_push1_items(fixture->hdr, itavs), 1))
+    if (!TEST_int_eq(ossl_cmp_hdr_generalInfo_push1_items(fixture->hdr, itavs),
+                     1))
         return 0;
-    OBJ_obj2txt(buf, sizeof(buf), OSSL_CMP_ITAV_get0_type(
-            sk_OSSL_CMP_ITAV_value(fixture->hdr->generalInfo, 0)), 0);
+    ginfo = fixture->hdr->generalInfo;
+    pushed_itav = sk_OSSL_CMP_ITAV_value(ginfo, 0);
+    OBJ_obj2txt(buf, sizeof(buf), OSSL_CMP_ITAV_get0_type(pushed_itav), 0);
     if (!TEST_int_eq(memcmp(oid, buf, sizeof(oid)), 0))
         return 0;
 
-    if (!TEST_int_eq(ASN1_TYPE_cmp(itav->infoValue.other,
-                                   OSSL_CMP_ITAV_get0_value(
-            sk_OSSL_CMP_ITAV_value(fixture->hdr->generalInfo, 0))), 0))
+    pushed_val = OSSL_CMP_ITAV_get0_value(sk_OSSL_CMP_ITAV_value(ginfo, 0));
+    if (!TEST_int_eq(ASN1_TYPE_cmp(itav->infoValue.other, pushed_val), 0))
         return 0;
 
     sk_OSSL_CMP_ITAV_pop_free(itavs, OSSL_CMP_ITAV_free);
@@ -362,35 +365,36 @@ static int test_HDR_set_and_check_implicit_confirm(void)
 
 static int execute_HDR_init_test(CMP_HDR_TEST_FIXTURE *fixture)
 {
-    ASN1_OCTET_STRING *header_nonce = NULL;
-    ASN1_OCTET_STRING *ctx_nonce = NULL;
-    int res = 0;
+    ASN1_OCTET_STRING *header_nonce, *header_transactionID;
+    ASN1_OCTET_STRING *ctx_nonce;
 
     if (!TEST_int_eq(fixture->expected,
                      ossl_cmp_hdr_init(fixture->cmp_ctx, fixture->hdr)))
-        goto err;
-    if (fixture->expected != 0) {
-        if (!TEST_int_eq(ossl_cmp_hdr_get_pvno(fixture->hdr), OSSL_CMP_PVNO)
-                || !TEST_true(0 == ASN1_OCTET_STRING_cmp(
-                        ossl_cmp_hdr_get0_senderNonce(fixture->hdr),
-                        fixture->cmp_ctx->senderNonce))
-                || !TEST_true(0 == ASN1_OCTET_STRING_cmp(
-                            OSSL_CMP_HDR_get0_transactionID(fixture->hdr),
-                            fixture->cmp_ctx->transactionID)))
-            goto err;
-        header_nonce = OSSL_CMP_HDR_get0_recipNonce(fixture->hdr);
-        ctx_nonce = fixture->cmp_ctx->recipNonce;
-        if (ctx_nonce != NULL
-                && (!TEST_ptr(header_nonce)
-                || !TEST_int_eq(0, ASN1_OCTET_STRING_cmp(header_nonce,
-                                                         ctx_nonce))))
-            goto err;
-    }
+        return 0;
+    if (fixture->expected == 0)
+        return 1;
 
-    res = 1;
+    if (!TEST_int_eq(ossl_cmp_hdr_get_pvno(fixture->hdr), OSSL_CMP_PVNO))
+        return 0;
 
- err:
-    return res;
+    header_nonce = ossl_cmp_hdr_get0_senderNonce(fixture->hdr);
+    if (!TEST_int_eq(0, ASN1_OCTET_STRING_cmp(header_nonce,
+                                              fixture->cmp_ctx->senderNonce)))
+        return 0;
+    header_transactionID = OSSL_CMP_HDR_get0_transactionID(fixture->hdr);
+    if (!TEST_true(0 == ASN1_OCTET_STRING_cmp(header_transactionID,
+                                              fixture->cmp_ctx->transactionID)))
+        return 0;
+
+    header_nonce = OSSL_CMP_HDR_get0_recipNonce(fixture->hdr);
+    ctx_nonce = fixture->cmp_ctx->recipNonce;
+    if (ctx_nonce != NULL
+            && (!TEST_ptr(header_nonce)
+                    || !TEST_int_eq(0, ASN1_OCTET_STRING_cmp(header_nonce,
+                                                             ctx_nonce))))
+        return 0;
+
+    return 1;
 }
 
 static int test_HDR_init(void)

test/cmp_msg_test.c

@@ -122,7 +122,7 @@ static int execute_pkimessage_create_test(CMP_MSG_TEST_FIXTURE *fixture)
                               (fixture->cmp_ctx, fixture->bodytype));
 }
 
-static int set1_newPkey(OSSL_CMP_CTX *ctx, EVP_PKEY* pkey)
+static int set1_newPkey(OSSL_CMP_CTX *ctx, EVP_PKEY *pkey)
 {
     if (!EVP_PKEY_up_ref(pkey))
         return 0;
@@ -321,7 +321,7 @@ static int test_cmp_create_error_msg(void)
                                           OSSL_CMP_PKIFAILUREINFO_systemFailure,
                                           NULL);
     fixture->err_code = -1;
-    fixture->expected = 1;      /* Expected: Message creation is successful */
+    fixture->expected = 1; /* expected: message creation is successful */
     if (!TEST_true(set1_newPkey(fixture->cmp_ctx, newkey))) {
         tear_down(fixture);
         fixture = NULL;
@@ -430,7 +430,7 @@ static int execute_rp_create(CMP_MSG_TEST_FIXTURE *fixture)
         goto err;
 
     if (!X509_NAME_add_entry_by_txt(issuer, "CN", MBSTRING_ASC,
-                                    (unsigned char*)"The Issuer", -1, -1, 0)
+                                    (unsigned char *)"The Issuer", -1, -1, 0)
             || !ASN1_INTEGER_set(serial, 99)
             || (cid = OSSL_CRMF_CERTID_gen(issuer, serial)) == NULL
             || (rpmsg = ossl_cmp_rp_new(fixture->cmp_ctx, si, cid, 1)) == NULL)
@@ -439,8 +439,8 @@ static int execute_rp_create(CMP_MSG_TEST_FIXTURE *fixture)
     if (!TEST_ptr(ossl_cmp_revrepcontent_get_CertId(rpmsg->body->value.rp, 0)))
         goto err;
 
-    if (!TEST_ptr(ossl_cmp_revrepcontent_get_pkistatusinfo(rpmsg->body->value.rp,
-                                                           0)))
+    if (!TEST_ptr(ossl_cmp_revrepcontent_get_pkistatusinfo(rpmsg->body->
+                                                           value.rp, 0)))
         goto err;
 
     res = 1;
@@ -468,11 +468,11 @@ static int execute_pollrep_create(CMP_MSG_TEST_FIXTURE *fixture)
     pollrep = ossl_cmp_pollRep_new(fixture->cmp_ctx, 77, 2000);
     if (!TEST_ptr(pollrep))
         return 0;
-    if (!TEST_ptr(ossl_cmp_pollrepcontent_get0_pollrep(
-            pollrep->body->value.pollRep, 77)))
+    if (!TEST_ptr(ossl_cmp_pollrepcontent_get0_pollrep(pollrep->body->
+                                                       value.pollRep, 77)))
         goto err;
-    if (!TEST_ptr_null(ossl_cmp_pollrepcontent_get0_pollrep(
-            pollrep->body->value.pollRep, 88)))
+    if (!TEST_ptr_null(ossl_cmp_pollrepcontent_get0_pollrep(pollrep->body->
+                                                            value.pollRep, 88)))
         goto err;
 
     res = 1;

test/cmp_protect_test.c

@@ -20,7 +20,7 @@ typedef struct test_fixture {
     OSSL_CMP_CTX *cmp_ctx;
     /* for protection tests */
     OSSL_CMP_MSG *msg;
-    OSSL_CMP_PKISI *si;      /* for error and response messages */
+    OSSL_CMP_PKISI *si; /* for error and response messages */
     ASN1_OCTET_STRING *secret;
     EVP_PKEY *privkey;
     EVP_PKEY *pubkey;
@@ -86,7 +86,8 @@ static int execute_calc_protection_pbmac_test(CMP_PROTECT_TEST_FIXTURE *fixture)
     ASN1_BIT_STRING *protection =
         ossl_cmp_calc_protection(fixture->msg, fixture->secret, NULL);
     int res = TEST_ptr(protection)
-        && TEST_true(ASN1_STRING_cmp(protection, fixture->msg->protection) == 0);
+            && TEST_true(ASN1_STRING_cmp(protection,
+                                         fixture->msg->protection) == 0);
 
     ASN1_BIT_STRING_free(protection);
     return res;
@@ -400,7 +401,7 @@ static int execute_X509_STORE_test(CMP_PROTECT_TEST_FIXTURE *fixture)
 static int test_X509_STORE(void)
 {
     SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
-    fixture->callback_arg = 0;  /* self-signed allowed */
+    fixture->callback_arg = 0; /* self-issued allowed */
     if (!TEST_ptr(fixture->certs = sk_X509_new_null())
             || !sk_X509_push(fixture->certs, endentity1)
             || !sk_X509_push(fixture->certs, endentity2)
@@ -414,12 +415,12 @@ static int test_X509_STORE(void)
     return result;
 }
 
-static int test_X509_STORE_only_self_signed(void)
+static int test_X509_STORE_only_self_issued(void)
 {
     SETUP_TEST_FIXTURE(CMP_PROTECT_TEST_FIXTURE, set_up);
     fixture->certs = sk_X509_new_null();
     fixture->chain = sk_X509_new_null();
-    fixture->callback_arg = 1;  /* only self-signed */
+    fixture->callback_arg = 1; /* only self-issued */
     if (!TEST_true(sk_X509_push(fixture->certs, endentity1))
             || !TEST_true(sk_X509_push(fixture->certs, endentity2))
             || !TEST_true(sk_X509_push(fixture->certs, root))
@@ -521,7 +522,7 @@ int setup_tests(void)
 #endif
 
     ADD_TEST(test_X509_STORE);
-    ADD_TEST(test_X509_STORE_only_self_signed);
+    ADD_TEST(test_X509_STORE_only_self_issued);
 
     return 1;
 }