First pass at style(9).

Whitespace only and no change according to diff -w.

1 files changed, 407 insertions, 407 deletions

diff --git a/src/lib/libcrypto/cms/cms_lib.c b/src/lib/libcrypto/cms/cms_lib.c
index dd192f9775..baee32c398 100644
--- a/src/lib/libcrypto/cms/cms_lib.c
+++ b/src/lib/libcrypto/cms/cms_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_lib.c,v 1.8 2019/08/10 16:03:54 jsing Exp $ */
+/* $OpenBSD: cms_lib.c,v 1.9 2019/08/10 16:42:20 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -66,131 +66,131 @@ IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
 
 const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms)
 {
-    return cms->contentType;
+        return cms->contentType;
 }
 
 CMS_ContentInfo *cms_Data_create(void)
 {
-    CMS_ContentInfo *cms;
-    cms = CMS_ContentInfo_new();
-    if (cms != NULL) {
-        cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
-        /* Never detached */
-        CMS_set_detached(cms, 0);
-    }
-    return cms;
+        CMS_ContentInfo *cms;
+        cms = CMS_ContentInfo_new();
+        if (cms != NULL) {
+                cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
+                /* Never detached */
+                CMS_set_detached(cms, 0);
+        }
+        return cms;
 }
 
 BIO *cms_content_bio(CMS_ContentInfo *cms)
 {
-    ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
-    if (!pos)
-        return NULL;
-    /* If content detached data goes nowhere: create NULL BIO */
-    if (!*pos)
-        return BIO_new(BIO_s_null());
-    /*
-     * If content not detached and created return memory BIO
-     */
-    if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
-        return BIO_new(BIO_s_mem());
-    /* Else content was read in: return read only BIO for it */
-    return BIO_new_mem_buf((*pos)->data, (*pos)->length);
+        ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+        if (!pos)
+                return NULL;
+        /* If content detached data goes nowhere: create NULL BIO */
+        if (!*pos)
+                return BIO_new(BIO_s_null());
+        /*
+         * If content not detached and created return memory BIO
+         */
+        if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
+                return BIO_new(BIO_s_mem());
+        /* Else content was read in: return read only BIO for it */
+        return BIO_new_mem_buf((*pos)->data, (*pos)->length);
 }
 
 BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
 {
-    BIO *cmsbio, *cont;
-    if (icont)
-        cont = icont;
-    else
-        cont = cms_content_bio(cms);
-    if (!cont) {
-        CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
-        return NULL;
-    }
-    switch (OBJ_obj2nid(cms->contentType)) {
-
-    case NID_pkcs7_data:
-        return cont;
-
-    case NID_pkcs7_signed:
-        cmsbio = cms_SignedData_init_bio(cms);
-        break;
-
-    case NID_pkcs7_digest:
-        cmsbio = cms_DigestedData_init_bio(cms);
-        break;
+        BIO *cmsbio, *cont;
+        if (icont)
+                cont = icont;
+        else
+                cont = cms_content_bio(cms);
+        if (!cont) {
+                CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
+                return NULL;
+        }
+        switch (OBJ_obj2nid(cms->contentType)) {
+
+        case NID_pkcs7_data:
+                return cont;
+
+        case NID_pkcs7_signed:
+                cmsbio = cms_SignedData_init_bio(cms);
+                break;
+
+        case NID_pkcs7_digest:
+                cmsbio = cms_DigestedData_init_bio(cms);
+                break;
 #ifdef ZLIB
-    case NID_id_smime_ct_compressedData:
-        cmsbio = cms_CompressedData_init_bio(cms);
-        break;
+        case NID_id_smime_ct_compressedData:
+                cmsbio = cms_CompressedData_init_bio(cms);
+                break;
 #endif
 
-    case NID_pkcs7_encrypted:
-        cmsbio = cms_EncryptedData_init_bio(cms);
-        break;
+        case NID_pkcs7_encrypted:
+                cmsbio = cms_EncryptedData_init_bio(cms);
+                break;
 
-    case NID_pkcs7_enveloped:
-        cmsbio = cms_EnvelopedData_init_bio(cms);
-        break;
+        case NID_pkcs7_enveloped:
+                cmsbio = cms_EnvelopedData_init_bio(cms);
+                break;
 
-    default:
-        CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
-        return NULL;
-    }
+        default:
+                CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
+                return NULL;
+        }
 
-    if (cmsbio)
-        return BIO_push(cmsbio, cont);
+        if (cmsbio)
+                return BIO_push(cmsbio, cont);
 
-    if (!icont)
-        BIO_free(cont);
-    return NULL;
+        if (!icont)
+                BIO_free(cont);
+        return NULL;
 
 }
 
 int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
 {
-    ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
-    if (!pos)
-        return 0;
-    /* If embedded content find memory BIO and set content */
-    if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
-        BIO *mbio;
-        unsigned char *cont;
-        long contlen;
-        mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
-        if (!mbio) {
-            CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
-            return 0;
-        }
-        contlen = BIO_get_mem_data(mbio, &cont);
-        /* Set bio as read only so its content can't be clobbered */
-        BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
-        BIO_set_mem_eof_return(mbio, 0);
-        ASN1_STRING_set0(*pos, cont, contlen);
-        (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
-    }
-
-    switch (OBJ_obj2nid(cms->contentType)) {
-
-    case NID_pkcs7_data:
-    case NID_pkcs7_enveloped:
-    case NID_pkcs7_encrypted:
-    case NID_id_smime_ct_compressedData:
-        /* Nothing to do */
-        return 1;
-
-    case NID_pkcs7_signed:
-        return cms_SignedData_final(cms, cmsbio);
-
-    case NID_pkcs7_digest:
-        return cms_DigestedData_do_final(cms, cmsbio, 0);
-
-    default:
-        CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
-        return 0;
-    }
+        ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+        if (!pos)
+                return 0;
+        /* If embedded content find memory BIO and set content */
+        if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
+                BIO *mbio;
+                unsigned char *cont;
+                long contlen;
+                mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
+                if (!mbio) {
+                        CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
+                        return 0;
+                }
+                contlen = BIO_get_mem_data(mbio, &cont);
+                /* Set bio as read only so its content can't be clobbered */
+                BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
+                BIO_set_mem_eof_return(mbio, 0);
+                ASN1_STRING_set0(*pos, cont, contlen);
+                (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+        }
+
+        switch (OBJ_obj2nid(cms->contentType)) {
+
+        case NID_pkcs7_data:
+        case NID_pkcs7_enveloped:
+        case NID_pkcs7_encrypted:
+        case NID_id_smime_ct_compressedData:
+                /* Nothing to do */
+                return 1;
+
+        case NID_pkcs7_signed:
+                return cms_SignedData_final(cms, cmsbio);
+
+        case NID_pkcs7_digest:
+                return cms_DigestedData_do_final(cms, cmsbio, 0);
+
+        default:
+                CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
+                return 0;
+        }
 }
 
 /*
@@ -200,36 +200,36 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
 
 ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
 {
-    switch (OBJ_obj2nid(cms->contentType)) {
+        switch (OBJ_obj2nid(cms->contentType)) {
 
-    case NID_pkcs7_data:
-        return &cms->d.data;
+        case NID_pkcs7_data:
+                return &cms->d.data;
 
-    case NID_pkcs7_signed:
-        return &cms->d.signedData->encapContentInfo->eContent;
+        case NID_pkcs7_signed:
+                return &cms->d.signedData->encapContentInfo->eContent;
 
-    case NID_pkcs7_enveloped:
-        return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
+        case NID_pkcs7_enveloped:
+                return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
 
-    case NID_pkcs7_digest:
-        return &cms->d.digestedData->encapContentInfo->eContent;
+        case NID_pkcs7_digest:
+                return &cms->d.digestedData->encapContentInfo->eContent;
 
-    case NID_pkcs7_encrypted:
-        return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
+        case NID_pkcs7_encrypted:
+                return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
 
-    case NID_id_smime_ct_authData:
-        return &cms->d.authenticatedData->encapContentInfo->eContent;
+        case NID_id_smime_ct_authData:
+                return &cms->d.authenticatedData->encapContentInfo->eContent;
 
-    case NID_id_smime_ct_compressedData:
-        return &cms->d.compressedData->encapContentInfo->eContent;
+        case NID_id_smime_ct_compressedData:
+                return &cms->d.compressedData->encapContentInfo->eContent;
 
-    default:
-        if (cms->d.other->type == V_ASN1_OCTET_STRING)
-            return &cms->d.other->value.octet_string;
-        CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
-        return NULL;
+        default:
+                if (cms->d.other->type == V_ASN1_OCTET_STRING)
+                        return &cms->d.other->value.octet_string;
+                CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
+                return NULL;
 
-    }
+        }
 }
 
 /*
@@ -239,394 +239,394 @@ ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
 
 static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
 {
-    switch (OBJ_obj2nid(cms->contentType)) {
+        switch (OBJ_obj2nid(cms->contentType)) {
 
-    case NID_pkcs7_signed:
-        return &cms->d.signedData->encapContentInfo->eContentType;
+        case NID_pkcs7_signed:
+                return &cms->d.signedData->encapContentInfo->eContentType;
 
-    case NID_pkcs7_enveloped:
-        return &cms->d.envelopedData->encryptedContentInfo->contentType;
+        case NID_pkcs7_enveloped:
+                return &cms->d.envelopedData->encryptedContentInfo->contentType;
 
-    case NID_pkcs7_digest:
-        return &cms->d.digestedData->encapContentInfo->eContentType;
+        case NID_pkcs7_digest:
+                return &cms->d.digestedData->encapContentInfo->eContentType;
 
-    case NID_pkcs7_encrypted:
-        return &cms->d.encryptedData->encryptedContentInfo->contentType;
+        case NID_pkcs7_encrypted:
+                return &cms->d.encryptedData->encryptedContentInfo->contentType;
 
-    case NID_id_smime_ct_authData:
-        return &cms->d.authenticatedData->encapContentInfo->eContentType;
+        case NID_id_smime_ct_authData:
+                return &cms->d.authenticatedData->encapContentInfo->eContentType;
 
-    case NID_id_smime_ct_compressedData:
-        return &cms->d.compressedData->encapContentInfo->eContentType;
+        case NID_id_smime_ct_compressedData:
+                return &cms->d.compressedData->encapContentInfo->eContentType;
 
-    default:
-        CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, CMS_R_UNSUPPORTED_CONTENT_TYPE);
-        return NULL;
+        default:
+                CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, CMS_R_UNSUPPORTED_CONTENT_TYPE);
+                return NULL;
 
-    }
+        }
 }
 
 const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
 {
-    ASN1_OBJECT **petype;
-    petype = cms_get0_econtent_type(cms);
-    if (petype)
-        return *petype;
-    return NULL;
+        ASN1_OBJECT **petype;
+        petype = cms_get0_econtent_type(cms);
+        if (petype)
+                return *petype;
+        return NULL;
 }
 
 int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
 {
-    ASN1_OBJECT **petype, *etype;
-    petype = cms_get0_econtent_type(cms);
-    if (!petype)
-        return 0;
-    if (!oid)
-        return 1;
-    etype = OBJ_dup(oid);
-    if (!etype)
-        return 0;
-    ASN1_OBJECT_free(*petype);
-    *petype = etype;
-    return 1;
+        ASN1_OBJECT **petype, *etype;
+        petype = cms_get0_econtent_type(cms);
+        if (!petype)
+                return 0;
+        if (!oid)
+                return 1;
+        etype = OBJ_dup(oid);
+        if (!etype)
+                return 0;
+        ASN1_OBJECT_free(*petype);
+        *petype = etype;
+        return 1;
 }
 
 int CMS_is_detached(CMS_ContentInfo *cms)
 {
-    ASN1_OCTET_STRING **pos;
-    pos = CMS_get0_content(cms);
-    if (!pos)
-        return -1;
-    if (*pos)
-        return 0;
-    return 1;
+        ASN1_OCTET_STRING **pos;
+        pos = CMS_get0_content(cms);
+        if (!pos)
+                return -1;
+        if (*pos)
+                return 0;
+        return 1;
 }
 
 int CMS_set_detached(CMS_ContentInfo *cms, int detached)
 {
-    ASN1_OCTET_STRING **pos;
-    pos = CMS_get0_content(cms);
-    if (!pos)
-        return 0;
-    if (detached) {
-        ASN1_OCTET_STRING_free(*pos);
-        *pos = NULL;
-        return 1;
-    }
-    if (*pos == NULL)
-        *pos = ASN1_OCTET_STRING_new();
-    if (*pos != NULL) {
-        /*
-         * NB: special flag to show content is created and not read in.
-         */
-        (*pos)->flags |= ASN1_STRING_FLAG_CONT;
-        return 1;
-    }
-    CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
-    return 0;
+        ASN1_OCTET_STRING **pos;
+        pos = CMS_get0_content(cms);
+        if (!pos)
+                return 0;
+        if (detached) {
+                ASN1_OCTET_STRING_free(*pos);
+                *pos = NULL;
+                return 1;
+        }
+        if (*pos == NULL)
+                *pos = ASN1_OCTET_STRING_new();
+        if (*pos != NULL) {
+                /*
+                 * NB: special flag to show content is created and not read in.
+                 */
+                (*pos)->flags |= ASN1_STRING_FLAG_CONT;
+                return 1;
+        }
+        CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
+        return 0;
 }
 
 /* Create a digest BIO from an X509_ALGOR structure */
 
 BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
 {
-    BIO *mdbio = NULL;
-    const ASN1_OBJECT *digestoid;
-    const EVP_MD *digest;
-    X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
-    digest = EVP_get_digestbyobj(digestoid);
-    if (!digest) {
-        CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
-               CMS_R_UNKNOWN_DIGEST_ALGORITHM);
-        goto err;
-    }
-    mdbio = BIO_new(BIO_f_md());
-    if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
-        CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR);
-        goto err;
-    }
-    return mdbio;
+        BIO *mdbio = NULL;
+        const ASN1_OBJECT *digestoid;
+        const EVP_MD *digest;
+        X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
+        digest = EVP_get_digestbyobj(digestoid);
+        if (!digest) {
+                CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
+                           CMS_R_UNKNOWN_DIGEST_ALGORITHM);
+                goto err;
+        }
+        mdbio = BIO_new(BIO_f_md());
+        if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
+                CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR);
+                goto err;
+        }
+        return mdbio;
  err:
-    BIO_free(mdbio);
-    return NULL;
+        BIO_free(mdbio);
+        return NULL;
 }
 
 /* Locate a message digest content from a BIO chain based on SignerInfo */
 
 int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
-                                 X509_ALGOR *mdalg)
+                                             X509_ALGOR *mdalg)
 {
-    int nid;
-    const ASN1_OBJECT *mdoid;
-    X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
-    nid = OBJ_obj2nid(mdoid);
-    /* Look for digest type to match signature */
-    for (;;) {
-        EVP_MD_CTX *mtmp;
-        chain = BIO_find_type(chain, BIO_TYPE_MD);
-        if (chain == NULL) {
-            CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
-                   CMS_R_NO_MATCHING_DIGEST);
-            return 0;
-        }
-        BIO_get_md_ctx(chain, &mtmp);
-        if (EVP_MD_CTX_type(mtmp) == nid
-            /*
-             * Workaround for broken implementations that use signature
-             * algorithm OID instead of digest.
-             */
-            || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
-            return EVP_MD_CTX_copy_ex(mctx, mtmp);
-        chain = BIO_next(chain);
-    }
+        int nid;
+        const ASN1_OBJECT *mdoid;
+        X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
+        nid = OBJ_obj2nid(mdoid);
+        /* Look for digest type to match signature */
+        for (;;) {
+                EVP_MD_CTX *mtmp;
+                chain = BIO_find_type(chain, BIO_TYPE_MD);
+                if (chain == NULL) {
+                        CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
+                               CMS_R_NO_MATCHING_DIGEST);
+                        return 0;
+                }
+                BIO_get_md_ctx(chain, &mtmp);
+                if (EVP_MD_CTX_type(mtmp) == nid
+                        /*
+                         * Workaround for broken implementations that use signature
+                         * algorithm OID instead of digest.
+                         */
+                        || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
+                        return EVP_MD_CTX_copy_ex(mctx, mtmp);
+                chain = BIO_next(chain);
+        }
 }
 
 static STACK_OF(CMS_CertificateChoices)
 **cms_get0_certificate_choices(CMS_ContentInfo *cms)
 {
-    switch (OBJ_obj2nid(cms->contentType)) {
+        switch (OBJ_obj2nid(cms->contentType)) {
 
-    case NID_pkcs7_signed:
-        return &cms->d.signedData->certificates;
+        case NID_pkcs7_signed:
+                return &cms->d.signedData->certificates;
 
-    case NID_pkcs7_enveloped:
-        if (cms->d.envelopedData->originatorInfo == NULL)
-            return NULL;
-        return &cms->d.envelopedData->originatorInfo->certificates;
+        case NID_pkcs7_enveloped:
+                if (cms->d.envelopedData->originatorInfo == NULL)
+                        return NULL;
+                return &cms->d.envelopedData->originatorInfo->certificates;
 
-    default:
-        CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
-               CMS_R_UNSUPPORTED_CONTENT_TYPE);
-        return NULL;
+        default:
+                CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
+                           CMS_R_UNSUPPORTED_CONTENT_TYPE);
+                return NULL;
 
-    }
+        }
 }
 
 CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
 {
-    STACK_OF(CMS_CertificateChoices) **pcerts;
-    CMS_CertificateChoices *cch;
-    pcerts = cms_get0_certificate_choices(cms);
-    if (!pcerts)
-        return NULL;
-    if (!*pcerts)
-        *pcerts = sk_CMS_CertificateChoices_new_null();
-    if (!*pcerts)
-        return NULL;
-    cch = M_ASN1_new_of(CMS_CertificateChoices);
-    if (!cch)
-        return NULL;
-    if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) {
-        M_ASN1_free_of(cch, CMS_CertificateChoices);
-        return NULL;
-    }
-    return cch;
+        STACK_OF(CMS_CertificateChoices) **pcerts;
+        CMS_CertificateChoices *cch;
+        pcerts = cms_get0_certificate_choices(cms);
+        if (!pcerts)
+                return NULL;
+        if (!*pcerts)
+                *pcerts = sk_CMS_CertificateChoices_new_null();
+        if (!*pcerts)
+                return NULL;
+        cch = M_ASN1_new_of(CMS_CertificateChoices);
+        if (!cch)
+                return NULL;
+        if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) {
+                M_ASN1_free_of(cch, CMS_CertificateChoices);
+                return NULL;
+        }
+        return cch;
 }
 
 int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
 {
-    CMS_CertificateChoices *cch;
-    STACK_OF(CMS_CertificateChoices) **pcerts;
-    int i;
-    pcerts = cms_get0_certificate_choices(cms);
-    if (!pcerts)
-        return 0;
-    for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
-        cch = sk_CMS_CertificateChoices_value(*pcerts, i);
-        if (cch->type == CMS_CERTCHOICE_CERT) {
-            if (!X509_cmp(cch->d.certificate, cert)) {
-                CMSerr(CMS_F_CMS_ADD0_CERT,
-                       CMS_R_CERTIFICATE_ALREADY_PRESENT);
-                return 0;
-            }
-        }
-    }
-    cch = CMS_add0_CertificateChoices(cms);
-    if (!cch)
-        return 0;
-    cch->type = CMS_CERTCHOICE_CERT;
-    cch->d.certificate = cert;
-    return 1;
+        CMS_CertificateChoices *cch;
+        STACK_OF(CMS_CertificateChoices) **pcerts;
+        int i;
+        pcerts = cms_get0_certificate_choices(cms);
+        if (!pcerts)
+                return 0;
+        for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
+                cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+                if (cch->type == CMS_CERTCHOICE_CERT) {
+                        if (!X509_cmp(cch->d.certificate, cert)) {
+                            CMSerr(CMS_F_CMS_ADD0_CERT,
+                                   CMS_R_CERTIFICATE_ALREADY_PRESENT);
+                            return 0;
+                        }
+                }
+        }
+        cch = CMS_add0_CertificateChoices(cms);
+        if (!cch)
+                return 0;
+        cch->type = CMS_CERTCHOICE_CERT;
+        cch->d.certificate = cert;
+        return 1;
 }
 
 int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
 {
-    int r;
-    r = CMS_add0_cert(cms, cert);
-    if (r > 0)
-        X509_up_ref(cert);
-    return r;
+        int r;
+        r = CMS_add0_cert(cms, cert);
+        if (r > 0)
+                X509_up_ref(cert);
+        return r;
 }
 
 static STACK_OF(CMS_RevocationInfoChoice)
 **cms_get0_revocation_choices(CMS_ContentInfo *cms)
 {
-    switch (OBJ_obj2nid(cms->contentType)) {
+        switch (OBJ_obj2nid(cms->contentType)) {
 
-    case NID_pkcs7_signed:
-        return &cms->d.signedData->crls;
+        case NID_pkcs7_signed:
+                return &cms->d.signedData->crls;
 
-    case NID_pkcs7_enveloped:
-        if (cms->d.envelopedData->originatorInfo == NULL)
-            return NULL;
-        return &cms->d.envelopedData->originatorInfo->crls;
+        case NID_pkcs7_enveloped:
+                if (cms->d.envelopedData->originatorInfo == NULL)
+                        return NULL;
+                return &cms->d.envelopedData->originatorInfo->crls;
 
-    default:
-        CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
-               CMS_R_UNSUPPORTED_CONTENT_TYPE);
-        return NULL;
+        default:
+                CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
+                           CMS_R_UNSUPPORTED_CONTENT_TYPE);
+                return NULL;
 
-    }
+        }
 }
 
 CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
 {
-    STACK_OF(CMS_RevocationInfoChoice) **pcrls;
-    CMS_RevocationInfoChoice *rch;
-    pcrls = cms_get0_revocation_choices(cms);
-    if (!pcrls)
-        return NULL;
-    if (!*pcrls)
-        *pcrls = sk_CMS_RevocationInfoChoice_new_null();
-    if (!*pcrls)
-        return NULL;
-    rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
-    if (!rch)
-        return NULL;
-    if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) {
-        M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
-        return NULL;
-    }
-    return rch;
+        STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+        CMS_RevocationInfoChoice *rch;
+        pcrls = cms_get0_revocation_choices(cms);
+        if (!pcrls)
+                return NULL;
+        if (!*pcrls)
+                *pcrls = sk_CMS_RevocationInfoChoice_new_null();
+        if (!*pcrls)
+                return NULL;
+        rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
+        if (!rch)
+                return NULL;
+        if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) {
+                M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
+                return NULL;
+        }
+        return rch;
 }
 
 int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
 {
-    CMS_RevocationInfoChoice *rch;
-    rch = CMS_add0_RevocationInfoChoice(cms);
-    if (!rch)
-        return 0;
-    rch->type = CMS_REVCHOICE_CRL;
-    rch->d.crl = crl;
-    return 1;
+        CMS_RevocationInfoChoice *rch;
+        rch = CMS_add0_RevocationInfoChoice(cms);
+        if (!rch)
+                return 0;
+        rch->type = CMS_REVCHOICE_CRL;
+        rch->d.crl = crl;
+        return 1;
 }
 
 int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
 {
-    int r;
-    r = CMS_add0_crl(cms, crl);
-    if (r > 0)
-        X509_CRL_up_ref(crl);
-    return r;
+        int r;
+        r = CMS_add0_crl(cms, crl);
+        if (r > 0)
+                X509_CRL_up_ref(crl);
+        return r;
 }
 
 STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
 {
-    STACK_OF(X509) *certs = NULL;
-    CMS_CertificateChoices *cch;
-    STACK_OF(CMS_CertificateChoices) **pcerts;
-    int i;
-    pcerts = cms_get0_certificate_choices(cms);
-    if (!pcerts)
-        return NULL;
-    for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
-        cch = sk_CMS_CertificateChoices_value(*pcerts, i);
-        if (cch->type == 0) {
-            if (!certs) {
-                certs = sk_X509_new_null();
-                if (!certs)
-                    return NULL;
-            }
-            if (!sk_X509_push(certs, cch->d.certificate)) {
-                sk_X509_pop_free(certs, X509_free);
-                return NULL;
-            }
-            X509_up_ref(cch->d.certificate);
-        }
-    }
-    return certs;
+        STACK_OF(X509) *certs = NULL;
+        CMS_CertificateChoices *cch;
+        STACK_OF(CMS_CertificateChoices) **pcerts;
+        int i;
+        pcerts = cms_get0_certificate_choices(cms);
+        if (!pcerts)
+                return NULL;
+        for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
+                cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+                if (cch->type == 0) {
+                        if (!certs) {
+                            certs = sk_X509_new_null();
+                            if (!certs)
+                                return NULL;
+                        }
+                        if (!sk_X509_push(certs, cch->d.certificate)) {
+                            sk_X509_pop_free(certs, X509_free);
+                            return NULL;
+                        }
+                        X509_up_ref(cch->d.certificate);
+                }
+        }
+        return certs;
 
 }
 
 STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
 {
-    STACK_OF(X509_CRL) *crls = NULL;
-    STACK_OF(CMS_RevocationInfoChoice) **pcrls;
-    CMS_RevocationInfoChoice *rch;
-    int i;
-    pcrls = cms_get0_revocation_choices(cms);
-    if (!pcrls)
-        return NULL;
-    for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
-        rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
-        if (rch->type == 0) {
-            if (!crls) {
-                crls = sk_X509_CRL_new_null();
-                if (!crls)
-                    return NULL;
-            }
-            if (!sk_X509_CRL_push(crls, rch->d.crl)) {
-                sk_X509_CRL_pop_free(crls, X509_CRL_free);
-                return NULL;
-            }
-            X509_CRL_up_ref(rch->d.crl);
-        }
-    }
-    return crls;
+        STACK_OF(X509_CRL) *crls = NULL;
+        STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+        CMS_RevocationInfoChoice *rch;
+        int i;
+        pcrls = cms_get0_revocation_choices(cms);
+        if (!pcrls)
+                return NULL;
+        for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
+                rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
+                if (rch->type == 0) {
+                        if (!crls) {
+                            crls = sk_X509_CRL_new_null();
+                            if (!crls)
+                                return NULL;
+                        }
+                        if (!sk_X509_CRL_push(crls, rch->d.crl)) {
+                            sk_X509_CRL_pop_free(crls, X509_CRL_free);
+                            return NULL;
+                        }
+                        X509_CRL_up_ref(rch->d.crl);
+                }
+        }
+        return crls;
 }
 
 int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
 {
-    int ret;
-    ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
-    if (ret)
-        return ret;
-    return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert));
+        int ret;
+        ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
+        if (ret)
+                return ret;
+        return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert));
 }
 
 int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
 {
-    const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
+        const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
 
-    if (cert_keyid == NULL)
-        return -1;
-    return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
+        if (cert_keyid == NULL)
+                return -1;
+        return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
 }
 
 int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
 {
-    CMS_IssuerAndSerialNumber *ias;
-    ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber);
-    if (!ias)
-        goto err;
-    if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert)))
-        goto err;
-    if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
-        goto err;
-    M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
-    *pias = ias;
-    return 1;
+        CMS_IssuerAndSerialNumber *ias;
+        ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber);
+        if (!ias)
+                goto err;
+        if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert)))
+                goto err;
+        if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
+                goto err;
+        M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
+        *pias = ias;
+        return 1;
  err:
-    M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
-    CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
-    return 0;
+        M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
+        CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
+        return 0;
 }
 
 int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
 {
-    ASN1_OCTET_STRING *keyid = NULL;
-    const ASN1_OCTET_STRING *cert_keyid;
-    cert_keyid = X509_get0_subject_key_id(cert);
-    if (cert_keyid == NULL) {
-        CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
-        return 0;
-    }
-    keyid = ASN1_STRING_dup(cert_keyid);
-    if (!keyid) {
-        CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    ASN1_OCTET_STRING_free(*pkeyid);
-    *pkeyid = keyid;
-    return 1;
+        ASN1_OCTET_STRING *keyid = NULL;
+        const ASN1_OCTET_STRING *cert_keyid;
+        cert_keyid = X509_get0_subject_key_id(cert);
+        if (cert_keyid == NULL) {
+                CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
+                return 0;
+        }
+        keyid = ASN1_STRING_dup(cert_keyid);
+        if (!keyid) {
+                CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
+                return 0;
+        }
+        ASN1_OCTET_STRING_free(*pkeyid);
+        *pkeyid = keyid;
+        return 1;
 }