cisco · abkarcher · Oct 13, 2025 · Oct 13, 2025
diff --git a/app/app_cli.c b/app/app_cli.c
@@ -311,7 +311,7 @@ int ingest_cli(APP_CONFIG *cfg, int argc, char **argv) {
                 } else {
                     print_usage(0);
                 }
-            } else { 
+            } else {
                 print_usage(0);
             }
             return 1;
@@ -631,7 +631,7 @@ int ingest_cli(APP_CONFIG *cfg, int argc, char **argv) {
     //Many args do not need an alg specified. Todo: make cleaner
     if (cfg->empty_alg && !cfg->post && !cfg->get && !cfg->put && !cfg->get_results
             && !cfg->get_expected && !cfg->manual_reg && !cfg->vector_upload
-            && !cfg->delete && !cfg->cancel_session && !(cfg->resume_session && 
+            && !cfg->delete && !cfg->cancel_session && !(cfg->resume_session &&
             cfg->vector_req) && !cfg->output_version) {
         /* The user needs to select at least 1 algorithm */
         printf(ANSI_COLOR_RED "Requires at least 1 Algorithm Test Suite\n"ANSI_COLOR_RESET);

diff --git a/app/app_main.c b/app/app_main.c
@@ -359,12 +359,12 @@ int main(int argc, char **argv) {
             goto end;
         }
     }
-    
+
     if (cfg.get_results) {
         rv = acvp_get_results_from_server(ctx, cfg.session_file);
         goto end;
     }
-    
+
     if (cfg.resume_session) {
         rv = acvp_resume_test_session(ctx, cfg.session_file, cfg.fips_validation);
         goto end;
@@ -387,7 +387,7 @@ int main(int argc, char **argv) {
         }
         goto end;
     }
-    
+
     /*
      * Run the test session.
      * Perform a FIPS validation on this test session if specified.

diff --git a/app/implementations/liboqs/iut_ml_dsa.c b/app/implementations/liboqs/iut_ml_dsa.c
@@ -182,7 +182,7 @@ int app_ml_dsa_handler(ACVP_TEST_CASE *test_case) {
 
     switch (alg) {
     case ACVP_SUB_ML_DSA_KEYGEN:
-        /** 
+        /**
          * We need to specify seed value that ML-DSA keygen uses. We cannot do that directly.
          * However, we can specify a custom RNG function. For testing's sake, we set a RNG function
          * that really just returns bytes for the seed value the server specifies. This is not

diff --git a/app/implementations/liboqs/iut_ml_kem.c b/app/implementations/liboqs/iut_ml_kem.c
@@ -89,7 +89,7 @@ int app_ml_kem_handler(ACVP_TEST_CASE *test_case) {
     }
 
     if (tc->cipher == ACVP_ML_KEM_KEYGEN) {
-        /** 
+        /**
          * We need to specify the D and Z seed values that ML-KEM uses. We cannot do that directly.
          * However, we can specify a custom RNG function. For testing's sake, we set a RNG function
          * that really just returns bytes for the D and Z values the server specifies. This is not

diff --git a/app/implementations/openssl/3/iut_des.c b/app/implementations/openssl/3/iut_des.c
@@ -35,7 +35,7 @@ int app_des_handler(ACVP_TEST_CASE *test_case) {
     }
 
     tc = test_case->tc.symmetric;
-    
+
     if (!tc) {
         goto err;
     }
@@ -69,7 +69,7 @@ int app_des_handler(ACVP_TEST_CASE *test_case) {
         printf("Invalid cipher value");
         return 1;
     }
-    
+
     switch (alg) {
     case ACVP_SUB_TDES_ECB:
         cipher = EVP_des_ede3_ecb();

diff --git a/app/implementations/openssl/3/iut_eddsa.c b/app/implementations/openssl/3/iut_eddsa.c
@@ -225,7 +225,7 @@ int app_eddsa_handler(ACVP_TEST_CASE *test_case) {
             printf("Error generating signature in EDDSA siggen\n");
             goto err;
         }
-   
+
         /* and copy our values to the TC response */
         tc->q_len = (int)group_q_len;
         memcpy_s(tc->q, 8192, eddsa_group_q, group_q_len);

diff --git a/app/implementations/openssl/3/iut_kda.c b/app/implementations/openssl/3/iut_kda.c
@@ -182,7 +182,7 @@ int app_kda_hkdf_handler(ACVP_TEST_CASE *test_case) {
                                       stc->algorithmId, stc->label, stc->context, stc->t,
                                       stc->literalLen, stc->uPartyIdLen, stc->uEphemeralLen,
                                       stc->vPartyIdLen, stc->vEphemeralLen, stc->algIdLen,
-                                      stc->labelLen, stc->contextLen, stc->tLen, stc->l, 
+                                      stc->labelLen, stc->contextLen, stc->tLen, stc->l,
                                       &fixedInfoLen);
     if (!fixedInfo) {
         printf("Error creating fixed info\n");
@@ -261,7 +261,7 @@ int app_kda_onestep_handler(ACVP_TEST_CASE *test_case) {
                                       stc->algorithmId, stc->label, stc->context, stc->t,
                                       stc->literalLen, stc->uPartyIdLen, stc->uEphemeralLen,
                                       stc->vPartyIdLen, stc->vEphemeralLen, stc->algIdLen,
-                                      stc->labelLen, stc->contextLen, stc->tLen, stc->l, 
+                                      stc->labelLen, stc->contextLen, stc->tLen, stc->l,
                                       &fixedInfoLen);
     if (!fixedInfo) {
         printf("Error creating fixed info\n");
@@ -433,7 +433,7 @@ int app_kda_twostep_handler(ACVP_TEST_CASE *test_case) {
                                       stc->algorithmId, stc->label, stc->context, stc->t,
                                       stc->literalLen, stc->uPartyIdLen, stc->uEphemeralLen,
                                       stc->vPartyIdLen, stc->vEphemeralLen, stc->algIdLen,
-                                      stc->labelLen, stc->contextLen, stc->tLen, stc->l, 
+                                      stc->labelLen, stc->contextLen, stc->tLen, stc->l,
                                       &fixedInfoLen);
     if (!fixedInfo) {
         printf("Error creating fixed info\n");

diff --git a/app/implementations/openssl/3/iut_kmac.c b/app/implementations/openssl/3/iut_kmac.c
@@ -107,7 +107,7 @@ int app_kmac_handler(ACVP_TEST_CASE *test_case) {
         printf("Crypto module error, EVP_MAC_final failed\n");
         goto end;
     }
-        
+
     if (tc->test_type == ACVP_KMAC_TEST_TYPE_MVT) {
         mac_compare = calloc(mac_out_len, sizeof(unsigned char));
         if (!mac_compare) {

diff --git a/app/implementations/openssl/3/iut_rsa.c b/app/implementations/openssl/3/iut_rsa.c
@@ -72,7 +72,7 @@ int app_rsa_keygen_handler(ACVP_TEST_CASE *test_case) {
     OSSL_PARAM_BLD_push_BN(pkey_pbld, OSSL_PKEY_PARAM_RSA_TEST_XP1, xp1);
     OSSL_PARAM_BLD_push_BN(pkey_pbld, OSSL_PKEY_PARAM_RSA_TEST_XP2, xp2);
     OSSL_PARAM_BLD_push_BN(pkey_pbld, OSSL_PKEY_PARAM_RSA_TEST_XQ, xq);
-    OSSL_PARAM_BLD_push_BN(pkey_pbld, OSSL_PKEY_PARAM_RSA_TEST_XQ1, xq1); 
+    OSSL_PARAM_BLD_push_BN(pkey_pbld, OSSL_PKEY_PARAM_RSA_TEST_XQ1, xq1);
     OSSL_PARAM_BLD_push_BN(pkey_pbld, OSSL_PKEY_PARAM_RSA_TEST_XQ2, xq2);
     params = OSSL_PARAM_BLD_to_param(pkey_pbld);
     if (!params) {
@@ -482,7 +482,7 @@ int app_rsa_sigprim_handler(ACVP_TEST_CASE *test_case) {
         goto err;
     }
     sign_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL);
-    if (!sign_ctx) { 
+    if (!sign_ctx) {
         printf("Error generating signing CTX from pkey in RSA\n");
         goto err;
     }

diff --git a/app/implementations/openssl/3/registrations/fp_340.c b/app/implementations/openssl/3/registrations/fp_340.c
@@ -157,7 +157,7 @@ static int enable_aes(ACVP_CTX *ctx) {
     CHECK_ENABLE_CAP_RV(rv);
     rv = acvp_cap_sym_cipher_set_domain(ctx, ACVP_AES_CBC_CS1, ACVP_SYM_CIPH_DOMAIN_PTLEN, 128, 512, 8);
     CHECK_ENABLE_CAP_RV(rv);
-    
+
     rv = acvp_cap_sym_cipher_enable(ctx, ACVP_AES_CBC_CS2, &app_aes_handler);
     CHECK_ENABLE_CAP_RV(rv);
     rv = acvp_cap_sym_cipher_set_parm(ctx, ACVP_AES_CBC_CS2, ACVP_SYM_CIPH_PARM_DIR, ACVP_SYM_CIPH_DIR_BOTH);
@@ -680,7 +680,7 @@ static int enable_hmac(ACVP_CTX *ctx) {
     CHECK_ENABLE_CAP_RV(rv);
     rv = acvp_cap_set_prereq(ctx, ACVP_HMAC_SHA2_512_256, ACVP_PREREQ_SHA, value);
     CHECK_ENABLE_CAP_RV(rv);
-    
+
     rv = acvp_cap_hmac_enable(ctx, ACVP_HMAC_SHA3_224, &app_hmac_handler);
     CHECK_ENABLE_CAP_RV(rv);
     rv = acvp_cap_hmac_set_domain(ctx, ACVP_HMAC_SHA3_224, ACVP_HMAC_KEYLEN, 112, 524288, 8);
@@ -689,7 +689,7 @@ static int enable_hmac(ACVP_CTX *ctx) {
     CHECK_ENABLE_CAP_RV(rv);
     rv = acvp_cap_set_prereq(ctx, ACVP_HMAC_SHA3_224, ACVP_PREREQ_SHA, value);
     CHECK_ENABLE_CAP_RV(rv);
-    
+
     rv = acvp_cap_hmac_enable(ctx, ACVP_HMAC_SHA3_256, &app_hmac_handler);
     CHECK_ENABLE_CAP_RV(rv);
     rv = acvp_cap_hmac_set_domain(ctx, ACVP_HMAC_SHA3_256, ACVP_HMAC_KEYLEN, 112, 524288, 8);
@@ -698,7 +698,7 @@ static int enable_hmac(ACVP_CTX *ctx) {
     CHECK_ENABLE_CAP_RV(rv);
     rv = acvp_cap_set_prereq(ctx, ACVP_HMAC_SHA3_256, ACVP_PREREQ_SHA, value);
     CHECK_ENABLE_CAP_RV(rv);
-    
+
     rv = acvp_cap_hmac_enable(ctx, ACVP_HMAC_SHA3_384, &app_hmac_handler);
     CHECK_ENABLE_CAP_RV(rv);
     rv = acvp_cap_hmac_set_domain(ctx, ACVP_HMAC_SHA3_384, ACVP_HMAC_KEYLEN, 112, 524288, 8);
@@ -707,7 +707,7 @@ static int enable_hmac(ACVP_CTX *ctx) {
     CHECK_ENABLE_CAP_RV(rv);
     rv = acvp_cap_set_prereq(ctx, ACVP_HMAC_SHA3_384, ACVP_PREREQ_SHA, value);
     CHECK_ENABLE_CAP_RV(rv);
-    
+
     rv = acvp_cap_hmac_enable(ctx, ACVP_HMAC_SHA3_512, &app_hmac_handler);
     CHECK_ENABLE_CAP_RV(rv);
     rv = acvp_cap_hmac_set_domain(ctx, ACVP_HMAC_SHA3_512, ACVP_HMAC_KEYLEN, 112, 524288, 8);

diff --git a/app/implementations/stubs/stub_ml_kem.c b/app/implementations/stubs/stub_ml_kem.c
@@ -11,7 +11,7 @@
 
 int app_ml_kem_handler(ACVP_TEST_CASE *test_case) {
     /*
-     * "tc" is test_case->tc.ml_kem. All modes use tc->param_set to specify ML-KEM-512, 768, or 
+     * "tc" is test_case->tc.ml_kem. All modes use tc->param_set to specify ML-KEM-512, 768, or
      * 1024.
      *
      * For keygen, take tc->d and tc->z (seeds) and use them to generate tc->ek (encapsulation key)
@@ -25,7 +25,7 @@ int app_ml_kem_handler(ACVP_TEST_CASE *test_case) {
      *
      * For decapsulating, take tc->dk and tc->c and attempt to generate tc->k. Note that in the
      * case of invalid ciphertext being provided, the IuT is expected to still provide a k value
-     * that aligns with the "implicit rejection" function described in FIPS203. 
+     * that aligns with the "implicit rejection" function described in FIPS203.
      */
 
 

diff --git a/murl/murl.c b/murl/murl.c
@@ -310,16 +310,16 @@ static BIO *create_connection_v6(char *address, int port)
     int		    sock;
 
     /*
-     * Strip off trailing bracket 
+     * Strip off trailing bracket
      */
     host[strnlen(host, IPV6_ADDRESS_MAX)-1] = 0;
 
     /*
-     * Setup destination address/port 
+     * Setup destination address/port
      */
     memset((char *) &si6, 0, sizeof(si6));
     si6.sin6_flowinfo = 0;
-    si6.sin6_family = AF_INET6;    
+    si6.sin6_family = AF_INET6;
     si6.sin6_port = htons(port);
     rc = inet_pton(AF_INET6, host, &si6.sin6_addr);
     if (rc != 1) {
@@ -349,7 +349,7 @@ static BIO *create_connection_v6(char *address, int port)
         fprintf(stderr, "OpenSSL error creating IP socket\n");
         //ossl_dump_ssl_errors();
         return(NULL);
-    }        
+    }
 
     return(conn);
 }
@@ -640,7 +640,7 @@ static void murl_log_peer_cert(SSL *ssl)
 	    X509_NAME_print(out, subject, 0);
 	    (void)BIO_flush(out);
 	    BIO_get_mem_ptr(out, &bptr);
-	    //fprintf(stdout, "TLS peer subject name: %s\n", bptr->data); 
+	    //fprintf(stdout, "TLS peer subject name: %s\n", bptr->data);
 	    BIO_free_all(out);
 	}
     }
@@ -674,7 +674,7 @@ CURLcode curl_easy_perform(CURL *curl)
      * Allocate some space to build the HTTP request
      */
     if (ctx->http_post && ctx->post_field_size) {
-        cl = ctx->post_field_size; 
+        cl = ctx->post_field_size;
     } else if (ctx->http_post && ctx->post_fields) {
         cl = strlen(ctx->post_fields); //FIXME: this is not safe
     } else {

diff --git a/murl/murl_cli.c b/murl/murl_cli.c
@@ -2,23 +2,23 @@
 Copyright (c) 2016, Cisco Systems, Inc.
 All rights reserved.
 
-Redistribution and use in source and binary forms, with or without modification, 
+Redistribution and use in source and binary forms, with or without modification,
 are permitted provided that the following conditions are met:
 
-1. Redistributions of source code must retain the above copyright notice, 
+1. Redistributions of source code must retain the above copyright notice,
 this list of conditions and the following disclaimer.
 
 2. Redistributions in binary form must reproduce the above copyright notice,
-this list of conditions and the following disclaimer in the documentation 
+this list of conditions and the following disclaimer in the documentation
 and/or other materials provided with the distribution.
 
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE 
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
 OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
 USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

diff --git a/murl/murl_http.c b/murl/murl_http.c
@@ -64,7 +64,7 @@
 #define MAX_BODY_SIZE 64*1024*1024
 
 /*
- * Using this global variable to track when all the HTTP data has been 
+ * Using this global variable to track when all the HTTP data has been
  * parsed.  This will need to be addressed if/when thread-safety is
  * desired.
  */
@@ -347,7 +347,7 @@ int murl_http_parse_response (SessionHandle *ctx, const char *buf)
 
     len = msg->body_size;
     if (ctx->recv_buf) {
-	free(ctx->recv_buf); 
+	free(ctx->recv_buf);
 	ctx->recv_buf = NULL;
 	ctx->recv_ctr = 0;
     }

diff --git a/murl/test/ut_get.c b/murl/test/ut_get.c
@@ -100,8 +100,8 @@ static int test_murl_http_get(char *url)
      * Add the test arguments to the URL
      */
     for (i=0; i<TEST_ARG_CNT; i++) {
-	sprintf(tmp, "%s=%s&", test_args[i].arg_name, test_args[i].arg_val); 
-	new_url = strcat(new_url, tmp);  
+	sprintf(tmp, "%s=%s&", test_args[i].arg_name, test_args[i].arg_val);
+	new_url = strcat(new_url, tmp);
     }
 
     printf("\tGET URL: %s\n", new_url);
@@ -202,7 +202,7 @@ static int test_murl_parse_http_response ()
 
 /*
  * Performs a simple HTTP GET operation.
- * 
+ *
  * returns 0 on success, non-zero on failure.
  */
 static int test_murl_simple_get ()
@@ -211,7 +211,7 @@ static int test_murl_simple_get ()
     int rv = 1;
 
     printf("Starting simple HTTP GET test...\n");
-    
+
     http_resp = test_murl_http_get("https://httpbin.org/get");
 
     if (http_resp != 200) {
@@ -241,7 +241,7 @@ static int test_murl_simple_get ()
 /*
  * Performs a simple HTTP GET operation with
  * custom headers.
- * 
+ *
  * returns 0 on success, non-zero on failure.
  */
 static int test_murl_headers_get()
@@ -327,9 +327,9 @@ static int test_murl_headers_get()
 }
 
 /*
- * This function performs an HTTP GET using httpbin.org 
+ * This function performs an HTTP GET using httpbin.org
  * while omitting the trailing slash on the URL.
- * This improves code coverage of the URL parser in libmurl. 
+ * This improves code coverage of the URL parser in libmurl.
  *
  * Returns zero on success, non-zero on failure
  */

diff --git a/murl/test/ut_main.c b/murl/test/ut_main.c
@@ -22,21 +22,21 @@ int main(int argc, char **argv)
     int rv = 0;
 
     /*
-     * Invoke HTTPS TLS unit test suite 
+     * Invoke HTTPS TLS unit test suite
      */
     if (test_murl_tls()) {
 	rv = 1;
     }
 
     /*
-     * Invoke HTTPS POST unit test suite 
+     * Invoke HTTPS POST unit test suite
      */
     if (test_murl_post()) {
 	rv = 1;
     }
 
     /*
-     * Invoke HTTPS GET unit test suite 
+     * Invoke HTTPS GET unit test suite
      */
     if (test_murl_get()) {
 	rv = 1;