KNF.

15 files changed, 1964 insertions, 2253 deletions

diff --git a/lib/libcrypto/cms/cms.h b/lib/libcrypto/cms/cms.h
index 150607469dd..0a782d31635 100644
--- a/lib/libcrypto/cms/cms.h
+++ b/lib/libcrypto/cms/cms.h
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -132,110 +132,94 @@ int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
 
 BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
 int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
-int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
+    int flags);
 CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
 int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
 
 int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags);
 
-CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-						BIO *data, unsigned int flags);
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
+    STACK_OF(X509) *certs, BIO *data, unsigned int flags);
 
-CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
-					X509 *signcert, EVP_PKEY *pkey,
-					STACK_OF(X509) *certs,
-					unsigned int flags);
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert,
+    EVP_PKEY *pkey, STACK_OF(X509) *certs, unsigned int flags);
 
 int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
 CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
 
 int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-							unsigned int flags);
+    unsigned int flags);
 CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
-							unsigned int flags);
+    unsigned int flags);
 
-int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
-				const unsigned char *key, size_t keylen,
-				BIO *dcont, BIO *out, unsigned int flags);
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key,
+    size_t keylen, BIO *dcont, BIO *out, unsigned int flags);
 
 CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
-					const unsigned char *key, size_t keylen,
-					unsigned int flags);
+    const unsigned char *key, size_t keylen, unsigned int flags);
 
 int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
-				const unsigned char *key, size_t keylen);
+    const unsigned char *key, size_t keylen);
 
 int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
-		 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
+    X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
 
 int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
-			STACK_OF(X509) *certs,
-			X509_STORE *store, unsigned int flags);
+    STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags);
 
 STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
 
 CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
-				const EVP_CIPHER *cipher, unsigned int flags);
+    const EVP_CIPHER *cipher, unsigned int flags);
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert, BIO *dcont,
+    BIO *out, unsigned int flags);
 
-int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
-				BIO *dcont, BIO *out,
-				unsigned int flags);
-	
 int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
-int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 
-				unsigned char *key, size_t keylen,
-				unsigned char *id, size_t idlen);
-int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 
-				unsigned char *pass, ssize_t passlen);
+int CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key,
+    size_t keylen, unsigned char *id, size_t idlen);
+int CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass,
+    ssize_t passlen);
 
 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
 int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
 CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
-CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
-					X509 *recip, unsigned int flags);
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip,
+    unsigned int flags);
 int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
 int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
-int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
-					EVP_PKEY **pk, X509 **recip,
-					X509_ALGOR **palg);
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, EVP_PKEY **pk,
+    X509 **recip, X509_ALGOR **palg);
 int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno);
+    ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
 
 CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
-					unsigned char *key, size_t keylen,
-					unsigned char *id, size_t idlen,
-					ASN1_GENERALIZEDTIME *date,
-					ASN1_OBJECT *otherTypeId,
-					ASN1_TYPE *otherType);
-
-int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
-					X509_ALGOR **palg,
-					ASN1_OCTET_STRING **pid,
-					ASN1_GENERALIZEDTIME **pdate,
-					ASN1_OBJECT **potherid,
-					ASN1_TYPE **pothertype);
-
-int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 
-				unsigned char *key, size_t keylen);
-
-int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 
-					const unsigned char *id, size_t idlen);
-
-int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, 
-					unsigned char *pass,
-					ssize_t passlen);
-
-CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
-					int iter, int wrap_nid, int pbe_nid,
-					unsigned char *pass,
-					ssize_t passlen,
-					const EVP_CIPHER *kekciph);
+    unsigned char *key, size_t keylen, unsigned char *id, size_t idlen,
+    ASN1_GENERALIZEDTIME *date, ASN1_OBJECT *otherTypeId,
+    ASN1_TYPE *otherType);
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
+    ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate,
+    ASN1_OBJECT **potherid, ASN1_TYPE **pothertype);
+
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key,
+    size_t keylen);
+
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+    const unsigned char *id, size_t idlen);
+
+int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass,
+    ssize_t passlen);
+
+CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter,
+    int wrap_nid, int pbe_nid, unsigned char *pass, ssize_t passlen,
+    const EVP_CIPHER *kekciph);
 
 int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
-	
+
 int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-							unsigned int flags);
+    unsigned int flags);
 CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
 
 int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
@@ -252,82 +236,70 @@ int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
 STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
 
 int CMS_SignedData_init(CMS_ContentInfo *cms);
-CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
-			X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
-			unsigned int flags);
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer,
+    EVP_PKEY *pk, const EVP_MD *md, unsigned int flags);
 STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
 
 void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
 int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno);
+    ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
 int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
 int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
-					unsigned int flags);
+    unsigned int flags);
 void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
-					X509_ALGOR **pdig, X509_ALGOR **psig);
+    X509_ALGOR **pdig, X509_ALGOR **psig);
 int CMS_SignerInfo_sign(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify(CMS_SignerInfo *si);
 int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
 
 int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
-int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
-				int algnid, int keysize);
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid,
+    int keysize);
 int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
 
 int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
-int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
-			  int lastpos);
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos);
 int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-			  int lastpos);
+    int lastpos);
 X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
 X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
 int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
-int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			const ASN1_OBJECT *obj, int type,
-			const void *bytes, int len);
-int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
-			int nid, int type,
-			const void *bytes, int len);
-int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
-			const char *attrname, int type,
-			const void *bytes, int len);
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+    int type, const void *bytes, int len);
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
+    const void *bytes, int len);
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
+    int type, const void *bytes, int len);
 void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
-					int lastpos, int type);
+    int lastpos, int type);
 
 int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
 int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
-			  int lastpos);
+    int lastpos);
 int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-			  int lastpos);
+    int lastpos);
 X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
 X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
 int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
-int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			const ASN1_OBJECT *obj, int type,
-			const void *bytes, int len);
-int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
-			int nid, int type,
-			const void *bytes, int len);
-int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
-			const char *attrname, int type,
-			const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+    int type, const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
+    const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
+    int type, const void *bytes, int len);
 void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
-					int lastpos, int type);
+    int lastpos, int type);
 
 #ifdef HEADER_X509V3_H
 
 int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
 CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
-				int allorfirst,
-				STACK_OF(GENERAL_NAMES) *receiptList,
-				STACK_OF(GENERAL_NAMES) *receiptsTo);
+    int allorfirst, STACK_OF(GENERAL_NAMES) *receiptList,
+    STACK_OF(GENERAL_NAMES) *receiptsTo);
 int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
-void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
-					ASN1_STRING **pcid,
-					int *pallorfirst,
-					STACK_OF(GENERAL_NAMES) **plist,
-					STACK_OF(GENERAL_NAMES) **prto);
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
+    int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist,
+    STACK_OF(GENERAL_NAMES) **prto);
 
 #endif
 
diff --git a/lib/libcrypto/cms/cms_asn1.c b/lib/libcrypto/cms/cms_asn1.c
index bd7466cc1d3..a2b0217a930 100644
--- a/lib/libcrypto/cms/cms_asn1.c
+++ b/lib/libcrypto/cms/cms_asn1.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -57,7 +57,6 @@
 #include "cms.h"
 #include "cms_lcl.h"
 
-
 ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
 	ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
 	ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
@@ -87,19 +86,18 @@ ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
 } ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
 
 /* Minor tweak to operation: free up signer key, cert */
-static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-							void *exarg)
-	{
-	if(operation == ASN1_OP_FREE_POST)
-		{
+static int
+cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+{
+	if (operation == ASN1_OP_FREE_POST) {
 		CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
 		if (si->pkey)
 			EVP_PKEY_free(si->pkey);
 		if (si->signer)
 			X509_free(si->signer);
-		}
-	return 1;
 	}
+	return 1;
+}
 
 ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
 	ASN1_SIMPLE(CMS_SignerInfo, version, LONG),
@@ -160,8 +158,8 @@ ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
 } ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
 
 ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
-  ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
-  ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
+	ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+	ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
 } ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
 
 ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
@@ -170,14 +168,14 @@ ASN1_SEQUENCE(CMS_RecipientEncryptedKey) = {
 } ASN1_SEQUENCE_END(CMS_RecipientEncryptedKey)
 
 ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
-  ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
-  ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
+	ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
+	ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
 } ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
 
 ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
-  ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
-  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
-  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
+	ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+	ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
+	ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
 } ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
 
 ASN1_SEQUENCE(CMS_KeyAgreeRecipientInfo) = {
@@ -209,46 +207,38 @@ ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
 } ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
 
 ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
-  ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
-  ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
+	ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
+	ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
 } ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
 
 /* Free up RecipientInfo additional data */
-static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-							void *exarg)
-	{
-	if(operation == ASN1_OP_FREE_PRE)
-		{
+static int
+cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+{
+	if (operation == ASN1_OP_FREE_PRE) {
 		CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
-		if (ri->type == CMS_RECIPINFO_TRANS)
-			{
+		if (ri->type == CMS_RECIPINFO_TRANS) {
 			CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
 			if (ktri->pkey)
 				EVP_PKEY_free(ktri->pkey);
 			if (ktri->recip)
 				X509_free(ktri->recip);
-			}
-		else if (ri->type == CMS_RECIPINFO_KEK)
-			{
+		} else if (ri->type == CMS_RECIPINFO_KEK) {
 			CMS_KEKRecipientInfo *kekri = ri->d.kekri;
-			if (kekri->key)
-				{
+			if (kekri->key) {
 				OPENSSL_cleanse(kekri->key, kekri->keylen);
 				free(kekri->key);
-				}
 			}
-		else if (ri->type == CMS_RECIPINFO_PASS)
-			{
+		} else if (ri->type == CMS_RECIPINFO_PASS) {
 			CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
-			if (pwri->pass)
-				{
+			if (pwri->pass) {
 				OPENSSL_cleanse(pwri->pass, pwri->passlen);
 				free(pwri->pass);
-				}
 			}
 		}
-	return 1;
 	}
+	return 1;
+}
 
 ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
 	ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
@@ -295,7 +285,7 @@ ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
 	ASN1_SIMPLE(CMS_CompressedData, version, LONG),
 	ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
 	ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
-} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
+    } ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
 
 /* This is the ANY DEFINED BY table for the top level ContentInfo structure */
 
@@ -312,36 +302,34 @@ ASN1_ADB(CMS_ContentInfo) = {
 } ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
 
 /* CMS streaming support */
-static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-							void *exarg)
-	{
+static int
+cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+{
 	ASN1_STREAM_ARG *sarg = exarg;
 	CMS_ContentInfo *cms = NULL;
+
 	if (pval)
 		cms = (CMS_ContentInfo *)*pval;
 	else
 		return 1;
-	switch(operation)
-		{
 
-		case ASN1_OP_STREAM_PRE:
+	switch (operation) {
+	case ASN1_OP_STREAM_PRE:
 		if (CMS_stream(&sarg->boundary, cms) <= 0)
 			return 0;
-		case ASN1_OP_DETACHED_PRE:
+	case ASN1_OP_DETACHED_PRE:
 		sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
 		if (!sarg->ndef_bio)
 			return 0;
 		break;
-
-		case ASN1_OP_STREAM_POST:
-		case ASN1_OP_DETACHED_POST:
+	case ASN1_OP_STREAM_POST:
+	case ASN1_OP_DETACHED_POST:
 		if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0)
 			return 0;
 		break;
-
-		}
-	return 1;
 	}
+	return 1;
+}
 
 ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
 	ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
@@ -354,36 +342,33 @@ ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
  * encoding.
  */
 
-ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) =
+ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
 ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
 
-/* When verifying attributes we need to use the received order. So 
+/* When verifying attributes we need to use the received order. So
  * we use SEQUENCE OF and tag it to SET OF
  */
 
-ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
-				V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) =
+ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+    V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
 ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
 
-
-
 ASN1_CHOICE(CMS_ReceiptsFrom) = {
-  ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
-  ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
+	ASN1_IMP(CMS_ReceiptsFrom, d.allOrFirstTier, LONG, 0),
+	ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
 } ASN1_CHOICE_END(CMS_ReceiptsFrom)
 
 ASN1_SEQUENCE(CMS_ReceiptRequest) = {
-  ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
-  ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
-  ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
+	ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
+	ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
 } ASN1_SEQUENCE_END(CMS_ReceiptRequest)
 
 ASN1_SEQUENCE(CMS_Receipt) = {
-  ASN1_SIMPLE(CMS_Receipt, version, LONG),
-  ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
-  ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
-  ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
+	ASN1_SIMPLE(CMS_Receipt, version, LONG),
+	ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
+	ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(CMS_Receipt)
-
diff --git a/lib/libcrypto/cms/cms_att.c b/lib/libcrypto/cms/cms_att.c
index 5b71722ebc8..c6bc784fb8b 100644
--- a/lib/libcrypto/cms/cms_att.c
+++ b/lib/libcrypto/cms/cms_att.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,134 +60,150 @@
 
 /* CMS SignedData Attribute utilities */
 
-int CMS_signed_get_attr_count(const CMS_SignerInfo *si)
+int
+CMS_signed_get_attr_count(const CMS_SignerInfo *si)
 {
 	return X509at_get_attr_count(si->signedAttrs);
 }
 
-int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
-			  int lastpos)
+int
+CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
 {
 	return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
 }
 
-int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-			  int lastpos)
+int
+CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+    int lastpos)
 {
 	return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
 }
 
-X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
+X509_ATTRIBUTE *
+CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
 {
 	return X509at_get_attr(si->signedAttrs, loc);
 }
 
-X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
+X509_ATTRIBUTE *
+CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
 {
 	return X509at_delete_attr(si->signedAttrs, loc);
 }
 
-int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+int
+CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
 {
-	if(X509at_add1_attr(&si->signedAttrs, attr)) return 1;
+	if (X509at_add1_attr(&si->signedAttrs, attr))
+		return 1;
 	return 0;
 }
 
-int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			const ASN1_OBJECT *obj, int type,
-			const void *bytes, int len)
+int
+CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+    int type, const void *bytes, int len)
 {
-	if(X509at_add1_attr_by_OBJ(&si->signedAttrs, obj,
-				type, bytes, len)) return 1;
+	if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len))
+		return 1;
 	return 0;
 }
 
-int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
-			int nid, int type,
-			const void *bytes, int len)
+int
+CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
+    const void *bytes, int len)
 {
-	if(X509at_add1_attr_by_NID(&si->signedAttrs, nid,
-				type, bytes, len)) return 1;
+	if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len))
+		return 1;
 	return 0;
 }
 
-int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
-			const char *attrname, int type,
-			const void *bytes, int len)
+int
+CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname, int type,
+    const void *bytes, int len)
 {
-	if(X509at_add1_attr_by_txt(&si->signedAttrs, attrname,
-				type, bytes, len)) return 1;
+	if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type,
+	    bytes, len))
+		return 1;
 	return 0;
 }
 
-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
-					int lastpos, int type)
+void *
+CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, int lastpos,
+    int type)
 {
 	return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
 }
 
-int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
+int
+CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
 {
 	return X509at_get_attr_count(si->unsignedAttrs);
 }
 
-int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
-			  int lastpos)
+int
+CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
 {
 	return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
 }
 
-int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
-			  int lastpos)
+int
+CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, ASN1_OBJECT *obj,
+    int lastpos)
 {
 	return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
 }
 
-X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
+X509_ATTRIBUTE *
+CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
 {
 	return X509at_get_attr(si->unsignedAttrs, loc);
 }
 
-X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
+X509_ATTRIBUTE *
+CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
 {
 	return X509at_delete_attr(si->unsignedAttrs, loc);
 }
 
-int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+int
+CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
 {
-	if(X509at_add1_attr(&si->unsignedAttrs, attr)) return 1;
+	if (X509at_add1_attr(&si->unsignedAttrs, attr))
+		return 1;
 	return 0;
 }
 
-int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			const ASN1_OBJECT *obj, int type,
-			const void *bytes, int len)
+int
+CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+    int type, const void *bytes, int len)
 {
-	if(X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj,
-				type, bytes, len)) return 1;
+	if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len))
+		return 1;
 	return 0;
 }
 
-int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
-			int nid, int type,
-			const void *bytes, int len)
+int
+CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
+    const void *bytes, int len)
 {
-	if(X509at_add1_attr_by_NID(&si->unsignedAttrs, nid,
-				type, bytes, len)) return 1;
+	if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len))
+		return 1;
 	return 0;
 }
 
-int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
-			const char *attrname, int type,
-			const void *bytes, int len)
+int
+CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
+    int type, const void *bytes, int len)
 {
-	if(X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
-				type, bytes, len)) return 1;
+	if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, type,
+	    bytes, len))
+		return 1;
 	return 0;
 }
 
-void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
-					int lastpos, int type)
+void *
+CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+    int lastpos, int type)
 {
 	return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
 }
diff --git a/lib/libcrypto/cms/cms_cd.c b/lib/libcrypto/cms/cms_cd.c
index a5fc2c4e2b4..ec48471df26 100644
--- a/lib/libcrypto/cms/cms_cd.c
+++ b/lib/libcrypto/cms/cms_cd.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,7 +58,9 @@
 #include <openssl/err.h>
 #include <openssl/cms.h>
 #include <openssl/bio.h>
+#ifndef OPENSSL_NO_COMP
 #include <openssl/comp.h>
+#endif
 #include "cms_lcl.h"
 
 DECLARE_ASN1_ITEM(CMS_CompressedData)
@@ -67,19 +69,20 @@ DECLARE_ASN1_ITEM(CMS_CompressedData)
 
 /* CMS CompressedData Utilities */
 
-CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
-	{
+CMS_ContentInfo *
+cms_CompressedData_create(int comp_nid)
+{
 	CMS_ContentInfo *cms;
 	CMS_CompressedData *cd;
+
 	/* Will need something cleverer if there is ever more than one
 	 * compression algorithm or parameters have some meaning...
 	 */
-	if (comp_nid != NID_zlib_compression)
-		{
+	if (comp_nid != NID_zlib_compression) {
 		CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE,
-				CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+		    CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
 		return NULL;
-		}
+	}
 	cms = CMS_ContentInfo_new();
 	if (!cms)
 		return NULL;
@@ -95,40 +98,38 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
 	cd->version = 0;
 
 	X509_ALGOR_set0(cd->compressionAlgorithm,
-			OBJ_nid2obj(NID_zlib_compression),
-			V_ASN1_UNDEF, NULL);
+	    OBJ_nid2obj(NID_zlib_compression),
+	    V_ASN1_UNDEF, NULL);
 
 	cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
 
 	return cms;
 
-	err:
-
+err:
 	if (cms)
 		CMS_ContentInfo_free(cms);
-
 	return NULL;
-	}
+}
 
-BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
-	{
+BIO *
+cms_CompressedData_init_bio(CMS_ContentInfo *cms)
+{
 	CMS_CompressedData *cd;
 	ASN1_OBJECT *compoid;
-	if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData)
-		{
+
+	if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) {
 		CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
-				CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
+		    CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
 		return NULL;
-		}
+	}
 	cd = cms->d.compressedData;
 	X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm);
-	if (OBJ_obj2nid(compoid) != NID_zlib_compression)
-		{
+	if (OBJ_obj2nid(compoid) != NID_zlib_compression) {
 		CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
-				CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+		    CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
 		return NULL;
-		}
-	return BIO_new(BIO_f_zlib());
 	}
+	return BIO_new(BIO_f_zlib());
+}
 
 #endif
diff --git a/lib/libcrypto/cms/cms_dd.c b/lib/libcrypto/cms/cms_dd.c
index 8919c15be12..f115d2274b0 100644
--- a/lib/libcrypto/cms/cms_dd.c
+++ b/lib/libcrypto/cms/cms_dd.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -63,10 +63,12 @@ DECLARE_ASN1_ITEM(CMS_DigestedData)
 
 /* CMS DigestedData Utilities */
 
-CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
-	{
+CMS_ContentInfo *
+cms_DigestedData_create(const EVP_MD *md)
+{
 	CMS_ContentInfo *cms;
 	CMS_DigestedData *dd;
+
 	cms = CMS_ContentInfo_new();
 	if (!cms)
 		return NULL;
@@ -86,28 +88,30 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
 
 	return cms;
 
-	err:
-
+err:
 	if (cms)
 		CMS_ContentInfo_free(cms);
-
 	return NULL;
-	}
+}
 
-BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
-	{
+BIO *
+cms_DigestedData_init_bio(CMS_ContentInfo *cms)
+{
 	CMS_DigestedData *dd;
+
 	dd = cms->d.digestedData;
 	return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
-	}
+}
 
-int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
-	{
+int
+cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
+{
 	EVP_MD_CTX mctx;
 	unsigned char md[EVP_MAX_MD_SIZE];
 	unsigned int mdlen;
 	int r = 0;
 	CMS_DigestedData *dd;
+
 	EVP_MD_CTX_init(&mctx);
 
 	dd = cms->d.digestedData;
@@ -118,31 +122,26 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
 	if (EVP_DigestFinal_ex(&mctx, md, &mdlen) <= 0)
 		goto err;
 
-	if (verify)
-		{
-		if (mdlen != (unsigned int)dd->digest->length)
-			{
+	if (verify) {
+		if (mdlen != (unsigned int)dd->digest->length) {
 			CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
-				CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
+			    CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
 			goto err;
-			}
+		}
 
 		if (memcmp(md, dd->digest->data, mdlen))
 			CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
-				CMS_R_VERIFICATION_FAILURE);
+			    CMS_R_VERIFICATION_FAILURE);
 		else
 			r = 1;
-		}
-	else
-		{
+	} else {
 		if (!ASN1_STRING_set(dd->digest, md, mdlen))
 			goto err;
 		r = 1;
-		}
+	}
 
-	err:
+err:
 	EVP_MD_CTX_cleanup(&mctx);
 
 	return r;
-
-	}
+}
diff --git a/lib/libcrypto/cms/cms_enc.c b/lib/libcrypto/cms/cms_enc.c
index 612fce6dde8..75e08cdb1d6 100644
--- a/lib/libcrypto/cms/cms_enc.c
+++ b/lib/libcrypto/cms/cms_enc.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -66,8 +66,9 @@ DECLARE_ASN1_ITEM(CMS_EncryptedData)
 
 /* Return BIO based on EncryptedContentInfo and key */
 
-BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
-	{
+BIO *
+cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
+{
 	BIO *b;
 	EVP_CIPHER_CTX *ctx;
 	const EVP_CIPHER *ciph;
@@ -75,87 +76,72 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 	unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
 	unsigned char *tkey = NULL;
 	size_t tkeylen = 0;
-
 	int ok = 0;
-
 	int enc, keep_key = 0;
 
 	enc = ec->cipher ? 1 : 0;
 
 	b = BIO_new(BIO_f_cipher());
-	if (!b)
-		{
+	if (!b) {
 		CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-							ERR_R_MALLOC_FAILURE);
+		    ERR_R_MALLOC_FAILURE);
 		return NULL;
-		}
+	}
 
 	BIO_get_cipher_ctx(b, &ctx);
 
-	if (enc)
-		{
+	if (enc) {
 		ciph = ec->cipher;
 		/* If not keeping key set cipher to NULL so subsequent calls
 		 * decrypt.
 		 */
 		if (ec->key)
 			ec->cipher = NULL;
-		}
-	else
-		{
+	} else {
 		ciph = EVP_get_cipherbyobj(calg->algorithm);
 
-		if (!ciph)
-			{
+		if (!ciph) {
 			CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-							CMS_R_UNKNOWN_CIPHER);
+			    CMS_R_UNKNOWN_CIPHER);
 			goto err;
-			}
 		}
+	}
 
-	if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0)
-		{
+	if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) {
 		CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-				CMS_R_CIPHER_INITIALISATION_ERROR);
+		    CMS_R_CIPHER_INITIALISATION_ERROR);
 		goto err;
-		}
+	}
 
-	if (enc)
-		{
+	if (enc) {
 		int ivlen;
 		calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
 		/* Generate a random IV if we need one */
 		ivlen = EVP_CIPHER_CTX_iv_length(ctx);
-		if (ivlen > 0)
-			{
+		if (ivlen > 0) {
 			if (RAND_pseudo_bytes(iv, ivlen) <= 0)
 				goto err;
 			piv = iv;
-			}
 		}
-	else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0)
-		{
+	} else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) {
 		CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-				CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+		    CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
 		goto err;
-		}
+	}
 	tkeylen = EVP_CIPHER_CTX_key_length(ctx);
 	/* Generate random session key */
-	if (!enc || !ec->key)
-		{
+	if (!enc || !ec->key) {
 		tkey = malloc(tkeylen);
-		if (!tkey)
-			{
+		if (!tkey) {
 			CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-							ERR_R_MALLOC_FAILURE);
+			    ERR_R_MALLOC_FAILURE);
 			goto err;
-			}
+		}
 		if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
 			goto err;
-		}
+	}
 
-	if (!ec->key)
-		{
+	if (!ec->key) {
 		ec->key = tkey;
 		ec->keylen = tkeylen;
 		tkey = NULL;
@@ -163,25 +149,20 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 			keep_key = 1;
 		else
 			ERR_clear_error();
-		
-		}
 
-	if (ec->keylen != tkeylen)
-		{
+	}
+
+	if (ec->keylen != tkeylen) {
 		/* If necessary set key length */
-		if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0)
-			{
+		if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) {
 			/* Only reveal failure if debugging so we don't
 			 * leak information which may be useful in MMA.
 			 */
-			if (enc || ec->debug)
-				{
+			if (enc || ec->debug) {
 				CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-						CMS_R_INVALID_KEY_LENGTH);
+				    CMS_R_INVALID_KEY_LENGTH);
 				goto err;
-				}
-			else
-				{
+			} else {
 				/* Use random key */
 				OPENSSL_cleanse(ec->key, ec->keylen);
 				free(ec->key);
@@ -189,106 +170,98 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 				ec->keylen = tkeylen;
 				tkey = NULL;
 				ERR_clear_error();
-				}
 			}
 		}
+	}
 
-	if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0)
-		{
+	if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) {
 		CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-				CMS_R_CIPHER_INITIALISATION_ERROR);
+		    CMS_R_CIPHER_INITIALISATION_ERROR);
 		goto err;
-		}
+	}
 
-	if (piv)
-		{
+	if (piv) {
 		calg->parameter = ASN1_TYPE_new();
-		if (!calg->parameter)
-			{
+		if (!calg->parameter) {
 			CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-							ERR_R_MALLOC_FAILURE);
+			    ERR_R_MALLOC_FAILURE);
 			goto err;
-			}
-		if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0)
-			{
+		}
+		if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
 			CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
-				CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+			    CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
 			goto err;
-			}
 		}
+	}
 	ok = 1;
 
-	err:
-	if (ec->key && !keep_key)
-		{
+err:
+	if (ec->key && !keep_key) {
 		OPENSSL_cleanse(ec->key, ec->keylen);
 		free(ec->key);
 		ec->key = NULL;
-		}
-	if (tkey)
-		{
+	}
+	if (tkey) {
 		OPENSSL_cleanse(tkey, tkeylen);
 		free(tkey);
-		}
+	}
 	if (ok)
 		return b;
 	BIO_free(b);
 	return NULL;
-	}
+}
 
-int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 
-				const EVP_CIPHER *cipher,
-				const unsigned char *key, size_t keylen)
-	{
+int
+cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+    const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen)
+{
 	ec->cipher = cipher;
-	if (key)
-		{
+	if (key) {
 		ec->key = malloc(keylen);
 		if (!ec->key)
 			return 0;
 		memcpy(ec->key, key, keylen);
-		}
+	}
 	ec->keylen = keylen;
 	if (cipher)
 		ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
 	return 1;
-	}
+}
 
-int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
-				const unsigned char *key, size_t keylen)
-	{
+int
+CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+    const unsigned char *key, size_t keylen)
+{
 	CMS_EncryptedContentInfo *ec;
-	if (!key || !keylen)
-		{
+
+	if (!key || !keylen) {
 		CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
 		return 0;
-		}
-	if (ciph)
-		{
+	}
+	if (ciph) {
 		cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
-		if (!cms->d.encryptedData)
-			{
+		if (!cms->d.encryptedData) {
 			CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
-				ERR_R_MALLOC_FAILURE);
+			    ERR_R_MALLOC_FAILURE);
 			return 0;
-			}
+		}
 		cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
 		cms->d.encryptedData->version = 0;
-		}
-	else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted)
-		{
+	} else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) {
 		CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY,
-						CMS_R_NOT_ENCRYPTED_DATA);
+		    CMS_R_NOT_ENCRYPTED_DATA);
 		return 0;
-		}
+	}
 	ec = cms->d.encryptedData->encryptedContentInfo;
 	return cms_EncryptedContent_init(ec, ciph, key, keylen);
-	}
+}
 
-BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
-	{
+BIO *
+cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
+{
 	CMS_EncryptedData *enc = cms->d.encryptedData;
+
 	if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
 		enc->version = 2;
 	return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
-	}
+}
diff --git a/lib/libcrypto/cms/cms_env.c b/lib/libcrypto/cms/cms_env.c
index 5e6e7033b24..a274e26226a 100644
--- a/lib/libcrypto/cms/cms_env.c
+++ b/lib/libcrypto/cms/cms_env.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -71,56 +71,59 @@ DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
 
 DECLARE_STACK_OF(CMS_RecipientInfo)
 
-CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
-	{
-	if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped)
-		{
+CMS_EnvelopedData *
+cms_get0_enveloped(CMS_ContentInfo *cms)
+{
+	if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
 		CMSerr(CMS_F_CMS_GET0_ENVELOPED,
-				CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
+		    CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
 		return NULL;
-		}
-	return cms->d.envelopedData;
 	}
+	return cms->d.envelopedData;
+}
 
-static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
-	{
-	if (cms->d.other == NULL)
-		{
+static CMS_EnvelopedData *
+cms_enveloped_data_init(CMS_ContentInfo *cms)
+{
+	if (cms->d.other == NULL) {
 		cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
-		if (!cms->d.envelopedData)
-			{
+		if (!cms->d.envelopedData) {
 			CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT,
-							ERR_R_MALLOC_FAILURE);
+			    ERR_R_MALLOC_FAILURE);
 			return NULL;
-			}
+		}
 		cms->d.envelopedData->version = 0;
 		cms->d.envelopedData->encryptedContentInfo->contentType =
-						OBJ_nid2obj(NID_pkcs7_data);
+		    OBJ_nid2obj(NID_pkcs7_data);
 		ASN1_OBJECT_free(cms->contentType);
 		cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
 		return cms->d.envelopedData;
-		}
-	return cms_get0_enveloped(cms);
 	}
+	return cms_get0_enveloped(cms);
+}
 
 STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
-	{
+{
 	CMS_EnvelopedData *env;
+
 	env = cms_get0_enveloped(cms);
 	if (!env)
 		return NULL;
 	return env->recipientInfos;
-	}
+}
 
-int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
-	{
+int
+CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
+{
 	return ri->type;
-	}
+}
 
-CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
-	{
+CMS_ContentInfo *
+CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
+{
 	CMS_ContentInfo *cms;
 	CMS_EnvelopedData *env;
+
 	cms = CMS_ContentInfo_new();
 	if (!cms)
 		goto merr;
@@ -128,15 +131,16 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
 	if (!env)
 		goto merr;
 	if (!cms_EncryptedContent_init(env->encryptedContentInfo,
-					cipher, NULL, 0))
+	    cipher, NULL, 0))
 		goto merr;
 	return cms;
-	merr:
+
+merr:
 	if (cms)
 		CMS_ContentInfo_free(cms);
 	CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
 	return NULL;
-	}
+}
 
 /* Key Transport Recipient Info (KTRI) routines */
 
@@ -144,14 +148,15 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
  * If we ever handle key agreement will need updating.
  */
 
-CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
-					X509 *recip, unsigned int flags)
-	{
+CMS_RecipientInfo *
+CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags)
+{
 	CMS_RecipientInfo *ri = NULL;
 	CMS_KeyTransRecipientInfo *ktri;
 	CMS_EnvelopedData *env;
 	EVP_PKEY *pk = NULL;
 	int i, type;
+
 	env = cms_get0_enveloped(cms);
 	if (!env)
 		goto err;
@@ -172,26 +177,22 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
 
 	X509_check_purpose(recip, -1, -1);
 	pk = X509_get_pubkey(recip);
-	if (!pk)
-		{
+	if (!pk) {
 		CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
-				CMS_R_ERROR_GETTING_PUBLIC_KEY);
+		    CMS_R_ERROR_GETTING_PUBLIC_KEY);
 		goto err;
-		}
+	}
 	CRYPTO_add(&recip->references, 1, CRYPTO_LOCK_X509);
 	ktri->pkey = pk;
 	ktri->recip = recip;
 
-	if (flags & CMS_USE_KEYID)
-		{
+	if (flags & CMS_USE_KEYID) {
 		ktri->version = 2;
 		type = CMS_RECIPINFO_KEYIDENTIFIER;
-		}
-	else
-		{
+	} else {
 		ktri->version = 0;
 		type = CMS_RECIPINFO_ISSUER_SERIAL;
-		}
+	}
 
 	/* Not a typo: RecipientIdentifier and SignerIdentifier are the
 	 * same structure.
@@ -200,49 +201,45 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
 	if (!cms_set1_SignerIdentifier(ktri->rid, recip, type))
 		goto err;
 
-	if (pk->ameth && pk->ameth->pkey_ctrl)
-		{
+	if (pk->ameth && pk->ameth->pkey_ctrl) {
 		i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_ENVELOPE,
-						0, ri);
-		if (i == -2)
-			{
+		    0, ri);
+		if (i == -2) {
 			CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
-				CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+			    CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
 			goto err;
-			}
-		if (i <= 0)
-			{
+		}
+		if (i <= 0) {
 			CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
-				CMS_R_CTRL_FAILURE);
+			    CMS_R_CTRL_FAILURE);
 			goto err;
-			}
 		}
+	}
 
 	if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
 		goto merr;
 
 	return ri;
 
-	merr:
+merr:
 	CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
-	err:
+err:
 	if (ri)
 		M_ASN1_free_of(ri, CMS_RecipientInfo);
 	return NULL;
+}
 
-	}
-
-int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
-					EVP_PKEY **pk, X509 **recip,
-					X509_ALGOR **palg)
-	{
+int
+CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, EVP_PKEY **pk,
+    X509 **recip, X509_ALGOR **palg)
+{
 	CMS_KeyTransRecipientInfo *ktri;
-	if (ri->type != CMS_RECIPINFO_TRANS)
-		{
+
+	if (ri->type != CMS_RECIPINFO_TRANS) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
-			CMS_R_NOT_KEY_TRANSPORT);
+		    CMS_R_NOT_KEY_TRANSPORT);
 		return 0;
-		}
+	}
 
 	ktri = ri->d.ktri;
 
@@ -253,53 +250,53 @@ int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
 	if (palg)
 		*palg = ktri->keyEncryptionAlgorithm;
 	return 1;
-	}
+}
 
-int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno)
-	{
+int
+CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+    ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno)
+{
 	CMS_KeyTransRecipientInfo *ktri;
-	if (ri->type != CMS_RECIPINFO_TRANS)
-		{
+
+	if (ri->type != CMS_RECIPINFO_TRANS) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
-			CMS_R_NOT_KEY_TRANSPORT);
+		    CMS_R_NOT_KEY_TRANSPORT);
 		return 0;
-		}
+	}
 	ktri = ri->d.ktri;
 
-	return cms_SignerIdentifier_get0_signer_id(ktri->rid,
-							keyid, issuer, sno);
-	}
+	return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid,
+	    issuer, sno);
+}
 
-int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
-	{
-	if (ri->type != CMS_RECIPINFO_TRANS)
-		{
+int
+CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
+{
+	if (ri->type != CMS_RECIPINFO_TRANS) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
-			CMS_R_NOT_KEY_TRANSPORT);
+		    CMS_R_NOT_KEY_TRANSPORT);
 		return -2;
-		}
-	return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
 	}
+	return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
+}
 
-int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
-	{
-	if (ri->type != CMS_RECIPINFO_TRANS)
-		{
+int
+CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
+{
+	if (ri->type != CMS_RECIPINFO_TRANS) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY,
-			CMS_R_NOT_KEY_TRANSPORT);
+		    CMS_R_NOT_KEY_TRANSPORT);
 		return 0;
-		}
+	}
 	ri->d.ktri->pkey = pkey;
 	return 1;
-	}
+}
 
 /* Encrypt content key in key transport recipient info */
 
-static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
-					CMS_RecipientInfo *ri)
-	{
+static int
+cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+{
 	CMS_KeyTransRecipientInfo *ktri;
 	CMS_EncryptedContentInfo *ec;
 	EVP_PKEY_CTX *pctx = NULL;
@@ -308,12 +305,11 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
 
 	int ret = 0;
 
-	if (ri->type != CMS_RECIPINFO_TRANS)
-		{
+	if (ri->type != CMS_RECIPINFO_TRANS) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
-			CMS_R_NOT_KEY_TRANSPORT);
+		    CMS_R_NOT_KEY_TRANSPORT);
 		return 0;
-		}
+	}
 	ktri = ri->d.ktri;
 	ec = cms->d.envelopedData->encryptedContentInfo;
 
@@ -325,23 +321,21 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
 		goto err;
 
 	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
-				EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0)
-		{
+	    EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
 		goto err;
-		}
+	}
 
 	if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
 		goto err;
 
 	ek = malloc(eklen);
 
-	if (ek == NULL)
-		{
+	if (ek == NULL) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT,
-							ERR_R_MALLOC_FAILURE);
+		    ERR_R_MALLOC_FAILURE);
 		goto err;
-		}
+	}
 
 	if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
 		goto err;
@@ -351,33 +345,32 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
 
 	ret = 1;
 
-	err:
+err:
 	if (pctx)
 		EVP_PKEY_CTX_free(pctx);
 	free(ek);
 	return ret;
-
-	}
+}
 
 /* Decrypt content key from KTRI */
 
-static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
-							CMS_RecipientInfo *ri)
-	{
+static int
+cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+{
 	CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
 	EVP_PKEY_CTX *pctx = NULL;
 	unsigned char *ek = NULL;
 	size_t eklen;
 	int ret = 0;
 	CMS_EncryptedContentInfo *ec;
+
 	ec = cms->d.envelopedData->encryptedContentInfo;
 
-	if (ktri->pkey == NULL)
-		{
+	if (ktri->pkey == NULL) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
-			CMS_R_NO_PRIVATE_KEY);
+		    CMS_R_NO_PRIVATE_KEY);
 		return 0;
-		}
+	}
 
 	pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
 	if (!pctx)
@@ -387,152 +380,134 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
 		goto err;
 
 	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
-				EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0)
-		{
+	    EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
 		goto err;
-		}
+	}
 
 	if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
-				ktri->encryptedKey->data,
-				ktri->encryptedKey->length) <= 0)
+	    ktri->encryptedKey->data,
+	    ktri->encryptedKey->length) <= 0)
 		goto err;
 
 	ek = malloc(eklen);
 
-	if (ek == NULL)
-		{
+	if (ek == NULL) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT,
-							ERR_R_MALLOC_FAILURE);
+		    ERR_R_MALLOC_FAILURE);
 		goto err;
-		}
+	}
 
 	if (EVP_PKEY_decrypt(pctx, ek, &eklen,
-				ktri->encryptedKey->data,
-				ktri->encryptedKey->length) <= 0)
-		{
+	    ktri->encryptedKey->data,
+	    ktri->encryptedKey->length) <= 0) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
 		goto err;
-		}
+	}
 
 	ret = 1;
 
-	if (ec->key)
-		{
+	if (ec->key) {
 		OPENSSL_cleanse(ec->key, ec->keylen);
 		free(ec->key);
-		}
+	}
 
 	ec->key = ek;
 	ec->keylen = eklen;
 
-	err:
+err:
 	if (pctx)
 		EVP_PKEY_CTX_free(pctx);
 	if (!ret && ek)
 		free(ek);
 
 	return ret;
-	}
+}
 
 /* Key Encrypted Key (KEK) RecipientInfo routines */
 
-int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, 
-					const unsigned char *id, size_t idlen)
-	{
+int
+CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, const unsigned char *id,
+    size_t idlen)
+{
 	ASN1_OCTET_STRING tmp_os;
 	CMS_KEKRecipientInfo *kekri;
-	if (ri->type != CMS_RECIPINFO_KEK)
-		{
+
+	if (ri->type != CMS_RECIPINFO_KEK) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
 		return -2;
-		}
+	}
 	kekri = ri->d.kekri;
 	tmp_os.type = V_ASN1_OCTET_STRING;
 	tmp_os.flags = 0;
 	tmp_os.data = (unsigned char *)id;
 	tmp_os.length = (int)idlen;
 	return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
-	}
+}
 
 /* For now hard code AES key wrap info */
 
-static size_t aes_wrap_keylen(int nid)
-	{
-	switch (nid)
-		{
-		case NID_id_aes128_wrap:
+static size_t
+aes_wrap_keylen(int nid)
+{
+	switch (nid) {
+	case NID_id_aes128_wrap:
 		return 16;
-
-		case NID_id_aes192_wrap:
-		return  24;
-
-		case NID_id_aes256_wrap:
-		return  32;
-
-		default:
+	case NID_id_aes192_wrap:
+		return 24;
+	case NID_id_aes256_wrap:
+		return 32;
+	default:
 		return 0;
-		}
 	}
+}
 
-CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
-					unsigned char *key, size_t keylen,
-					unsigned char *id, size_t idlen,
-					ASN1_GENERALIZEDTIME *date,
-					ASN1_OBJECT *otherTypeId,
-					ASN1_TYPE *otherType)
-	{
+CMS_RecipientInfo *
+CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, unsigned char *key,
+    size_t keylen, unsigned char *id, size_t idlen, ASN1_GENERALIZEDTIME *date,
+    ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType)
+{
 	CMS_RecipientInfo *ri = NULL;
 	CMS_EnvelopedData *env;
 	CMS_KEKRecipientInfo *kekri;
+
 	env = cms_get0_enveloped(cms);
 	if (!env)
 		goto err;
 
-	if (nid == NID_undef)
-		{
-		switch (keylen)
-			{
-			case 16:
+	if (nid == NID_undef) {
+		switch (keylen) {
+		case 16:
 			nid = NID_id_aes128_wrap;
 			break;
-
-			case  24:
+		case  24:
 			nid = NID_id_aes192_wrap;
 			break;
-
-			case  32:
+		case  32:
 			nid = NID_id_aes256_wrap;
 			break;
-
-			default:
+		default:
 			CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
-						CMS_R_INVALID_KEY_LENGTH);
+			    CMS_R_INVALID_KEY_LENGTH);
 			goto err;
-			}
-
 		}
-	else
-		{
-
+	} else {
 		size_t exp_keylen = aes_wrap_keylen(nid);
 
-		if (!exp_keylen)
-			{
+		if (!exp_keylen) {
 			CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
-					CMS_R_UNSUPPORTED_KEK_ALGORITHM);
+			    CMS_R_UNSUPPORTED_KEK_ALGORITHM);
 			goto err;
-			}
+		}
 
-		if (keylen != exp_keylen)
-			{
+		if (keylen != exp_keylen) {
 			CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
-					CMS_R_INVALID_KEY_LENGTH);
+			    CMS_R_INVALID_KEY_LENGTH);
 			goto err;
-			}
-
 		}
 
+	}
+
 	/* Initialize recipient info */
 	ri = M_ASN1_new_of(CMS_RecipientInfo);
 	if (!ri)
@@ -545,17 +520,15 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
 
 	kekri = ri->d.kekri;
 
-	if (otherTypeId)
-		{
+	if (otherTypeId) {
 		kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
 		if (kekri->kekid->other == NULL)
 			goto merr;
-		}
+	}
 
 	if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
 		goto merr;
 
-
 	/* After this point no calls can fail */
 
 	kekri->version = 4;
@@ -567,85 +540,79 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
 
 	kekri->kekid->date = date;
 
-	if (kekri->kekid->other)
-		{
+	if (kekri->kekid->other) {
 		kekri->kekid->other->keyAttrId = otherTypeId;
 		kekri->kekid->other->keyAttr = otherType;
-		}
+	}
 
 	X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
-				OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
+	    OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
 
 	return ri;
 
-	merr:
+merr:
 	CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
-	err:
+err:
 	if (ri)
 		M_ASN1_free_of(ri, CMS_RecipientInfo);
 	return NULL;
+}
 
-	}
-
-int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
-					X509_ALGOR **palg,
-					ASN1_OCTET_STRING **pid,
-					ASN1_GENERALIZEDTIME **pdate,
-					ASN1_OBJECT **potherid,
-					ASN1_TYPE **pothertype)
-	{
+int
+CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
+    ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate,
+    ASN1_OBJECT **potherid, ASN1_TYPE **pothertype)
+{
 	CMS_KEKIdentifier *rkid;
-	if (ri->type != CMS_RECIPINFO_KEK)
-		{
+
+	if (ri->type != CMS_RECIPINFO_KEK) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
 		return 0;
-		}
-	rkid =  ri->d.kekri->kekid;
+	}
+	rkid = ri->d.kekri->kekid;
 	if (palg)
 		*palg = ri->d.kekri->keyEncryptionAlgorithm;
 	if (pid)
 		*pid = rkid->keyIdentifier;
 	if (pdate)
 		*pdate = rkid->date;
-	if (potherid)
-		{
+	if (potherid) {
 		if (rkid->other)
 			*potherid = rkid->other->keyAttrId;
 		else
 			*potherid = NULL;
-		}
-	if (pothertype)
-		{
+	}
+	if (pothertype) {
 		if (rkid->other)
 			*pothertype = rkid->other->keyAttr;
 		else
 			*pothertype = NULL;
-		}
-	return 1;
 	}
+	return 1;
+}
 
-int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, 
-				unsigned char *key, size_t keylen)
-	{
+int
+CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key,
+    size_t keylen)
+{
 	CMS_KEKRecipientInfo *kekri;
-	if (ri->type != CMS_RECIPINFO_KEK)
-		{
+
+	if (ri->type != CMS_RECIPINFO_KEK) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
 		return 0;
-		}
+	}
 
 	kekri = ri->d.kekri;
 	kekri->key = key;
 	kekri->keylen = keylen;
 	return 1;
-	}
-
+}
 
 /* Encrypt content key in KEK recipient info */
 
-static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
-					CMS_RecipientInfo *ri)
-	{
+static int
+cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+{
 	CMS_EncryptedContentInfo *ec;
 	CMS_KEKRecipientInfo *kekri;
 	AES_KEY actx;
@@ -657,55 +624,49 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
 
 	kekri = ri->d.kekri;
 
-	if (!kekri->key)
-		{
+	if (!kekri->key) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
 		return 0;
-		}
+	}
 
-	if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx))
-		{ 
+	if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
-						CMS_R_ERROR_SETTING_KEY);
+		    CMS_R_ERROR_SETTING_KEY);
 		goto err;
-		}
+	}
 
 	wkey = malloc(ec->keylen + 8);
 
-	if (!wkey)
-		{ 
+	if (!wkey) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
-						ERR_R_MALLOC_FAILURE);
+		    ERR_R_MALLOC_FAILURE);
 		goto err;
-		}
+	}
 
 	wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
 
-	if (wkeylen <= 0)
-		{
+	if (wkeylen <= 0) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
 		goto err;
-		}
+	}
 
 	ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
 
 	r = 1;
 
-	err:
-
+err:
 	if (!r && wkey)
 		free(wkey);
 	OPENSSL_cleanse(&actx, sizeof(actx));
 
 	return r;
-
-	}
+}
 
 /* Decrypt content key in KEK recipient info */
 
-static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
-					CMS_RecipientInfo *ri)
-	{
+static int
+cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+{
 	CMS_EncryptedContentInfo *ec;
 	CMS_KEKRecipientInfo *kekri;
 	AES_KEY actx;
@@ -717,93 +678,83 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
 
 	kekri = ri->d.kekri;
 
-	if (!kekri->key)
-		{
+	if (!kekri->key) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
 		return 0;
-		}
+	}
 
 	wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
-	if (aes_wrap_keylen(wrap_nid) != kekri->keylen)
-		{
+	if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
-			CMS_R_INVALID_KEY_LENGTH);
+		    CMS_R_INVALID_KEY_LENGTH);
 		return 0;
-		}
+	}
 
 	/* If encrypted key length is invalid don't bother */
 
-	if (kekri->encryptedKey->length < 16)
-		{ 
+	if (kekri->encryptedKey->length < 16) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
-					CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
+		    CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
 		goto err;
-		}
+	}
 
-	if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx))
-		{ 
+	if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
-						CMS_R_ERROR_SETTING_KEY);
+		    CMS_R_ERROR_SETTING_KEY);
 		goto err;
-		}
+	}
 
 	ukey = malloc(kekri->encryptedKey->length - 8);
 
-	if (!ukey)
-		{ 
+	if (!ukey) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
-						ERR_R_MALLOC_FAILURE);
+		    ERR_R_MALLOC_FAILURE);
 		goto err;
-		}
+	}
 
 	ukeylen = AES_unwrap_key(&actx, NULL, ukey,
-					kekri->encryptedKey->data,
-					kekri->encryptedKey->length);
+	    kekri->encryptedKey->data,
+	    kekri->encryptedKey->length);
 
-	if (ukeylen <= 0)
-		{
+	if (ukeylen <= 0) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
-							CMS_R_UNWRAP_ERROR);
+		    CMS_R_UNWRAP_ERROR);
 		goto err;
-		}
+	}
 
 	ec->key = ukey;
 	ec->keylen = ukeylen;
 
 	r = 1;
 
-	err:
-
+err:
 	if (!r && ukey)
 		free(ukey);
 	OPENSSL_cleanse(&actx, sizeof(actx));
 
 	return r;
+}
 
-	}
-
-int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
-	{
-	switch(ri->type)
-		{
-		case CMS_RECIPINFO_TRANS:
+int
+CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+{
+	switch (ri->type) {
+	case CMS_RECIPINFO_TRANS:
 		return cms_RecipientInfo_ktri_decrypt(cms, ri);
-
-		case CMS_RECIPINFO_KEK:
+	case CMS_RECIPINFO_KEK:
 		return cms_RecipientInfo_kekri_decrypt(cms, ri);
-
-		case CMS_RECIPINFO_PASS:
+	case CMS_RECIPINFO_PASS:
 		return cms_RecipientInfo_pwri_crypt(cms, ri, 0);
-
-		default:
+	default:
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
-			CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
+		    CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE);
 		return 0;
-		}
 	}
+}
 
-BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
-	{
+BIO *
+cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
+{
 	CMS_EncryptedContentInfo *ec;
 	STACK_OF(CMS_RecipientInfo) *rinfos;
 	CMS_RecipientInfo *ri;
@@ -824,52 +775,47 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
 
 	rinfos = cms->d.envelopedData->recipientInfos;
 
-	for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++)
-		{
+	for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
 		ri = sk_CMS_RecipientInfo_value(rinfos, i);
 
-		switch (ri->type)
-			{
-			case CMS_RECIPINFO_TRANS:
+		switch (ri->type) {
+		case CMS_RECIPINFO_TRANS:
 			r = cms_RecipientInfo_ktri_encrypt(cms, ri);
 			break;
 
-			case CMS_RECIPINFO_KEK:
+		case CMS_RECIPINFO_KEK:
 			r = cms_RecipientInfo_kekri_encrypt(cms, ri);
 			break;
 
-			case CMS_RECIPINFO_PASS:
+		case CMS_RECIPINFO_PASS:
 			r = cms_RecipientInfo_pwri_crypt(cms, ri, 1);
 			break;
 
-			default:
+		default:
 			CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
-				CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
+			    CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
 			goto err;
-			}
+		}
 
-		if (r <= 0)
-			{
+		if (r <= 0) {
 			CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
-				CMS_R_ERROR_SETTING_RECIPIENTINFO);
+			    CMS_R_ERROR_SETTING_RECIPIENTINFO);
 			goto err;
-			}
 		}
+	}
 
 	ok = 1;
 
-	err:
+err:
 	ec->cipher = NULL;
-	if (ec->key)
-		{
+	if (ec->key) {
 		OPENSSL_cleanse(ec->key, ec->keylen);
 		free(ec->key);
 		ec->key = NULL;
 		ec->keylen = 0;
-		}
+	}
 	if (ok)
 		return ret;
 	BIO_free(ret);
 	return NULL;
-
-	}
+}
diff --git a/lib/libcrypto/cms/cms_err.c b/lib/libcrypto/cms/cms_err.c
index 52fa53954f3..313354691a3 100644
--- a/lib/libcrypto/cms/cms_err.c
+++ b/lib/libcrypto/cms/cms_err.c
@@ -1,13 +1,13 @@
 /* crypto/cms/cms_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2009 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -68,169 +68,175 @@
 #define ERR_FUNC(func) ERR_PACK(ERR_LIB_CMS,func,0)
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_CMS,0,reason)
 
-static ERR_STRING_DATA CMS_str_functs[]=
-	{
-{ERR_FUNC(CMS_F_CHECK_CONTENT),	"CHECK_CONTENT"},
-{ERR_FUNC(CMS_F_CMS_ADD0_CERT),	"CMS_add0_cert"},
-{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY),	"CMS_add0_recipient_key"},
-{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST),	"CMS_add1_ReceiptRequest"},
-{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT),	"CMS_add1_recipient_cert"},
-{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER),	"CMS_add1_signer"},
-{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME),	"CMS_ADD1_SIGNINGTIME"},
-{ERR_FUNC(CMS_F_CMS_COMPRESS),	"CMS_compress"},
-{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE),	"cms_CompressedData_create"},
-{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO),	"cms_CompressedData_init_bio"},
-{ERR_FUNC(CMS_F_CMS_COPY_CONTENT),	"CMS_COPY_CONTENT"},
-{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST),	"CMS_COPY_MESSAGEDIGEST"},
-{ERR_FUNC(CMS_F_CMS_DATA),	"CMS_data"},
-{ERR_FUNC(CMS_F_CMS_DATAFINAL),	"CMS_dataFinal"},
-{ERR_FUNC(CMS_F_CMS_DATAINIT),	"CMS_dataInit"},
-{ERR_FUNC(CMS_F_CMS_DECRYPT),	"CMS_decrypt"},
-{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY),	"CMS_decrypt_set1_key"},
-{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY),	"CMS_decrypt_set1_pkey"},
-{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX),	"cms_DigestAlgorithm_find_ctx"},
-{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO),	"cms_DigestAlgorithm_init_bio"},
-{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL),	"cms_DigestedData_do_final"},
-{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY),	"CMS_digest_verify"},
-{ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT),	"cms_encode_Receipt"},
-{ERR_FUNC(CMS_F_CMS_ENCRYPT),	"CMS_encrypt"},
-{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO),	"cms_EncryptedContent_init_bio"},
-{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT),	"CMS_EncryptedData_decrypt"},
-{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT),	"CMS_EncryptedData_encrypt"},
-{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY),	"CMS_EncryptedData_set1_key"},
-{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE),	"CMS_EnvelopedData_create"},
-{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO),	"cms_EnvelopedData_init_bio"},
-{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT),	"CMS_ENVELOPED_DATA_INIT"},
-{ERR_FUNC(CMS_F_CMS_FINAL),	"CMS_final"},
-{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES),	"CMS_GET0_CERTIFICATE_CHOICES"},
-{ERR_FUNC(CMS_F_CMS_GET0_CONTENT),	"CMS_get0_content"},
-{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE),	"CMS_GET0_ECONTENT_TYPE"},
-{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED),	"CMS_GET0_ENVELOPED"},
-{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES),	"CMS_GET0_REVOCATION_CHOICES"},
-{ERR_FUNC(CMS_F_CMS_GET0_SIGNED),	"CMS_GET0_SIGNED"},
-{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1),	"cms_msgSigDigest_add1"},
-{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0),	"CMS_ReceiptRequest_create0"},
-{ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY),	"cms_Receipt_verify"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT),	"CMS_RecipientInfo_decrypt"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT),	"CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT),	"CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID),	"CMS_RecipientInfo_kekri_get0_id"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP),	"CMS_RecipientInfo_kekri_id_cmp"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP),	"CMS_RecipientInfo_ktri_cert_cmp"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT),	"CMS_RECIPIENTINFO_KTRI_DECRYPT"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT),	"CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS),	"CMS_RecipientInfo_ktri_get0_algs"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID),	"CMS_RecipientInfo_ktri_get0_signer_id"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY),	"CMS_RecipientInfo_set0_key"},
-{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY),	"CMS_RecipientInfo_set0_pkey"},
-{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER),	"cms_set1_SignerIdentifier"},
-{ERR_FUNC(CMS_F_CMS_SET_DETACHED),	"CMS_set_detached"},
-{ERR_FUNC(CMS_F_CMS_SIGN),	"CMS_sign"},
-{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT),	"CMS_SIGNED_DATA_INIT"},
-{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN),	"CMS_SIGNERINFO_CONTENT_SIGN"},
-{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN),	"CMS_SignerInfo_sign"},
-{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY),	"CMS_SignerInfo_verify"},
-{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT),	"CMS_SIGNERINFO_VERIFY_CERT"},
-{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT),	"CMS_SignerInfo_verify_content"},
-{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT),	"CMS_sign_receipt"},
-{ERR_FUNC(CMS_F_CMS_STREAM),	"CMS_STREAM"},
-{ERR_FUNC(CMS_F_CMS_UNCOMPRESS),	"CMS_uncompress"},
-{ERR_FUNC(CMS_F_CMS_VERIFY),	"CMS_verify"},
-{0,NULL}
-	};
+static ERR_STRING_DATA CMS_str_functs[]= {
+	{ERR_FUNC(CMS_F_CHECK_CONTENT),	"CHECK_CONTENT"},
+	{ERR_FUNC(CMS_F_CMS_ADD0_CERT),	"CMS_add0_cert"},
+	{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_KEY),	"CMS_add0_recipient_key"},
+	{ERR_FUNC(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD),	"CMS_add0_recipient_password"},
+	{ERR_FUNC(CMS_F_CMS_ADD1_RECEIPTREQUEST),	"CMS_add1_ReceiptRequest"},
+	{ERR_FUNC(CMS_F_CMS_ADD1_RECIPIENT_CERT),	"CMS_add1_recipient_cert"},
+	{ERR_FUNC(CMS_F_CMS_ADD1_SIGNER),	"CMS_add1_signer"},
+	{ERR_FUNC(CMS_F_CMS_ADD1_SIGNINGTIME),	"CMS_ADD1_SIGNINGTIME"},
+	{ERR_FUNC(CMS_F_CMS_COMPRESS),	"CMS_compress"},
+	{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_CREATE),	"cms_CompressedData_create"},
+	{ERR_FUNC(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO),	"cms_CompressedData_init_bio"},
+	{ERR_FUNC(CMS_F_CMS_COPY_CONTENT),	"CMS_COPY_CONTENT"},
+	{ERR_FUNC(CMS_F_CMS_COPY_MESSAGEDIGEST),	"CMS_COPY_MESSAGEDIGEST"},
+	{ERR_FUNC(CMS_F_CMS_DATA),	"CMS_data"},
+	{ERR_FUNC(CMS_F_CMS_DATAFINAL),	"CMS_dataFinal"},
+	{ERR_FUNC(CMS_F_CMS_DATAINIT),	"CMS_dataInit"},
+	{ERR_FUNC(CMS_F_CMS_DECRYPT),	"CMS_decrypt"},
+	{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_KEY),	"CMS_decrypt_set1_key"},
+	{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PASSWORD),	"CMS_decrypt_set1_password"},
+	{ERR_FUNC(CMS_F_CMS_DECRYPT_SET1_PKEY),	"CMS_decrypt_set1_pkey"},
+	{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX),	"cms_DigestAlgorithm_find_ctx"},
+	{ERR_FUNC(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO),	"cms_DigestAlgorithm_init_bio"},
+	{ERR_FUNC(CMS_F_CMS_DIGESTEDDATA_DO_FINAL),	"cms_DigestedData_do_final"},
+	{ERR_FUNC(CMS_F_CMS_DIGEST_VERIFY),	"CMS_digest_verify"},
+	{ERR_FUNC(CMS_F_CMS_ENCODE_RECEIPT),	"cms_encode_Receipt"},
+	{ERR_FUNC(CMS_F_CMS_ENCRYPT),	"CMS_encrypt"},
+	{ERR_FUNC(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO),	"cms_EncryptedContent_init_bio"},
+	{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT),	"CMS_EncryptedData_decrypt"},
+	{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT),	"CMS_EncryptedData_encrypt"},
+	{ERR_FUNC(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY),	"CMS_EncryptedData_set1_key"},
+	{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_CREATE),	"CMS_EnvelopedData_create"},
+	{ERR_FUNC(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO),	"cms_EnvelopedData_init_bio"},
+	{ERR_FUNC(CMS_F_CMS_ENVELOPED_DATA_INIT),	"CMS_ENVELOPED_DATA_INIT"},
+	{ERR_FUNC(CMS_F_CMS_FINAL),	"CMS_final"},
+	{ERR_FUNC(CMS_F_CMS_GET0_CERTIFICATE_CHOICES),	"CMS_GET0_CERTIFICATE_CHOICES"},
+	{ERR_FUNC(CMS_F_CMS_GET0_CONTENT),	"CMS_get0_content"},
+	{ERR_FUNC(CMS_F_CMS_GET0_ECONTENT_TYPE),	"CMS_GET0_ECONTENT_TYPE"},
+	{ERR_FUNC(CMS_F_CMS_GET0_ENVELOPED),	"cms_get0_enveloped"},
+	{ERR_FUNC(CMS_F_CMS_GET0_REVOCATION_CHOICES),	"CMS_GET0_REVOCATION_CHOICES"},
+	{ERR_FUNC(CMS_F_CMS_GET0_SIGNED),	"CMS_GET0_SIGNED"},
+	{ERR_FUNC(CMS_F_CMS_MSGSIGDIGEST_ADD1),	"cms_msgSigDigest_add1"},
+	{ERR_FUNC(CMS_F_CMS_RECEIPTREQUEST_CREATE0),	"CMS_ReceiptRequest_create0"},
+	{ERR_FUNC(CMS_F_CMS_RECEIPT_VERIFY),	"cms_Receipt_verify"},
+	{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_DECRYPT),	"CMS_RecipientInfo_decrypt"},
+	{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT),	"CMS_RECIPIENTINFO_KEKRI_DECRYPT"},
+	{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT),	"CMS_RECIPIENTINFO_KEKRI_ENCRYPT"},
+	{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID),	"CMS_RecipientInfo_kekri_get0_id"},
+	{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP),	"CMS_RecipientInfo_kekri_id_cmp"},
+	{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP),	"CMS_RecipientInfo_ktri_cert_cmp"},
+	{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT),	"CMS_RECIPIENTINFO_KTRI_DECRYPT"},
+	{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT),	"CMS_RECIPIENTINFO_KTRI_ENCRYPT"},
+	{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS),	"CMS_RecipientInfo_ktri_get0_algs"},
+	{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID),	"CMS_RecipientInfo_ktri_get0_signer_id"},
+	{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT),	"cms_RecipientInfo_pwri_crypt"},
+	{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_KEY),	"CMS_RecipientInfo_set0_key"},
+	{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD),	"CMS_RecipientInfo_set0_password"},
+	{ERR_FUNC(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY),	"CMS_RecipientInfo_set0_pkey"},
+	{ERR_FUNC(CMS_F_CMS_SET1_SIGNERIDENTIFIER),	"cms_set1_SignerIdentifier"},
+	{ERR_FUNC(CMS_F_CMS_SET_DETACHED),	"CMS_set_detached"},
+	{ERR_FUNC(CMS_F_CMS_SIGN),	"CMS_sign"},
+	{ERR_FUNC(CMS_F_CMS_SIGNED_DATA_INIT),	"CMS_SIGNED_DATA_INIT"},
+	{ERR_FUNC(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN),	"CMS_SIGNERINFO_CONTENT_SIGN"},
+	{ERR_FUNC(CMS_F_CMS_SIGNERINFO_SIGN),	"CMS_SignerInfo_sign"},
+	{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY),	"CMS_SignerInfo_verify"},
+	{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CERT),	"CMS_SIGNERINFO_VERIFY_CERT"},
+	{ERR_FUNC(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT),	"CMS_SignerInfo_verify_content"},
+	{ERR_FUNC(CMS_F_CMS_SIGN_RECEIPT),	"CMS_sign_receipt"},
+	{ERR_FUNC(CMS_F_CMS_STREAM),	"CMS_stream"},
+	{ERR_FUNC(CMS_F_CMS_UNCOMPRESS),	"CMS_uncompress"},
+	{ERR_FUNC(CMS_F_CMS_VERIFY),	"CMS_verify"},
+	{0, NULL}
+};
 
-static ERR_STRING_DATA CMS_str_reasons[]=
-	{
-{ERR_REASON(CMS_R_ADD_SIGNER_ERROR)      ,"add signer error"},
-{ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT),"certificate already present"},
-{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID),"certificate has no keyid"},
-{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
-{ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR),"cipher initialisation error"},
-{ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),"cipher parameter initialisation error"},
-{ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR)   ,"cms datafinal error"},
-{ERR_REASON(CMS_R_CMS_LIB)               ,"cms lib"},
-{ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH),"contentidentifier mismatch"},
-{ERR_REASON(CMS_R_CONTENT_NOT_FOUND)     ,"content not found"},
-{ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) ,"content type mismatch"},
-{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),"content type not compressed data"},
-{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),"content type not enveloped data"},
-{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),"content type not signed data"},
-{ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR)  ,"content verify error"},
-{ERR_REASON(CMS_R_CTRL_ERROR)            ,"ctrl error"},
-{ERR_REASON(CMS_R_CTRL_FAILURE)          ,"ctrl failure"},
-{ERR_REASON(CMS_R_DECRYPT_ERROR)         ,"decrypt error"},
-{ERR_REASON(CMS_R_DIGEST_ERROR)          ,"digest error"},
-{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY),"error getting public key"},
-{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),"error reading messagedigest attribute"},
-{ERR_REASON(CMS_R_ERROR_SETTING_KEY)     ,"error setting key"},
-{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO),"error setting recipientinfo"},
-{ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),"invalid encrypted key length"},
-{ERR_REASON(CMS_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
-{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR)     ,"md bio init error"},
-{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),"messagedigest attribute wrong length"},
-{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH),"messagedigest wrong length"},
-{ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR)    ,"msgsigdigest error"},
-{ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),"msgsigdigest verification failure"},
-{ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH),"msgsigdigest wrong length"},
-{ERR_REASON(CMS_R_NEED_ONE_SIGNER)       ,"need one signer"},
-{ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT)  ,"not a signed receipt"},
-{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA)    ,"not encrypted data"},
-{ERR_REASON(CMS_R_NOT_KEK)               ,"not kek"},
-{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT)     ,"not key transport"},
-{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),"not supported for this key type"},
-{ERR_REASON(CMS_R_NO_CIPHER)             ,"no cipher"},
-{ERR_REASON(CMS_R_NO_CONTENT)            ,"no content"},
-{ERR_REASON(CMS_R_NO_CONTENT_TYPE)       ,"no content type"},
-{ERR_REASON(CMS_R_NO_DEFAULT_DIGEST)     ,"no default digest"},
-{ERR_REASON(CMS_R_NO_DIGEST_SET)         ,"no digest set"},
-{ERR_REASON(CMS_R_NO_KEY)                ,"no key"},
-{ERR_REASON(CMS_R_NO_KEY_OR_CERT)        ,"no key or cert"},
-{ERR_REASON(CMS_R_NO_MATCHING_DIGEST)    ,"no matching digest"},
-{ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) ,"no matching recipient"},
-{ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) ,"no matching signature"},
-{ERR_REASON(CMS_R_NO_MSGSIGDIGEST)       ,"no msgsigdigest"},
-{ERR_REASON(CMS_R_NO_PRIVATE_KEY)        ,"no private key"},
-{ERR_REASON(CMS_R_NO_PUBLIC_KEY)         ,"no public key"},
-{ERR_REASON(CMS_R_NO_RECEIPT_REQUEST)    ,"no receipt request"},
-{ERR_REASON(CMS_R_NO_SIGNERS)            ,"no signers"},
-{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
-{ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR)  ,"receipt decode error"},
-{ERR_REASON(CMS_R_RECIPIENT_ERROR)       ,"recipient error"},
-{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
-{ERR_REASON(CMS_R_SIGNFINAL_ERROR)       ,"signfinal error"},
-{ERR_REASON(CMS_R_SMIME_TEXT_ERROR)      ,"smime text error"},
-{ERR_REASON(CMS_R_STORE_INIT_ERROR)      ,"store init error"},
-{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA),"type not compressed data"},
-{ERR_REASON(CMS_R_TYPE_NOT_DATA)         ,"type not data"},
-{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA),"type not digested data"},
-{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA),"type not encrypted data"},
-{ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA),"type not enveloped data"},
-{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT),"unable to finalize context"},
-{ERR_REASON(CMS_R_UNKNOWN_CIPHER)        ,"unknown cipher"},
-{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM),"unknown digest algorihm"},
-{ERR_REASON(CMS_R_UNKNOWN_ID)            ,"unknown id"},
-{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),"unsupported compression algorithm"},
-{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
-{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM),"unsupported kek algorithm"},
-{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE),"unsupported recipient type"},
-{ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE),"unsupported recpientinfo type"},
-{ERR_REASON(CMS_R_UNSUPPORTED_TYPE)      ,"unsupported type"},
-{ERR_REASON(CMS_R_UNWRAP_ERROR)          ,"unwrap error"},
-{ERR_REASON(CMS_R_VERIFICATION_FAILURE)  ,"verification failure"},
-{ERR_REASON(CMS_R_WRAP_ERROR)            ,"wrap error"},
-{0,NULL}
-	};
+static ERR_STRING_DATA CMS_str_reasons[]= {
+	{ERR_REASON(CMS_R_ADD_SIGNER_ERROR)      , "add signer error"},
+	{ERR_REASON(CMS_R_CERTIFICATE_ALREADY_PRESENT), "certificate already present"},
+	{ERR_REASON(CMS_R_CERTIFICATE_HAS_NO_KEYID), "certificate has no keyid"},
+	{ERR_REASON(CMS_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
+	{ERR_REASON(CMS_R_CIPHER_INITIALISATION_ERROR), "cipher initialisation error"},
+	{ERR_REASON(CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR), "cipher parameter initialisation error"},
+	{ERR_REASON(CMS_R_CMS_DATAFINAL_ERROR)   , "cms datafinal error"},
+	{ERR_REASON(CMS_R_CMS_LIB)               , "cms lib"},
+	{ERR_REASON(CMS_R_CONTENTIDENTIFIER_MISMATCH), "contentidentifier mismatch"},
+	{ERR_REASON(CMS_R_CONTENT_NOT_FOUND)     , "content not found"},
+	{ERR_REASON(CMS_R_CONTENT_TYPE_MISMATCH) , "content type mismatch"},
+	{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA), "content type not compressed data"},
+	{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA), "content type not enveloped data"},
+	{ERR_REASON(CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA), "content type not signed data"},
+	{ERR_REASON(CMS_R_CONTENT_VERIFY_ERROR)  , "content verify error"},
+	{ERR_REASON(CMS_R_CTRL_ERROR)            , "ctrl error"},
+	{ERR_REASON(CMS_R_CTRL_FAILURE)          , "ctrl failure"},
+	{ERR_REASON(CMS_R_DECRYPT_ERROR)         , "decrypt error"},
+	{ERR_REASON(CMS_R_DIGEST_ERROR)          , "digest error"},
+	{ERR_REASON(CMS_R_ERROR_GETTING_PUBLIC_KEY), "error getting public key"},
+	{ERR_REASON(CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE), "error reading messagedigest attribute"},
+	{ERR_REASON(CMS_R_ERROR_SETTING_KEY)     , "error setting key"},
+	{ERR_REASON(CMS_R_ERROR_SETTING_RECIPIENTINFO), "error setting recipientinfo"},
+	{ERR_REASON(CMS_R_INVALID_ENCRYPTED_KEY_LENGTH), "invalid encrypted key length"},
+	{ERR_REASON(CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER), "invalid key encryption parameter"},
+	{ERR_REASON(CMS_R_INVALID_KEY_LENGTH)    , "invalid key length"},
+	{ERR_REASON(CMS_R_MD_BIO_INIT_ERROR)     , "md bio init error"},
+	{ERR_REASON(CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH), "messagedigest attribute wrong length"},
+	{ERR_REASON(CMS_R_MESSAGEDIGEST_WRONG_LENGTH), "messagedigest wrong length"},
+	{ERR_REASON(CMS_R_MSGSIGDIGEST_ERROR)    , "msgsigdigest error"},
+	{ERR_REASON(CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE), "msgsigdigest verification failure"},
+	{ERR_REASON(CMS_R_MSGSIGDIGEST_WRONG_LENGTH), "msgsigdigest wrong length"},
+	{ERR_REASON(CMS_R_NEED_ONE_SIGNER)       , "need one signer"},
+	{ERR_REASON(CMS_R_NOT_A_SIGNED_RECEIPT)  , "not a signed receipt"},
+	{ERR_REASON(CMS_R_NOT_ENCRYPTED_DATA)    , "not encrypted data"},
+	{ERR_REASON(CMS_R_NOT_KEK)               , "not kek"},
+	{ERR_REASON(CMS_R_NOT_KEY_TRANSPORT)     , "not key transport"},
+	{ERR_REASON(CMS_R_NOT_PWRI)              , "not pwri"},
+	{ERR_REASON(CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE), "not supported for this key type"},
+	{ERR_REASON(CMS_R_NO_CIPHER)             , "no cipher"},
+	{ERR_REASON(CMS_R_NO_CONTENT)            , "no content"},
+	{ERR_REASON(CMS_R_NO_CONTENT_TYPE)       , "no content type"},
+	{ERR_REASON(CMS_R_NO_DEFAULT_DIGEST)     , "no default digest"},
+	{ERR_REASON(CMS_R_NO_DIGEST_SET)         , "no digest set"},
+	{ERR_REASON(CMS_R_NO_KEY)                , "no key"},
+	{ERR_REASON(CMS_R_NO_KEY_OR_CERT)        , "no key or cert"},
+	{ERR_REASON(CMS_R_NO_MATCHING_DIGEST)    , "no matching digest"},
+	{ERR_REASON(CMS_R_NO_MATCHING_RECIPIENT) , "no matching recipient"},
+	{ERR_REASON(CMS_R_NO_MATCHING_SIGNATURE) , "no matching signature"},
+	{ERR_REASON(CMS_R_NO_MSGSIGDIGEST)       , "no msgsigdigest"},
+	{ERR_REASON(CMS_R_NO_PASSWORD)           , "no password"},
+	{ERR_REASON(CMS_R_NO_PRIVATE_KEY)        , "no private key"},
+	{ERR_REASON(CMS_R_NO_PUBLIC_KEY)         , "no public key"},
+	{ERR_REASON(CMS_R_NO_RECEIPT_REQUEST)    , "no receipt request"},
+	{ERR_REASON(CMS_R_NO_SIGNERS)            , "no signers"},
+	{ERR_REASON(CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"},
+	{ERR_REASON(CMS_R_RECEIPT_DECODE_ERROR)  , "receipt decode error"},
+	{ERR_REASON(CMS_R_RECIPIENT_ERROR)       , "recipient error"},
+	{ERR_REASON(CMS_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"},
+	{ERR_REASON(CMS_R_SIGNFINAL_ERROR)       , "signfinal error"},
+	{ERR_REASON(CMS_R_SMIME_TEXT_ERROR)      , "smime text error"},
+	{ERR_REASON(CMS_R_STORE_INIT_ERROR)      , "store init error"},
+	{ERR_REASON(CMS_R_TYPE_NOT_COMPRESSED_DATA), "type not compressed data"},
+	{ERR_REASON(CMS_R_TYPE_NOT_DATA)         , "type not data"},
+	{ERR_REASON(CMS_R_TYPE_NOT_DIGESTED_DATA), "type not digested data"},
+	{ERR_REASON(CMS_R_TYPE_NOT_ENCRYPTED_DATA), "type not encrypted data"},
+	{ERR_REASON(CMS_R_TYPE_NOT_ENVELOPED_DATA), "type not enveloped data"},
+	{ERR_REASON(CMS_R_UNABLE_TO_FINALIZE_CONTEXT), "unable to finalize context"},
+	{ERR_REASON(CMS_R_UNKNOWN_CIPHER)        , "unknown cipher"},
+	{ERR_REASON(CMS_R_UNKNOWN_DIGEST_ALGORIHM), "unknown digest algorihm"},
+	{ERR_REASON(CMS_R_UNKNOWN_ID)            , "unknown id"},
+	{ERR_REASON(CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"},
+	{ERR_REASON(CMS_R_UNSUPPORTED_CONTENT_TYPE), "unsupported content type"},
+	{ERR_REASON(CMS_R_UNSUPPORTED_KEK_ALGORITHM), "unsupported kek algorithm"},
+	{ERR_REASON(CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM), "unsupported key encryption algorithm"},
+	{ERR_REASON(CMS_R_UNSUPPORTED_RECIPIENT_TYPE), "unsupported recipient type"},
+	{ERR_REASON(CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE), "unsupported recpientinfo type"},
+	{ERR_REASON(CMS_R_UNSUPPORTED_TYPE)      , "unsupported type"},
+	{ERR_REASON(CMS_R_UNWRAP_ERROR)          , "unwrap error"},
+	{ERR_REASON(CMS_R_UNWRAP_FAILURE)        , "unwrap failure"},
+	{ERR_REASON(CMS_R_VERIFICATION_FAILURE)  , "verification failure"},
+	{ERR_REASON(CMS_R_WRAP_ERROR)            , "wrap error"},
+	{0, NULL}
+};
 
 #endif
 
-void ERR_load_CMS_strings(void)
-	{
+void
+ERR_load_CMS_strings(void)
+{
 #ifndef OPENSSL_NO_ERR
-
-	if (ERR_func_error_string(CMS_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,CMS_str_functs);
-		ERR_load_strings(0,CMS_str_reasons);
-		}
-#endif
+	if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) {
+		ERR_load_strings(0, CMS_str_functs);
+		ERR_load_strings(0, CMS_str_reasons);
 	}
+#endif
+}
diff --git a/lib/libcrypto/cms/cms_ess.c b/lib/libcrypto/cms/cms_ess.c
index 8dbd56ef2b6..6868edaaedc 100644
--- a/lib/libcrypto/cms/cms_ess.c
+++ b/lib/libcrypto/cms/cms_ess.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -67,15 +67,17 @@ IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 
 /* ESS services: for now just Signed Receipt related */
 
-int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
-	{
+int
+CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
+{
 	ASN1_STRING *str;
 	CMS_ReceiptRequest *rr = NULL;
+
 	if (prr)
 		*prr = NULL;
 	str = CMS_signed_get0_data_by_OBJ(si,
-				OBJ_nid2obj(NID_id_smime_aa_receiptRequest),
-					-3, V_ASN1_SEQUENCE);
+	    OBJ_nid2obj(NID_id_smime_aa_receiptRequest),
+	    -3, V_ASN1_SEQUENCE);
 	if (!str)
 		return 0;
 
@@ -87,13 +89,12 @@ int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
 	else
 		CMS_ReceiptRequest_free(rr);
 	return 1;
-	}
+}
 
-CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
-				int allorfirst,
-				STACK_OF(GENERAL_NAMES) *receiptList,
-				STACK_OF(GENERAL_NAMES) *receiptsTo)
-	{
+CMS_ReceiptRequest *
+CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst,
+    STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo)
+{
 	CMS_ReceiptRequest *rr = NULL;
 
 	rr = CMS_ReceiptRequest_new();
@@ -101,44 +102,38 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
 		goto merr;
 	if (id)
 		ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
-	else
-		{
+	else {
 		if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
 			goto merr;
-		if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32) 
-					<= 0)
+		if (RAND_pseudo_bytes(rr->signedContentIdentifier->data, 32)
+			<= 0)
 			goto err;
-		}
+	}
 
 	sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
 	rr->receiptsTo = receiptsTo;
 
-	if (receiptList)
-		{
+	if (receiptList) {
 		rr->receiptsFrom->type = 1;
 		rr->receiptsFrom->d.receiptList = receiptList;
-		}
-	else
-		{
+	} else {
 		rr->receiptsFrom->type = 0;
 		rr->receiptsFrom->d.allOrFirstTier = allorfirst;
-		}
+	}
 
 	return rr;
 
-	merr:
+merr:
 	CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
-
-	err:
+err:
 	if (rr)
 		CMS_ReceiptRequest_free(rr);
-
 	return NULL;
-	
-	}
+}
 
-int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
-	{
+int
+CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
+{
 	unsigned char *rrder = NULL;
 	int rrderlen, r = 0;
 
@@ -147,86 +142,81 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
 		goto merr;
 
 	if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
-					V_ASN1_SEQUENCE, rrder, rrderlen))
+	    V_ASN1_SEQUENCE, rrder, rrderlen))
 		goto merr;
 
 	r = 1;
 
-	merr:
+merr:
 	if (!r)
 		CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
-
 	free(rrder);
-
 	return r;
-	
-	}
+}
 
-void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
-					ASN1_STRING **pcid,
-					int *pallorfirst,
-					STACK_OF(GENERAL_NAMES) **plist,
-					STACK_OF(GENERAL_NAMES) **prto)
-	{
+void
+CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
+    int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist,
+    STACK_OF(GENERAL_NAMES) **prto)
+{
 	if (pcid)
 		*pcid = rr->signedContentIdentifier;
-	if (rr->receiptsFrom->type == 0)
-		{
+	if (rr->receiptsFrom->type == 0) {
 		if (pallorfirst)
 			*pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
 		if (plist)
 			*plist = NULL;
-		}
-	else
-		{
+	} else {
 		if (pallorfirst)
 			*pallorfirst = -1;
 		if (plist)
 			*plist = rr->receiptsFrom->d.receiptList;
-		}
+	}
 	if (prto)
 		*prto = rr->receiptsTo;
-	}
+}
 
 /* Digest a SignerInfo structure for msgSigDigest attribute processing */
 
-static int cms_msgSigDigest(CMS_SignerInfo *si,
-				unsigned char *dig, unsigned int *diglen)
-	{
+static int
+cms_msgSigDigest(CMS_SignerInfo *si, unsigned char *dig, unsigned int *diglen)
+{
 	const EVP_MD *md;
+
 	md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
 	if (md == NULL)
 		return 0;
 	if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
-						si->signedAttrs, dig, diglen))
+	    si->signedAttrs, dig, diglen))
 		return 0;
 	return 1;
-	}
+}
 
 /* Add a msgSigDigest attribute to a SignerInfo */
 
-int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
-	{
+int
+cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
+{
 	unsigned char dig[EVP_MAX_MD_SIZE];
 	unsigned int diglen;
-	if (!cms_msgSigDigest(src, dig, &diglen))
-		{
+
+	if (!cms_msgSigDigest(src, dig, &diglen)) {
 		CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
 		return 0;
-		}
+	}
 	if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
-					V_ASN1_OCTET_STRING, dig, diglen))
-		{
+	    V_ASN1_OCTET_STRING, dig, diglen)) {
 		CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
 		return 0;
-		}
-	return 1;
 	}
+	return 1;
+}
 
 /* Verify signed receipt after it has already passed normal CMS verify */
 
-int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
-	{
+int
+cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
+{
 	int r = 0, i;
 	CMS_ReceiptRequest *rr = NULL;
 	CMS_Receipt *rct = NULL;
@@ -243,138 +233,122 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
 	if (!osis || !sis)
 		goto err;
 
-	if (sk_CMS_SignerInfo_num(sis) != 1)
-		{
+	if (sk_CMS_SignerInfo_num(sis) != 1) {
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
 		goto err;
-		}
+	}
 
 	/* Check receipt content type */
-	if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt)
-		{
+	if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) {
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
 		goto err;
-		}
+	}
 
 	/* Extract and decode receipt content */
 	pcont = CMS_get0_content(cms);
-	if (!pcont || !*pcont)
-		{
+	if (!pcont || !*pcont) {
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
 		goto err;
-		}
+	}
 
 	rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
 
-	if (!rct)	
-		{
+	if (!rct) {
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
 		goto err;
-		}
+	}
 
 	/* Locate original request */
 
-	for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++)
-		{
+	for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) {
 		osi = sk_CMS_SignerInfo_value(osis, i);
 		if (!ASN1_STRING_cmp(osi->signature,
-					rct->originatorSignatureValue))
+		    rct->originatorSignatureValue))
 			break;
-		}
+	}
 
-	if (i == sk_CMS_SignerInfo_num(osis))
-		{
+	if (i == sk_CMS_SignerInfo_num(osis)) {
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
 		goto err;
-		}
+	}
 
 	si = sk_CMS_SignerInfo_value(sis, 0);
 
 	/* Get msgSigDigest value and compare */
 
 	msig = CMS_signed_get0_data_by_OBJ(si,
-				OBJ_nid2obj(NID_id_smime_aa_msgSigDigest),
-					-3, V_ASN1_OCTET_STRING);
+	    OBJ_nid2obj(NID_id_smime_aa_msgSigDigest), -3, V_ASN1_OCTET_STRING);
 
-	if (!msig)
-		{
+	if (!msig) {
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
 		goto err;
-		}
+	}
 
-	if (!cms_msgSigDigest(osi, dig, &diglen))
-		{
+	if (!cms_msgSigDigest(osi, dig, &diglen)) {
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
 		goto err;
-		}
+	}
 
-	if (diglen != (unsigned int)msig->length)
-			{
-			CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
-				CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
-			goto err;
-			}
+	if (diglen != (unsigned int)msig->length) {
+		CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
+		    CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
+		goto err;
+	}
 
-	if (memcmp(dig, msig->data, diglen))
-			{
-			CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
-				CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
-			goto err;
-			}
+	if (memcmp(dig, msig->data, diglen)) {
+		CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
+		    CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
+		goto err;
+	}
 
 	/* Compare content types */
 
 	octype = CMS_signed_get0_data_by_OBJ(osi,
-				OBJ_nid2obj(NID_pkcs9_contentType),
-					-3, V_ASN1_OBJECT);
-	if (!octype)
-		{
+	    OBJ_nid2obj(NID_pkcs9_contentType), -3, V_ASN1_OBJECT);
+	if (!octype) {
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
 		goto err;
-		}
+	}
 
 	/* Compare details in receipt request */
 
-	if (OBJ_cmp(octype, rct->contentType))
-		{
+	if (OBJ_cmp(octype, rct->contentType)) {
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
 		goto err;
-		}
+	}
 
 	/* Get original receipt request details */
 
-	if (CMS_get1_ReceiptRequest(osi, &rr) <= 0)
-		{
+	if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) {
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
 		goto err;
-		}
+	}
 
 	if (ASN1_STRING_cmp(rr->signedContentIdentifier,
-					rct->signedContentIdentifier))
-		{
+	    rct->signedContentIdentifier)) {
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
-					CMS_R_CONTENTIDENTIFIER_MISMATCH);
+		    CMS_R_CONTENTIDENTIFIER_MISMATCH);
 		goto err;
-		}
+	}
 
 	r = 1;
 
-	err:
+err:
 	if (rr)
 		CMS_ReceiptRequest_free(rr);
 	if (rct)
 		M_ASN1_free_of(rct, CMS_Receipt);
 
 	return r;
-
-	}
+}
 
 /* Encode a Receipt into an OCTET STRING read for including into content of
  * a SignedData ContentInfo.
  */
 
-ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
-	{
+ASN1_OCTET_STRING *
+cms_encode_Receipt(CMS_SignerInfo *si)
+{
 	CMS_Receipt rct;
 	CMS_ReceiptRequest *rr = NULL;
 	ASN1_OBJECT *ctype;
@@ -384,22 +358,19 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
 
 	/* Get original receipt request details */
 
-	if (CMS_get1_ReceiptRequest(si, &rr) <= 0)
-		{
+	if (CMS_get1_ReceiptRequest(si, &rr) <= 0) {
 		CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
 		goto err;
-		}
+	}
 
 	/* Get original content type */
 
 	ctype = CMS_signed_get0_data_by_OBJ(si,
-				OBJ_nid2obj(NID_pkcs9_contentType),
-					-3, V_ASN1_OBJECT);
-	if (!ctype)
-		{
+	    OBJ_nid2obj(NID_pkcs9_contentType), -3, V_ASN1_OBJECT);
+	if (!ctype) {
 		CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
 		goto err;
-		}
+	}
 
 	rct.version = 1;
 	rct.contentType = ctype;
@@ -408,12 +379,8 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
 
 	os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
 
-	err:
+err:
 	if (rr)
 		CMS_ReceiptRequest_free(rr);
-
 	return os;
-
-	}
-
-
+}
diff --git a/lib/libcrypto/cms/cms_io.c b/lib/libcrypto/cms/cms_io.c
index 30f5ddfe6d2..f8c1d451526 100644
--- a/lib/libcrypto/cms/cms_io.c
+++ b/lib/libcrypto/cms/cms_io.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,83 +58,82 @@
 #include "cms.h"
 #include "cms_lcl.h"
 
-CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
-	{
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
-	}
-
-int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
-	{
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
-	}
-
-IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
+int
+CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
+{
+	ASN1_OCTET_STRING **pos;
 
-/* Callback for int_smime_write_ASN1 */
-
-static int cms_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
-					const ASN1_ITEM *it)
-	{
-	CMS_ContentInfo *cms = (CMS_ContentInfo *)val;
-	BIO *tmpbio, *cmsbio;
-	int r = 0;
-
-	if (!(flags & SMIME_DETACHED))
-		{
-		SMIME_crlf_copy(data, out, flags);
-		return 1;
-		}
-
-	/* Let CMS code prepend any needed BIOs */
-
-	cmsbio = CMS_dataInit(cms, out);
-
-	if (!cmsbio)
+	pos = CMS_get0_content(cms);
+	if (!pos)
 		return 0;
+	if (!*pos)
+		*pos = ASN1_OCTET_STRING_new();
+	if (*pos) {
+		(*pos)->flags |= ASN1_STRING_FLAG_NDEF;
+		(*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+		*boundary = &(*pos)->data;
+		return 1;
+	}
+	CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE);
+	return 0;
+}
 
-	/* Copy data across, passing through filter BIOs for processing */
-	SMIME_crlf_copy(data, cmsbio, flags);
-
-	/* Finalize structure */
-	if (CMS_dataFinal(cms, cmsbio) <= 0)
-		goto err;
-
-	r = 1;
-
-	err:
-
-	/* Now remove any digests prepended to the BIO */
-
-	while (cmsbio != out)
-		{
-		tmpbio = BIO_pop(cmsbio);
-		BIO_free(cmsbio);
-		cmsbio = tmpbio;
-		}
-
-	return 1;
+CMS_ContentInfo *
+d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
+{
+	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+}
 
-	}
+int
+i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
+{
+	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+}
 
+IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
 
-int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
-	{
+BIO *
+BIO_new_CMS(BIO *out, CMS_ContentInfo *cms)
+{
+	return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
+	    ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+/* CMS wrappers round generalised stream and MIME routines */
+
+int
+i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
+{
+	return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags,
+	    ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+int
+PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
+{
+	return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *) cms, in, flags,
+	    "CMS", ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+int
+SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
+{
 	STACK_OF(X509_ALGOR) *mdalgs;
 	int ctype_nid = OBJ_obj2nid(cms->contentType);
 	int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
+
 	if (ctype_nid == NID_pkcs7_signed)
 		mdalgs = cms->d.signedData->digestAlgorithms;
 	else
 		mdalgs = NULL;
 
-	return int_smime_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
-					ctype_nid, econt_nid, mdalgs,
-					cms_output_data,
-					ASN1_ITEM_rptr(CMS_ContentInfo));	
-	}
+	return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
+	    ctype_nid, econt_nid, mdalgs, ASN1_ITEM_rptr(CMS_ContentInfo));
+}
 
-CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
-	{
+CMS_ContentInfo *
+SMIME_read_CMS(BIO *bio, BIO **bcont)
+{
 	return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
-					ASN1_ITEM_rptr(CMS_ContentInfo));
-	}
+	    ASN1_ITEM_rptr(CMS_ContentInfo));
+}
diff --git a/lib/libcrypto/cms/cms_lcl.h b/lib/libcrypto/cms/cms_lcl.h
index 7d60fac67eb..3c905342f43 100644
--- a/lib/libcrypto/cms/cms_lcl.h
+++ b/lib/libcrypto/cms/cms_lcl.h
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -93,10 +93,9 @@ typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
 typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
 typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
 
-struct CMS_ContentInfo_st
-	{
+struct CMS_ContentInfo_st {
 	ASN1_OBJECT *contentType;
-	union	{
+	union {
 		ASN1_OCTET_STRING *data;
 		CMS_SignedData *signedData;
 		CMS_EnvelopedData *envelopedData;
@@ -107,29 +106,26 @@ struct CMS_ContentInfo_st
 		ASN1_TYPE *other;
 		/* Other types ... */
 		void *otherData;
-		} d;
-	};
+	} d;
+};
 
-struct CMS_SignedData_st
-	{
+struct CMS_SignedData_st {
 	long version;
 	STACK_OF(X509_ALGOR) *digestAlgorithms;
 	CMS_EncapsulatedContentInfo *encapContentInfo;
 	STACK_OF(CMS_CertificateChoices) *certificates;
 	STACK_OF(CMS_RevocationInfoChoice) *crls;
 	STACK_OF(CMS_SignerInfo) *signerInfos;
-	};
- 
-struct CMS_EncapsulatedContentInfo_st
-	{
+};
+
+struct CMS_EncapsulatedContentInfo_st {
 	ASN1_OBJECT *eContentType;
 	ASN1_OCTET_STRING *eContent;
 	/* Set to 1 if incomplete structure only part set up */
 	int partial;
-	};
+};
 
-struct CMS_SignerInfo_st
-	{
+struct CMS_SignerInfo_st {
 	long version;
 	CMS_SignerIdentifier *sid;
 	X509_ALGOR *digestAlgorithm;
@@ -140,34 +136,30 @@ struct CMS_SignerInfo_st
 	/* Signing certificate and key */
 	X509 *signer;
 	EVP_PKEY *pkey;
-	};
+};
 
-struct CMS_SignerIdentifier_st
-	{
+struct CMS_SignerIdentifier_st {
 	int type;
-	union	{
+	union {
 		CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
 		ASN1_OCTET_STRING *subjectKeyIdentifier;
-		} d;
-	};
+	} d;
+};
 
-struct CMS_EnvelopedData_st
-	{
+struct CMS_EnvelopedData_st {
 	long version;
 	CMS_OriginatorInfo *originatorInfo;
 	STACK_OF(CMS_RecipientInfo) *recipientInfos;
 	CMS_EncryptedContentInfo *encryptedContentInfo;
 	STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
-	};
+};
 
-struct CMS_OriginatorInfo_st
-	{
+struct CMS_OriginatorInfo_st {
 	STACK_OF(CMS_CertificateChoices) *certificates;
 	STACK_OF(CMS_RevocationInfoChoice) *crls;
-	};
+};
 
-struct CMS_EncryptedContentInfo_st
-	{
+struct CMS_EncryptedContentInfo_st {
 	ASN1_OBJECT *contentType;
 	X509_ALGOR *contentEncryptionAlgorithm;
 	ASN1_OCTET_STRING *encryptedContent;
@@ -175,24 +167,24 @@ struct CMS_EncryptedContentInfo_st
 	const EVP_CIPHER *cipher;
 	unsigned char *key;
 	size_t keylen;
-	};
+	/* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
+	int debug;
+};
 
-struct CMS_RecipientInfo_st
-	{
- 	int type;
- 	union	{
-  	 	CMS_KeyTransRecipientInfo *ktri;
-   		CMS_KeyAgreeRecipientInfo *kari;
-   		CMS_KEKRecipientInfo *kekri;
+struct CMS_RecipientInfo_st {
+	int type;
+	union {
+		CMS_KeyTransRecipientInfo *ktri;
+		CMS_KeyAgreeRecipientInfo *kari;
+		CMS_KEKRecipientInfo *kekri;
 		CMS_PasswordRecipientInfo *pwri;
 		CMS_OtherRecipientInfo *ori;
-		} d;
-	};
+	} d;
+};
 
 typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
 
-struct CMS_KeyTransRecipientInfo_st
-	{
+struct CMS_KeyTransRecipientInfo_st {
 	long version;
 	CMS_RecipientIdentifier *rid;
 	X509_ALGOR *keyEncryptionAlgorithm;
@@ -200,104 +192,94 @@ struct CMS_KeyTransRecipientInfo_st
 	/* Recipient Key and cert */
 	X509 *recip;
 	EVP_PKEY *pkey;
-	};
+};
 
-struct CMS_KeyAgreeRecipientInfo_st
-	{
+struct CMS_KeyAgreeRecipientInfo_st {
 	long version;
 	CMS_OriginatorIdentifierOrKey *originator;
 	ASN1_OCTET_STRING *ukm;
- 	X509_ALGOR *keyEncryptionAlgorithm;
+	X509_ALGOR *keyEncryptionAlgorithm;
 	STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
-	};
+};
 
-struct CMS_OriginatorIdentifierOrKey_st
-	{
+struct CMS_OriginatorIdentifierOrKey_st {
 	int type;
-	union	{
+	union {
 		CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
 		ASN1_OCTET_STRING *subjectKeyIdentifier;
 		CMS_OriginatorPublicKey *originatorKey;
-		} d;
-	};
+	} d;
+};
 
-struct CMS_OriginatorPublicKey_st
-	{
+struct CMS_OriginatorPublicKey_st {
 	X509_ALGOR *algorithm;
 	ASN1_BIT_STRING *publicKey;
-	};
+};
 
-struct CMS_RecipientEncryptedKey_st
-	{
- 	CMS_KeyAgreeRecipientIdentifier *rid;
- 	ASN1_OCTET_STRING *encryptedKey;
-	};
+struct CMS_RecipientEncryptedKey_st {
+	CMS_KeyAgreeRecipientIdentifier *rid;
+	ASN1_OCTET_STRING *encryptedKey;
+};
 
-struct CMS_KeyAgreeRecipientIdentifier_st
-	{
+struct CMS_KeyAgreeRecipientIdentifier_st {
 	int type;
-	union	{
+	union {
 		CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
 		CMS_RecipientKeyIdentifier *rKeyId;
-		} d;
-	};
+	} d;
+};
 
-struct CMS_RecipientKeyIdentifier_st
-	{
- 	ASN1_OCTET_STRING *subjectKeyIdentifier;
- 	ASN1_GENERALIZEDTIME *date;
- 	CMS_OtherKeyAttribute *other;
-	};
+struct CMS_RecipientKeyIdentifier_st {
+	ASN1_OCTET_STRING *subjectKeyIdentifier;
+	ASN1_GENERALIZEDTIME *date;
+	CMS_OtherKeyAttribute *other;
+};
 
-struct CMS_KEKRecipientInfo_st
-	{
- 	long version;
- 	CMS_KEKIdentifier *kekid;
- 	X509_ALGOR *keyEncryptionAlgorithm;
- 	ASN1_OCTET_STRING *encryptedKey;
+struct CMS_KEKRecipientInfo_st {
+	long version;
+	CMS_KEKIdentifier *kekid;
+	X509_ALGOR *keyEncryptionAlgorithm;
+	ASN1_OCTET_STRING *encryptedKey;
 	/* Extra info: symmetric key to use */
 	unsigned char *key;
 	size_t keylen;
-	};
+};
 
-struct CMS_KEKIdentifier_st
-	{
- 	ASN1_OCTET_STRING *keyIdentifier;
- 	ASN1_GENERALIZEDTIME *date;
- 	CMS_OtherKeyAttribute *other;
-	};
+struct CMS_KEKIdentifier_st {
+	ASN1_OCTET_STRING *keyIdentifier;
+	ASN1_GENERALIZEDTIME *date;
+	CMS_OtherKeyAttribute *other;
+};
 
-struct CMS_PasswordRecipientInfo_st
-	{
- 	long version;
- 	X509_ALGOR *keyDerivationAlgorithm;
- 	X509_ALGOR *keyEncryptionAlgorithm;
- 	ASN1_OCTET_STRING *encryptedKey;
-	};
+struct CMS_PasswordRecipientInfo_st {
+	long version;
+	X509_ALGOR *keyDerivationAlgorithm;
+	X509_ALGOR *keyEncryptionAlgorithm;
+	ASN1_OCTET_STRING *encryptedKey;
+	/* Extra info: password to use */
+	unsigned char *pass;
+	size_t passlen;
+};
 
-struct CMS_OtherRecipientInfo_st
-	{
- 	ASN1_OBJECT *oriType;
- 	ASN1_TYPE *oriValue;
-	};
+struct CMS_OtherRecipientInfo_st {
+	ASN1_OBJECT *oriType;
+	ASN1_TYPE *oriValue;
+};
 
-struct CMS_DigestedData_st
-	{
+struct CMS_DigestedData_st {
 	long version;
 	X509_ALGOR *digestAlgorithm;
 	CMS_EncapsulatedContentInfo *encapContentInfo;
 	ASN1_OCTET_STRING *digest;
-	};
+};
 
-struct CMS_EncryptedData_st
-	{
+struct CMS_EncryptedData_st {
 	long version;
 	CMS_EncryptedContentInfo *encryptedContentInfo;
 	STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
-	};
+};
 
-struct CMS_AuthenticatedData_st
-	{
+struct CMS_AuthenticatedData_st {
 	long version;
 	CMS_OriginatorInfo *originatorInfo;
 	STACK_OF(CMS_RecipientInfo) *recipientInfos;
@@ -307,45 +289,41 @@ struct CMS_AuthenticatedData_st
 	STACK_OF(X509_ATTRIBUTE) *authAttrs;
 	ASN1_OCTET_STRING *mac;
 	STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
-	};
+};
 
-struct CMS_CompressedData_st
-	{
+struct CMS_CompressedData_st {
 	long version;
 	X509_ALGOR *compressionAlgorithm;
 	STACK_OF(CMS_RecipientInfo) *recipientInfos;
 	CMS_EncapsulatedContentInfo *encapContentInfo;
-	};
+};
 
-struct CMS_RevocationInfoChoice_st
-	{
+struct CMS_RevocationInfoChoice_st {
 	int type;
-	union	{
+	union {
 		X509_CRL *crl;
 		CMS_OtherRevocationInfoFormat *other;
-		} d;
-	};
+	} d;
+};
 
 #define CMS_REVCHOICE_CRL		0
 #define CMS_REVCHOICE_OTHER		1
 
-struct CMS_OtherRevocationInfoFormat_st
-	{
+struct CMS_OtherRevocationInfoFormat_st {
 	ASN1_OBJECT *otherRevInfoFormat;
- 	ASN1_TYPE *otherRevInfo;
-	};
+	ASN1_TYPE *otherRevInfo;
+};
 
-struct CMS_CertificateChoices
-	{
+struct CMS_CertificateChoices {
 	int type;
-		union {
+	union {
 		X509 *certificate;
 		ASN1_STRING *extendedCertificate;	/* Obsolete */
 		ASN1_STRING *v1AttrCert;	/* Left encoded for now */
 		ASN1_STRING *v2AttrCert;	/* Left encoded for now */
 		CMS_OtherCertificateFormat *other;
-		} d;
-	};
+	} d;
+};
 
 #define CMS_CERTCHOICE_CERT		0
 #define CMS_CERTCHOICE_EXCERT		1
@@ -353,63 +331,60 @@ struct CMS_CertificateChoices
 #define CMS_CERTCHOICE_V2ACERT		3
 #define CMS_CERTCHOICE_OTHER		4
 
-struct CMS_OtherCertificateFormat_st
-	{
+struct CMS_OtherCertificateFormat_st {
 	ASN1_OBJECT *otherCertFormat;
- 	ASN1_TYPE *otherCert;
-	};
+	ASN1_TYPE *otherCert;
+};
 
 /* This is also defined in pkcs7.h but we duplicate it
  * to allow the CMS code to be independent of PKCS#7
  */
 
-struct CMS_IssuerAndSerialNumber_st
-	{
+struct CMS_IssuerAndSerialNumber_st {
 	X509_NAME *issuer;
 	ASN1_INTEGER *serialNumber;
-	};
+};
 
-struct CMS_OtherKeyAttribute_st
-	{
+struct CMS_OtherKeyAttribute_st {
 	ASN1_OBJECT *keyAttrId;
- 	ASN1_TYPE *keyAttr;
-	};
+	ASN1_TYPE *keyAttr;
+};
 
 /* ESS structures */
 
 #ifdef HEADER_X509V3_H
 
-struct CMS_ReceiptRequest_st
-	{
+struct CMS_ReceiptRequest_st {
 	ASN1_OCTET_STRING *signedContentIdentifier;
 	CMS_ReceiptsFrom *receiptsFrom;
 	STACK_OF(GENERAL_NAMES) *receiptsTo;
-	};
+};
 
 
-struct CMS_ReceiptsFrom_st
-	{
+struct CMS_ReceiptsFrom_st {
 	int type;
 	union
-		{
+	{
 		long allOrFirstTier;
 		STACK_OF(GENERAL_NAMES) *receiptList;
-		} d;
-	};
+	} d;
+};
 #endif
 
-struct CMS_Receipt_st
-	{
+struct CMS_Receipt_st {
 	long version;
 	ASN1_OBJECT *contentType;
 	ASN1_OCTET_STRING *signedContentIdentifier;
 	ASN1_OCTET_STRING *originatorSignatureValue;
-	};
+};
 
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
 DECLARE_ASN1_ITEM(CMS_SignerInfo)
 DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
 DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
 DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
+DECLARE_ASN1_ITEM(CMS_RecipientInfo)
+DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
 DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
 
 #define CMS_SIGNERINFO_ISSUER_SERIAL	0
@@ -430,8 +405,7 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
 int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
 int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type);
 int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno);
+    ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
 int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
 
 CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
@@ -440,20 +414,24 @@ BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
 void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md);
 BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
 int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
-					X509_ALGOR *mdalg);
+    X509_ALGOR *mdalg);
 
 BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
 BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
-int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec, 
-				const EVP_CIPHER *cipher,
-				const unsigned char *key, size_t keylen);
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+    const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen);
 
 int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
 int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
 ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
 
 BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
-	
+CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms);
+
+/* PWRI routines */
+int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+    int en_de);
+
 #ifdef  __cplusplus
 }
 #endif
diff --git a/lib/libcrypto/cms/cms_lib.c b/lib/libcrypto/cms/cms_lib.c
index 8e6c1d29a52..66bd73c86ce 100644
--- a/lib/libcrypto/cms/cms_lib.c
+++ b/lib/libcrypto/cms/cms_lib.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,34 +60,39 @@
 #include "cms.h"
 #include "cms_lcl.h"
 
-IMPLEMENT_ASN1_FUNCTIONS_const(CMS_ContentInfo)
+IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
+IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 
 DECLARE_ASN1_ITEM(CMS_CertificateChoices)
 DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
 DECLARE_STACK_OF(CMS_CertificateChoices)
 DECLARE_STACK_OF(CMS_RevocationInfoChoice)
 
-const ASN1_OBJECT *CMS_get0_type(CMS_ContentInfo *cms)
-	{
+const ASN1_OBJECT *
+CMS_get0_type(CMS_ContentInfo *cms)
+{
 	return cms->contentType;
-	}
+}
 
-CMS_ContentInfo *cms_Data_create(void)
-	{
+CMS_ContentInfo *
+cms_Data_create(void)
+{
 	CMS_ContentInfo *cms;
+
 	cms = CMS_ContentInfo_new();
-	if (cms)
-		{
+	if (cms) {
 		cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
 		/* Never detached */
 		CMS_set_detached(cms, 0);
-		}
-	return cms;
 	}
+	return cms;
+}
 
-BIO *cms_content_bio(CMS_ContentInfo *cms)
-	{
+BIO *
+cms_content_bio(CMS_ContentInfo *cms)
+{
 	ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+
 	if (!pos)
 		return NULL;
 	/* If content detached data goes nowhere: create NULL BIO */
@@ -99,51 +104,45 @@ BIO *cms_content_bio(CMS_ContentInfo *cms)
 		return BIO_new(BIO_s_mem());
 	/* Else content was read in: return read only BIO for it */
 	return BIO_new_mem_buf((*pos)->data, (*pos)->length);
-	}
+}
 
-BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
-	{
+BIO *
+CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
+{
 	BIO *cmsbio, *cont;
+
 	if (icont)
 		cont = icont;
 	else
 		cont = cms_content_bio(cms);
-	if (!cont)
-		{
+	if (!cont) {
 		CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
 		return NULL;
-		}
-	switch (OBJ_obj2nid(cms->contentType))
-		{
-
-		case NID_pkcs7_data:
+	}
+	switch (OBJ_obj2nid(cms->contentType)) {
+	case NID_pkcs7_data:
 		return cont;
-
-		case NID_pkcs7_signed:
+	case NID_pkcs7_signed:
 		cmsbio = cms_SignedData_init_bio(cms);
 		break;
-
-		case NID_pkcs7_digest:
+	case NID_pkcs7_digest:
 		cmsbio = cms_DigestedData_init_bio(cms);
 		break;
 #ifdef ZLIB
-		case NID_id_smime_ct_compressedData:
+	case NID_id_smime_ct_compressedData:
 		cmsbio = cms_CompressedData_init_bio(cms);
 		break;
 #endif
-
-		case NID_pkcs7_encrypted:
+	case NID_pkcs7_encrypted:
 		cmsbio = cms_EncryptedData_init_bio(cms);
 		break;
-
-		case NID_pkcs7_enveloped:
+	case NID_pkcs7_enveloped:
 		cmsbio = cms_EnvelopedData_init_bio(cms);
 		break;
-
-		default:
+	default:
 		CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
 		return NULL;
-		}
+	}
 
 	if (cmsbio)
 		return BIO_push(cmsbio, cont);
@@ -151,142 +150,121 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
 	if (!icont)
 		BIO_free(cont);
 	return NULL;
+}
 
-	}
-
-int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
-	{
+int
+CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
+{
 	ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+
 	if (!pos)
 		return 0;
 	/* If ebmedded content find memory BIO and set content */
-	if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT))
-		{
+	if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
 		BIO *mbio;
 		unsigned char *cont;
 		long contlen;
 		mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
-		if (!mbio)
-			{
+		if (!mbio) {
 			CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
 			return 0;
-			}
+		}
 		contlen = BIO_get_mem_data(mbio, &cont);
 		/* Set bio as read only so its content can't be clobbered */
 		BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
 		BIO_set_mem_eof_return(mbio, 0);
 		ASN1_STRING_set0(*pos, cont, contlen);
 		(*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
-		}
-
-	switch (OBJ_obj2nid(cms->contentType))
-		{
+	}
 
-		case NID_pkcs7_data:
-		case NID_pkcs7_enveloped:
-		case NID_pkcs7_encrypted:
-		case NID_id_smime_ct_compressedData:
+	switch (OBJ_obj2nid(cms->contentType)) {
+	case NID_pkcs7_data:
+	case NID_pkcs7_enveloped:
+	case NID_pkcs7_encrypted:
+	case NID_id_smime_ct_compressedData:
 		/* Nothing to do */
 		return 1;
-
-		case NID_pkcs7_signed:
+	case NID_pkcs7_signed:
 		return cms_SignedData_final(cms, cmsbio);
-
-		case NID_pkcs7_digest:
+	case NID_pkcs7_digest:
 		return cms_DigestedData_do_final(cms, cmsbio, 0);
-
-		default:
+	default:
 		CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
 		return 0;
-		}
 	}
+}
 
 /* Return an OCTET STRING pointer to content. This allows it to
  * be accessed or set later.
  */
 
 ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
-	{
-	switch (OBJ_obj2nid(cms->contentType))
-		{
-
-		case NID_pkcs7_data:
+{
+	switch (OBJ_obj2nid(cms->contentType)) {
+	case NID_pkcs7_data:
 		return &cms->d.data;
-
-		case NID_pkcs7_signed:
+	case NID_pkcs7_signed:
 		return &cms->d.signedData->encapContentInfo->eContent;
-
-		case NID_pkcs7_enveloped:
+	case NID_pkcs7_enveloped:
 		return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
-
-		case NID_pkcs7_digest:
+	case NID_pkcs7_digest:
 		return &cms->d.digestedData->encapContentInfo->eContent;
-
-		case NID_pkcs7_encrypted:
+	case NID_pkcs7_encrypted:
 		return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
-
-		case NID_id_smime_ct_authData:
+	case NID_id_smime_ct_authData:
 		return &cms->d.authenticatedData->encapContentInfo->eContent;
-
-		case NID_id_smime_ct_compressedData:
+	case NID_id_smime_ct_compressedData:
 		return &cms->d.compressedData->encapContentInfo->eContent;
-
-		default:
+	default:
 		if (cms->d.other->type == V_ASN1_OCTET_STRING)
 			return &cms->d.other->value.octet_string;
 		CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
 		return NULL;
-
-		}
 	}
+}
 
 /* Return an ASN1_OBJECT pointer to content type. This allows it to
  * be accessed or set later.
  */
 
 static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
-	{
-	switch (OBJ_obj2nid(cms->contentType))
-		{
-
-		case NID_pkcs7_signed:
+{
+	switch (OBJ_obj2nid(cms->contentType)) {
+	case NID_pkcs7_signed:
 		return &cms->d.signedData->encapContentInfo->eContentType;
-
-		case NID_pkcs7_enveloped:
+	case NID_pkcs7_enveloped:
 		return &cms->d.envelopedData->encryptedContentInfo->contentType;
-
-		case NID_pkcs7_digest:
+	case NID_pkcs7_digest:
 		return &cms->d.digestedData->encapContentInfo->eContentType;
-
-		case NID_pkcs7_encrypted:
+	case NID_pkcs7_encrypted:
 		return &cms->d.encryptedData->encryptedContentInfo->contentType;
-
-		case NID_id_smime_ct_authData:
+	case NID_id_smime_ct_authData:
 		return &cms->d.authenticatedData->encapContentInfo->eContentType;
-
-		case NID_id_smime_ct_compressedData:
+	case NID_id_smime_ct_compressedData:
 		return &cms->d.compressedData->encapContentInfo->eContentType;
-
-		default:
+	default:
 		CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE,
-					CMS_R_UNSUPPORTED_CONTENT_TYPE);
+		    CMS_R_UNSUPPORTED_CONTENT_TYPE);
 		return NULL;
-
-		}
 	}
+}
 
-const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
-	{
+const ASN1_OBJECT *
+CMS_get0_eContentType(CMS_ContentInfo *cms)
+{
 	ASN1_OBJECT **petype;
+
 	petype = cms_get0_econtent_type(cms);
 	if (petype)
 		return *petype;
 	return NULL;
-	}
+}
 
-int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
-	{
+int
+CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
+{
 	ASN1_OBJECT **petype, *etype;
+
 	petype = cms_get0_econtent_type(cms);
 	if (!petype)
 		return 0;
@@ -298,155 +276,147 @@ int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
 	ASN1_OBJECT_free(*petype);
 	*petype = etype;
 	return 1;
-	}
+}
 
-int CMS_is_detached(CMS_ContentInfo *cms)
-	{
+int
+CMS_is_detached(CMS_ContentInfo *cms)
+{
 	ASN1_OCTET_STRING **pos;
+
 	pos = CMS_get0_content(cms);
 	if (!pos)
 		return -1;
 	if (*pos)
 		return 0;
 	return 1;
-	}
+}
 
-int CMS_set_detached(CMS_ContentInfo *cms, int detached)
-	{
+int
+CMS_set_detached(CMS_ContentInfo *cms, int detached)
+{
 	ASN1_OCTET_STRING **pos;
+
 	pos = CMS_get0_content(cms);
 	if (!pos)
 		return 0;
-	if (detached)
-		{
-		if (*pos)
-			{
+	if (detached) {
+		if (*pos) {
 			ASN1_OCTET_STRING_free(*pos);
 			*pos = NULL;
-			}
-		return 1;
 		}
+		return 1;
+	}
 	if (!*pos)
 		*pos = ASN1_OCTET_STRING_new();
-	if (*pos)
-		{
+	if (*pos) {
 		/* NB: special flag to show content is created and not
 		 * read in.
 		 */
 		(*pos)->flags |= ASN1_STRING_FLAG_CONT;
 		return 1;
-		}
+	}
 	CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
 	return 0;
-	}
+}
 
 /* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
 
-void cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
-	{
+void
+cms_DigestAlgorithm_set(X509_ALGOR *alg, const EVP_MD *md)
+{
 	int param_type;
 
-	switch (EVP_MD_type(md))
-		{
-		case NID_sha1:
-		case NID_sha224:
-		case NID_sha256:
-		case NID_sha384:
-		case NID_sha512:
+	if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
 		param_type = V_ASN1_UNDEF;
-		break;
-	
-		default:
+	else
 		param_type = V_ASN1_NULL;
-		break;
-		}
 
 	X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
 
-	}
+}
 
 /* Create a digest BIO from an X509_ALGOR structure */
 
-BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
-	{
+BIO *
+cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
+{
 	BIO *mdbio = NULL;
 	ASN1_OBJECT *digestoid;
 	const EVP_MD *digest;
+
 	X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
 	digest = EVP_get_digestbyobj(digestoid);
-	if (!digest)
-		{
+	if (!digest) {
 		CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
-				CMS_R_UNKNOWN_DIGEST_ALGORIHM);
-		goto err;	
-		}
+		    CMS_R_UNKNOWN_DIGEST_ALGORIHM);
+		goto err;
+	}
 	mdbio = BIO_new(BIO_f_md());
-	if (!mdbio || !BIO_set_md(mdbio, digest))
-		{
+	if (!mdbio || !BIO_set_md(mdbio, digest)) {
 		CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
-				CMS_R_MD_BIO_INIT_ERROR);
-		goto err;	
-		}
+		    CMS_R_MD_BIO_INIT_ERROR);
+		goto err;
+	}
 	return mdbio;
-	err:
+
+err:
 	if (mdbio)
 		BIO_free(mdbio);
 	return NULL;
-	}
+}
 
 /* Locate a message digest content from a BIO chain based on SignerInfo */
 
-int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
-					X509_ALGOR *mdalg)
-	{
+int
+cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, X509_ALGOR *mdalg)
+{
 	int nid;
 	ASN1_OBJECT *mdoid;
+
 	X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
 	nid = OBJ_obj2nid(mdoid);
+
 	/* Look for digest type to match signature */
-	for (;;)
-		{
+	for (;;) {
 		EVP_MD_CTX *mtmp;
 		chain = BIO_find_type(chain, BIO_TYPE_MD);
-		if (chain == NULL)
-			{
+		if (chain == NULL) {
 			CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
-						CMS_R_NO_MATCHING_DIGEST);
+			    CMS_R_NO_MATCHING_DIGEST);
 			return 0;
-			}
+		}
 		BIO_get_md_ctx(chain, &mtmp);
-		if (EVP_MD_CTX_type(mtmp) == nid)
-			{
-			EVP_MD_CTX_copy_ex(mctx, mtmp);
-			return 1;
-			}
+		if (EVP_MD_CTX_type(mtmp) == nid
+		/* Workaround for broken implementations that use signature
+		 * algorithm  OID instead of digest.
+		 */ ||
+		    EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
+			return EVP_MD_CTX_copy_ex(mctx, mtmp);
 		chain = BIO_next(chain);
-		}
 	}
+}
 
-static STACK_OF(CMS_CertificateChoices) **cms_get0_certificate_choices(CMS_ContentInfo *cms)
-	{
-	switch (OBJ_obj2nid(cms->contentType))
-		{
-
-		case NID_pkcs7_signed:
+static STACK_OF(CMS_CertificateChoices) **
+cms_get0_certificate_choices(CMS_ContentInfo *cms)
+{
+	switch (OBJ_obj2nid(cms->contentType)) {
+	case NID_pkcs7_signed:
 		return &cms->d.signedData->certificates;
-
-		case NID_pkcs7_enveloped:
+	case NID_pkcs7_enveloped:
 		return &cms->d.envelopedData->originatorInfo->certificates;
-
-		default:
+	default:
 		CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
-					CMS_R_UNSUPPORTED_CONTENT_TYPE);
+		    CMS_R_UNSUPPORTED_CONTENT_TYPE);
 		return NULL;
-
-		}
 	}
+}
 
-CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
-	{
+CMS_CertificateChoices *
+CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
+{
 	STACK_OF(CMS_CertificateChoices) **pcerts;
 	CMS_CertificateChoices *cch;
+
 	pcerts = cms_get0_certificate_choices(cms);
 	if (!pcerts)
 		return NULL;
@@ -457,77 +427,73 @@ CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
 	cch = M_ASN1_new_of(CMS_CertificateChoices);
 	if (!cch)
 		return NULL;
-	if (!sk_CMS_CertificateChoices_push(*pcerts, cch))
-		{
+	if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) {
 		M_ASN1_free_of(cch, CMS_CertificateChoices);
 		return NULL;
-		}
-	return cch;
 	}
+	return cch;
+}
 
-int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
-	{
+int
+CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
+{
 	CMS_CertificateChoices *cch;
 	STACK_OF(CMS_CertificateChoices) **pcerts;
 	int i;
+
 	pcerts = cms_get0_certificate_choices(cms);
 	if (!pcerts)
 		return 0;
-	if (!pcerts)
-		return 0;
-	for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
-		{
+	for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
 		cch = sk_CMS_CertificateChoices_value(*pcerts, i);
-		if (cch->type == CMS_CERTCHOICE_CERT)
-			{
-			if (!X509_cmp(cch->d.certificate, cert))
-				{
-				CMSerr(CMS_F_CMS_ADD0_CERT, 
-					CMS_R_CERTIFICATE_ALREADY_PRESENT);
+		if (cch->type == CMS_CERTCHOICE_CERT) {
+			if (!X509_cmp(cch->d.certificate, cert)) {
+				CMSerr(CMS_F_CMS_ADD0_CERT,
+				    CMS_R_CERTIFICATE_ALREADY_PRESENT);
 				return 0;
-				}
 			}
 		}
+	}
 	cch = CMS_add0_CertificateChoices(cms);
 	if (!cch)
 		return 0;
 	cch->type = CMS_CERTCHOICE_CERT;
 	cch->d.certificate = cert;
 	return 1;
-	}
+}
 
-int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
-	{
+int
+CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
+{
 	int r;
+
 	r = CMS_add0_cert(cms, cert);
 	if (r > 0)
 		CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
 	return r;
-	}
-
-static STACK_OF(CMS_RevocationInfoChoice) **cms_get0_revocation_choices(CMS_ContentInfo *cms)
-	{
-	switch (OBJ_obj2nid(cms->contentType))
-		{
+}
 
-		case NID_pkcs7_signed:
+static STACK_OF(CMS_RevocationInfoChoice) **
+cms_get0_revocation_choices(CMS_ContentInfo *cms)
+{
+	switch (OBJ_obj2nid(cms->contentType)) {
+	case NID_pkcs7_signed:
 		return &cms->d.signedData->crls;
-
-		case NID_pkcs7_enveloped:
+	case NID_pkcs7_enveloped:
 		return &cms->d.envelopedData->originatorInfo->crls;
-
-		default:
+	default:
 		CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
-					CMS_R_UNSUPPORTED_CONTENT_TYPE);
+		    CMS_R_UNSUPPORTED_CONTENT_TYPE);
 		return NULL;
-
-		}
 	}
+}
 
-CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
-	{
+CMS_RevocationInfoChoice *
+CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
+{
 	STACK_OF(CMS_RevocationInfoChoice) **pcrls;
 	CMS_RevocationInfoChoice *rch;
+
 	pcrls = cms_get0_revocation_choices(cms);
 	if (!pcrls)
 		return NULL;
@@ -538,86 +504,92 @@ CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
 	rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
 	if (!rch)
 		return NULL;
-	if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch))
-		{
+	if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) {
 		M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
 		return NULL;
-		}
-	return rch;
 	}
+	return rch;
+}
 
-int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
-	{
+int
+CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+{
 	CMS_RevocationInfoChoice *rch;
+
 	rch = CMS_add0_RevocationInfoChoice(cms);
 	if (!rch)
 		return 0;
 	rch->type = CMS_REVCHOICE_CRL;
 	rch->d.crl = crl;
 	return 1;
-	}
+}
+
+int
+CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+{
+	int r;
+
+	r = CMS_add0_crl(cms, crl);
+	if (r > 0)
+		CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
+	return r;
+}
 
 STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
-	{
+{
 	STACK_OF(X509) *certs = NULL;
 	CMS_CertificateChoices *cch;
 	STACK_OF(CMS_CertificateChoices) **pcerts;
 	int i;
+
 	pcerts = cms_get0_certificate_choices(cms);
 	if (!pcerts)
 		return NULL;
-	for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++)
-		{
+	for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
 		cch = sk_CMS_CertificateChoices_value(*pcerts, i);
-		if (cch->type == 0)
-			{
-			if (!certs)
-				{
+		if (cch->type == 0) {
+			if (!certs) {
 				certs = sk_X509_new_null();
 				if (!certs)
 					return NULL;
-				}
-			if (!sk_X509_push(certs, cch->d.certificate))
-				{
+			}
+			if (!sk_X509_push(certs, cch->d.certificate)) {
 				sk_X509_pop_free(certs, X509_free);
 				return NULL;
-				}
-			CRYPTO_add(&cch->d.certificate->references,
-						1, CRYPTO_LOCK_X509);
 			}
+			CRYPTO_add(&cch->d.certificate->references,
+			    1, CRYPTO_LOCK_X509);
 		}
+	}
 	return certs;
 
-	}
+}
 
 STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
-	{
+{
 	STACK_OF(X509_CRL) *crls = NULL;
 	STACK_OF(CMS_RevocationInfoChoice) **pcrls;
 	CMS_RevocationInfoChoice *rch;
 	int i;
+
 	pcrls = cms_get0_revocation_choices(cms);
 	if (!pcrls)
 		return NULL;
-	for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++)
-		{
+	for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
 		rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
-		if (rch->type == 0)
-			{
-			if (!crls)
-				{
+		if (rch->type == 0) {
+			if (!crls) {
 				crls = sk_X509_CRL_new_null();
 				if (!crls)
 					return NULL;
-				}
-			if (!sk_X509_CRL_push(crls, rch->d.crl))
-				{
+			}
+			if (!sk_X509_CRL_push(crls, rch->d.crl)) {
 				sk_X509_CRL_pop_free(crls, X509_CRL_free);
 				return NULL;
-				}
-			CRYPTO_add(&rch->d.crl->references,
-						1, CRYPTO_LOCK_X509_CRL);
 			}
+			CRYPTO_add(&rch->d.crl->references,
+			    1, CRYPTO_LOCK_X509_CRL);
 		}
-	return crls;
 	}
+	return crls;
+}
diff --git a/lib/libcrypto/cms/cms_pwri.c b/lib/libcrypto/cms/cms_pwri.c
index 36d50f1797b..1399cbd606e 100644
--- a/lib/libcrypto/cms/cms_pwri.c
+++ b/lib/libcrypto/cms/cms_pwri.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,15 +62,16 @@
 #include "cms_lcl.h"
 #include "asn1_locl.h"
 
-int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, 
-				unsigned char *pass, ssize_t passlen)
-	{
+int
+CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass,
+    ssize_t passlen)
+{
 	CMS_PasswordRecipientInfo *pwri;
-	if (ri->type != CMS_RECIPINFO_PASS)
-		{
+
+	if (ri->type != CMS_RECIPINFO_PASS) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI);
 		return 0;
-		}
+	}
 
 	pwri = ri->d.pwri;
 	pwri->pass = pass;
@@ -78,14 +79,13 @@ int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
 		passlen = strlen((char *)pass);
 	pwri->passlen = passlen;
 	return 1;
-	}
+}
 
-CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
-					int iter, int wrap_nid, int pbe_nid,
-					unsigned char *pass,
-					ssize_t passlen,
-					const EVP_CIPHER *kekciph)
-	{
+CMS_RecipientInfo *
+CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, int wrap_nid,
+    int pbe_nid, unsigned char *pass, ssize_t passlen,
+    const EVP_CIPHER *kekciph)
+{
 	CMS_RecipientInfo *ri = NULL;
 	CMS_EnvelopedData *env;
 	CMS_PasswordRecipientInfo *pwri;
@@ -93,6 +93,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
 	X509_ALGOR *encalg = NULL;
 	unsigned char iv[EVP_MAX_IV_LENGTH];
 	int ivlen;
+
 	env = cms_get0_enveloped(cms);
 	if (!env)
 		goto err;
@@ -107,54 +108,47 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
 	if (kekciph == NULL)
 		kekciph = env->encryptedContentInfo->cipher;
 
-	if (kekciph == NULL)
-		{
+	if (kekciph == NULL) {
 		CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER);
 		return NULL;
-		}
-	if (wrap_nid != NID_id_alg_PWRI_KEK)
-		{
+	}
+	if (wrap_nid != NID_id_alg_PWRI_KEK) {
 		CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
-				CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
+		    CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
 		return NULL;
-		}
+	}
 
 	/* Setup algorithm identifier for cipher */
 	encalg = X509_ALGOR_new();
 	EVP_CIPHER_CTX_init(&ctx);
 
-	if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0)
-		{
+	if (EVP_EncryptInit_ex(&ctx, kekciph, NULL, NULL, NULL) <= 0) {
 		CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
 		goto err;
-		}
+	}
 
 	ivlen = EVP_CIPHER_CTX_iv_length(&ctx);
 
-	if (ivlen > 0)
-		{
+	if (ivlen > 0) {
 		if (RAND_pseudo_bytes(iv, ivlen) <= 0)
 			goto err;
-		if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0)
-			{
+		if (EVP_EncryptInit_ex(&ctx, NULL, NULL, NULL, iv) <= 0) {
 			CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
-							ERR_R_EVP_LIB);
+			    ERR_R_EVP_LIB);
 			goto err;
-			}
+		}
 		encalg->parameter = ASN1_TYPE_new();
-		if (!encalg->parameter)
-			{
+		if (!encalg->parameter) {
 			CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
-							ERR_R_MALLOC_FAILURE);
+			    ERR_R_MALLOC_FAILURE);
 			goto err;
-			}
-		if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0)
-			{
+		}
+		if (EVP_CIPHER_param_to_asn1(&ctx, encalg->parameter) <= 0) {
 			CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
-				CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+			    CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
 			goto err;
-			}
 		}
+	}
 
 
 	encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(&ctx));
@@ -182,10 +176,10 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
 	if (!pwri->keyEncryptionAlgorithm->parameter)
 		goto merr;
 
-        if(!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
+	if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
 	    &pwri->keyEncryptionAlgorithm->parameter->value.sequence))
 		goto merr;
-        pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE;
+	pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE;
 
 	X509_ALGOR_free(encalg);
 	encalg = NULL;
@@ -205,48 +199,47 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
 
 	return ri;
 
-	merr:
+merr:
 	CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
-	err:
+err:
 	EVP_CIPHER_CTX_cleanup(&ctx);
 	if (ri)
 		M_ASN1_free_of(ri, CMS_RecipientInfo);
 	if (encalg)
 		X509_ALGOR_free(encalg);
 	return NULL;
-
-	}
+}
 
 /* This is an implementation of the key wrapping mechanism in RFC3211,
  * at some point this should go into EVP.
  */
 
-static int kek_unwrap_key(unsigned char *out, size_t *outlen,
-		const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx)
-	{
+static int
+kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
+    size_t inlen, EVP_CIPHER_CTX *ctx)
+{
 	size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
 	unsigned char *tmp;
 	int outl, rv = 0;
-	if (inlen < 2 * blocklen)
-		{
+
+	if (inlen < 2 * blocklen) {
 		/* too small */
 		return 0;
-		}
-	if (inlen % blocklen)
-		{
+	}
+	if (inlen % blocklen) {
 		/* Invalid size */
 		return 0;
-		}
+	}
 	tmp = malloc(inlen);
 	/* setup IV by decrypting last two blocks */
 	EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
-				in  + inlen - 2 * blocklen, blocklen * 2);
+	    in  + inlen - 2 * blocklen, blocklen * 2);
 	/* Do a decrypt of last decrypted block to set IV to correct value
 	 * output it to start of buffer so we don't corrupt decrypted block
 	 * this works because buffer is at least two block lengths long.
 	 */
 	EVP_DecryptUpdate(ctx, tmp, &outl,
-				tmp  + inlen - blocklen, blocklen);
+	    tmp  + inlen - blocklen, blocklen);
 	/* Can now decrypt first n - 1 blocks */
 	EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen);
 
@@ -255,49 +248,47 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
 	/* Decrypt again */
 	EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen);
 	/* Check check bytes */
-	if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff)
-		{
+	if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) &
+	    (tmp[3] ^ tmp[6])) != 0xff) {
 		/* Check byte failure */
 		goto err;
-		}
-	if (inlen < (size_t)(tmp[0] - 4 ))
-		{
+	}
+	if (inlen < (size_t)(tmp[0] - 4 )) {
 		/* Invalid length value */
 		goto err;
-		}
+	}
 	*outlen = (size_t)tmp[0];
 	memcpy(out, tmp + 4, *outlen);
 	rv = 1;
-	err:
+
+err:
 	OPENSSL_cleanse(tmp, inlen);
 	free(tmp);
 	return rv;
+}
 
-	}
-
-static int kek_wrap_key(unsigned char *out, size_t *outlen,
-		const unsigned char *in, size_t inlen, EVP_CIPHER_CTX *ctx)
-	{
+static int
+kek_wrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
+    size_t inlen, EVP_CIPHER_CTX *ctx)
+{
 	size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
 	size_t olen;
 	int dummy;
+
 	/* First decide length of output buffer: need header and round up to
 	 * multiple of block length.
 	 */
 	olen = (inlen + 4 + blocklen - 1)/blocklen;
 	olen *= blocklen;
-	if (olen < 2 * blocklen)
-		{
+	if (olen < 2 * blocklen) {
 		/* Key too small */
 		return 0;
-		}
-	if (inlen > 0xFF)
-		{
+	}
+	if (inlen > 0xFF) {
 		/* Key too large */
 		return 0;
-		}
-	if (out)
-		{
+	}
+	if (out) {
 		/* Set header */
 		out[0] = (unsigned char)inlen;
 		out[1] = in[0] ^ 0xFF;
@@ -310,18 +301,19 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
 		/* Encrypt twice */
 		EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
 		EVP_EncryptUpdate(ctx, out, &dummy, out, olen);
-		}
+	}
 
 	*outlen = olen;
 
 	return 1;
-	}
+}
 
 /* Encrypt/Decrypt content key in PWRI recipient info */
 
-int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
-							int en_de)
-	{
+int
+cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+    int en_de)
+{
 	CMS_EncryptedContentInfo *ec;
 	CMS_PasswordRecipientInfo *pwri;
 	const unsigned char *p = NULL;
@@ -338,69 +330,61 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 	pwri = ri->d.pwri;
 	EVP_CIPHER_CTX_init(&kekctx);
 
-	if (!pwri->pass)
-		{
+	if (!pwri->pass) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
 		return 0;
-		}
+	}
 	algtmp = pwri->keyEncryptionAlgorithm;
 
-	if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK)
-		{
+	if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-				CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
+		    CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
 		return 0;
-		}
+	}
 
-	if (algtmp->parameter->type == V_ASN1_SEQUENCE)
-		{
+	if (algtmp->parameter->type == V_ASN1_SEQUENCE) {
 		p = algtmp->parameter->value.sequence->data;
 		plen = algtmp->parameter->value.sequence->length;
 		kekalg = d2i_X509_ALGOR(NULL, &p, plen);
-		}
-	if (kekalg == NULL)
-		{
+	}
+	if (kekalg == NULL) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-				CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
+		    CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
 		return 0;
-		}
+	}
 
 	kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
-		
-	if(!kekcipher)
-		{
+
+	if (!kekcipher) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-				CMS_R_UNKNOWN_CIPHER);
+		    CMS_R_UNKNOWN_CIPHER);
 		goto err;
-		}
+	}
 
 	/* Fixup cipher based on AlgorithmIdentifier to set IV etc */
 	if (!EVP_CipherInit_ex(&kekctx, kekcipher, NULL, NULL, NULL, en_de))
 		goto err;
 	EVP_CIPHER_CTX_set_padding(&kekctx, 0);
-	if(EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0)
-		{
+	if (EVP_CIPHER_asn1_to_param(&kekctx, kekalg->parameter) < 0) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-				CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+		    CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
 		goto err;
-		}
+	}
 
 	algtmp = pwri->keyDerivationAlgorithm;
 
 	/* Finish password based key derivation to setup key in "ctx" */
 
 	if (EVP_PBE_CipherInit(algtmp->algorithm,
-				(char *)pwri->pass, pwri->passlen,
-				algtmp->parameter, &kekctx, en_de) < 0)
-		{
+	    (char *)pwri->pass, pwri->passlen,
+	    algtmp->parameter, &kekctx, en_de) < 0) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
 		goto err;
-		}
+	}
 
 	/* Finally wrap/unwrap the key */
 
-	if (en_de)
-		{
+	if (en_de) {
 
 		if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, &kekctx))
 			goto err;
@@ -414,41 +398,34 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 			goto err;
 		pwri->encryptedKey->data = key;
 		pwri->encryptedKey->length = keylen;
-		}
-	else
-		{
+	} else {
 		key = malloc(pwri->encryptedKey->length);
 
-		if (!key)
-			{
+		if (!key) {
 			CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-							ERR_R_MALLOC_FAILURE);
+			    ERR_R_MALLOC_FAILURE);
 			goto err;
-			}
+		}
 		if (!kek_unwrap_key(key, &keylen,
-					pwri->encryptedKey->data,
-					pwri->encryptedKey->length, &kekctx))
-			{
+		    pwri->encryptedKey->data,
+		    pwri->encryptedKey->length, &kekctx)) {
 			CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-							CMS_R_UNWRAP_FAILURE);
+			    CMS_R_UNWRAP_FAILURE);
 			goto err;
-			}
+		}
 
 		ec->key = key;
 		ec->keylen = keylen;
 
-		}
+	}
 
 	r = 1;
 
-	err:
-
+err:
 	EVP_CIPHER_CTX_cleanup(&kekctx);
-
 	if (!r && key)
 		free(key);
 	X509_ALGOR_free(kekalg);
 
 	return r;
-
-	}
+}
diff --git a/lib/libcrypto/cms/cms_sd.c b/lib/libcrypto/cms/cms_sd.c
index 976881743bc..7fbc0490bac 100644
--- a/lib/libcrypto/cms/cms_sd.c
+++ b/lib/libcrypto/cms/cms_sd.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,119 +64,111 @@
 
 DECLARE_ASN1_ITEM(CMS_SignedData)
 
-static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
-	{
-	if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed)
-		{
-		CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
+static CMS_SignedData *
+cms_get0_signed(CMS_ContentInfo *cms)
+{
+	if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
+		CMSerr(CMS_F_CMS_GET0_SIGNED,
+		    CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
 		return NULL;
-		}
-	return cms->d.signedData;
 	}
+	return cms->d.signedData;
+}
 
-static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
-	{
-	if (cms->d.other == NULL)
-		{
+static CMS_SignedData *
+cms_signed_data_init(CMS_ContentInfo *cms)
+{
+	if (cms->d.other == NULL) {
 		cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
-		if (!cms->d.signedData)
-			{
-			CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);
+		if (!cms->d.signedData) {
+			CMSerr(CMS_F_CMS_SIGNED_DATA_INIT,
+			    ERR_R_MALLOC_FAILURE);
 			return NULL;
-			}
+		}
 		cms->d.signedData->version = 1;
 		cms->d.signedData->encapContentInfo->eContentType =
-						OBJ_nid2obj(NID_pkcs7_data);
+		    OBJ_nid2obj(NID_pkcs7_data);
 		cms->d.signedData->encapContentInfo->partial = 1;
 		ASN1_OBJECT_free(cms->contentType);
 		cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
 		return cms->d.signedData;
-		}
-	return cms_get0_signed(cms);
 	}
+	return cms_get0_signed(cms);
+}
 
 /* Just initialize SignedData e.g. for certs only structure */
 
-int CMS_SignedData_init(CMS_ContentInfo *cms)
-	{
+int
+CMS_SignedData_init(CMS_ContentInfo *cms)
+{
 	if (cms_signed_data_init(cms))
 		return 1;
 	else
 		return 0;
-	}
+}
 
 /* Check structures and fixup version numbers (if necessary) */
 
-static void cms_sd_set_version(CMS_SignedData *sd)
-	{
+static void
+cms_sd_set_version(CMS_SignedData *sd)
+{
 	int i;
 	CMS_CertificateChoices *cch;
 	CMS_RevocationInfoChoice *rch;
 	CMS_SignerInfo *si;
 
-	for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++)
-		{
+	for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) {
 		cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
-		if (cch->type == CMS_CERTCHOICE_OTHER)
-			{
+		if (cch->type == CMS_CERTCHOICE_OTHER) {
 			if (sd->version < 5)
 				sd->version = 5;
-			}
-		else if (cch->type == CMS_CERTCHOICE_V2ACERT)
-			{
+		} else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
 			if (sd->version < 4)
 				sd->version = 4;
-			}
-		else if (cch->type == CMS_CERTCHOICE_V1ACERT)
-			{
+		} else if (cch->type == CMS_CERTCHOICE_V1ACERT) {
 			if (sd->version < 3)
 				sd->version = 3;
-			}
 		}
+	}
 
-	for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++)
-		{
+	for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) {
 		rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
-		if (rch->type == CMS_REVCHOICE_OTHER)
-			{
+		if (rch->type == CMS_REVCHOICE_OTHER) {
 			if (sd->version < 5)
 				sd->version = 5;
-			}
 		}
+	}
 
-	if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
-			&& (sd->version < 3))
+	if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) !=
+	    NID_pkcs7_data) && (sd->version < 3))
 		sd->version = 3;
 
-	for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
-		{
+	for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
 		si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
-		if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
-			{
+		if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
 			if (si->version < 3)
 				si->version = 3;
 			if (sd->version < 3)
 				sd->version = 3;
-			}
-		else
+		} else
 			sd->version = 1;
-		}
+	}
 
 	if (sd->version < 1)
 		sd->version = 1;
+}
 
-	}
-	
 /* Copy an existing messageDigest value */
 
-static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
-	{
+static int
+cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
+{
 	STACK_OF(CMS_SignerInfo) *sinfos;
 	CMS_SignerInfo *sitmp;
 	int i;
+
 	sinfos = CMS_get0_SignerInfos(cms);
-	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-		{
+	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
 		ASN1_OCTET_STRING *messageDigest;
 		sitmp = sk_CMS_SignerInfo_value(sinfos, i);
 		if (sitmp == si)
@@ -184,133 +176,124 @@ static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
 		if (CMS_signed_get_attr_count(sitmp) < 0)
 			continue;
 		if (OBJ_cmp(si->digestAlgorithm->algorithm,
-				sitmp->digestAlgorithm->algorithm))
+		    sitmp->digestAlgorithm->algorithm))
 			continue;
 		messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
-					OBJ_nid2obj(NID_pkcs9_messageDigest),
-					-3, V_ASN1_OCTET_STRING);
-		if (!messageDigest)
-			{
+		    OBJ_nid2obj(NID_pkcs9_messageDigest),
+		    -3, V_ASN1_OCTET_STRING);
+		if (!messageDigest) {
 			CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
-				CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+			    CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
 			return 0;
-			}
+		}
 
 		if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
-						V_ASN1_OCTET_STRING,
-						messageDigest, -1))
+		    V_ASN1_OCTET_STRING,
+		    messageDigest, -1))
 			return 1;
 		else
 			return 0;
-		}
-		CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
-		return 0;
 	}
+	CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
+	return 0;
+}
 
-int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
-	{
-	switch(type)
-		{
-		case CMS_SIGNERINFO_ISSUER_SERIAL:
+int
+cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
+{
+	switch (type) {
+	case CMS_SIGNERINFO_ISSUER_SERIAL:
 		sid->d.issuerAndSerialNumber =
-			M_ASN1_new_of(CMS_IssuerAndSerialNumber);
+		    M_ASN1_new_of(CMS_IssuerAndSerialNumber);
 		if (!sid->d.issuerAndSerialNumber)
 			goto merr;
 		if (!X509_NAME_set(&sid->d.issuerAndSerialNumber->issuer,
-					X509_get_issuer_name(cert)))
+		    X509_get_issuer_name(cert)))
 			goto merr;
 		if (!ASN1_STRING_copy(
-			sid->d.issuerAndSerialNumber->serialNumber,
-				X509_get_serialNumber(cert)))
+		    sid->d.issuerAndSerialNumber->serialNumber,
+		    X509_get_serialNumber(cert)))
 			goto merr;
 		break;
 
-		case CMS_SIGNERINFO_KEYIDENTIFIER:
-		if (!cert->skid)
-			{
+	case CMS_SIGNERINFO_KEYIDENTIFIER:
+		if (!cert->skid) {
 			CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER,
-					CMS_R_CERTIFICATE_HAS_NO_KEYID);
+			    CMS_R_CERTIFICATE_HAS_NO_KEYID);
 			return 0;
-			}
+		}
 		sid->d.subjectKeyIdentifier = ASN1_STRING_dup(cert->skid);
 		if (!sid->d.subjectKeyIdentifier)
 			goto merr;
 		break;
 
-		default:
+	default:
 		CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
 		return 0;
-		}
+	}
 
 	sid->type = type;
 
 	return 1;
 
-	merr:
+merr:
 	CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, ERR_R_MALLOC_FAILURE);
 	return 0;
+}
 
-	}
-
-int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno)
-	{
-	if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
-		{
+int
+cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+    ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno)
+{
+	if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
 		if (issuer)
 			*issuer = sid->d.issuerAndSerialNumber->issuer;
 		if (sno)
 			*sno = sid->d.issuerAndSerialNumber->serialNumber;
-		}
-	else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
-		{
+	} else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
 		if (keyid)
 			*keyid = sid->d.subjectKeyIdentifier;
-		}
-	else
+	} else
 		return 0;
 	return 1;
-	}
+}
 
-int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
-	{
+int
+cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
+{
 	int ret;
-	if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
-		{
+
+	if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
 		ret = X509_NAME_cmp(sid->d.issuerAndSerialNumber->issuer,
-					X509_get_issuer_name(cert));
+		    X509_get_issuer_name(cert));
 		if (ret)
 			return ret;
 		return ASN1_INTEGER_cmp(sid->d.issuerAndSerialNumber->serialNumber,
-					X509_get_serialNumber(cert));
-		}
-	else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
-		{
+		    X509_get_serialNumber(cert));
+	} else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
 		X509_check_purpose(cert, -1, -1);
 		if (!cert->skid)
 			return -1;
 		return ASN1_OCTET_STRING_cmp(sid->d.subjectKeyIdentifier,
-							cert->skid);
-		}
-	else
+		    cert->skid);
+	} else
 		return -1;
-	}
+}
 
-CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
-			X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
-			unsigned int flags)
-	{
+CMS_SignerInfo *
+CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk,
+    const EVP_MD *md, unsigned int flags)
+{
 	CMS_SignedData *sd;
 	CMS_SignerInfo *si = NULL;
 	X509_ALGOR *alg;
 	int i, type;
-	if(!X509_check_private_key(signer, pk))
-		{
+
+	if (!X509_check_private_key(signer, pk)) {
 		CMSerr(CMS_F_CMS_ADD1_SIGNER,
-			CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-                return NULL;
-		}
+		    CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+		return NULL;
+	}
 	sd = cms_signed_data_init(cms);
 	if (!sd)
 		goto err;
@@ -325,98 +308,83 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
 	si->pkey = pk;
 	si->signer = signer;
 
-	if (flags & CMS_USE_KEYID)
-		{
+	if (flags & CMS_USE_KEYID) {
 		si->version = 3;
 		if (sd->version < 3)
 			sd->version = 3;
 		type = CMS_SIGNERINFO_KEYIDENTIFIER;
-		}
-	else
-		{
+	} else {
 		type = CMS_SIGNERINFO_ISSUER_SERIAL;
 		si->version = 1;
-		}
+	}
 
 	if (!cms_set1_SignerIdentifier(si->sid, signer, type))
 		goto err;
 
-	if (md == NULL)
-		{
+	if (md == NULL) {
 		int def_nid;
 		if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
 			goto err;
 		md = EVP_get_digestbynid(def_nid);
-		if (md == NULL)
-			{
+		if (md == NULL) {
 			CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
 			goto err;
-			}
 		}
+	}
 
-	if (!md)
-		{
+	if (!md) {
 		CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
 		goto err;
-		}
+	}
 
 	cms_DigestAlgorithm_set(si->digestAlgorithm, md);
 
 	/* See if digest is present in digestAlgorithms */
-	for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
-		{
+	for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
 		ASN1_OBJECT *aoid;
 		alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
 		X509_ALGOR_get0(&aoid, NULL, NULL, alg);
 		if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
 			break;
-		}
+	}
 
-	if (i == sk_X509_ALGOR_num(sd->digestAlgorithms))
-		{
+	if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) {
 		alg = X509_ALGOR_new();
 		if (!alg)
 			goto merr;
 		cms_DigestAlgorithm_set(alg, md);
-		if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg))
-			{
+		if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
 			X509_ALGOR_free(alg);
 			goto merr;
-			}
 		}
+	}
 
-	if (pk->ameth && pk->ameth->pkey_ctrl)
-		{
+	if (pk->ameth && pk->ameth->pkey_ctrl) {
 		i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_SIGN,
-						0, si);
-		if (i == -2)
-			{
+		    0, si);
+		if (i == -2) {
 			CMSerr(CMS_F_CMS_ADD1_SIGNER,
-				CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+			    CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
 			goto err;
-			}
-		if (i <= 0)
-			{
+		}
+		if (i <= 0) {
 			CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_CTRL_FAILURE);
 			goto err;
-			}
 		}
+	}
 
-	if (!(flags & CMS_NOATTR))
-		{
+	if (!(flags & CMS_NOATTR)) {
 		/* Initialialize signed attributes strutucture so other
 		 * attributes such as signing time etc are added later
 		 * even if we add none here.
 		 */
-		if (!si->signedAttrs)
-			{
+		if (!si->signedAttrs) {
 			si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
 			if (!si->signedAttrs)
 				goto merr;
-			}
+		}
 
-		if (!(flags & CMS_NOSMIMECAP))
-			{
+		if (!(flags & CMS_NOSMIMECAP)) {
 			STACK_OF(X509_ALGOR) *smcap = NULL;
 			i = CMS_add_standard_smimecap(&smcap);
 			if (i)
@@ -424,45 +392,44 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
 			sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
 			if (!i)
 				goto merr;
-			}
-		if (flags & CMS_REUSE_DIGEST)
-			{
+		}
+		if (flags & CMS_REUSE_DIGEST) {
 			if (!cms_copy_messageDigest(cms, si))
 				goto err;
 			if (!(flags & CMS_PARTIAL) &&
-					!CMS_SignerInfo_sign(si))
+			    !CMS_SignerInfo_sign(si))
 				goto err;
-			}
 		}
+	}
 
-	if (!(flags & CMS_NOCERTS))
-		{
+	if (!(flags & CMS_NOCERTS)) {
 		/* NB ignore -1 return for duplicate cert */
 		if (!CMS_add1_cert(cms, signer))
 			goto merr;
-		}
+	}
 
 	if (!sd->signerInfos)
 		sd->signerInfos = sk_CMS_SignerInfo_new_null();
 	if (!sd->signerInfos ||
-		!sk_CMS_SignerInfo_push(sd->signerInfos, si))
+	    !sk_CMS_SignerInfo_push(sd->signerInfos, si))
 		goto merr;
 
 	return si;
 
-	merr:
+merr:
 	CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
-	err:
+err:
 	if (si)
 		M_ASN1_free_of(si, CMS_SignerInfo);
 	return NULL;
+}
 
-	}
-
-static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
-	{
+static int
+cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
+{
 	ASN1_TIME *tt;
 	int r = 0;
+
 	if (t)
 		tt = t;
 	else
@@ -472,89 +439,88 @@ static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
 		goto merr;
 
 	if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
-						tt->type, tt, -1) <= 0)
+	    tt->type, tt, -1) <= 0)
 		goto merr;
 
 	r = 1;
 
-	merr:
-
+merr:
 	if (!t)
 		ASN1_TIME_free(tt);
-
 	if (!r)
 		CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
 
 	return r;
+}
 
-	}
-
-STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
-	{
+STACK_OF(CMS_SignerInfo) *
+CMS_get0_SignerInfos(CMS_ContentInfo *cms)
+{
 	CMS_SignedData *sd;
+
 	sd = cms_get0_signed(cms);
 	if (!sd)
 		return NULL;
 	return sd->signerInfos;
-	}
+}
 
-STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
-	{
+STACK_OF(X509) *
+CMS_get0_signers(CMS_ContentInfo *cms)
+{
 	STACK_OF(X509) *signers = NULL;
 	STACK_OF(CMS_SignerInfo) *sinfos;
 	CMS_SignerInfo *si;
 	int i;
+
 	sinfos = CMS_get0_SignerInfos(cms);
-	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-		{
+	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
 		si = sk_CMS_SignerInfo_value(sinfos, i);
-		if (si->signer)
-			{
-			if (!signers)
-				{
+		if (si->signer) {
+			if (!signers) {
 				signers = sk_X509_new_null();
 				if (!signers)
 					return NULL;
-				}
-			if (!sk_X509_push(signers, si->signer))
-				{
+			}
+			if (!sk_X509_push(signers, si->signer)) {
 				sk_X509_free(signers);
 				return NULL;
-				}
 			}
 		}
-	return signers;
 	}
+	return signers;
+}
 
-void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
-	{
-	if (signer)
-		{
+void
+CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
+{
+	if (signer) {
 		CRYPTO_add(&signer->references, 1, CRYPTO_LOCK_X509);
 		if (si->pkey)
 			EVP_PKEY_free(si->pkey);
 		si->pkey = X509_get_pubkey(signer);
-		}
+	}
 	if (si->signer)
 		X509_free(si->signer);
 	si->signer = signer;
-	}
+}
 
-int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
-					ASN1_OCTET_STRING **keyid,
-					X509_NAME **issuer, ASN1_INTEGER **sno)
-	{
+int
+CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid,
+    X509_NAME **issuer, ASN1_INTEGER **sno)
+{
 	return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
-	}
+}
 
-int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
-	{
+int
+CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
+{
 	return cms_SignerIdentifier_cert_cmp(si->sid, cert);
-	}
+}
 
-int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
-				unsigned int flags)
-	{
+int
+CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
+    unsigned int flags)
+{
 	CMS_SignedData *sd;
 	CMS_SignerInfo *si;
 	CMS_CertificateChoices *cch;
@@ -562,50 +528,47 @@ int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
 	X509 *x;
 	int i, j;
 	int ret = 0;
+
 	sd = cms_get0_signed(cms);
 	if (!sd)
 		return -1;
 	certs = sd->certificates;
-	for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++)
-		{
+	for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
 		si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
 		if (si->signer)
 			continue;
 
-		for (j = 0; j < sk_X509_num(scerts); j++)
-			{
+		for (j = 0; j < sk_X509_num(scerts); j++) {
 			x = sk_X509_value(scerts, j);
-			if (CMS_SignerInfo_cert_cmp(si, x) == 0)
-				{
+			if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
 				CMS_SignerInfo_set1_signer_cert(si, x);
 				ret++;
 				break;
-				}
 			}
+		}
 
 		if (si->signer || (flags & CMS_NOINTERN))
 			continue;
 
-		for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++)
-			{
+		for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) {
 			cch = sk_CMS_CertificateChoices_value(certs, j);
 			if (cch->type != 0)
 				continue;
 			x = cch->d.certificate;
-			if (CMS_SignerInfo_cert_cmp(si, x) == 0)
-				{
+			if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
 				CMS_SignerInfo_set1_signer_cert(si, x);
 				ret++;
 				break;
-				}
 			}
 		}
-	return ret;
 	}
+	return ret;
+}
 
-void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
-					X509_ALGOR **pdig, X509_ALGOR **psig)
-	{
+void
+CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
+    X509_ALGOR **pdig, X509_ALGOR **psig)
+{
 	if (pk)
 		*pk = si->pkey;
 	if (signer)
@@ -614,93 +577,88 @@ void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
 		*pdig = si->digestAlgorithm;
 	if (psig)
 		*psig = si->signatureAlgorithm;
-	}
+}
 
-static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
-					CMS_SignerInfo *si, BIO *chain)
-	{
+static int
+cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si,
+    BIO *chain)
+{
 	EVP_MD_CTX mctx;
 	int r = 0;
 	EVP_MD_CTX_init(&mctx);
 
-
-	if (!si->pkey)
-		{
+	if (!si->pkey) {
 		CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
 		return 0;
-		}
+	}
 
 	if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
 		goto err;
 
 	/* If any signed attributes calculate and add messageDigest attribute */
 
-	if (CMS_signed_get_attr_count(si) >= 0)
-		{
+	if (CMS_signed_get_attr_count(si) >= 0) {
 		ASN1_OBJECT *ctype =
-			cms->d.signedData->encapContentInfo->eContentType; 
+		    cms->d.signedData->encapContentInfo->eContentType;
 		unsigned char md[EVP_MAX_MD_SIZE];
 		unsigned int mdlen;
 		if (!EVP_DigestFinal_ex(&mctx, md, &mdlen))
 			goto err;
 		if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
-						V_ASN1_OCTET_STRING,
-						md, mdlen))
+		    V_ASN1_OCTET_STRING,
+		    md, mdlen))
 			goto err;
 		/* Copy content type across */
 		if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
-					V_ASN1_OBJECT, ctype, -1) <= 0)
+		    V_ASN1_OBJECT, ctype, -1) <= 0)
 			goto err;
 		if (!CMS_SignerInfo_sign(si))
 			goto err;
-		}
-	else
-		{
+	} else {
 		unsigned char *sig;
 		unsigned int siglen;
 		sig = malloc(EVP_PKEY_size(si->pkey));
-		if (!sig)
-			{
+		if (!sig) {
 			CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
-					ERR_R_MALLOC_FAILURE);
+			    ERR_R_MALLOC_FAILURE);
 			goto err;
-			}
-		if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey))
-			{
+		}
+		if (!EVP_SignFinal(&mctx, sig, &siglen, si->pkey)) {
 			CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN,
-					CMS_R_SIGNFINAL_ERROR);
+			    CMS_R_SIGNFINAL_ERROR);
 			free(sig);
 			goto err;
-			}
-		ASN1_STRING_set0(si->signature, sig, siglen);
 		}
+		ASN1_STRING_set0(si->signature, sig, siglen);
+	}
 
 	r = 1;
 
-	err:
+err:
 	EVP_MD_CTX_cleanup(&mctx);
 	return r;
+}
 
-	}
-
-int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
-	{
+int
+cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
+{
 	STACK_OF(CMS_SignerInfo) *sinfos;
 	CMS_SignerInfo *si;
 	int i;
+
 	sinfos = CMS_get0_SignerInfos(cms);
-	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-		{
+	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
 		si = sk_CMS_SignerInfo_value(sinfos, i);
 		if (!cms_SignerInfo_content_sign(cms, si, chain))
 			return 0;
-		}
+	}
 	cms->d.signedData->encapContentInfo->partial = 0;
 	return 1;
-	}
+}
 
-int CMS_SignerInfo_sign(CMS_SignerInfo *si)
-	{
+int
+CMS_SignerInfo_sign(CMS_SignerInfo *si)
+{
 	EVP_MD_CTX mctx;
 	EVP_PKEY_CTX *pctx;
 	unsigned char *abuf = NULL;
@@ -714,25 +672,23 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
 
 	EVP_MD_CTX_init(&mctx);
 
-	if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0)
-		{
+	if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
 		if (!cms_add1_signingTime(si, NULL))
 			goto err;
-		}
+	}
 
 	if (EVP_DigestSignInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
 		goto err;
 
 	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-				EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0)
-		{
+	    EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) {
 		CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
 		goto err;
-		}
+	}
 
-	alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
-				ASN1_ITEM_rptr(CMS_Attributes_Sign));
-	if(!abuf)
+	alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
+	    ASN1_ITEM_rptr(CMS_Attributes_Sign));
+	if (!abuf)
 		goto err;
 	if (EVP_DigestSignUpdate(&mctx, abuf, alen) <= 0)
 		goto err;
@@ -740,17 +696,16 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
 		goto err;
 	free(abuf);
 	abuf = malloc(siglen);
-	if(!abuf)
+	if (!abuf)
 		goto err;
 	if (EVP_DigestSignFinal(&mctx, abuf, &siglen) <= 0)
 		goto err;
 
 	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-				EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0)
-		{
+	    EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) {
 		CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
 		goto err;
-		}
+	}
 
 	EVP_MD_CTX_cleanup(&mctx);
 
@@ -758,26 +713,25 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
 
 	return 1;
 
-	err:
+err:
 	free(abuf);
 	EVP_MD_CTX_cleanup(&mctx);
 	return 0;
+}
 
-	}
-
-int CMS_SignerInfo_verify(CMS_SignerInfo *si)
-	{
+int
+CMS_SignerInfo_verify(CMS_SignerInfo *si)
+{
 	EVP_MD_CTX mctx;
 	EVP_PKEY_CTX *pctx;
 	unsigned char *abuf = NULL;
 	int alen, r = -1;
 	const EVP_MD *md = NULL;
 
-	if (!si->pkey)
-		{
+	if (!si->pkey) {
 		CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
 		return -1;
-		}
+	}
 
 	md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
 	if (md == NULL)
@@ -786,199 +740,195 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
 	if (EVP_DigestVerifyInit(&mctx, &pctx, md, NULL, si->pkey) <= 0)
 		goto err;
 
-	alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs,&abuf,
-				ASN1_ITEM_rptr(CMS_Attributes_Verify));
-	if(!abuf)
+	alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
+	    ASN1_ITEM_rptr(CMS_Attributes_Verify));
+	if (!abuf)
 		goto err;
 	r = EVP_DigestVerifyUpdate(&mctx, abuf, alen);
 	free(abuf);
-	if (r <= 0)
-		{
+	if (r <= 0) {
 		r = -1;
 		goto err;
-		}
+	}
 	r = EVP_DigestVerifyFinal(&mctx,
-			si->signature->data, si->signature->length);
+	    si->signature->data, si->signature->length);
 	if (r <= 0)
 		CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
-	err:
+
+err:
 	EVP_MD_CTX_cleanup(&mctx);
 	return r;
-	}
+}
 
 /* Create a chain of digest BIOs from a CMS ContentInfo */
 
-BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
-	{
+BIO *
+cms_SignedData_init_bio(CMS_ContentInfo *cms)
+{
 	int i;
 	CMS_SignedData *sd;
 	BIO *chain = NULL;
+
 	sd = cms_get0_signed(cms);
 	if (!sd)
 		return NULL;
 	if (cms->d.signedData->encapContentInfo->partial)
 		cms_sd_set_version(sd);
-	for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++)
-		{
+	for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
 		X509_ALGOR *digestAlgorithm;
 		BIO *mdbio;
 		digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
 		mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
 		if (!mdbio)
-			goto err;	
+			goto err;
 		if (chain)
-			 BIO_push(chain, mdbio);
+			BIO_push(chain, mdbio);
 		else
 			chain = mdbio;
-		}
+	}
 	return chain;
-	err:
+
+err:
 	if (chain)
 		BIO_free_all(chain);
 	return NULL;
-	}
+}
 
-int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
-	{
+int
+CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
+{
 	ASN1_OCTET_STRING *os = NULL;
 	EVP_MD_CTX mctx;
 	int r = -1;
+
 	EVP_MD_CTX_init(&mctx);
 	/* If we have any signed attributes look for messageDigest value */
-	if (CMS_signed_get_attr_count(si) >= 0)
-		{
+	if (CMS_signed_get_attr_count(si) >= 0) {
 		os = CMS_signed_get0_data_by_OBJ(si,
-					OBJ_nid2obj(NID_pkcs9_messageDigest),
-					-3, V_ASN1_OCTET_STRING);
-		if (!os)
-			{
+		    OBJ_nid2obj(NID_pkcs9_messageDigest),
+		    -3, V_ASN1_OCTET_STRING);
+		if (!os) {
 			CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
-				CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+			    CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
 			goto err;
-			}
 		}
+	}
 
 	if (!cms_DigestAlgorithm_find_ctx(&mctx, chain, si->digestAlgorithm))
 		goto err;
 
 	/* If messageDigest found compare it */
 
-	if (os)
-		{
+	if (os) {
 		unsigned char mval[EVP_MAX_MD_SIZE];
 		unsigned int mlen;
-		if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0)
-			{
+		if (EVP_DigestFinal_ex(&mctx, mval, &mlen) <= 0) {
 			CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
-				CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
+			    CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
 			goto err;
-			}
-		if (mlen != (unsigned int)os->length)
-			{
+		}
+		if (mlen != (unsigned int)os->length) {
 			CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
-				CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
+			    CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
 			goto err;
-			}
+		}
 
-		if (memcmp(mval, os->data, mlen))
-			{
+		if (memcmp(mval, os->data, mlen)) {
 			CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
-				CMS_R_VERIFICATION_FAILURE);
+			    CMS_R_VERIFICATION_FAILURE);
 			r = 0;
-			}
-		else
+		} else
 			r = 1;
-		}
-	else
-		{
+	} else {
 		r = EVP_VerifyFinal(&mctx, si->signature->data,
-					si->signature->length, si->pkey);
-		if (r <= 0)
-			{
+		    si->signature->length, si->pkey);
+		if (r <= 0) {
 			CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
-				CMS_R_VERIFICATION_FAILURE);
+			    CMS_R_VERIFICATION_FAILURE);
 			r = 0;
-			}
 		}
+	}
 
-	err:
+err:
 	EVP_MD_CTX_cleanup(&mctx);
 	return r;
+}
 
-	}
-
-int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
-	{
+int
+CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
+{
 	unsigned char *smder = NULL;
 	int smderlen, r;
+
 	smderlen = i2d_X509_ALGORS(algs, &smder);
 	if (smderlen <= 0)
 		return 0;
 	r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
-					V_ASN1_SEQUENCE, smder, smderlen);
+	    V_ASN1_SEQUENCE, smder, smderlen);
 	free(smder);
 	return r;
-	}
+}
 
-int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
-				int algnid, int keysize)
-	{
+int
+CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid, int keysize)
+{
 	X509_ALGOR *alg;
 	ASN1_INTEGER *key = NULL;
-	if (keysize > 0)
-		{
+
+	if (keysize > 0) {
 		key = ASN1_INTEGER_new();
 		if (!key || !ASN1_INTEGER_set(key, keysize))
 			return 0;
-		}
+	}
 	alg = X509_ALGOR_new();
-	if (!alg)
-		{
+	if (!alg) {
 		if (key)
 			ASN1_INTEGER_free(key);
 		return 0;
-		}
-		
+	}
+
 	X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
-				key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
+	    key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
 	if (!*algs)
 		*algs = sk_X509_ALGOR_new_null();
-	if (!*algs || !sk_X509_ALGOR_push(*algs, alg))
-		{
+	if (!*algs || !sk_X509_ALGOR_push(*algs, alg)) {
 		X509_ALGOR_free(alg);
 		return 0;
-		}
-	return 1;
 	}
+	return 1;
+}
 
 /* Check to see if a cipher exists and if so add S/MIME capabilities */
 
-static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
-	{
+static int
+cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+{
 	if (EVP_get_cipherbynid(nid))
 		return CMS_add_simple_smimecap(sk, nid, arg);
 	return 1;
-	}
+}
 
-static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
-	{
+static int
+cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+{
 	if (EVP_get_digestbynid(nid))
 		return CMS_add_simple_smimecap(sk, nid, arg);
 	return 1;
-	}
-
-int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
-	{
-	if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
-		|| !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
-		|| !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
-		|| !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
+}
+
+int
+CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
+{
+	if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
+	    !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
+	    !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||
+	    !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ||
+	    !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ||
+	    !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) ||
+	    !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) ||
+	    !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) ||
+	    !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) ||
+	    !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
 		return 0;
 	return 1;
-	}
+}
diff --git a/lib/libcrypto/cms/cms_smime.c b/lib/libcrypto/cms/cms_smime.c
index 94f60c1b5c9..e32a58b3bc5 100644
--- a/lib/libcrypto/cms/cms_smime.c
+++ b/lib/libcrypto/cms/cms_smime.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -59,114 +59,107 @@
 #include <openssl/cms.h>
 #include "cms_lcl.h"
 
-static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
-	{
+static int
+cms_copy_content(BIO *out, BIO *in, unsigned int flags)
+{
 	unsigned char buf[4096];
 	int r = 0, i;
 	BIO *tmpout = NULL;
 
 	if (out == NULL)
 		tmpout = BIO_new(BIO_s_null());
-	else if (flags & CMS_TEXT)
-		{
+	else if (flags & CMS_TEXT) {
 		tmpout = BIO_new(BIO_s_mem());
 		BIO_set_mem_eof_return(tmpout, 0);
-		}
-	else
+	} else
 		tmpout = out;
 
-	if(!tmpout)
-		{
-		CMSerr(CMS_F_CMS_COPY_CONTENT,ERR_R_MALLOC_FAILURE);
+	if (!tmpout) {
+		CMSerr(CMS_F_CMS_COPY_CONTENT, ERR_R_MALLOC_FAILURE);
 		goto err;
-		}
+	}
 
 	/* Read all content through chain to process digest, decrypt etc */
-	for (;;)
-	{
-		i=BIO_read(in,buf,sizeof(buf));
-		if (i <= 0)
-			{
-			if (BIO_method_type(in) == BIO_TYPE_CIPHER)
-				{
+	for (;;) {
+		i = BIO_read(in, buf, sizeof(buf));
+		if (i <= 0) {
+			if (BIO_method_type(in) == BIO_TYPE_CIPHER) {
 				if (!BIO_get_cipher_status(in))
 					goto err;
-				}
+			}
 			if (i < 0)
 				goto err;
 			break;
-			}
-				
+		}
+
 		if (tmpout && (BIO_write(tmpout, buf, i) != i))
 			goto err;
 	}
 
-	if(flags & CMS_TEXT)
-		{
-		if(!SMIME_text(tmpout, out))
-			{
-			CMSerr(CMS_F_CMS_COPY_CONTENT,CMS_R_SMIME_TEXT_ERROR);
+	if (flags & CMS_TEXT) {
+		if (!SMIME_text(tmpout, out)) {
+			CMSerr(CMS_F_CMS_COPY_CONTENT, CMS_R_SMIME_TEXT_ERROR);
 			goto err;
-			}
 		}
+	}
 
 	r = 1;
 
-	err:
+err:
 	if (tmpout && (tmpout != out))
 		BIO_free(tmpout);
 	return r;
+}
 
-	}
-
-static int check_content(CMS_ContentInfo *cms)
-	{
+static int
+check_content(CMS_ContentInfo *cms)
+{
 	ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
-	if (!pos || !*pos)
-		{
+
+	if (!pos || !*pos) {
 		CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
 		return 0;
-		}
-	return 1;
 	}
+	return 1;
+}
 
-static void do_free_upto(BIO *f, BIO *upto)
-	{
-	if (upto)
-		{
+static void
+do_free_upto(BIO *f, BIO *upto)
+{
+	if (upto) {
 		BIO *tbio;
-		do 
-			{
+		do {
 			tbio = BIO_pop(f);
 			BIO_free(f);
 			f = tbio;
-			}
-		while (f != upto);
-		}
-	else
+		} while (f != upto);
+	} else
 		BIO_free_all(f);
-	}
+}
 
-int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
-	{
+int
+CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
+{
 	BIO *cont;
 	int r;
-	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data)
-		{
+
+	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) {
 		CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
 		return 0;
-		}
+	}
 	cont = CMS_dataInit(cms, NULL);
 	if (!cont)
 		return 0;
 	r = cms_copy_content(out, cont, flags);
 	BIO_free_all(cont);
 	return r;
-	}
+}
 
-CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
-	{
+CMS_ContentInfo *
+CMS_data_create(BIO *in, unsigned int flags)
+{
 	CMS_ContentInfo *cms;
+
 	cms = cms_Data_create();
 	if (!cms)
 		return NULL;
@@ -177,18 +170,19 @@ CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
 	CMS_ContentInfo_free(cms);
 
 	return NULL;
-	}
+}
 
-int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-							unsigned int flags)
-	{
+int
+CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+    unsigned int flags)
+{
 	BIO *cont;
 	int r;
-	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest)
-		{
+
+	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) {
 		CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
 		return 0;
-		}
+	}
 
 	if (!dcont && !check_content(cms))
 		return 0;
@@ -201,19 +195,20 @@ int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
 		r = cms_DigestedData_do_final(cms, cont, 1);
 	do_free_upto(cont, dcont);
 	return r;
-	}
+}
 
-CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
-					unsigned int flags)
-	{
+CMS_ContentInfo *
+CMS_digest_create(BIO *in, const EVP_MD *md, unsigned int flags)
+{
 	CMS_ContentInfo *cms;
+
 	if (!md)
 		md = EVP_sha1();
 	cms = cms_DigestedData_create(md);
 	if (!cms)
 		return NULL;
 
-	if(!(flags & CMS_DETACHED))
+	if (!(flags & CMS_DETACHED))
 		CMS_set_detached(cms, 0);
 
 	if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
@@ -221,20 +216,20 @@ CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
 
 	CMS_ContentInfo_free(cms);
 	return NULL;
-	}
+}
 
-int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
-				const unsigned char *key, size_t keylen,
-				BIO *dcont, BIO *out, unsigned int flags)
-	{
+int
+CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key,
+    size_t keylen, BIO *dcont, BIO *out, unsigned int flags)
+{
 	BIO *cont;
 	int r;
-	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted)
-		{
+
+	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) {
 		CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
-					CMS_R_TYPE_NOT_ENCRYPTED_DATA);
+		    CMS_R_TYPE_NOT_ENCRYPTED_DATA);
 		return 0;
-		}
+	}
 
 	if (!dcont && !check_content(cms))
 		return 0;
@@ -247,75 +242,73 @@ int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
 	r = cms_copy_content(out, cont, flags);
 	do_free_upto(cont, dcont);
 	return r;
-	}
+}
 
-CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
-					const unsigned char *key, size_t keylen,
-					unsigned int flags)
-	{
+CMS_ContentInfo *
+CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+    const unsigned char *key, size_t keylen, unsigned int flags)
+{
 	CMS_ContentInfo *cms;
-	if (!cipher)
-		{
+
+	if (!cipher) {
 		CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
 		return NULL;
-		}
+	}
 	cms = CMS_ContentInfo_new();
 	if (!cms)
 		return NULL;
 	if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
 		return NULL;
 
-	if(!(flags & CMS_DETACHED))
+	if (!(flags & CMS_DETACHED))
 		CMS_set_detached(cms, 0);
 
-	if ((flags & (CMS_STREAM|CMS_PARTIAL))
-		|| CMS_final(cms, in, NULL, flags))
+	if ((flags & (CMS_STREAM|CMS_PARTIAL)) ||
+	    CMS_final(cms, in, NULL, flags))
 		return cms;
 
 	CMS_ContentInfo_free(cms);
 	return NULL;
-	}
+}
 
-static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
-					X509_STORE *store,
-					STACK_OF(X509) *certs,
-					STACK_OF(X509_CRL) *crls,
-					unsigned int flags)
-	{
+static int
+cms_signerinfo_verify_cert(CMS_SignerInfo *si, X509_STORE *store,
+    STACK_OF(X509) *certs, STACK_OF(X509_CRL) *crls, unsigned int flags)
+{
 	X509_STORE_CTX ctx;
 	X509 *signer;
 	int i, j, r = 0;
+
 	CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
-	if (!X509_STORE_CTX_init(&ctx, store, signer, certs))
-		{
+	if (!X509_STORE_CTX_init(&ctx, store, signer, certs)) {
 		CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
-						CMS_R_STORE_INIT_ERROR);
+		    CMS_R_STORE_INIT_ERROR);
 		goto err;
-		}
+	}
 	X509_STORE_CTX_set_default(&ctx, "smime_sign");
 	if (crls)
 		X509_STORE_CTX_set0_crls(&ctx, crls);
 
 	i = X509_verify_cert(&ctx);
-	if (i <= 0)
-		{
+	if (i <= 0) {
 		j = X509_STORE_CTX_get_error(&ctx);
 		CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
-						CMS_R_CERTIFICATE_VERIFY_ERROR);
+		    CMS_R_CERTIFICATE_VERIFY_ERROR);
 		ERR_asprintf_error_data("Verify error:%s",
-					 X509_verify_cert_error_string(j));
+		    X509_verify_cert_error_string(j));
 		goto err;
-		}
+	}
 	r = 1;
-	err:
+
+err:
 	X509_STORE_CTX_cleanup(&ctx);
 	return r;
+}
 
-	}
-
-int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
-		 X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
-	{
+int
+CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store,
+    BIO *dcont, BIO *out, unsigned int flags)
+{
 	CMS_SignerInfo *si;
 	STACK_OF(CMS_SignerInfo) *sinfos;
 	STACK_OF(X509) *cms_certs = NULL;
@@ -331,58 +324,51 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 
 	sinfos = CMS_get0_SignerInfos(cms);
 
-	if (sk_CMS_SignerInfo_num(sinfos) <= 0)
-		{
+	if (sk_CMS_SignerInfo_num(sinfos) <= 0) {
 		CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
 		goto err;
-		}
+	}
 
-	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-		{
+	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
 		si = sk_CMS_SignerInfo_value(sinfos, i);
 		CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
 		if (signer)
 			scount++;
-		}
+	}
 
 	if (scount != sk_CMS_SignerInfo_num(sinfos))
 		scount += CMS_set1_signers_certs(cms, certs, flags);
 
-	if (scount != sk_CMS_SignerInfo_num(sinfos))
-		{
+	if (scount != sk_CMS_SignerInfo_num(sinfos)) {
 		CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
 		goto err;
-		}
+	}
 
 	/* Attempt to verify all signers certs */
 
-	if (!(flags & CMS_NO_SIGNER_CERT_VERIFY))
-		{
+	if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) {
 		cms_certs = CMS_get1_certs(cms);
 		if (!(flags & CMS_NOCRL))
 			crls = CMS_get1_crls(cms);
-		for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-			{
+		for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
 			si = sk_CMS_SignerInfo_value(sinfos, i);
 			if (!cms_signerinfo_verify_cert(si, store,
-							cms_certs, crls, flags))
+			    cms_certs, crls, flags))
 				goto err;
-			}
 		}
+	}
 
 	/* Attempt to verify all SignerInfo signed attribute signatures */
 
-	if (!(flags & CMS_NO_ATTR_VERIFY))
-		{
-		for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-			{
+	if (!(flags & CMS_NO_ATTR_VERIFY)) {
+		for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
 			si = sk_CMS_SignerInfo_value(sinfos, i);
 			if (CMS_signed_get_attr_count(si) < 0)
 				continue;
 			if (CMS_SignerInfo_verify(si) <= 0)
 				goto err;
-			}
 		}
+	}
 
 	/* Performance optimization: if the content is a memory BIO then
 	 * store its contents in a temporary read only memory BIO. This
@@ -391,47 +377,40 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 	 * are calculated.
 	 */
 
-	if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM))
-		{
+	if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) {
 		char *ptr;
 		long len;
 		len = BIO_get_mem_data(dcont, &ptr);
 		tmpin = BIO_new_mem_buf(ptr, len);
-		if (tmpin == NULL)
-			{
-			CMSerr(CMS_F_CMS_VERIFY,ERR_R_MALLOC_FAILURE);
+		if (tmpin == NULL) {
+			CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
 			return 0;
-			}
 		}
-	else
+	} else
 		tmpin = dcont;
-		
 
-	cmsbio=CMS_dataInit(cms, tmpin);
+
+	cmsbio = CMS_dataInit(cms, tmpin);
 	if (!cmsbio)
 		goto err;
 
 	if (!cms_copy_content(out, cmsbio, flags))
 		goto err;
 
-	if (!(flags & CMS_NO_CONTENT_VERIFY))
-		{
-		for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++)
-			{
+	if (!(flags & CMS_NO_CONTENT_VERIFY)) {
+		for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
 			si = sk_CMS_SignerInfo_value(sinfos, i);
-			if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0)
-				{
+			if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) {
 				CMSerr(CMS_F_CMS_VERIFY,
-					CMS_R_CONTENT_VERIFY_ERROR);
+				    CMS_R_CONTENT_VERIFY_ERROR);
 				goto err;
-				}
 			}
 		}
+	}
 
 	ret = 1;
 
-	err:
-	
+err:
 	if (dcont && (tmpin == dcont))
 		do_free_upto(cmsbio, dcont);
 	else
@@ -443,23 +422,25 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 		sk_X509_CRL_pop_free(crls, X509_CRL_free);
 
 	return ret;
-	}
+}
 
-int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
-			STACK_OF(X509) *certs,
-			X509_STORE *store, unsigned int flags)
-	{
+int
+CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+    STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags)
+{
 	int r;
+
 	flags &= ~(CMS_DETACHED|CMS_TEXT);
 	r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
 	if (r <= 0)
 		return r;
 	return cms_Receipt_verify(rcms, ocms);
-	}
+}
 
-CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-						BIO *data, unsigned int flags)
-	{
+CMS_ContentInfo *
+CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
+    unsigned int flags)
+{
 	CMS_ContentInfo *cms;
 	int i;
 
@@ -467,42 +448,38 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
 	if (!cms || !CMS_SignedData_init(cms))
 		goto merr;
 
-	if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags))
-		{
+	if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) {
 		CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
 		goto err;
-		}
+	}
 
-	for (i = 0; i < sk_X509_num(certs); i++)
-		{
+	for (i = 0; i < sk_X509_num(certs); i++) {
 		X509 *x = sk_X509_value(certs, i);
 		if (!CMS_add1_cert(cms, x))
 			goto merr;
-		}
+	}
 
-	if(!(flags & CMS_DETACHED))
+	if (!(flags & CMS_DETACHED))
 		CMS_set_detached(cms, 0);
 
-	if ((flags & (CMS_STREAM|CMS_PARTIAL))
-		|| CMS_final(cms, data, NULL, flags))
+	if ((flags & (CMS_STREAM|CMS_PARTIAL)) ||
+	    CMS_final(cms, data, NULL, flags))
 		return cms;
 	else
 		goto err;
 
-	merr:
+merr:
 	CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
-
-	err:
+err:
 	if (cms)
 		CMS_ContentInfo_free(cms);
 	return NULL;
-	}
+}
 
-CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
-					X509 *signcert, EVP_PKEY *pkey,
-					STACK_OF(X509) *certs,
-					unsigned int flags)
-	{
+CMS_ContentInfo *
+CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, EVP_PKEY *pkey,
+    STACK_OF(X509) *certs, unsigned int flags)
+{
 	CMS_SignerInfo *rct_si;
 	CMS_ContentInfo *cms = NULL;
 	ASN1_OCTET_STRING **pos, *os;
@@ -512,11 +489,10 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 	flags &= ~(CMS_STREAM|CMS_TEXT);
 	/* Not really detached but avoids content being allocated */
 	flags |= CMS_PARTIAL|CMS_BINARY|CMS_DETACHED;
-	if (!pkey || !signcert)
-		{
+	if (!pkey || !signcert) {
 		CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
 		return NULL;
-		}
+	}
 
 	/* Initialize signed data */
 
@@ -529,11 +505,10 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 		goto err;
 
 	rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
-	if (!rct_si)
-		{
+	if (!rct_si) {
 		CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
 		goto err;
-		}
+	}
 
 	os = cms_encode_Receipt(si);
 
@@ -560,91 +535,88 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 
 	r = 1;
 
-	err:
+err:
 	if (rct_cont)
 		BIO_free(rct_cont);
 	if (r)
 		return cms;
 	CMS_ContentInfo_free(cms);
 	return NULL;
+}
 
-	}
-
-CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
-				const EVP_CIPHER *cipher, unsigned int flags)
-	{
+CMS_ContentInfo *
+CMS_encrypt(STACK_OF(X509) *certs, BIO *data, const EVP_CIPHER *cipher,
+    unsigned int flags)
+{
 	CMS_ContentInfo *cms;
 	int i;
 	X509 *recip;
+
 	cms = CMS_EnvelopedData_create(cipher);
 	if (!cms)
 		goto merr;
-	for (i = 0; i < sk_X509_num(certs); i++)
-		{
+	for (i = 0; i < sk_X509_num(certs); i++) {
 		recip = sk_X509_value(certs, i);
-		if (!CMS_add1_recipient_cert(cms, recip, flags))
-			{
+		if (!CMS_add1_recipient_cert(cms, recip, flags)) {
 			CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
 			goto err;
-			}
 		}
+	}
 
-	if(!(flags & CMS_DETACHED))
+	if (!(flags & CMS_DETACHED))
 		CMS_set_detached(cms, 0);
 
-	if ((flags & (CMS_STREAM|CMS_PARTIAL))
-		|| CMS_final(cms, data, NULL, flags))
+	if ((flags & (CMS_STREAM|CMS_PARTIAL)) ||
+	    CMS_final(cms, data, NULL, flags))
 		return cms;
 	else
 		goto err;
 
-	merr:
+merr:
 	CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
-	err:
+err:
 	if (cms)
 		CMS_ContentInfo_free(cms);
 	return NULL;
-	}
+}
 
-int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
-	{
+int
+CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
+{
 	STACK_OF(CMS_RecipientInfo) *ris;
 	CMS_RecipientInfo *ri;
 	int i, r;
 	int debug = 0;
+
 	ris = CMS_get0_RecipientInfos(cms);
 	if (ris)
 		debug = cms->d.envelopedData->encryptedContentInfo->debug;
-	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
-		{
+	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
 		ri = sk_CMS_RecipientInfo_value(ris, i);
 		if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_TRANS)
-				continue;
+			continue;
 		/* If we have a cert try matching RecipientInfo
 		 * otherwise try them all.
 		 */
-		if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0))
-			{
+		if (!cert || (CMS_RecipientInfo_ktri_cert_cmp(ri, cert) == 0)) {
 			CMS_RecipientInfo_set0_pkey(ri, pk);
 			r = CMS_RecipientInfo_decrypt(cms, ri);
 			CMS_RecipientInfo_set0_pkey(ri, NULL);
-			if (cert)
-				{
+			if (cert) {
 				/* If not debugging clear any error and
 				 * return success to avoid leaking of
 				 * information useful to MMA
 				 */
-				if (!debug)
-					{
+				if (!debug) {
 					ERR_clear_error();
 					return 1;
-					}
+				}
 				if (r > 0)
 					return 1;
 				CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
-						CMS_R_DECRYPT_ERROR);
+				    CMS_R_DECRYPT_ERROR);
 				return 0;
-				}
+			}
 			/* If no cert and not debugging don't leave loop
 			 * after first successful decrypt. Always attempt
 			 * to decrypt all recipients to avoid leaking timing
@@ -652,94 +624,90 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
 			 */
 			else if (r > 0 && debug)
 				return 1;
-			}
 		}
+	}
 	/* If no cert and not debugging always return success */
-	if (!cert && !debug)
-		{
+	if (!cert && !debug) {
 		ERR_clear_error();
 		return 1;
-		}
+	}
 
 	CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
 	return 0;
+}
 
-	}
-
-int CMS_decrypt_set1_key(CMS_ContentInfo *cms, 
-				unsigned char *key, size_t keylen,
-				unsigned char *id, size_t idlen)
-	{
+int
+CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key, size_t keylen,
+    unsigned char *id, size_t idlen)
+{
 	STACK_OF(CMS_RecipientInfo) *ris;
 	CMS_RecipientInfo *ri;
 	int i, r;
+
 	ris = CMS_get0_RecipientInfos(cms);
-	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
-		{
+	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
 		ri = sk_CMS_RecipientInfo_value(ris, i);
 		if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
-				continue;
+			continue;
 
 		/* If we have an id try matching RecipientInfo
 		 * otherwise try them all.
 		 */
-		if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0))
-			{
+		if (!id ||
+		    (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) {
 			CMS_RecipientInfo_set0_key(ri, key, keylen);
 			r = CMS_RecipientInfo_decrypt(cms, ri);
 			CMS_RecipientInfo_set0_key(ri, NULL, 0);
 			if (r > 0)
 				return 1;
-			if (id)
-				{
+			if (id) {
 				CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY,
-						CMS_R_DECRYPT_ERROR);
+				    CMS_R_DECRYPT_ERROR);
 				return 0;
-				}
-			ERR_clear_error();
 			}
+			ERR_clear_error();
 		}
+	}
 
 	CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
 	return 0;
+}
 
-	}
-
-int CMS_decrypt_set1_password(CMS_ContentInfo *cms, 
-				unsigned char *pass, ssize_t passlen)
-	{
+int
+CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass,
+    ssize_t passlen)
+{
 	STACK_OF(CMS_RecipientInfo) *ris;
 	CMS_RecipientInfo *ri;
 	int i, r;
+
 	ris = CMS_get0_RecipientInfos(cms);
-	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++)
-		{
+	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
 		ri = sk_CMS_RecipientInfo_value(ris, i);
 		if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
-				continue;
+			continue;
 		CMS_RecipientInfo_set0_password(ri, pass, passlen);
 		r = CMS_RecipientInfo_decrypt(cms, ri);
 		CMS_RecipientInfo_set0_password(ri, NULL, 0);
 		if (r > 0)
 			return 1;
-		}
+	}
 
 	CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
 	return 0;
+}
 
-	}
-	
-int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
-				BIO *dcont, BIO *out,
-				unsigned int flags)
-	{
+int
+CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, BIO *dcont,
+    BIO *out, unsigned int flags)
+{
 	int r;
 	BIO *cont;
-	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped)
-		{
+
+	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) {
 		CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
 		return 0;
-		}
+	}
 	if (!dcont && !check_content(cms))
 		return 0;
 	if (flags & CMS_DEBUG_DECRYPT)
@@ -756,51 +724,50 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
 	r = cms_copy_content(out, cont, flags);
 	do_free_upto(cont, dcont);
 	return r;
-	}
+}
 
-int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
-	{
+int
+CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
+{
 	BIO *cmsbio;
 	int ret = 0;
-	if (!(cmsbio = CMS_dataInit(cms, dcont)))
-		{
-		CMSerr(CMS_F_CMS_FINAL,ERR_R_MALLOC_FAILURE);
+
+	if (!(cmsbio = CMS_dataInit(cms, dcont))) {
+		CMSerr(CMS_F_CMS_FINAL, ERR_R_MALLOC_FAILURE);
 		return 0;
-		}
+	}
 
 	SMIME_crlf_copy(data, cmsbio, flags);
 
 	(void)BIO_flush(cmsbio);
 
 
-        if (!CMS_dataFinal(cms, cmsbio))
-		{
-		CMSerr(CMS_F_CMS_FINAL,CMS_R_CMS_DATAFINAL_ERROR);
+	if (!CMS_dataFinal(cms, cmsbio)) {
+		CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_DATAFINAL_ERROR);
 		goto err;
-		}
+	}
 
 	ret = 1;
 
-	err:
+err:
 	do_free_upto(cmsbio, dcont);
 
 	return ret;
-
-	}
+}
 
 #ifdef ZLIB
 
-int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-							unsigned int flags)
-	{
+int
+CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
+{
 	BIO *cont;
 	int r;
-	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData)
-		{
+
+	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) {
 		CMSerr(CMS_F_CMS_UNCOMPRESS,
-					CMS_R_TYPE_NOT_COMPRESSED_DATA);
+		    CMS_R_TYPE_NOT_COMPRESSED_DATA);
 		return 0;
-		}
+	}
 
 	if (!dcont && !check_content(cms))
 		return 0;
@@ -811,18 +778,20 @@ int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
 	r = cms_copy_content(out, cont, flags);
 	do_free_upto(cont, dcont);
 	return r;
-	}
+}
 
-CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
-	{
+CMS_ContentInfo *
+CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+{
 	CMS_ContentInfo *cms;
+
 	if (comp_nid <= 0)
 		comp_nid = NID_zlib_compression;
 	cms = cms_CompressedData_create(comp_nid);
 	if (!cms)
 		return NULL;
 
-	if(!(flags & CMS_DETACHED))
+	if (!(flags & CMS_DETACHED))
 		CMS_set_detached(cms, 0);
 
 	if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
@@ -830,21 +799,22 @@ CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
 
 	CMS_ContentInfo_free(cms);
 	return NULL;
-	}
+}
 
 #else
 
-int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-							unsigned int flags)
-	{
+int
+CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
+{
 	CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
 	return 0;
-	}
+}
 
-CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
-	{
+CMS_ContentInfo *
+CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+{
 	CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
 	return NULL;
-	}
+}
 
 #endif