More style(9), whitespace and readability fixes.

Files are identical once whitespace and newlines are removed.

14 files changed, 903 insertions, 675 deletions

diff --git a/lib/libcrypto/cms/cms_asn1.c b/lib/libcrypto/cms/cms_asn1.c
index fbe27892dcc..43570930a02 100644
--- a/lib/libcrypto/cms/cms_asn1.c
+++ b/lib/libcrypto/cms/cms_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_asn1.c,v 1.13 2019/08/10 16:42:20 jsing Exp $ */
+/* $OpenBSD: cms_asn1.c,v 1.14 2019/08/10 18:15:52 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -60,36 +60,36 @@
 
 
 ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
-		ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
-		ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
+	ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
+	ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
 } ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber)
 
 ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
-		ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
-		ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
+	ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
+	ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
 } static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
 
 ASN1_CHOICE(CMS_CertificateChoices) = {
-		ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
-		ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
-		ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
-		ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
-		ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
+	ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
+	ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
+	ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
+	ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
+	ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
 } ASN1_CHOICE_END(CMS_CertificateChoices)
 
 ASN1_CHOICE(CMS_SignerIdentifier) = {
-		ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
-		ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
+	ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+	ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
 } static_ASN1_CHOICE_END(CMS_SignerIdentifier)
 
 ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
-		ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
-		ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
+	ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
+	ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
 } static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
 
 /* Minor tweak to operation: free up signer key, cert */
-static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-			         void *exarg)
+static int
+cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
 	if (operation == ASN1_OP_FREE_POST) {
 		CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
@@ -101,70 +101,70 @@ static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 }
 
 ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
-		ASN1_EMBED(CMS_SignerInfo, version, INT32),
-		ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
-		ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
-		ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
-		ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
-		ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
-		ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
+	ASN1_EMBED(CMS_SignerInfo, version, INT32),
+	ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
+	ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
+	ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
+	ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
+	ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
+	ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
 } ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo)
 
 ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
-		ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
-		ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
+	ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
+	ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
 } static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
 
 ASN1_CHOICE(CMS_RevocationInfoChoice) = {
-		ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
-		ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
+	ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
+	ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
 } ASN1_CHOICE_END(CMS_RevocationInfoChoice)
 
 ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
-		ASN1_EMBED(CMS_SignedData, version, INT32),
-		ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
-		ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
-		ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
-		ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
-		ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
+	ASN1_EMBED(CMS_SignedData, version, INT32),
+	ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
+	ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+	ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
+	ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
+	ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
 } ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
 
 ASN1_SEQUENCE(CMS_OriginatorInfo) = {
-		ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
-		ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
+	ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
+	ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
 } static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
 
 ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
-		ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
-		ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
-		ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
+	ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
+	ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
+	ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
 } static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
 
 ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
-		ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32),
-		ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
-		ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
-		ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+	ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32),
+	ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
+	ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+	ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo)
 
 ASN1_SEQUENCE(CMS_OtherKeyAttribute) = {
-		ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
-		ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
+	ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
+	ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
 } ASN1_SEQUENCE_END(CMS_OtherKeyAttribute)
 
 ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
-		ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
-		ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
-		ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
+	ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
+	ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
+	ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
 } ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
 
 ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
-  ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
-  ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
+	ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+	ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
 } static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
 
-static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-			          void *exarg)
+static int
+cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
 	CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
 	if (operation == ASN1_OP_FREE_POST) {
@@ -174,23 +174,23 @@ static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 }
 
 ASN1_SEQUENCE_cb(CMS_RecipientEncryptedKey, cms_rek_cb) = {
-		ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
-		ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
+	ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
+	ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END_cb(CMS_RecipientEncryptedKey, CMS_RecipientEncryptedKey)
 
 ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
-  ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
-  ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
+	ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
+	ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
 } ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
 
 ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
-  ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
-  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
-  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
+	ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+	ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
+	ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
 } static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
 
-static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-			           void *exarg)
+static int
+cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
 	CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
 	if (operation == ASN1_OP_NEW_POST) {
@@ -207,41 +207,41 @@ static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 }
 
 ASN1_SEQUENCE_cb(CMS_KeyAgreeRecipientInfo, cms_kari_cb) = {
-		ASN1_EMBED(CMS_KeyAgreeRecipientInfo, version, INT32),
-		ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
-		ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
-		ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
-		ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
+	ASN1_EMBED(CMS_KeyAgreeRecipientInfo, version, INT32),
+	ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
+	ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
+	ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+	ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
 } ASN1_SEQUENCE_END_cb(CMS_KeyAgreeRecipientInfo, CMS_KeyAgreeRecipientInfo)
 
 ASN1_SEQUENCE(CMS_KEKIdentifier) = {
-		ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
-		ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
-		ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
+	ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
+	ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
+	ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
 } static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
 
 ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
-		ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32),
-		ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
-		ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
-		ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+	ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32),
+	ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
+	ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+	ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
 
 ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
-		ASN1_EMBED(CMS_PasswordRecipientInfo, version, INT32),
-		ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
-		ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
-		ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+	ASN1_EMBED(CMS_PasswordRecipientInfo, version, INT32),
+	ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
+	ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+	ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
 
 ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
-  ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
-  ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
+	ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
+	ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
 } static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
 
 /* Free up RecipientInfo additional data */
-static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-			         void *exarg)
+static int
+cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
 	if (operation == ASN1_OP_FREE_PRE) {
 		CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
@@ -262,50 +262,50 @@ static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 }
 
 ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
-		ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
-		ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
-		ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
-		ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
-		ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
+	ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
+	ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
+	ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
+	ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
+	ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
 } ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
 
 ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
-		ASN1_EMBED(CMS_EnvelopedData, version, INT32),
-		ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
-		ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
-		ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
-		ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+	ASN1_EMBED(CMS_EnvelopedData, version, INT32),
+	ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
+	ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
+	ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+	ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
 } ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
 
 ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
-		ASN1_EMBED(CMS_DigestedData, version, INT32),
-		ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
-		ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
-		ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
+	ASN1_EMBED(CMS_DigestedData, version, INT32),
+	ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
+	ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+	ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
 } ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
 
 ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
-		ASN1_EMBED(CMS_EncryptedData, version, INT32),
-		ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
-		ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+	ASN1_EMBED(CMS_EncryptedData, version, INT32),
+	ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+	ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
 } ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
 
 ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
-		ASN1_EMBED(CMS_AuthenticatedData, version, INT32),
-		ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
-		ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
-		ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
-		ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
-		ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
-		ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
-		ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
-		ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
+	ASN1_EMBED(CMS_AuthenticatedData, version, INT32),
+	ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
+	ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
+	ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
+	ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
+	ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+	ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
+	ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
+	ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
 } static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
 
 ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
-		ASN1_EMBED(CMS_CompressedData, version, INT32),
-		ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
-		ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+	ASN1_EMBED(CMS_CompressedData, version, INT32),
+	ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
+	ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
 } ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
 
 /* This is the ANY DEFINED BY table for the top level ContentInfo structure */
@@ -313,18 +313,18 @@ ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
 ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0);
 
 ASN1_ADB(CMS_ContentInfo) = {
-		ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
-		ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
-		ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
-		ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
-		ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
-		ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
-		ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
+	ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+	ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
+	ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
+	ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
+	ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
+	ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
+	ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
 } ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
 
 /* CMS streaming support */
-static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-			      void *exarg)
+static int
+cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
 	ASN1_STREAM_ARG *sarg = exarg;
 	CMS_ContentInfo *cms = NULL;
@@ -355,8 +355,8 @@ static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 }
 
 ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
-		ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
-		ASN1_ADB_OBJECT(CMS_ContentInfo)
+	ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
+	ASN1_ADB_OBJECT(CMS_ContentInfo)
 } ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo)
 
 /* Specials for signed attributes */
@@ -367,7 +367,7 @@ ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
  */
 
 ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) =
-		ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
 ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
 
 /*
@@ -376,28 +376,27 @@ ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
  */
 
 ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) =
-		ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
-			                    V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL, V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
 ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
 
 
 
 ASN1_CHOICE(CMS_ReceiptsFrom) = {
-  ASN1_IMP_EMBED(CMS_ReceiptsFrom, d.allOrFirstTier, INT32, 0),
-  ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
+	ASN1_IMP_EMBED(CMS_ReceiptsFrom, d.allOrFirstTier, INT32, 0),
+	ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
 } static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
 
 ASN1_SEQUENCE(CMS_ReceiptRequest) = {
-  ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
-  ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
-  ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
+	ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
+	ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
 } ASN1_SEQUENCE_END(CMS_ReceiptRequest)
 
 ASN1_SEQUENCE(CMS_Receipt) = {
-  ASN1_EMBED(CMS_Receipt, version, INT32),
-  ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
-  ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
-  ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
+	ASN1_EMBED(CMS_Receipt, version, INT32),
+	ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
+	ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
+	ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(CMS_Receipt)
 
 /*
@@ -412,13 +411,14 @@ typedef struct {
 } CMS_SharedInfo;
 
 ASN1_SEQUENCE(CMS_SharedInfo) = {
-  ASN1_SIMPLE(CMS_SharedInfo, keyInfo, X509_ALGOR),
-  ASN1_EXP_OPT(CMS_SharedInfo, entityUInfo, ASN1_OCTET_STRING, 0),
-  ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2),
+	ASN1_SIMPLE(CMS_SharedInfo, keyInfo, X509_ALGOR),
+	ASN1_EXP_OPT(CMS_SharedInfo, entityUInfo, ASN1_OCTET_STRING, 0),
+	ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2),
 } static_ASN1_SEQUENCE_END(CMS_SharedInfo)
 
-int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
-			              ASN1_OCTET_STRING *ukm, int keylen)
+int
+CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
+    ASN1_OCTET_STRING *ukm, int keylen)
 {
 	union {
 		CMS_SharedInfo *pecsi;
@@ -444,5 +444,6 @@ int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
 	ecsi.entityUInfo = ukm;
 	ecsi.suppPubInfo = &oklen;
 	intsi.pecsi = &ecsi;
+
 	return ASN1_item_i2d(intsi.a, pder, ASN1_ITEM_rptr(CMS_SharedInfo));
 }
diff --git a/lib/libcrypto/cms/cms_att.c b/lib/libcrypto/cms/cms_att.c
index b288262b81d..b03c7437a45 100644
--- a/lib/libcrypto/cms/cms_att.c
+++ b/lib/libcrypto/cms/cms_att.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_att.c,v 1.8 2019/08/10 16:42:20 jsing Exp $ */
+/* $OpenBSD: cms_att.c,v 1.9 2019/08/10 18:15:52 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -61,135 +61,149 @@
 
 /* CMS SignedData Attribute utilities */
 
-int CMS_signed_get_attr_count(const CMS_SignerInfo *si)
+int
+CMS_signed_get_attr_count(const CMS_SignerInfo *si)
 {
 	return X509at_get_attr_count(si->signedAttrs);
 }
 
-int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
+int
+CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
 {
 	return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
 }
 
-int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
-			                   int lastpos)
+int
+CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+    int lastpos)
 {
 	return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
 }
 
-X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
+X509_ATTRIBUTE *
+CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
 {
 	return X509at_get_attr(si->signedAttrs, loc);
 }
 
-X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
+X509_ATTRIBUTE *
+CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
 {
 	return X509at_delete_attr(si->signedAttrs, loc);
 }
 
-int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+int
+CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
 {
 	if (X509at_add1_attr(&si->signedAttrs, attr))
 		return 1;
 	return 0;
 }
 
-int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			                    const ASN1_OBJECT *obj, int type,
-			                    const void *bytes, int len)
+int
+CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj, int type,
+    const void *bytes, int len)
 {
 	if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len))
 		return 1;
 	return 0;
 }
 
-int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
-			                    int nid, int type, const void *bytes, int len)
+int
+CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
+    const void *bytes, int len)
 {
 	if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len))
 		return 1;
 	return 0;
 }
 
-int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
-			                    const char *attrname, int type,
-			                    const void *bytes, int len)
+int
+CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname, int type,
+    const void *bytes, int len)
 {
 	if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, len))
 		return 1;
 	return 0;
 }
 
-void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
-			                      int lastpos, int type)
+void *
+CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
+    int lastpos, int type)
 {
 	return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
 }
 
-int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
+int
+CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
 {
 	return X509at_get_attr_count(si->unsignedAttrs);
 }
 
-int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
-			                     int lastpos)
+int
+CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
 {
 	return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
 }
 
-int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
-			                     const ASN1_OBJECT *obj, int lastpos)
+int
+CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+    int lastpos)
 {
 	return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
 }
 
-X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
+X509_ATTRIBUTE *
+CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
 {
 	return X509at_get_attr(si->unsignedAttrs, loc);
 }
 
-X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
+X509_ATTRIBUTE *
+CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
 {
 	return X509at_delete_attr(si->unsignedAttrs, loc);
 }
 
-int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+int
+CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
 {
 	if (X509at_add1_attr(&si->unsignedAttrs, attr))
 		return 1;
 	return 0;
 }
 
-int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
-			                      const ASN1_OBJECT *obj, int type,
-			                      const void *bytes, int len)
+int
+CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+    int type, const void *bytes, int len)
 {
 	if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len))
 		return 1;
 	return 0;
 }
 
-int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
-			                      int nid, int type,
-			                      const void *bytes, int len)
+int
+CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si, int nid, int type,
+    const void *bytes, int len)
 {
 	if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len))
 		return 1;
 	return 0;
 }
 
-int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
-			                      const char *attrname, int type,
-			                      const void *bytes, int len)
+int
+CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si, const char *attrname,
+    int type, const void *bytes, int len)
 {
-	if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
-			                    type, bytes, len))
+	if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname, type,
+	    bytes, len))
 		return 1;
 	return 0;
 }
 
-void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
-			                        int lastpos, int type)
+void *
+CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid, int lastpos,
+    int type)
 {
 	return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
 }
diff --git a/lib/libcrypto/cms/cms_cd.c b/lib/libcrypto/cms/cms_cd.c
index 55fff110d1e..e3e9f78e5b8 100644
--- a/lib/libcrypto/cms/cms_cd.c
+++ b/lib/libcrypto/cms/cms_cd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_cd.c,v 1.12 2019/08/10 16:42:20 jsing Exp $ */
+/* $OpenBSD: cms_cd.c,v 1.13 2019/08/10 18:15:52 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -66,10 +66,12 @@
 
 /* CMS CompressedData Utilities */
 
-CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
+CMS_ContentInfo *
+cms_CompressedData_create(int comp_nid)
 {
 	CMS_ContentInfo *cms;
 	CMS_CompressedData *cd;
+
 	/*
 	 * Will need something cleverer if there is ever more than one
 	 * compression algorithm or parameters have some meaning...
@@ -105,10 +107,12 @@ CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
 	return NULL;
 }
 
-BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
+BIO *
+cms_CompressedData_init_bio(CMS_ContentInfo *cms)
 {
 	CMS_CompressedData *cd;
 	const ASN1_OBJECT *compoid;
+
 	if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) {
 		CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
 			   CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
diff --git a/lib/libcrypto/cms/cms_dd.c b/lib/libcrypto/cms/cms_dd.c
index fcc446fa2e5..b9422fab42b 100644
--- a/lib/libcrypto/cms/cms_dd.c
+++ b/lib/libcrypto/cms/cms_dd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_dd.c,v 1.10 2019/08/10 16:42:20 jsing Exp $ */
+/* $OpenBSD: cms_dd.c,v 1.11 2019/08/10 18:15:52 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -62,10 +62,12 @@
 
 /* CMS DigestedData Utilities */
 
-CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
+CMS_ContentInfo *
+cms_DigestedData_create(const EVP_MD *md)
 {
 	CMS_ContentInfo *cms;
 	CMS_DigestedData *dd;
+
 	cms = CMS_ContentInfo_new();
 	if (cms == NULL)
 		return NULL;
@@ -87,17 +89,22 @@ CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
 
  err:
 	CMS_ContentInfo_free(cms);
+
 	return NULL;
 }
 
-BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
+BIO *
+cms_DigestedData_init_bio(CMS_ContentInfo *cms)
 {
 	CMS_DigestedData *dd;
+
 	dd = cms->d.digestedData;
+
 	return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
 }
 
-int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
+int
+cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
 {
 	EVP_MD_CTX *mctx = EVP_MD_CTX_new();
 	unsigned char md[EVP_MAX_MD_SIZE];
@@ -140,5 +147,4 @@ int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
 	EVP_MD_CTX_free(mctx);
 
 	return r;
-
 }
diff --git a/lib/libcrypto/cms/cms_enc.c b/lib/libcrypto/cms/cms_enc.c
index b019d8e8e01..b3a00f67fa7 100644
--- a/lib/libcrypto/cms/cms_enc.c
+++ b/lib/libcrypto/cms/cms_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_enc.c,v 1.13 2019/08/10 16:42:20 jsing Exp $ */
+/* $OpenBSD: cms_enc.c,v 1.14 2019/08/10 18:15:52 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -65,7 +65,8 @@
 
 /* Return BIO based on EncryptedContentInfo and key */
 
-BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
+BIO *
+cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 {
 	BIO *b;
 	EVP_CIPHER_CTX *ctx;
@@ -207,9 +208,9 @@ BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 	return NULL;
 }
 
-int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
-			                  const EVP_CIPHER *cipher,
-			                  const unsigned char *key, size_t keylen)
+int
+cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+    const EVP_CIPHER *cipher, const unsigned char *key, size_t keylen)
 {
 	ec->cipher = cipher;
 	if (key) {
@@ -222,13 +223,16 @@ int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
 	ec->keylen = keylen;
 	if (cipher)
 		ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
+
 	return 1;
 }
 
-int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
-			                   const unsigned char *key, size_t keylen)
+int
+CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+    const unsigned char *key, size_t keylen)
 {
 	CMS_EncryptedContentInfo *ec;
+
 	if (!key || !keylen) {
 		CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
 		return 0;
@@ -246,13 +250,17 @@ int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
 		return 0;
 	}
 	ec = cms->d.encryptedData->encryptedContentInfo;
+
 	return cms_EncryptedContent_init(ec, ciph, key, keylen);
 }
 
-BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
+BIO *
+cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
 {
 	CMS_EncryptedData *enc = cms->d.encryptedData;
+
 	if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
 		enc->version = 2;
+
 	return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
 }
diff --git a/lib/libcrypto/cms/cms_env.c b/lib/libcrypto/cms/cms_env.c
index e137cadf342..fbfbdd98caf 100644
--- a/lib/libcrypto/cms/cms_env.c
+++ b/lib/libcrypto/cms/cms_env.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_env.c,v 1.15 2019/08/10 16:42:20 jsing Exp $ */
+/* $OpenBSD: cms_env.c,v 1.16 2019/08/10 18:15:52 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -65,17 +65,19 @@
 
 /* CMS EnvelopedData Utilities */
 
-CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
+CMS_EnvelopedData *
+cms_get0_enveloped(CMS_ContentInfo *cms)
 {
 	if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
 		CMSerr(CMS_F_CMS_GET0_ENVELOPED,
-			   CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
+		   CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
 		return NULL;
 	}
 	return cms->d.envelopedData;
 }
 
-static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
+static CMS_EnvelopedData *
+cms_enveloped_data_init(CMS_ContentInfo *cms)
 {
 	if (cms->d.other == NULL) {
 		cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
@@ -93,10 +95,12 @@ static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
 	return cms_get0_enveloped(cms);
 }
 
-int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
+int
+cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
 {
 	EVP_PKEY *pkey;
 	int i;
+
 	if (ri->type == CMS_RECIPINFO_TRANS)
 		pkey = ri->d.ktri->pkey;
 	else if (ri->type == CMS_RECIPINFO_AGREE) {
@@ -113,53 +117,64 @@ int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
 	i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
 	if (i == -2) {
 		CMSerr(CMS_F_CMS_ENV_ASN1_CTRL,
-			   CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+		   CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
 		return 0;
 	}
 	if (i <= 0) {
 		CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE);
 		return 0;
 	}
+
 	return 1;
 }
 
-STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
+STACK_OF(CMS_RecipientInfo) *
+CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
 {
 	CMS_EnvelopedData *env;
+
 	env = cms_get0_enveloped(cms);
 	if (!env)
 		return NULL;
+
 	return env->recipientInfos;
 }
 
-int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
+int
+CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
 {
 	return ri->type;
 }
 
-EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
+EVP_PKEY_CTX *
+CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
 {
 	if (ri->type == CMS_RECIPINFO_TRANS)
 		return ri->d.ktri->pctx;
 	else if (ri->type == CMS_RECIPINFO_AGREE)
 		return ri->d.kari->pctx;
+
 	return NULL;
 }
 
-CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
+CMS_ContentInfo *
+CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
 {
 	CMS_ContentInfo *cms;
 	CMS_EnvelopedData *env;
+
 	cms = CMS_ContentInfo_new();
 	if (cms == NULL)
 		goto merr;
 	env = cms_enveloped_data_init(cms);
 	if (env == NULL)
 		goto merr;
-	if (!cms_EncryptedContent_init(env->encryptedContentInfo,
-			                       cipher, NULL, 0))
+	if (!cms_EncryptedContent_init(env->encryptedContentInfo, cipher,
+	    NULL, 0))
 		goto merr;
+
 	return cms;
+
  merr:
 	CMS_ContentInfo_free(cms);
 	CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
@@ -170,8 +185,9 @@ CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
 
 /* Initialise a ktri based on passed certificate and key */
 
-static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
-			                           EVP_PKEY *pk, unsigned int flags)
+static int
+cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip, EVP_PKEY *pk,
+    unsigned int flags)
 {
 	CMS_KeyTransRecipientInfo *ktri;
 	int idtype;
@@ -213,6 +229,7 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
 			return 0;
 	} else if (!cms_env_asn1_ctrl(ri, 0))
 		return 0;
+
 	return 1;
 }
 
@@ -220,12 +237,13 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
  * Add a recipient certificate using appropriate type of RecipientInfo
  */
 
-CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
-			                               X509 *recip, unsigned int flags)
+CMS_RecipientInfo *
+CMS_add1_recipient_cert(CMS_ContentInfo *cms, X509 *recip, unsigned int flags)
 {
 	CMS_RecipientInfo *ri = NULL;
 	CMS_EnvelopedData *env;
 	EVP_PKEY *pk = NULL;
+
 	env = cms_get0_enveloped(cms);
 	if (!env)
 		goto err;
@@ -237,7 +255,8 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
 
 	pk = X509_get0_pubkey(recip);
 	if (!pk) {
-		CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY);
+		CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+		    CMS_R_ERROR_GETTING_PUBLIC_KEY);
 		goto err;
 	}
 
@@ -255,7 +274,7 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
 
 	default:
 		CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
-			   CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+		   CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
 		goto err;
 
 	}
@@ -270,17 +289,16 @@ CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
  err:
 	M_ASN1_free_of(ri, CMS_RecipientInfo);
 	return NULL;
-
 }
 
-int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
-			                         EVP_PKEY **pk, X509 **recip,
-			                         X509_ALGOR **palg)
+int
+CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri, EVP_PKEY **pk,
+    X509 **recip, X509_ALGOR **palg)
 {
 	CMS_KeyTransRecipientInfo *ktri;
+
 	if (ri->type != CMS_RECIPINFO_TRANS) {
-		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
-			   CMS_R_NOT_KEY_TRANSPORT);
+		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, CMS_R_NOT_KEY_TRANSPORT);
 		return 0;
 	}
 
@@ -292,18 +310,19 @@ int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
 		*recip = ktri->recip;
 	if (palg)
 		*palg = ktri->keyEncryptionAlgorithm;
+
 	return 1;
 }
 
-int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
-			                              ASN1_OCTET_STRING **keyid,
-			                              X509_NAME **issuer,
-			                              ASN1_INTEGER **sno)
+int
+CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+    ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno)
 {
 	CMS_KeyTransRecipientInfo *ktri;
+
 	if (ri->type != CMS_RECIPINFO_TRANS) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
-			   CMS_R_NOT_KEY_TRANSPORT);
+		   CMS_R_NOT_KEY_TRANSPORT);
 		return 0;
 	}
 	ktri = ri->d.ktri;
@@ -311,17 +330,20 @@ int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
 	return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, sno);
 }
 
-int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
+int
+CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
 {
 	if (ri->type != CMS_RECIPINFO_TRANS) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
-			   CMS_R_NOT_KEY_TRANSPORT);
+		   CMS_R_NOT_KEY_TRANSPORT);
 		return -2;
 	}
+
 	return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
 }
 
-int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
+int
+CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
 {
 	if (ri->type != CMS_RECIPINFO_TRANS) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
@@ -329,13 +351,14 @@ int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
 	}
 	EVP_PKEY_free(ri->d.ktri->pkey);
 	ri->d.ktri->pkey = pkey;
+
 	return 1;
 }
 
 /* Encrypt content key in key transport recipient info */
 
-static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
-			                              CMS_RecipientInfo *ri)
+static int
+cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
 {
 	CMS_KeyTransRecipientInfo *ktri;
 	CMS_EncryptedContentInfo *ec;
@@ -394,14 +417,14 @@ static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
 	EVP_PKEY_CTX_free(pctx);
 	ktri->pctx = NULL;
 	OPENSSL_free(ek);
-	return ret;
 
+	return ret;
 }
 
 /* Decrypt content key from KTRI */
 
-static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
-			                              CMS_RecipientInfo *ri)
+static int
+cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
 {
 	CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
 	EVP_PKEY *pkey = ktri->pkey;
@@ -409,6 +432,7 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
 	size_t eklen;
 	int ret = 0;
 	CMS_EncryptedContentInfo *ec;
+
 	ec = cms->d.envelopedData->encryptedContentInfo;
 
 	if (ktri->pkey == NULL) {
@@ -427,14 +451,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
 		goto err;
 
 	if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT,
-			              EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) {
+	    EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
 		goto err;
 	}
 
-	if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
-			             ktri->encryptedKey->data,
-			             ktri->encryptedKey->length) <= 0)
+	if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen, ktri->encryptedKey->data,
+	    ktri->encryptedKey->length) <= 0)
 		goto err;
 
 	ek = OPENSSL_malloc(eklen);
@@ -444,9 +467,8 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
 		goto err;
 	}
 
-	if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
-			             ktri->encryptedKey->data,
-			             ktri->encryptedKey->length) <= 0) {
+	if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen, ktri->encryptedKey->data,
+	    ktri->encryptedKey->length) <= 0) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
 		goto err;
 	}
@@ -468,11 +490,13 @@ static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
 
 /* Key Encrypted Key (KEK) RecipientInfo routines */
 
-int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
-			                       const unsigned char *id, size_t idlen)
+int
+CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, const unsigned char *id,
+    size_t idlen)
 {
 	ASN1_OCTET_STRING tmp_os;
 	CMS_KEKRecipientInfo *kekri;
+
 	if (ri->type != CMS_RECIPINFO_KEK) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
 		return -2;
@@ -482,12 +506,14 @@ int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
 	tmp_os.flags = 0;
 	tmp_os.data = (unsigned char *)id;
 	tmp_os.length = (int)idlen;
+
 	return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
 }
 
 /* For now hard code AES key wrap info */
 
-static size_t aes_wrap_keylen(int nid)
+static size_t
+aes_wrap_keylen(int nid)
 {
 	switch (nid) {
 	case NID_id_aes128_wrap:
@@ -504,16 +530,15 @@ static size_t aes_wrap_keylen(int nid)
 	}
 }
 
-CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
-			                              unsigned char *key, size_t keylen,
-			                              unsigned char *id, size_t idlen,
-			                              ASN1_GENERALIZEDTIME *date,
-			                              ASN1_OBJECT *otherTypeId,
-			                              ASN1_TYPE *otherType)
+CMS_RecipientInfo *
+CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid, unsigned char *key,
+    size_t keylen, unsigned char *id, size_t idlen, ASN1_GENERALIZEDTIME *date,
+    ASN1_OBJECT *otherTypeId, ASN1_TYPE *otherType)
 {
 	CMS_RecipientInfo *ri = NULL;
 	CMS_EnvelopedData *env;
 	CMS_KEKRecipientInfo *kekri;
+
 	env = cms_get0_enveloped(cms);
 	if (!env)
 		goto err;
@@ -601,17 +626,15 @@ CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
  err:
 	M_ASN1_free_of(ri, CMS_RecipientInfo);
 	return NULL;
-
 }
 
-int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
-			                        X509_ALGOR **palg,
-			                        ASN1_OCTET_STRING **pid,
-			                        ASN1_GENERALIZEDTIME **pdate,
-			                        ASN1_OBJECT **potherid,
-			                        ASN1_TYPE **pothertype)
+int
+CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg,
+    ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate,
+    ASN1_OBJECT **potherid, ASN1_TYPE **pothertype)
 {
 	CMS_KEKIdentifier *rkid;
+
 	if (ri->type != CMS_RECIPINFO_KEK) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
 		return 0;
@@ -635,13 +658,16 @@ int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
 		else
 			*pothertype = NULL;
 	}
+
 	return 1;
 }
 
-int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
-			                   unsigned char *key, size_t keylen)
+int
+CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key,
+    size_t keylen)
 {
 	CMS_KEKRecipientInfo *kekri;
+
 	if (ri->type != CMS_RECIPINFO_KEK) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
 		return 0;
@@ -655,8 +681,8 @@ int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
 
 /* Encrypt content key in KEK recipient info */
 
-static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
-			                               CMS_RecipientInfo *ri)
+static int
+cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
 {
 	CMS_EncryptedContentInfo *ec;
 	CMS_KEKRecipientInfo *kekri;
@@ -666,7 +692,6 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
 	int r = 0;
 
 	ec = cms->d.envelopedData->encryptedContentInfo;
-
 	kekri = ri->d.kekri;
 
 	if (!kekri->key) {
@@ -681,14 +706,12 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
 	}
 
 	wkey = OPENSSL_malloc(ec->keylen + 8);
-
 	if (wkey == NULL) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
 
 	wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
-
 	if (wkeylen <= 0) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
 		goto err;
@@ -699,19 +722,17 @@ static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
 	r = 1;
 
  err:
-
 	if (!r)
 		OPENSSL_free(wkey);
 	OPENSSL_cleanse(&actx, sizeof(actx));
 
 	return r;
-
 }
 
 /* Decrypt content key in KEK recipient info */
 
-static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
-			                               CMS_RecipientInfo *ri)
+static int
+cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
 {
 	CMS_EncryptedContentInfo *ec;
 	CMS_KEKRecipientInfo *kekri;
@@ -721,7 +742,6 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
 	int r = 0, wrap_nid;
 
 	ec = cms->d.envelopedData->encryptedContentInfo;
-
 	kekri = ri->d.kekri;
 
 	if (!kekri->key) {
@@ -732,7 +752,7 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
 	wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
 	if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
-			   CMS_R_INVALID_KEY_LENGTH);
+		   CMS_R_INVALID_KEY_LENGTH);
 		return 0;
 	}
 
@@ -740,26 +760,24 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
 
 	if (kekri->encryptedKey->length < 16) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
-			   CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
+		   CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
 		goto err;
 	}
 
 	if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
-			   CMS_R_ERROR_SETTING_KEY);
+		   CMS_R_ERROR_SETTING_KEY);
 		goto err;
 	}
 
 	ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
-
 	if (ukey == NULL) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE);
 		goto err;
 	}
 
-	ukeylen = AES_unwrap_key(&actx, NULL, ukey,
-			                 kekri->encryptedKey->data,
-			                 kekri->encryptedKey->length);
+	ukeylen = AES_unwrap_key(&actx, NULL, ukey, kekri->encryptedKey->data,
+	    kekri->encryptedKey->length);
 
 	if (ukeylen <= 0) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_UNWRAP_ERROR);
@@ -778,10 +796,10 @@ static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
 	OPENSSL_cleanse(&actx, sizeof(actx));
 
 	return r;
-
 }
 
-int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+int
+CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
 {
 	switch (ri->type) {
 	case CMS_RECIPINFO_TRANS:
@@ -795,12 +813,13 @@ int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
 
 	default:
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
-			   CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE);
+		   CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE);
 		return 0;
 	}
 }
 
-int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+int
+CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
 {
 	switch (ri->type) {
 	case CMS_RECIPINFO_TRANS:
@@ -817,21 +836,24 @@ int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
 
 	default:
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT,
-			   CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
+		   CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
 		return 0;
 	}
 }
 
 /* Check structures and fixup version numbers (if necessary) */
 
-static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
+static void
+cms_env_set_originfo_version(CMS_EnvelopedData *env)
 {
 	CMS_OriginatorInfo *org = env->originatorInfo;
 	int i;
+
 	if (org == NULL)
 		return;
 	for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) {
 		CMS_CertificateChoices *cch;
+
 		cch = sk_CMS_CertificateChoices_value(org->certificates, i);
 		if (cch->type == CMS_CERTCHOICE_OTHER) {
 			env->version = 4;
@@ -844,6 +866,7 @@ static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
 
 	for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) {
 		CMS_RevocationInfoChoice *rch;
+
 		rch = sk_CMS_RevocationInfoChoice_value(org->crls, i);
 		if (rch->type == CMS_REVCHOICE_OTHER) {
 			env->version = 4;
@@ -852,7 +875,8 @@ static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
 	}
 }
 
-static void cms_env_set_version(CMS_EnvelopedData *env)
+static void
+cms_env_set_version(CMS_EnvelopedData *env)
 {
 	int i;
 	CMS_RecipientInfo *ri;
@@ -885,7 +909,8 @@ static void cms_env_set_version(CMS_EnvelopedData *env)
 	env->version = 0;
 }
 
-BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
+BIO *
+cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
 {
 	CMS_EncryptedContentInfo *ec;
 	STACK_OF(CMS_RecipientInfo) *rinfos;
@@ -928,7 +953,6 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
 		return ret;
 	BIO_free(ret);
 	return NULL;
-
 }
 
 /*
@@ -936,7 +960,8 @@ BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
  * retain compatibility with previous behaviour if the ctrl value isn't
  * supported we assume key transport.
  */
-int cms_pkey_get_ri_type(EVP_PKEY *pk)
+int
+cms_pkey_get_ri_type(EVP_PKEY *pk)
 {
 	if (pk->ameth && pk->ameth->pkey_ctrl) {
 		int i, r;
diff --git a/lib/libcrypto/cms/cms_err.c b/lib/libcrypto/cms/cms_err.c
index af0ef8c38ae..de7c544a50f 100644
--- a/lib/libcrypto/cms/cms_err.c
+++ b/lib/libcrypto/cms/cms_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_err.c,v 1.9 2019/08/10 16:42:20 jsing Exp $ */
+/* $OpenBSD: cms_err.c,v 1.10 2019/08/10 18:15:52 jsing Exp $ */
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
  * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
@@ -283,7 +283,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = {
 
 #endif
 
-int ERR_load_CMS_strings(void)
+int
+ERR_load_CMS_strings(void)
 {
 #ifndef OPENSSL_NO_ERR
 	if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) {
diff --git a/lib/libcrypto/cms/cms_ess.c b/lib/libcrypto/cms/cms_ess.c
index bcc3e58368f..abfd170bb4c 100644
--- a/lib/libcrypto/cms/cms_ess.c
+++ b/lib/libcrypto/cms/cms_ess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_ess.c,v 1.13 2019/08/10 16:42:20 jsing Exp $ */
+/* $OpenBSD: cms_ess.c,v 1.14 2019/08/10 18:15:52 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -65,16 +65,16 @@ IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
 
 /* ESS services: for now just Signed Receipt related */
 
-int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
+int
+CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
 {
 	ASN1_STRING *str;
 	CMS_ReceiptRequest *rr = NULL;
+
 	if (prr)
 		*prr = NULL;
 	str = CMS_signed_get0_data_by_OBJ(si,
-			                          OBJ_nid2obj
-			                          (NID_id_smime_aa_receiptRequest), -3,
-			                          V_ASN1_SEQUENCE);
+	    OBJ_nid2obj(NID_id_smime_aa_receiptRequest), -3, V_ASN1_SEQUENCE);
 	if (!str)
 		return 0;
 
@@ -85,14 +85,13 @@ int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
 		*prr = rr;
 	else
 		CMS_ReceiptRequest_free(rr);
+
 	return 1;
 }
 
-CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
-			                                   int allorfirst,
-			                                   STACK_OF(GENERAL_NAMES)
-			                                   *receiptList, STACK_OF(GENERAL_NAMES)
-			                                   *receiptsTo)
+CMS_ReceiptRequest *
+CMS_ReceiptRequest_create0(unsigned char *id, int idlen, int allorfirst,
+    STACK_OF(GENERAL_NAMES) *receiptList, STACK_OF(GENERAL_NAMES) *receiptsTo)
 {
 	CMS_ReceiptRequest *rr = NULL;
 
@@ -127,10 +126,10 @@ CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
  err:
 	CMS_ReceiptRequest_free(rr);
 	return NULL;
-
 }
 
-int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
+int
+CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
 {
 	unsigned char *rrder = NULL;
 	int rrderlen, r = 0;
@@ -140,7 +139,7 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
 		goto merr;
 
 	if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
-			                         V_ASN1_SEQUENCE, rrder, rrderlen))
+	    V_ASN1_SEQUENCE, rrder, rrderlen))
 		goto merr;
 
 	r = 1;
@@ -152,14 +151,12 @@ int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
 	OPENSSL_free(rrder);
 
 	return r;
-
 }
 
-void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
-			                        ASN1_STRING **pcid,
-			                        int *pallorfirst,
-			                        STACK_OF(GENERAL_NAMES) **plist,
-			                        STACK_OF(GENERAL_NAMES) **prto)
+void
+CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr, ASN1_STRING **pcid,
+    int *pallorfirst, STACK_OF(GENERAL_NAMES) **plist,
+    STACK_OF(GENERAL_NAMES) **prto)
 {
 	if (pcid)
 		*pcid = rr->signedContentIdentifier;
@@ -180,40 +177,46 @@ void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
 
 /* Digest a SignerInfo structure for msgSigDigest attribute processing */
 
-static int cms_msgSigDigest(CMS_SignerInfo *si,
-			                unsigned char *dig, unsigned int *diglen)
+static int
+cms_msgSigDigest(CMS_SignerInfo *si, unsigned char *dig, unsigned int *diglen)
 {
 	const EVP_MD *md;
+
 	md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
 	if (md == NULL)
 		return 0;
 	if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
-			              si->signedAttrs, dig, diglen))
+	    si->signedAttrs, dig, diglen))
 		return 0;
+
 	return 1;
 }
 
 /* Add a msgSigDigest attribute to a SignerInfo */
 
-int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
+int
+cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
 {
 	unsigned char dig[EVP_MAX_MD_SIZE];
 	unsigned int diglen;
+
 	if (!cms_msgSigDigest(src, dig, &diglen)) {
 		CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
 		return 0;
 	}
 	if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
-			                         V_ASN1_OCTET_STRING, dig, diglen)) {
+	    V_ASN1_OCTET_STRING, dig, diglen)) {
 		CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
+
 	return 1;
 }
 
 /* Verify signed receipt after it has already passed normal CMS verify */
 
-int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
+int
+cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
 {
 	int r = 0, i;
 	CMS_ReceiptRequest *rr = NULL;
@@ -274,9 +277,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
 	/* Get msgSigDigest value and compare */
 
 	msig = CMS_signed_get0_data_by_OBJ(si,
-			                           OBJ_nid2obj
-			                           (NID_id_smime_aa_msgSigDigest), -3,
-			                           V_ASN1_OCTET_STRING);
+	    OBJ_nid2obj(NID_id_smime_aa_msgSigDigest), -3, V_ASN1_OCTET_STRING);
 
 	if (!msig) {
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
@@ -302,8 +303,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
 	/* Compare content types */
 
 	octype = CMS_signed_get0_data_by_OBJ(osi,
-			                             OBJ_nid2obj(NID_pkcs9_contentType),
-			                             -3, V_ASN1_OBJECT);
+	    OBJ_nid2obj(NID_pkcs9_contentType), -3, V_ASN1_OBJECT);
 	if (!octype) {
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
 		goto err;
@@ -324,7 +324,7 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
 	}
 
 	if (ASN1_STRING_cmp(rr->signedContentIdentifier,
-			            rct->signedContentIdentifier)) {
+	    rct->signedContentIdentifier)) {
 		CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENTIDENTIFIER_MISMATCH);
 		goto err;
 	}
@@ -335,7 +335,6 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
 	CMS_ReceiptRequest_free(rr);
 	M_ASN1_free_of(rct, CMS_Receipt);
 	return r;
-
 }
 
 /*
@@ -343,7 +342,8 @@ int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
  * SignedData ContentInfo.
  */
 
-ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
+ASN1_OCTET_STRING *
+cms_encode_Receipt(CMS_SignerInfo *si)
 {
 	CMS_Receipt rct;
 	CMS_ReceiptRequest *rr = NULL;
@@ -362,8 +362,7 @@ ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
 	/* Get original content type */
 
 	ctype = CMS_signed_get0_data_by_OBJ(si,
-			                            OBJ_nid2obj(NID_pkcs9_contentType),
-			                            -3, V_ASN1_OBJECT);
+	    OBJ_nid2obj(NID_pkcs9_contentType), -3, V_ASN1_OBJECT);
 	if (!ctype) {
 		CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
 		goto err;
diff --git a/lib/libcrypto/cms/cms_io.c b/lib/libcrypto/cms/cms_io.c
index 56d7cd68e15..5528ca04bef 100644
--- a/lib/libcrypto/cms/cms_io.c
+++ b/lib/libcrypto/cms/cms_io.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_io.c,v 1.8 2019/08/10 16:42:20 jsing Exp $ */
+/* $OpenBSD: cms_io.c,v 1.9 2019/08/10 18:15:52 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -59,9 +59,11 @@
 #include <openssl/cms.h>
 #include "cms_lcl.h"
 
-int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
+int
+CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
 {
 	ASN1_OCTET_STRING **pos;
+
 	pos = CMS_get0_content(cms);
 	if (pos == NULL)
 		return 0;
@@ -77,22 +79,25 @@ int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
 	return 0;
 }
 
-CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
+CMS_ContentInfo *
+d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
 {
 	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
 }
 
-int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
+int
+i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
 {
 	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
 }
 
 IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
 
-BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms)
+BIO *
+BIO_new_CMS(BIO *out, CMS_ContentInfo *cms)
 {
 	return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
-			            ASN1_ITEM_rptr(CMS_ContentInfo));
+	    ASN1_ITEM_rptr(CMS_ContentInfo));
 }
 
 /* CMS wrappers round generalised stream and MIME routines */
@@ -103,31 +108,32 @@ int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
 			                   ASN1_ITEM_rptr(CMS_ContentInfo));
 }
 
-int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
-			                 int flags)
+int
+PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
 {
 	return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)cms, in, flags,
-			                         "CMS", ASN1_ITEM_rptr(CMS_ContentInfo));
+	    "CMS", ASN1_ITEM_rptr(CMS_ContentInfo));
 }
 
-int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
+int
+SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
 {
 	STACK_OF(X509_ALGOR) *mdalgs;
 	int ctype_nid = OBJ_obj2nid(cms->contentType);
 	int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
+
 	if (ctype_nid == NID_pkcs7_signed)
 		mdalgs = cms->d.signedData->digestAlgorithms;
 	else
 		mdalgs = NULL;
 
-	return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
-			                ctype_nid, econt_nid, mdalgs,
-			                ASN1_ITEM_rptr(CMS_ContentInfo));
+	return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags, ctype_nid,
+	    econt_nid, mdalgs, ASN1_ITEM_rptr(CMS_ContentInfo));
 }
 
-CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
+CMS_ContentInfo *
+SMIME_read_CMS(BIO *bio, BIO **bcont)
 {
 	return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
-			                                  ASN1_ITEM_rptr
-			                                  (CMS_ContentInfo));
+	    ASN1_ITEM_rptr(CMS_ContentInfo));
 }
diff --git a/lib/libcrypto/cms/cms_kari.c b/lib/libcrypto/cms/cms_kari.c
index 7aad3c755b7..3605baac414 100644
--- a/lib/libcrypto/cms/cms_kari.c
+++ b/lib/libcrypto/cms/cms_kari.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_kari.c,v 1.5 2019/08/10 16:42:20 jsing Exp $ */
+/* $OpenBSD: cms_kari.c,v 1.6 2019/08/10 18:15:52 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -64,9 +64,9 @@
 
 /* Key Agreement Recipient Info (KARI) routines */
 
-int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
-			                        X509_ALGOR **palg,
-			                        ASN1_OCTET_STRING **pukm)
+int
+CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri, X509_ALGOR **palg,
+    ASN1_OCTET_STRING **pukm)
 {
 	if (ri->type != CMS_RECIPINFO_AGREE) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG,
@@ -77,13 +77,14 @@ int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
 		*palg = ri->d.kari->keyEncryptionAlgorithm;
 	if (pukm)
 		*pukm = ri->d.kari->ukm;
+
 	return 1;
 }
 
 /* Retrieve recipient encrypted keys from a kari */
 
-STACK_OF(CMS_RecipientEncryptedKey)
-*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri)
+STACK_OF(CMS_RecipientEncryptedKey) *
+CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri)
 {
 	if (ri->type != CMS_RECIPINFO_AGREE) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS,
@@ -93,14 +94,13 @@ STACK_OF(CMS_RecipientEncryptedKey)
 	return ri->d.kari->recipientEncryptedKeys;
 }
 
-int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
-			                            X509_ALGOR **pubalg,
-			                            ASN1_BIT_STRING **pubkey,
-			                            ASN1_OCTET_STRING **keyid,
-			                            X509_NAME **issuer,
-			                            ASN1_INTEGER **sno)
+int
+CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri, X509_ALGOR **pubalg,
+    ASN1_BIT_STRING **pubkey, ASN1_OCTET_STRING **keyid, X509_NAME **issuer,
+    ASN1_INTEGER **sno)
 {
 	CMS_OriginatorIdentifierOrKey *oik;
+
 	if (ri->type != CMS_RECIPINFO_AGREE) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID,
 			   CMS_R_NOT_KEY_AGREEMENT);
@@ -132,15 +132,18 @@ int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
 			*pubkey = oik->d.originatorKey->publicKey;
 	} else
 		return 0;
+
 	return 1;
 }
 
-int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert)
+int
+CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert)
 {
 	CMS_OriginatorIdentifierOrKey *oik;
+
 	if (ri->type != CMS_RECIPINFO_AGREE) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP,
-			   CMS_R_NOT_KEY_AGREEMENT);
+		   CMS_R_NOT_KEY_AGREEMENT);
 		return -2;
 	}
 	oik = ri->d.kari->originator;
@@ -148,16 +151,17 @@ int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert)
 		return cms_ias_cert_cmp(oik->d.issuerAndSerialNumber, cert);
 	else if (oik->type == CMS_OIK_KEYIDENTIFIER)
 		return cms_keyid_cert_cmp(oik->d.subjectKeyIdentifier, cert);
+
 	return -1;
 }
 
-int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
-			                          ASN1_OCTET_STRING **keyid,
-			                          ASN1_GENERALIZEDTIME **tm,
-			                          CMS_OtherKeyAttribute **other,
-			                          X509_NAME **issuer, ASN1_INTEGER **sno)
+int
+CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
+    ASN1_OCTET_STRING **keyid, ASN1_GENERALIZEDTIME **tm,
+    CMS_OtherKeyAttribute **other, X509_NAME **issuer, ASN1_INTEGER **sno)
 {
 	CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;
+
 	if (rid->type == CMS_REK_ISSUER_SERIAL) {
 		if (issuer)
 			*issuer = rid->d.issuerAndSerialNumber->issuer;
@@ -182,13 +186,15 @@ int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
 			*sno = NULL;
 	} else
 		return 0;
+
 	return 1;
 }
 
-int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
-			                           X509 *cert)
+int
+CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek, X509 *cert)
 {
 	CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;
+
 	if (rid->type == CMS_REK_ISSUER_SERIAL)
 		return cms_ias_cert_cmp(rid->d.issuerAndSerialNumber, cert);
 	else if (rid->type == CMS_REK_KEYIDENTIFIER)
@@ -197,7 +203,8 @@ int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
 		return -1;
 }
 
-int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
+int
+CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
 {
 	EVP_PKEY_CTX *pctx;
 	CMS_KeyAgreeRecipientInfo *kari = ri->d.kari;
@@ -211,12 +218,14 @@ int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
 		goto err;
 	kari->pctx = pctx;
 	return 1;
+
  err:
 	EVP_PKEY_CTX_free(pctx);
 	return 0;
 }
 
-EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
+EVP_CIPHER_CTX *
+CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
 {
 	if (ri->type == CMS_RECIPINFO_AGREE)
 		return ri->d.kari->ctx;
@@ -228,9 +237,9 @@ EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
  * or the encrypted CEK.
  */
 
-static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
-			              const unsigned char *in, size_t inlen,
-			              CMS_KeyAgreeRecipientInfo *kari, int enc)
+static int
+cms_kek_cipher(unsigned char **pout, size_t *poutlen, const unsigned char *in,
+    size_t inlen, CMS_KeyAgreeRecipientInfo *kari, int enc)
 {
 	/* Key encryption key */
 	unsigned char kek[EVP_MAX_KEY_LENGTH];
@@ -238,6 +247,7 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
 	int rv = 0;
 	unsigned char *out = NULL;
 	int outlen;
+
 	keklen = EVP_CIPHER_CTX_key_length(kari->ctx);
 	if (keklen > EVP_MAX_KEY_LENGTH)
 		return 0;
@@ -267,18 +277,20 @@ static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
 	/* FIXME: WHY IS kari->pctx freed here?  /RL */
 	EVP_PKEY_CTX_free(kari->pctx);
 	kari->pctx = NULL;
+
 	return rv;
 }
 
-int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
-			                       CMS_RecipientInfo *ri,
-			                       CMS_RecipientEncryptedKey *rek)
+int
+CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+    CMS_RecipientEncryptedKey *rek)
 {
 	int rv = 0;
 	unsigned char *enckey = NULL, *cek = NULL;
 	size_t enckeylen;
 	size_t ceklen;
 	CMS_EncryptedContentInfo *ec;
+
 	enckeylen = rek->encryptedKey->length;
 	enckey = rek->encryptedKey->data;
 	/* Setup all parameters to derive KEK */
@@ -293,18 +305,21 @@ int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
 	ec->keylen = ceklen;
 	cek = NULL;
 	rv = 1;
+
  err:
 	OPENSSL_free(cek);
+
 	return rv;
 }
 
 /* Create ephemeral key and initialise context based on it */
-static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
-			                             EVP_PKEY *pk)
+static int
+cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari, EVP_PKEY *pk)
 {
 	EVP_PKEY_CTX *pctx = NULL;
 	EVP_PKEY *ekey = NULL;
 	int rv = 0;
+
 	pctx = EVP_PKEY_CTX_new(pk, NULL);
 	if (!pctx)
 		goto err;
@@ -320,17 +335,20 @@ static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
 		goto err;
 	kari->pctx = pctx;
 	rv = 1;
+
  err:
 	if (!rv)
 		EVP_PKEY_CTX_free(pctx);
 	EVP_PKEY_free(ekey);
+
 	return rv;
 }
 
 /* Initialise a kari based on passed certificate and key */
 
-int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
-			                    EVP_PKEY *pk, unsigned int flags)
+int
+cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip, EVP_PKEY *pk,
+    unsigned int flags)
 {
 	CMS_KeyAgreeRecipientInfo *kari;
 	CMS_RecipientEncryptedKey *rek = NULL;
@@ -371,15 +389,17 @@ int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
 
 	EVP_PKEY_up_ref(pk);
 	rek->pkey = pk;
+
 	return 1;
 }
 
-static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
-			             const EVP_CIPHER *cipher)
+static int
+cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari, const EVP_CIPHER *cipher)
 {
 	EVP_CIPHER_CTX *ctx = kari->ctx;
 	const EVP_CIPHER *kekcipher;
 	int keylen = EVP_CIPHER_key_length(cipher);
+
 	/* If a suitable wrap algorithm is already set nothing to do */
 	kekcipher = EVP_CIPHER_CTX_cipher(ctx);
 
@@ -403,13 +423,14 @@ static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
 		kekcipher = EVP_aes_192_wrap();
 	else
 		kekcipher = EVP_aes_256_wrap();
+
 	return EVP_EncryptInit_ex(ctx, kekcipher, NULL, NULL, NULL);
 }
 
 /* Encrypt content key in key agreement recipient info */
 
-int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
-			                       CMS_RecipientInfo *ri)
+int
+cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
 {
 	CMS_KeyAgreeRecipientInfo *kari;
 	CMS_EncryptedContentInfo *ec;
@@ -455,5 +476,4 @@ int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
 	}
 
 	return 1;
-
 }
diff --git a/lib/libcrypto/cms/cms_lib.c b/lib/libcrypto/cms/cms_lib.c
index baee32c398f..71c6796dbb9 100644
--- a/lib/libcrypto/cms/cms_lib.c
+++ b/lib/libcrypto/cms/cms_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_lib.c,v 1.9 2019/08/10 16:42:20 jsing Exp $ */
+/* $OpenBSD: cms_lib.c,v 1.10 2019/08/10 18:15:52 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -64,14 +64,17 @@
 IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
 IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 
-const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms)
+const ASN1_OBJECT *
+CMS_get0_type(const CMS_ContentInfo *cms)
 {
 	return cms->contentType;
 }
 
-CMS_ContentInfo *cms_Data_create(void)
+CMS_ContentInfo *
+cms_Data_create(void)
 {
 	CMS_ContentInfo *cms;
+
 	cms = CMS_ContentInfo_new();
 	if (cms != NULL) {
 		cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
@@ -81,9 +84,11 @@ CMS_ContentInfo *cms_Data_create(void)
 	return cms;
 }
 
-BIO *cms_content_bio(CMS_ContentInfo *cms)
+BIO *
+cms_content_bio(CMS_ContentInfo *cms)
 {
 	ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+
 	if (!pos)
 		return NULL;
 	/* If content detached data goes nowhere: create NULL BIO */
@@ -94,13 +99,16 @@ BIO *cms_content_bio(CMS_ContentInfo *cms)
 	 */
 	if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
 		return BIO_new(BIO_s_mem());
+
 	/* Else content was read in: return read only BIO for it */
 	return BIO_new_mem_buf((*pos)->data, (*pos)->length);
 }
 
-BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
+BIO *
+CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
 {
 	BIO *cmsbio, *cont;
+
 	if (icont)
 		cont = icont;
 	else
@@ -145,13 +153,15 @@ BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
 
 	if (!icont)
 		BIO_free(cont);
-	return NULL;
 
+	return NULL;
 }
 
-int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
+int
+CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
 {
 	ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+
 	if (!pos)
 		return 0;
 	/* If embedded content find memory BIO and set content */
@@ -198,10 +208,10 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
  * or set later.
  */
 
-ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
+ASN1_OCTET_STRING **
+CMS_get0_content(CMS_ContentInfo *cms)
 {
 	switch (OBJ_obj2nid(cms->contentType)) {
-
 	case NID_pkcs7_data:
 		return &cms->d.data;
 
@@ -228,7 +238,6 @@ ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
 			return &cms->d.other->value.octet_string;
 		CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
 		return NULL;
-
 	}
 }
 
@@ -237,10 +246,10 @@ ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
  * accessed or set later.
  */
 
-static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
+static ASN1_OBJECT **
+cms_get0_econtent_type(CMS_ContentInfo *cms)
 {
 	switch (OBJ_obj2nid(cms->contentType)) {
-
 	case NID_pkcs7_signed:
 		return &cms->d.signedData->encapContentInfo->eContentType;
 
@@ -262,22 +271,26 @@ static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
 	default:
 		CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, CMS_R_UNSUPPORTED_CONTENT_TYPE);
 		return NULL;
-
 	}
 }
 
-const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
+const ASN1_OBJECT *
+CMS_get0_eContentType(CMS_ContentInfo *cms)
 {
 	ASN1_OBJECT **petype;
+
 	petype = cms_get0_econtent_type(cms);
 	if (petype)
 		return *petype;
+
 	return NULL;
 }
 
-int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
+int
+CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
 {
 	ASN1_OBJECT **petype, *etype;
+
 	petype = cms_get0_econtent_type(cms);
 	if (!petype)
 		return 0;
@@ -288,23 +301,29 @@ int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
 		return 0;
 	ASN1_OBJECT_free(*petype);
 	*petype = etype;
+
 	return 1;
 }
 
-int CMS_is_detached(CMS_ContentInfo *cms)
+int
+CMS_is_detached(CMS_ContentInfo *cms)
 {
 	ASN1_OCTET_STRING **pos;
+
 	pos = CMS_get0_content(cms);
 	if (!pos)
 		return -1;
 	if (*pos)
 		return 0;
+
 	return 1;
 }
 
-int CMS_set_detached(CMS_ContentInfo *cms, int detached)
+int
+CMS_set_detached(CMS_ContentInfo *cms, int detached)
 {
 	ASN1_OCTET_STRING **pos;
+
 	pos = CMS_get0_content(cms);
 	if (!pos)
 		return 0;
@@ -323,16 +342,19 @@ int CMS_set_detached(CMS_ContentInfo *cms, int detached)
 		return 1;
 	}
 	CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
+
 	return 0;
 }
 
 /* Create a digest BIO from an X509_ALGOR structure */
 
-BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
+BIO *
+cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
 {
 	BIO *mdbio = NULL;
 	const ASN1_OBJECT *digestoid;
 	const EVP_MD *digest;
+
 	X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
 	digest = EVP_get_digestbyobj(digestoid);
 	if (!digest) {
@@ -346,18 +368,21 @@ BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
 		goto err;
 	}
 	return mdbio;
+
  err:
 	BIO_free(mdbio);
+
 	return NULL;
 }
 
 /* Locate a message digest content from a BIO chain based on SignerInfo */
 
-int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
-			                     X509_ALGOR *mdalg)
+int
+cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain, X509_ALGOR *mdalg)
 {
 	int nid;
 	const ASN1_OBJECT *mdoid;
+
 	X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
 	nid = OBJ_obj2nid(mdoid);
 	/* Look for digest type to match signature */
@@ -381,11 +406,10 @@ int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
 	}
 }
 
-static STACK_OF(CMS_CertificateChoices)
-**cms_get0_certificate_choices(CMS_ContentInfo *cms)
+static STACK_OF(CMS_CertificateChoices) **
+cms_get0_certificate_choices(CMS_ContentInfo *cms)
 {
 	switch (OBJ_obj2nid(cms->contentType)) {
-
 	case NID_pkcs7_signed:
 		return &cms->d.signedData->certificates;
 
@@ -396,16 +420,17 @@ static STACK_OF(CMS_CertificateChoices)
 
 	default:
 		CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
-			   CMS_R_UNSUPPORTED_CONTENT_TYPE);
+		   CMS_R_UNSUPPORTED_CONTENT_TYPE);
 		return NULL;
-
 	}
 }
 
-CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
+CMS_CertificateChoices *
+CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
 {
 	STACK_OF(CMS_CertificateChoices) **pcerts;
 	CMS_CertificateChoices *cch;
+
 	pcerts = cms_get0_certificate_choices(cms);
 	if (!pcerts)
 		return NULL;
@@ -420,14 +445,17 @@ CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
 		M_ASN1_free_of(cch, CMS_CertificateChoices);
 		return NULL;
 	}
+
 	return cch;
 }
 
-int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
+int
+CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
 {
 	CMS_CertificateChoices *cch;
 	STACK_OF(CMS_CertificateChoices) **pcerts;
 	int i;
+
 	pcerts = cms_get0_certificate_choices(cms);
 	if (!pcerts)
 		return 0;
@@ -446,23 +474,26 @@ int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
 		return 0;
 	cch->type = CMS_CERTCHOICE_CERT;
 	cch->d.certificate = cert;
+
 	return 1;
 }
 
-int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
+int
+CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
 {
 	int r;
+
 	r = CMS_add0_cert(cms, cert);
 	if (r > 0)
 		X509_up_ref(cert);
+
 	return r;
 }
 
-static STACK_OF(CMS_RevocationInfoChoice)
-**cms_get0_revocation_choices(CMS_ContentInfo *cms)
+static STACK_OF(CMS_RevocationInfoChoice) **
+cms_get0_revocation_choices(CMS_ContentInfo *cms)
 {
 	switch (OBJ_obj2nid(cms->contentType)) {
-
 	case NID_pkcs7_signed:
 		return &cms->d.signedData->crls;
 
@@ -473,16 +504,17 @@ static STACK_OF(CMS_RevocationInfoChoice)
 
 	default:
 		CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
-			   CMS_R_UNSUPPORTED_CONTENT_TYPE);
+		   CMS_R_UNSUPPORTED_CONTENT_TYPE);
 		return NULL;
-
 	}
 }
 
-CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
+CMS_RevocationInfoChoice *
+CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
 {
 	STACK_OF(CMS_RevocationInfoChoice) **pcrls;
 	CMS_RevocationInfoChoice *rch;
+
 	pcrls = cms_get0_revocation_choices(cms);
 	if (!pcrls)
 		return NULL;
@@ -497,35 +529,44 @@ CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
 		M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
 		return NULL;
 	}
+
 	return rch;
 }
 
-int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+int
+CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
 {
 	CMS_RevocationInfoChoice *rch;
+
 	rch = CMS_add0_RevocationInfoChoice(cms);
 	if (!rch)
 		return 0;
 	rch->type = CMS_REVCHOICE_CRL;
 	rch->d.crl = crl;
+
 	return 1;
 }
 
-int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+int
+CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
 {
 	int r;
+
 	r = CMS_add0_crl(cms, crl);
 	if (r > 0)
 		X509_CRL_up_ref(crl);
+
 	return r;
 }
 
-STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
+STACK_OF(X509) *
+CMS_get1_certs(CMS_ContentInfo *cms)
 {
 	STACK_OF(X509) *certs = NULL;
 	CMS_CertificateChoices *cch;
 	STACK_OF(CMS_CertificateChoices) **pcerts;
 	int i;
+
 	pcerts = cms_get0_certificate_choices(cms);
 	if (!pcerts)
 		return NULL;
@@ -545,15 +586,16 @@ STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
 		}
 	}
 	return certs;
-
 }
 
-STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
+STACK_OF(X509_CRL) *
+CMS_get1_crls(CMS_ContentInfo *cms)
 {
 	STACK_OF(X509_CRL) *crls = NULL;
 	STACK_OF(CMS_RevocationInfoChoice) **pcrls;
 	CMS_RevocationInfoChoice *rch;
 	int i;
+
 	pcrls = cms_get0_revocation_choices(cms);
 	if (!pcrls)
 		return NULL;
@@ -575,27 +617,34 @@ STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
 	return crls;
 }
 
-int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
+int
+cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
 {
 	int ret;
+
 	ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
 	if (ret)
 		return ret;
+
 	return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert));
 }
 
-int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
+int
+cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
 {
 	const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
 
 	if (cert_keyid == NULL)
 		return -1;
+
 	return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
 }
 
-int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
+int
+cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
 {
 	CMS_IssuerAndSerialNumber *ias;
+
 	ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber);
 	if (!ias)
 		goto err;
@@ -605,17 +654,22 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
 		goto err;
 	M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
 	*pias = ias;
+
 	return 1;
+
  err:
 	M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
 	CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
+
 	return 0;
 }
 
-int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
+int
+cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
 {
 	ASN1_OCTET_STRING *keyid = NULL;
 	const ASN1_OCTET_STRING *cert_keyid;
+
 	cert_keyid = X509_get0_subject_key_id(cert);
 	if (cert_keyid == NULL) {
 		CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
@@ -628,5 +682,6 @@ int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
 	}
 	ASN1_OCTET_STRING_free(*pkeyid);
 	*pkeyid = keyid;
+
 	return 1;
 }
diff --git a/lib/libcrypto/cms/cms_pwri.c b/lib/libcrypto/cms/cms_pwri.c
index d7f5697ff0a..af237be98f3 100644
--- a/lib/libcrypto/cms/cms_pwri.c
+++ b/lib/libcrypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_pwri.c,v 1.16 2019/08/10 16:42:20 jsing Exp $ */
+/* $OpenBSD: cms_pwri.c,v 1.17 2019/08/10 18:15:52 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -63,10 +63,12 @@
 #include "cms_lcl.h"
 #include "asn1/asn1_locl.h"
 
-int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
-			                        unsigned char *pass, ossl_ssize_t passlen)
+int
+CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri, unsigned char *pass,
+    ossl_ssize_t passlen)
 {
 	CMS_PasswordRecipientInfo *pwri;
+
 	if (ri->type != CMS_RECIPINFO_PASS) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI);
 		return 0;
@@ -77,15 +79,14 @@ int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
 	if (pass && passlen < 0)
 		passlen = strlen((char *)pass);
 	pwri->passlen = passlen;
+
 	return 1;
 }
 
-CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
-			                                   int iter, int wrap_nid,
-			                                   int pbe_nid,
-			                                   unsigned char *pass,
-			                                   ossl_ssize_t passlen,
-			                                   const EVP_CIPHER *kekciph)
+CMS_RecipientInfo *
+CMS_add0_recipient_password(CMS_ContentInfo *cms, int iter, int wrap_nid,
+    int pbe_nid, unsigned char *pass, ossl_ssize_t passlen,
+    const EVP_CIPHER *kekciph)
 {
 	CMS_RecipientInfo *ri = NULL;
 	CMS_EnvelopedData *env;
@@ -115,7 +116,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
 	}
 	if (wrap_nid != NID_id_alg_PWRI_KEK) {
 		CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
-			   CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
+		   CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
 		return NULL;
 	}
 
@@ -147,7 +148,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
 		}
 		if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) {
 			CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
-			       CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+			   CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
 			goto err;
 		}
 	}
@@ -179,8 +180,7 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
 		goto merr;
 
 	if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
-			            &pwri->keyEncryptionAlgorithm->parameter->
-			            value.sequence))
+	    &pwri->keyEncryptionAlgorithm->parameter->value.sequence))
 		 goto merr;
 	pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE;
 
@@ -209,8 +209,8 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
 	if (ri)
 		M_ASN1_free_of(ri, CMS_RecipientInfo);
 	X509_ALGOR_free(encalg);
-	return NULL;
 
+	return NULL;
 }
 
 /*
@@ -218,13 +218,14 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
  * some point this should go into EVP.
  */
 
-static int kek_unwrap_key(unsigned char *out, size_t *outlen,
-			              const unsigned char *in, size_t inlen,
-			              EVP_CIPHER_CTX *ctx)
+static int
+kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
+    size_t inlen, EVP_CIPHER_CTX *ctx)
 {
 	size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
 	unsigned char *tmp;
 	int outl, rv = 0;
+
 	if (inlen < 2 * blocklen) {
 		/* too small */
 		return 0;
@@ -237,16 +238,16 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
 		CMSerr(CMS_F_KEK_UNWRAP_KEY, ERR_R_MALLOC_FAILURE);
 		return 0;
 	}
+
 	/* setup IV by decrypting last two blocks */
 	if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
-			               in + inlen - 2 * blocklen, blocklen * 2)
+	    in + inlen - 2 * blocklen, blocklen * 2)
 		/*
 		 * Do a decrypt of last decrypted block to set IV to correct value
 		 * output it to start of buffer so we don't corrupt decrypted block
 		 * this works because buffer is at least two block lengths long.
 		 */
-		|| !EVP_DecryptUpdate(ctx, tmp, &outl,
-			                  tmp + inlen - blocklen, blocklen)
+		|| !EVP_DecryptUpdate(ctx, tmp, &outl, tmp + inlen - blocklen, blocklen)
 		/* Can now decrypt first n - 1 blocks */
 		|| !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen)
 
@@ -267,19 +268,21 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
 	*outlen = (size_t)tmp[0];
 	memcpy(out, tmp + 4, *outlen);
 	rv = 1;
+
  err:
 	OPENSSL_clear_free(tmp, inlen);
-	return rv;
 
+	return rv;
 }
 
-static int kek_wrap_key(unsigned char *out, size_t *outlen,
-			            const unsigned char *in, size_t inlen,
-			            EVP_CIPHER_CTX *ctx)
+static int
+kek_wrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
+    size_t inlen, EVP_CIPHER_CTX *ctx)
 {
 	size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
 	size_t olen;
 	int dummy;
+
 	/*
 	 * First decide length of output buffer: need header and round up to
 	 * multiple of block length.
@@ -302,12 +305,12 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
 		out[3] = in[2] ^ 0xFF;
 		memcpy(out + 4, in, inlen);
 		/* Add random padding to end */
-		if (olen > inlen + 4
-			&& RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
+		if (olen > inlen + 4 &&
+		    RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
 			return 0;
 		/* Encrypt twice */
-		if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
-			|| !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
+		if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen) ||
+		    !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
 			return 0;
 	}
 
@@ -318,8 +321,9 @@ static int kek_wrap_key(unsigned char *out, size_t *outlen,
 
 /* Encrypt/Decrypt content key in PWRI recipient info */
 
-int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
-			                     int en_de)
+int
+cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+    int en_de)
 {
 	CMS_EncryptedContentInfo *ec;
 	CMS_PasswordRecipientInfo *pwri;
@@ -342,21 +346,20 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 
 	if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-			   CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
+		   CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
 		return 0;
 	}
 
 	kekalg = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
-			                           algtmp->parameter);
+	    algtmp->parameter);
 
 	if (kekalg == NULL) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-			   CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
+		   CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
 		return 0;
 	}
 
 	kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
-
 	if (!kekcipher) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER);
 		return 0;
@@ -373,7 +376,7 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 	EVP_CIPHER_CTX_set_padding(kekctx, 0);
 	if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
-			   CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+		   CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
 		goto err;
 	}
 
@@ -381,9 +384,8 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 
 	/* Finish password based key derivation to setup key in "ctx" */
 
-	if (EVP_PBE_CipherInit(algtmp->algorithm,
-			               (char *)pwri->pass, pwri->passlen,
-			               algtmp->parameter, kekctx, en_de) < 0) {
+	if (EVP_PBE_CipherInit(algtmp->algorithm, (char *)pwri->pass,
+	    pwri->passlen, algtmp->parameter, kekctx, en_de) < 0) {
 		CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
 		goto err;
 	}
@@ -391,12 +393,10 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 	/* Finally wrap/unwrap the key */
 
 	if (en_de) {
-
 		if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx))
 			goto err;
 
 		key = OPENSSL_malloc(keylen);
-
 		if (key == NULL)
 			goto err;
 
@@ -406,14 +406,12 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 		pwri->encryptedKey->length = keylen;
 	} else {
 		key = OPENSSL_malloc(pwri->encryptedKey->length);
-
 		if (key == NULL) {
 			CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
 			goto err;
 		}
-		if (!kek_unwrap_key(key, &keylen,
-			                pwri->encryptedKey->data,
-			                pwri->encryptedKey->length, kekctx)) {
+		if (!kek_unwrap_key(key, &keylen, pwri->encryptedKey->data,
+		    pwri->encryptedKey->length, kekctx)) {
 			CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE);
 			goto err;
 		}
@@ -421,19 +419,15 @@ int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 		OPENSSL_clear_free(ec->key, ec->keylen);
 		ec->key = key;
 		ec->keylen = keylen;
-
 	}
 
 	r = 1;
 
  err:
-
 	EVP_CIPHER_CTX_free(kekctx);
-
 	if (!r)
 		OPENSSL_free(key);
 	X509_ALGOR_free(kekalg);
 
 	return r;
-
 }
diff --git a/lib/libcrypto/cms/cms_sd.c b/lib/libcrypto/cms/cms_sd.c
index 57a92b59e36..6c65844c935 100644
--- a/lib/libcrypto/cms/cms_sd.c
+++ b/lib/libcrypto/cms/cms_sd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_sd.c,v 1.16 2019/08/10 16:42:20 jsing Exp $ */
+/* $OpenBSD: cms_sd.c,v 1.17 2019/08/10 18:15:52 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -65,7 +65,8 @@
 
 /* CMS SignedData Utilities */
 
-static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
+static CMS_SignedData *
+cms_get0_signed(CMS_ContentInfo *cms)
 {
 	if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
 		CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
@@ -74,7 +75,8 @@ static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
 	return cms->d.signedData;
 }
 
-static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
+static CMS_SignedData *
+cms_signed_data_init(CMS_ContentInfo *cms)
 {
 	if (cms->d.other == NULL) {
 		cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
@@ -84,7 +86,7 @@ static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
 		}
 		cms->d.signedData->version = 1;
 		cms->d.signedData->encapContentInfo->eContentType =
-			OBJ_nid2obj(NID_pkcs7_data);
+		    OBJ_nid2obj(NID_pkcs7_data);
 		cms->d.signedData->encapContentInfo->partial = 1;
 		ASN1_OBJECT_free(cms->contentType);
 		cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
@@ -95,7 +97,8 @@ static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
 
 /* Just initialise SignedData e.g. for certs only structure */
 
-int CMS_SignedData_init(CMS_ContentInfo *cms)
+int
+CMS_SignedData_init(CMS_ContentInfo *cms)
 {
 	if (cms_signed_data_init(cms))
 		return 1;
@@ -105,7 +108,8 @@ int CMS_SignedData_init(CMS_ContentInfo *cms)
 
 /* Check structures and fixup version numbers (if necessary) */
 
-static void cms_sd_set_version(CMS_SignedData *sd)
+static void
+cms_sd_set_version(CMS_SignedData *sd)
 {
 	int i;
 	CMS_CertificateChoices *cch;
@@ -151,16 +155,17 @@ static void cms_sd_set_version(CMS_SignedData *sd)
 
 	if (sd->version < 1)
 		sd->version = 1;
-
 }
 
 /* Copy an existing messageDigest value */
 
-static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
+static int
+cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
 {
 	STACK_OF(CMS_SignerInfo) *sinfos;
 	CMS_SignerInfo *sitmp;
 	int i;
+
 	sinfos = CMS_get0_SignerInfos(cms);
 	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
 		ASN1_OCTET_STRING *messageDigest;
@@ -170,30 +175,30 @@ static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
 		if (CMS_signed_get_attr_count(sitmp) < 0)
 			continue;
 		if (OBJ_cmp(si->digestAlgorithm->algorithm,
-			        sitmp->digestAlgorithm->algorithm))
+		    sitmp->digestAlgorithm->algorithm))
 			continue;
 		messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
-			                                        OBJ_nid2obj
-			                                        (NID_pkcs9_messageDigest),
-			                                        -3, V_ASN1_OCTET_STRING);
+		    OBJ_nid2obj(NID_pkcs9_messageDigest), -3, V_ASN1_OCTET_STRING);
 		if (!messageDigest) {
 			CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
-			       CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+			    CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
 			return 0;
 		}
 
 		if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
-			                            V_ASN1_OCTET_STRING,
-			                            messageDigest, -1))
+		    V_ASN1_OCTET_STRING, messageDigest, -1))
 			return 1;
 		else
 			return 0;
 	}
+
 	CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
+
 	return 0;
 }
 
-int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
+int
+cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
 {
 	switch (type) {
 	case CMS_SIGNERINFO_ISSUER_SERIAL:
@@ -216,10 +221,9 @@ int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
 	return 1;
 }
 
-int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
-			                            ASN1_OCTET_STRING **keyid,
-			                            X509_NAME **issuer,
-			                            ASN1_INTEGER **sno)
+int
+cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+    ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno)
 {
 	if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
 		if (issuer)
@@ -231,10 +235,12 @@ int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
 			*keyid = sid->d.subjectKeyIdentifier;
 	} else
 		return 0;
+
 	return 1;
 }
 
-int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
+int
+cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
 {
 	if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
 		return cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert);
@@ -244,10 +250,12 @@ int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
 		return -1;
 }
 
-static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
+static int
+cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
 {
 	EVP_PKEY *pkey = si->pkey;
 	int i;
+
 	if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
 		return 1;
 	i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si);
@@ -259,20 +267,22 @@ static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
 		CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_CTRL_FAILURE);
 		return 0;
 	}
+
 	return 1;
 }
 
-CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
-			                    X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
-			                    unsigned int flags)
+CMS_SignerInfo *
+CMS_add1_signer(CMS_ContentInfo *cms, X509 *signer, EVP_PKEY *pk,
+    const EVP_MD *md, unsigned int flags)
 {
 	CMS_SignedData *sd;
 	CMS_SignerInfo *si = NULL;
 	X509_ALGOR *alg;
 	int i, type;
+
 	if (!X509_check_private_key(signer, pk)) {
 		CMSerr(CMS_F_CMS_ADD1_SIGNER,
-			   CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+		   CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
 		return NULL;
 	}
 	sd = cms_signed_data_init(cms);
@@ -358,24 +368,25 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
 		if (!si->signedAttrs) {
 			si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
 			if (!si->signedAttrs)
-			    goto merr;
+				goto merr;
 		}
 
 		if (!(flags & CMS_NOSMIMECAP)) {
 			STACK_OF(X509_ALGOR) *smcap = NULL;
+
 			i = CMS_add_standard_smimecap(&smcap);
 			if (i)
 			    i = CMS_add_smimecap(si, smcap);
 			sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
 			if (!i)
-			    goto merr;
+				goto merr;
 		}
 		if (flags & CMS_REUSE_DIGEST) {
 			if (!cms_copy_messageDigest(cms, si))
-			    goto err;
+				goto err;
 			if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) &&
 			    !CMS_SignerInfo_sign(si))
-			    goto err;
+				goto err;
 		}
 	}
 
@@ -389,13 +400,13 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
 		if (flags & CMS_NOATTR) {
 			si->pctx = EVP_PKEY_CTX_new(si->pkey, NULL);
 			if (si->pctx == NULL)
-			    goto err;
+				goto err;
 			if (EVP_PKEY_sign_init(si->pctx) <= 0)
-			    goto err;
+				goto err;
 			if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
-			    goto err;
-		} else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <=
-			       0)
+				goto err;
+		} else if (EVP_DigestSignInit(si->mctx, &si->pctx, md,
+		    NULL, pk) <= 0)
 			goto err;
 	}
 
@@ -410,14 +421,16 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
 	CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
  err:
 	M_ASN1_free_of(si, CMS_SignerInfo);
-	return NULL;
 
+	return NULL;
 }
 
-static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
+static int
+cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
 {
 	ASN1_TIME *tt;
 	int r = 0;
+
 	if (t)
 		tt = t;
 	else
@@ -433,61 +446,67 @@ static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
 	r = 1;
 
  merr:
-
 	if (!t)
 		ASN1_TIME_free(tt);
-
 	if (!r)
 		CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
 
 	return r;
-
 }
 
-EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si)
+EVP_PKEY_CTX *
+CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si)
 {
 	return si->pctx;
 }
 
-EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si)
+EVP_MD_CTX *
+CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si)
 {
 	return si->mctx;
 }
 
-STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
+STACK_OF(CMS_SignerInfo) *
+CMS_get0_SignerInfos(CMS_ContentInfo *cms)
 {
 	CMS_SignedData *sd;
+
 	sd = cms_get0_signed(cms);
 	if (!sd)
 		return NULL;
+
 	return sd->signerInfos;
 }
 
-STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
+STACK_OF(X509) *
+CMS_get0_signers(CMS_ContentInfo *cms)
 {
 	STACK_OF(X509) *signers = NULL;
 	STACK_OF(CMS_SignerInfo) *sinfos;
 	CMS_SignerInfo *si;
 	int i;
+
 	sinfos = CMS_get0_SignerInfos(cms);
 	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
 		si = sk_CMS_SignerInfo_value(sinfos, i);
 		if (si->signer) {
 			if (!signers) {
-			    signers = sk_X509_new_null();
-			    if (!signers)
-			        return NULL;
+				signers = sk_X509_new_null();
+				if (!signers)
+					return NULL;
 			}
 			if (!sk_X509_push(signers, si->signer)) {
-			    sk_X509_free(signers);
-			    return NULL;
+				sk_X509_free(signers);
+				return NULL;
 			}
 		}
 	}
+
 	return signers;
 }
 
-void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
+void
+CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
 {
 	if (signer) {
 		X509_up_ref(signer);
@@ -498,20 +517,22 @@ void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
 	si->signer = signer;
 }
 
-int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
-			                      ASN1_OCTET_STRING **keyid,
-			                      X509_NAME **issuer, ASN1_INTEGER **sno)
+int
+CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si, ASN1_OCTET_STRING **keyid,
+    X509_NAME **issuer, ASN1_INTEGER **sno)
 {
 	return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
 }
 
-int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
+int
+CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
 {
 	return cms_SignerIdentifier_cert_cmp(si->sid, cert);
 }
 
-int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
-			               unsigned int flags)
+int
+CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
+    unsigned int flags)
 {
 	CMS_SignedData *sd;
 	CMS_SignerInfo *si;
@@ -520,6 +541,7 @@ int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
 	X509 *x;
 	int i, j;
 	int ret = 0;
+
 	sd = cms_get0_signed(cms);
 	if (!sd)
 		return -1;
@@ -532,9 +554,9 @@ int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
 		for (j = 0; j < sk_X509_num(scerts); j++) {
 			x = sk_X509_value(scerts, j);
 			if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
-			    CMS_SignerInfo_set1_signer_cert(si, x);
-			    ret++;
-			    break;
+				CMS_SignerInfo_set1_signer_cert(si, x);
+				ret++;
+				break;
 			}
 		}
 
@@ -544,21 +566,21 @@ int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
 		for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) {
 			cch = sk_CMS_CertificateChoices_value(certs, j);
 			if (cch->type != 0)
-			    continue;
+				continue;
 			x = cch->d.certificate;
 			if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
-			    CMS_SignerInfo_set1_signer_cert(si, x);
-			    ret++;
-			    break;
+				CMS_SignerInfo_set1_signer_cert(si, x);
+				ret++;
+				break;
 			}
 		}
 	}
 	return ret;
 }
 
-void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
-			                  X509 **signer, X509_ALGOR **pdig,
-			                  X509_ALGOR **psig)
+void
+CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk, X509 **signer,
+X509_ALGOR **pdig, X509_ALGOR **psig)
 {
 	if (pk)
 		*pk = si->pkey;
@@ -570,13 +592,14 @@ void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
 		*psig = si->signatureAlgorithm;
 }
 
-ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
+ASN1_OCTET_STRING *
+CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
 {
 	return si->signature;
 }
 
-static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
-			                           CMS_SignerInfo *si, BIO *chain)
+static int
+cms_SignerInfo_content_sign(CMS_ContentInfo *cms, CMS_SignerInfo *si, BIO *chain)
 {
 	EVP_MD_CTX *mctx = EVP_MD_CTX_new();
 	int r = 0;
@@ -604,17 +627,18 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
 
 	if (CMS_signed_get_attr_count(si) >= 0) {
 		ASN1_OBJECT *ctype =
-			cms->d.signedData->encapContentInfo->eContentType;
+		    cms->d.signedData->encapContentInfo->eContentType;
 		unsigned char md[EVP_MAX_MD_SIZE];
 		unsigned int mdlen;
+
 		if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
 			goto err;
 		if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
-			                             V_ASN1_OCTET_STRING, md, mdlen))
+		    V_ASN1_OCTET_STRING, md, mdlen))
 			goto err;
 		/* Copy content type across */
 		if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
-			                            V_ASN1_OBJECT, ctype, -1) <= 0)
+		    V_ASN1_OBJECT, ctype, -1) <= 0)
 			goto err;
 		if (!CMS_SignerInfo_sign(si))
 			goto err;
@@ -623,6 +647,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
 		size_t siglen;
 		unsigned char md[EVP_MAX_MD_SIZE];
 		unsigned int mdlen;
+
 		pctx = si->pctx;
 		if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
 			goto err;
@@ -640,6 +665,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
 	} else {
 		unsigned char *sig;
 		unsigned int siglen;
+
 		sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
 		if (sig == NULL) {
 			CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
@@ -658,15 +684,17 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
  err:
 	EVP_MD_CTX_free(mctx);
 	EVP_PKEY_CTX_free(pctx);
-	return r;
 
+	return r;
 }
 
-int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
+int
+cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
 {
 	STACK_OF(CMS_SignerInfo) *sinfos;
 	CMS_SignerInfo *si;
 	int i;
+
 	sinfos = CMS_get0_SignerInfos(cms);
 	for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
 		si = sk_CMS_SignerInfo_value(sinfos, i);
@@ -674,10 +702,12 @@ int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
 			return 0;
 	}
 	cms->d.signedData->encapContentInfo->partial = 0;
+
 	return 1;
 }
 
-int CMS_SignerInfo_sign(CMS_SignerInfo *si)
+int
+CMS_SignerInfo_sign(CMS_SignerInfo *si)
 {
 	EVP_MD_CTX *mctx = si->mctx;
 	EVP_PKEY_CTX *pctx = NULL;
@@ -705,13 +735,13 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
 	}
 
 	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-			              EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) {
+	    EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) {
 		CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
 		goto err;
 	}
 
 	alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
-			             ASN1_ITEM_rptr(CMS_Attributes_Sign));
+	    ASN1_ITEM_rptr(CMS_Attributes_Sign));
 	if (!abuf)
 		goto err;
 	if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
@@ -726,7 +756,7 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
 		goto err;
 
 	if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
-			              EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) {
+	    EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) {
 		CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
 		goto err;
 	}
@@ -740,11 +770,12 @@ int CMS_SignerInfo_sign(CMS_SignerInfo *si)
  err:
 	OPENSSL_free(abuf);
 	EVP_MD_CTX_reset(mctx);
-	return 0;
 
+	return 0;
 }
 
-int CMS_SignerInfo_verify(CMS_SignerInfo *si)
+int
+CMS_SignerInfo_verify(CMS_SignerInfo *si)
 {
 	EVP_MD_CTX *mctx = NULL;
 	unsigned char *abuf = NULL;
@@ -771,7 +802,7 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
 		goto err;
 
 	alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
-			             ASN1_ITEM_rptr(CMS_Attributes_Verify));
+	    ASN1_ITEM_rptr(CMS_Attributes_Verify));
 	if (!abuf)
 		goto err;
 	r = EVP_DigestVerifyUpdate(mctx, abuf, alen);
@@ -780,22 +811,27 @@ int CMS_SignerInfo_verify(CMS_SignerInfo *si)
 		r = -1;
 		goto err;
 	}
-	r = EVP_DigestVerifyFinal(mctx,
-			                  si->signature->data, si->signature->length);
+
+	r = EVP_DigestVerifyFinal(mctx, si->signature->data,
+	    si->signature->length);
 	if (r <= 0)
 		CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
+
  err:
 	EVP_MD_CTX_reset(mctx);
+
 	return r;
 }
 
 /* Create a chain of digest BIOs from a CMS ContentInfo */
 
-BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
+BIO *
+cms_SignedData_init_bio(CMS_ContentInfo *cms)
 {
 	int i;
 	CMS_SignedData *sd;
 	BIO *chain = NULL;
+
 	sd = cms_get0_signed(cms);
 	if (!sd)
 		return NULL;
@@ -813,13 +849,17 @@ BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
 		else
 			chain = mdbio;
 	}
+
 	return chain;
+
  err:
 	BIO_free_all(chain);
+
 	return NULL;
 }
 
-int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
+int
+CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
 {
 	ASN1_OCTET_STRING *os = NULL;
 	EVP_MD_CTX *mctx = EVP_MD_CTX_new();
@@ -835,11 +875,11 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
 	/* If we have any signed attributes look for messageDigest value */
 	if (CMS_signed_get_attr_count(si) >= 0) {
 		os = CMS_signed_get0_data_by_OBJ(si,
-			                             OBJ_nid2obj(NID_pkcs9_messageDigest),
-			                             -3, V_ASN1_OCTET_STRING);
+		    OBJ_nid2obj(NID_pkcs9_messageDigest), -3,
+		    V_ASN1_OCTET_STRING);
 		if (!os) {
 			CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
-			       CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+			    CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
 			goto err;
 		}
 	}
@@ -849,7 +889,7 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
 
 	if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) {
 		CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
-			   CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
+		   CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
 		goto err;
 	}
 
@@ -858,18 +898,19 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
 	if (os) {
 		if (mlen != (unsigned int)os->length) {
 			CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
-			       CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
+			    CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
 			goto err;
 		}
 
 		if (memcmp(mval, os->data, mlen)) {
 			CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
-			       CMS_R_VERIFICATION_FAILURE);
+			    CMS_R_VERIFICATION_FAILURE);
 			r = 0;
 		} else
 			r = 1;
 	} else {
 		const EVP_MD *md = EVP_MD_CTX_md(mctx);
+
 		pkctx = EVP_PKEY_CTX_new(si->pkey, NULL);
 		if (pkctx == NULL)
 			goto err;
@@ -892,28 +933,32 @@ int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
  err:
 	EVP_PKEY_CTX_free(pkctx);
 	EVP_MD_CTX_free(mctx);
-	return r;
 
+	return r;
 }
 
-int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
+int
+CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
 {
 	unsigned char *smder = NULL;
 	int smderlen, r;
+
 	smderlen = i2d_X509_ALGORS(algs, &smder);
 	if (smderlen <= 0)
 		return 0;
 	r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
-			                        V_ASN1_SEQUENCE, smder, smderlen);
+	    V_ASN1_SEQUENCE, smder, smderlen);
 	OPENSSL_free(smder);
+
 	return r;
 }
 
-int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
-			                int algnid, int keysize)
+int
+CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs, int algnid, int keysize)
 {
 	X509_ALGOR *alg;
 	ASN1_INTEGER *key = NULL;
+
 	if (keysize > 0) {
 		key = ASN1_INTEGER_new();
 		if (key == NULL || !ASN1_INTEGER_set(key, keysize))
@@ -926,46 +971,51 @@ int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
 	}
 
 	X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
-			        key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
+	    key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
 	if (*algs == NULL)
 		*algs = sk_X509_ALGOR_new_null();
 	if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) {
 		X509_ALGOR_free(alg);
 		return 0;
 	}
+
 	return 1;
 }
 
 /* Check to see if a cipher exists and if so add S/MIME capabilities */
 
-static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+static int
+cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
 {
 	if (EVP_get_cipherbynid(nid))
 		return CMS_add_simple_smimecap(sk, nid, arg);
 	return 1;
 }
 
-static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+static int
+cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
 {
 	if (EVP_get_digestbynid(nid))
 		return CMS_add_simple_smimecap(sk, nid, arg);
 	return 1;
 }
 
-int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
-{
-	if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
-		|| !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
-		|| !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
-		|| !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
-		|| !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
-		|| !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
-		|| !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
+int
+CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
+{
+	if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1) ||
+	    !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1) ||
+	    !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1) ||
+	    !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1) ||
+	    !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1) ||
+	    !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1) ||
+	    !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1) ||
+	    !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1) ||
+	    !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128) ||
+	    !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64) ||
+	    !cms_add_cipher_smcap(smcap, NID_des_cbc, -1) ||
+	    !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
 		return 0;
+
 	return 1;
 }
diff --git a/lib/libcrypto/cms/cms_smime.c b/lib/libcrypto/cms/cms_smime.c
index f3dcd05ee15..a4a77b916a2 100644
--- a/lib/libcrypto/cms/cms_smime.c
+++ b/lib/libcrypto/cms/cms_smime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_smime.c,v 1.19 2019/08/10 16:42:20 jsing Exp $ */
+/* $OpenBSD: cms_smime.c,v 1.20 2019/08/10 18:15:52 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -61,9 +61,11 @@
 #include "cms_lcl.h"
 #include "asn1/asn1_locl.h"
 
-static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
+static BIO *
+cms_get_text_bio(BIO *out, unsigned int flags)
 {
 	BIO *rbio;
+
 	if (out == NULL)
 		rbio = BIO_new(BIO_s_null());
 	else if (flags & CMS_TEXT) {
@@ -71,10 +73,12 @@ static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
 		BIO_set_mem_eof_return(rbio, 0);
 	} else
 		rbio = out;
+
 	return rbio;
 }
 
-static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
+static int
+cms_copy_content(BIO *out, BIO *in, unsigned int flags)
 {
 	unsigned char buf[4096];
 	int r = 0, i;
@@ -92,11 +96,11 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
 		i = BIO_read(in, buf, sizeof(buf));
 		if (i <= 0) {
 			if (BIO_method_type(in) == BIO_TYPE_CIPHER) {
-			    if (!BIO_get_cipher_status(in))
-			        goto err;
+				if (!BIO_get_cipher_status(in))
+					goto err;
 			}
 			if (i < 0)
-			    goto err;
+				goto err;
 			break;
 		}
 
@@ -116,21 +120,25 @@ static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
  err:
 	if (tmpout != out)
 		BIO_free(tmpout);
-	return r;
 
+	return r;
 }
 
-static int check_content(CMS_ContentInfo *cms)
+static int
+check_content(CMS_ContentInfo *cms)
 {
 	ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+
 	if (!pos || !*pos) {
 		CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
 		return 0;
 	}
+
 	return 1;
 }
 
-static void do_free_upto(BIO *f, BIO *upto)
+static void
+do_free_upto(BIO *f, BIO *upto)
 {
 	if (upto) {
 		BIO *tbio;
@@ -144,10 +152,12 @@ static void do_free_upto(BIO *f, BIO *upto)
 		BIO_free_all(f);
 }
 
-int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
+int
+CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
 {
 	BIO *cont;
 	int r;
+
 	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) {
 		CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
 		return 0;
@@ -157,12 +167,15 @@ int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
 		return 0;
 	r = cms_copy_content(out, cont, flags);
 	BIO_free_all(cont);
+
 	return r;
 }
 
-CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
+CMS_ContentInfo *
+CMS_data_create(BIO *in, unsigned int flags)
 {
 	CMS_ContentInfo *cms;
+
 	cms = cms_Data_create();
 	if (!cms)
 		return NULL;
@@ -175,11 +188,12 @@ CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
 	return NULL;
 }
 
-int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-			          unsigned int flags)
+int
+CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
 {
 	BIO *cont;
 	int r;
+
 	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) {
 		CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
 		return 0;
@@ -195,13 +209,15 @@ int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
 	if (r)
 		r = cms_DigestedData_do_final(cms, cont, 1);
 	do_free_upto(cont, dcont);
+
 	return r;
 }
 
-CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
-			                       unsigned int flags)
+CMS_ContentInfo *
+CMS_digest_create(BIO *in, const EVP_MD *md, unsigned int flags)
 {
 	CMS_ContentInfo *cms;
+
 	if (!md)
 		md = EVP_sha1();
 	cms = cms_DigestedData_create(md);
@@ -215,18 +231,20 @@ CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
 		return cms;
 
 	CMS_ContentInfo_free(cms);
+
 	return NULL;
 }
 
-int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
-			                  const unsigned char *key, size_t keylen,
-			                  BIO *dcont, BIO *out, unsigned int flags)
+int
+CMS_EncryptedData_decrypt(CMS_ContentInfo *cms, const unsigned char *key,
+    size_t keylen, BIO *dcont, BIO *out, unsigned int flags)
 {
 	BIO *cont;
 	int r;
+
 	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) {
 		CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
-			   CMS_R_TYPE_NOT_ENCRYPTED_DATA);
+		   CMS_R_TYPE_NOT_ENCRYPTED_DATA);
 		return 0;
 	}
 
@@ -240,14 +258,16 @@ int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
 		return 0;
 	r = cms_copy_content(out, cont, flags);
 	do_free_upto(cont, dcont);
+
 	return r;
 }
 
-CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
-			                               const unsigned char *key,
-			                               size_t keylen, unsigned int flags)
+CMS_ContentInfo *
+CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+    const unsigned char *key, size_t keylen, unsigned int flags)
 {
 	CMS_ContentInfo *cms;
+
 	if (!cipher) {
 		CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
 		return NULL;
@@ -261,18 +281,18 @@ CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
 	if (!(flags & CMS_DETACHED))
 		CMS_set_detached(cms, 0);
 
-	if ((flags & (CMS_STREAM | CMS_PARTIAL))
-		|| CMS_final(cms, in, NULL, flags))
+	if ((flags & (CMS_STREAM | CMS_PARTIAL)) ||
+	    CMS_final(cms, in, NULL, flags))
 		return cms;
 
 	CMS_ContentInfo_free(cms);
+
 	return NULL;
 }
 
-static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
-			                          X509_STORE *store,
-			                          STACK_OF(X509) *certs,
-			                          STACK_OF(X509_CRL) *crls)
+static int
+cms_signerinfo_verify_cert(CMS_SignerInfo *si, X509_STORE *store,
+    STACK_OF(X509) *certs, STACK_OF(X509_CRL) *crls)
 {
 	X509_STORE_CTX *ctx = X509_STORE_CTX_new();
 	X509 *signer;
@@ -301,14 +321,16 @@ static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
 		goto err;
 	}
 	r = 1;
+
  err:
 	X509_STORE_CTX_free(ctx);
-	return r;
 
+	return r;
 }
 
-int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
-			   X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
+int
+CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs, X509_STORE *store,
+    BIO *dcont, BIO *out, unsigned int flags)
 {
 	CMS_SignerInfo *si;
 	STACK_OF(CMS_SignerInfo) *sinfos;
@@ -329,7 +351,6 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 	/* Attempt to find all signer certificates */
 
 	sinfos = CMS_get0_SignerInfos(cms);
-
 	if (sk_CMS_SignerInfo_num(sinfos) <= 0) {
 		CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
 		goto err;
@@ -359,7 +380,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 		for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
 			si = sk_CMS_SignerInfo_value(sinfos, i);
 			if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls))
-			    goto err;
+				goto err;
 		}
 	}
 
@@ -369,9 +390,9 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 		for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
 			si = sk_CMS_SignerInfo_value(sinfos, i);
 			if (CMS_signed_get_attr_count(si) < 0)
-			    continue;
+				continue;
 			if (CMS_SignerInfo_verify(si) <= 0)
-			    goto err;
+				goto err;
 		}
 	}
 
@@ -385,6 +406,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 	if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) {
 		char *ptr;
 		long len;
+
 		len = BIO_get_mem_data(dcont, &ptr);
 		tmpin = BIO_new_mem_buf(ptr, len);
 		if (tmpin == NULL) {
@@ -393,6 +415,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 		}
 	} else
 		tmpin = dcont;
+
 	/*
 	 * If not binary mode and detached generate digests by *writing* through
 	 * the BIO. That makes it possible to canonicalise the input.
@@ -418,8 +441,8 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 
 		if (flags & CMS_TEXT) {
 			if (!SMIME_text(tmpout, out)) {
-			    CMSerr(CMS_F_CMS_VERIFY, CMS_R_SMIME_TEXT_ERROR);
-			    goto err;
+				CMSerr(CMS_F_CMS_VERIFY, CMS_R_SMIME_TEXT_ERROR);
+				goto err;
 			}
 		}
 	} else {
@@ -435,8 +458,8 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 		for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
 			si = sk_CMS_SignerInfo_value(sinfos, i);
 			if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) {
-			    CMSerr(CMS_F_CMS_VERIFY, CMS_R_CONTENT_VERIFY_ERROR);
-			    goto err;
+				CMSerr(CMS_F_CMS_VERIFY, CMS_R_CONTENT_VERIFY_ERROR);
+				goto err;
 			}
 		}
 	}
@@ -465,21 +488,23 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
 	return ret;
 }
 
-int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
-			           STACK_OF(X509) *certs,
-			           X509_STORE *store, unsigned int flags)
+int
+CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+    STACK_OF(X509) *certs, X509_STORE *store, unsigned int flags)
 {
 	int r;
+
 	flags &= ~(CMS_DETACHED | CMS_TEXT);
 	r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
 	if (r <= 0)
 		return r;
+
 	return cms_Receipt_verify(rcms, ocms);
 }
 
-CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
-			              STACK_OF(X509) *certs, BIO *data,
-			              unsigned int flags)
+CMS_ContentInfo *
+CMS_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data,
+    unsigned int flags)
 {
 	CMS_ContentInfo *cms;
 	int i;
@@ -487,9 +512,8 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
 	cms = CMS_ContentInfo_new();
 	if (cms == NULL || !CMS_SignedData_init(cms))
 		goto merr;
-	if (flags & CMS_ASCIICRLF
-		&& !CMS_set1_eContentType(cms,
-			                      OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF)))
+	if (flags & CMS_ASCIICRLF &&
+	    !CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF)))
 		goto err;
 
 	if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) {
@@ -506,8 +530,8 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
 	if (!(flags & CMS_DETACHED))
 		CMS_set_detached(cms, 0);
 
-	if ((flags & (CMS_STREAM | CMS_PARTIAL))
-		|| CMS_final(cms, data, NULL, flags))
+	if ((flags & (CMS_STREAM | CMS_PARTIAL)) ||
+	    CMS_final(cms, data, NULL, flags))
 		return cms;
 	else
 		goto err;
@@ -517,12 +541,13 @@ CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
 
  err:
 	CMS_ContentInfo_free(cms);
+
 	return NULL;
 }
 
-CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
-			                      X509 *signcert, EVP_PKEY *pkey,
-			                      STACK_OF(X509) *certs, unsigned int flags)
+CMS_ContentInfo *
+CMS_sign_receipt(CMS_SignerInfo *si, X509 *signcert, EVP_PKEY *pkey,
+    STACK_OF(X509) *certs, unsigned int flags)
 {
 	CMS_SignerInfo *rct_si;
 	CMS_ContentInfo *cms = NULL;
@@ -555,7 +580,6 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 	}
 
 	os = cms_encode_Receipt(si);
-
 	if (!os)
 		goto err;
 
@@ -584,16 +608,18 @@ CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
 	if (r)
 		return cms;
 	CMS_ContentInfo_free(cms);
-	return NULL;
 
+	return NULL;
 }
 
-CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
-			                 const EVP_CIPHER *cipher, unsigned int flags)
+CMS_ContentInfo *
+CMS_encrypt(STACK_OF(X509) *certs, BIO *data, const EVP_CIPHER *cipher,
+    unsigned int flags)
 {
 	CMS_ContentInfo *cms;
 	int i;
 	X509 *recip;
+
 	cms = CMS_EnvelopedData_create(cipher);
 	if (!cms)
 		goto merr;
@@ -608,8 +634,8 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
 	if (!(flags & CMS_DETACHED))
 		CMS_set_detached(cms, 0);
 
-	if ((flags & (CMS_STREAM | CMS_PARTIAL))
-		|| CMS_final(cms, data, NULL, flags))
+	if ((flags & (CMS_STREAM | CMS_PARTIAL)) ||
+	    CMS_final(cms, data, NULL, flags))
 		return cms;
 	else
 		goto err;
@@ -618,18 +644,22 @@ CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
 	CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
  err:
 	CMS_ContentInfo_free(cms);
+
 	return NULL;
 }
 
-static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
-			                  EVP_PKEY *pk, X509 *cert)
+static int
+cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri, EVP_PKEY *pk,
+    X509 *cert)
 {
 	int i;
 	STACK_OF(CMS_RecipientEncryptedKey) *reks;
 	CMS_RecipientEncryptedKey *rek;
+
 	reks = CMS_RecipientInfo_kari_get0_reks(ri);
 	for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
 		int rv;
+
 		rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
 		if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
 			continue;
@@ -640,22 +670,25 @@ static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 			return 1;
 		return cert == NULL ? 0 : -1;
 	}
+
 	return 0;
 }
 
-int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
+int
+CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
 {
 	STACK_OF(CMS_RecipientInfo) *ris;
 	CMS_RecipientInfo *ri;
 	int i, r, ri_type;
 	int debug = 0, match_ri = 0;
+
 	ris = CMS_get0_RecipientInfos(cms);
 	if (ris)
 		debug = cms->d.envelopedData->encryptedContentInfo->debug;
 	ri_type = cms_pkey_get_ri_type(pk);
 	if (ri_type == CMS_RECIPINFO_NONE) {
 		CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
-			   CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+		   CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
 		return 0;
 	}
 
@@ -667,9 +700,9 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
 		if (ri_type == CMS_RECIPINFO_AGREE) {
 			r = cms_kari_set1_pkey(cms, ri, pk, cert);
 			if (r > 0)
-			    return 1;
+				return 1;
 			if (r < 0)
-			    return 0;
+				return 0;
 		}
 		/*
 		 * If we have a cert try matching RecipientInfo otherwise try them
@@ -681,18 +714,18 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
 			r = CMS_RecipientInfo_decrypt(cms, ri);
 			CMS_RecipientInfo_set0_pkey(ri, NULL);
 			if (cert) {
-			    /*
-			     * If not debugging clear any error and return success to
-			     * avoid leaking of information useful to MMA
-			     */
-			    if (!debug) {
-			        ERR_clear_error();
-			        return 1;
-			    }
-			    if (r > 0)
-			        return 1;
-			    CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_DECRYPT_ERROR);
-			    return 0;
+				/*
+				 * If not debugging clear any error and return success to
+				 * avoid leaking of information useful to MMA
+				 */
+				if (!debug) {
+					ERR_clear_error();
+					return 1;
+				}
+				if (r > 0)
+					return 1;
+				CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_DECRYPT_ERROR);
+				return 0;
 			}
 			/*
 			 * If no cert and not debugging don't leave loop after first
@@ -700,7 +733,7 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
 			 * to avoid leaking timing of a successful decrypt.
 			 */
 			else if (r > 0 && debug)
-			    return 1;
+				return 1;
 		}
 	}
 	/* If no cert, key transport and not debugging always return success */
@@ -710,17 +743,18 @@ int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
 	}
 
 	CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
-	return 0;
 
+	return 0;
 }
 
-int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
-			             unsigned char *key, size_t keylen,
-			             const unsigned char *id, size_t idlen)
+int
+CMS_decrypt_set1_key(CMS_ContentInfo *cms, unsigned char *key, size_t keylen,
+    const unsigned char *id, size_t idlen)
 {
 	STACK_OF(CMS_RecipientInfo) *ris;
 	CMS_RecipientInfo *ri;
 	int i, r;
+
 	ris = CMS_get0_RecipientInfos(cms);
 	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
 		ri = sk_CMS_RecipientInfo_value(ris, i);
@@ -736,26 +770,28 @@ int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
 			r = CMS_RecipientInfo_decrypt(cms, ri);
 			CMS_RecipientInfo_set0_key(ri, NULL, 0);
 			if (r > 0)
-			    return 1;
+				return 1;
 			if (id) {
-			    CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_DECRYPT_ERROR);
-			    return 0;
+				CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_DECRYPT_ERROR);
+				return 0;
 			}
 			ERR_clear_error();
 		}
 	}
 
 	CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
-	return 0;
 
+	return 0;
 }
 
-int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
-			                  unsigned char *pass, ossl_ssize_t passlen)
+int
+CMS_decrypt_set1_password(CMS_ContentInfo *cms, unsigned char *pass,
+    ossl_ssize_t passlen)
 {
 	STACK_OF(CMS_RecipientInfo) *ris;
 	CMS_RecipientInfo *ri;
 	int i, r;
+
 	ris = CMS_get0_RecipientInfos(cms);
 	for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
 		ri = sk_CMS_RecipientInfo_value(ris, i);
@@ -769,15 +805,17 @@ int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
 	}
 
 	CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
-	return 0;
 
+	return 0;
 }
 
-int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
-			    BIO *dcont, BIO *out, unsigned int flags)
+int
+CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert, BIO *dcont,
+    BIO *out, unsigned int flags)
 {
 	int r;
 	BIO *cont;
+
 	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) {
 		CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
 		return 0;
@@ -797,10 +835,12 @@ int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
 		return 0;
 	r = cms_copy_content(out, cont, flags);
 	do_free_upto(cont, dcont);
+
 	return r;
 }
 
-int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
+int
+CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
 {
 	BIO *cmsbio;
 	int ret = 0;
@@ -825,16 +865,16 @@ int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
 	do_free_upto(cmsbio, dcont);
 
 	return ret;
-
 }
 
 #ifdef ZLIB
 
-int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-			       unsigned int flags)
+int
+CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
 {
 	BIO *cont;
 	int r;
+
 	if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) {
 		CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_TYPE_NOT_COMPRESSED_DATA);
 		return 0;
@@ -848,12 +888,15 @@ int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
 		return 0;
 	r = cms_copy_content(out, cont, flags);
 	do_free_upto(cont, dcont);
+
 	return r;
 }
 
-CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+CMS_ContentInfo *
+CMS_compress(BIO *in, int comp_nid, unsigned int flags)
 {
 	CMS_ContentInfo *cms;
+
 	if (comp_nid <= 0)
 		comp_nid = NID_zlib_compression;
 	cms = cms_CompressedData_create(comp_nid);
@@ -867,19 +910,21 @@ CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
 		return cms;
 
 	CMS_ContentInfo_free(cms);
+
 	return NULL;
 }
 
 #else
 
-int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
-			       unsigned int flags)
+int
+CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out, unsigned int flags)
 {
 	CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
 	return 0;
 }
 
-CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+CMS_ContentInfo *
+CMS_compress(BIO *in, int comp_nid, unsigned int flags)
 {
 	CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
 	return NULL;