Further fixups on the new tests.

I messed up the indentation in one place, and Shane Lontis pointed out
that the comment is slightly out of date now that there are two
codepaths involved.

Change-Id: I1be69f3f9a3835fffc4801b4464b9fb8ecb092cc
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/54745
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

crypto/x509/x509_test.cc

@@ -2025,7 +2025,7 @@ TEST(X509Test, SignCertificate) {
       EXPECT_TRUE(X509_verify(cert.get(), pkey.get()));
 
       // Re-encode the certificate. X509 objects contain a cached TBSCertificate
-      // encoding and |i2d_re_X509_tbs| should have dropped that cache.
+      // encoding and re-signing should have dropped that cache.
       bssl::UniquePtr<X509> copy = ReencodeCertificate(cert.get());
       ASSERT_TRUE(copy);
       EXPECT_TRUE(X509_verify(copy.get(), pkey.get()));
@@ -2115,7 +2115,7 @@ TEST(X509Test, SignCRL) {
       EXPECT_TRUE(X509_CRL_verify(crl.get(), pkey.get()));
 
       // Re-encode the CRL. X509_CRL objects contain a cached TBSCertList
-      // encoding and |i2d_re_X509_tbs| should have dropped that cache.
+      // encoding and re-signing should have dropped that cache.
       bssl::UniquePtr<X509_CRL> copy = ReencodeCRL(crl.get());
       ASSERT_TRUE(copy);
       EXPECT_TRUE(X509_CRL_verify(copy.get(), pkey.get()));
@@ -2189,28 +2189,28 @@ TEST(X509Test, SignCSR) {
       EXPECT_TRUE(X509_REQ_set_pubkey(csr.get(), pkey.get()));
 
       if (sign_manual) {
-      // Fill in the signature algorithm.
+        // Fill in the signature algorithm.
-      ASSERT_TRUE(X509_REQ_set1_signature_algo(csr.get(), algor.get()));
+        ASSERT_TRUE(X509_REQ_set1_signature_algo(csr.get(), algor.get()));
-
+
-      // Extract the CertificationRequestInfo.
+        // Extract the CertificationRequestInfo.
-      uint8_t *tbs = nullptr;
+        uint8_t *tbs = nullptr;
-      int tbs_len = i2d_re_X509_REQ_tbs(csr.get(), &tbs);
+        int tbs_len = i2d_re_X509_REQ_tbs(csr.get(), &tbs);
-      bssl::UniquePtr<uint8_t> free_tbs(tbs);
+        bssl::UniquePtr<uint8_t> free_tbs(tbs);
-      ASSERT_GT(tbs_len, 0);
+        ASSERT_GT(tbs_len, 0);
-
+
-      // Generate a signature externally and fill it in.
+        // Generate a signature externally and fill it in.
-      bssl::ScopedEVP_MD_CTX md_ctx;
+        bssl::ScopedEVP_MD_CTX md_ctx;
-      ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
+        ASSERT_TRUE(EVP_DigestSignInit(md_ctx.get(), nullptr, kSignatureHash,
-                                     nullptr, pkey.get()));
+                                       nullptr, pkey.get()));
-      size_t sig_len;
+        size_t sig_len;
-      ASSERT_TRUE(
+        ASSERT_TRUE(
-          EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs, tbs_len));
+            EVP_DigestSign(md_ctx.get(), nullptr, &sig_len, tbs, tbs_len));
-      std::vector<uint8_t> sig(sig_len);
+        std::vector<uint8_t> sig(sig_len);
-      ASSERT_TRUE(
+        ASSERT_TRUE(
-          EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs, tbs_len));
+            EVP_DigestSign(md_ctx.get(), sig.data(), &sig_len, tbs, tbs_len));
-      sig.resize(sig_len);
+        sig.resize(sig_len);
-      ASSERT_TRUE(
+        ASSERT_TRUE(
-          X509_REQ_set1_signature_value(csr.get(), sig.data(), sig.size()));
+            X509_REQ_set1_signature_value(csr.get(), sig.data(), sig.size()));
       } else {
         ASSERT_TRUE(X509_REQ_sign(csr.get(), pkey.get(), EVP_sha384()));
       }
@@ -2219,8 +2219,8 @@ TEST(X509Test, SignCSR) {
       EXPECT_TRUE(X509_REQ_verify(csr.get(), pkey.get()));
 
       // Re-encode the CSR. X509_REQ objects contain a cached
-      // CertificationRequestInfo encoding and |i2d_re_X509_REQ_tbs| should have
+      // CertificationRequestInfo encoding and re-signing should have dropped
-      // dropped that cache.
+      // that cache.
       bssl::UniquePtr<X509_REQ> copy = ReencodeCSR(csr.get());
       ASSERT_TRUE(copy);
       EXPECT_TRUE(X509_REQ_verify(copy.get(), pkey.get()));