slhdsa: clang-format

After renaming from `SLHDSA_128sSHA2` to `SLHDSA_SHA2_128S`, I forgot to
run clang-format. This change is purely the result of doing so.

Change-Id: I133c417170a4350c129bb5391fd5c8ebb408c1bf
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/71327
Commit-Queue: Adam Langley <agl@google.com>
Auto-Submit: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/crypto/slhdsa/fors.c b/crypto/slhdsa/fors.c
index eb6ba11..080231f 100644
--- a/crypto/slhdsa/fors.c
+++ b/crypto/slhdsa/fors.c
@@ -24,8 +24,9 @@
 #include "./thash.h"
 
 // Compute the base 2^12 representation of `message` (algorithm 4, page 16).
-static void fors_base_b(uint16_t indices[SLHDSA_SHA2_128S_FORS_TREES],
-                        const uint8_t message[SLHDSA_SHA2_128S_FORS_MSG_BYTES]) {
+static void fors_base_b(
+    uint16_t indices[SLHDSA_SHA2_128S_FORS_TREES],
+    const uint8_t message[SLHDSA_SHA2_128S_FORS_MSG_BYTES]) {
   static_assert(SLHDSA_SHA2_128S_FORS_HEIGHT == 12, "");
   static_assert((SLHDSA_SHA2_128S_FORS_TREES & 1) == 0, "");
 
diff --git a/crypto/slhdsa/internal.h b/crypto/slhdsa/internal.h
index d59f48d..339f018 100644
--- a/crypto/slhdsa/internal.h
+++ b/crypto/slhdsa/internal.h
@@ -45,8 +45,8 @@
     size_t context_len, const uint8_t *msg, size_t msg_len,
     const uint8_t entropy[SLHDSA_SHA2_128S_N]);
 
-// SLHDSA_SHA2_128S_verify_internal acts like |SLHDSA_SHA2_128S_verify| but takes
-// the input message in three parts so that the "internal" version of the
+// SLHDSA_SHA2_128S_verify_internal acts like |SLHDSA_SHA2_128S_verify| but
+// takes the input message in three parts so that the "internal" version of the
 // verification function, from section 9.3, can be implemented. The |header|
 // argument may be NULL to omit it.
 OPENSSL_EXPORT int SLHDSA_SHA2_128S_verify_internal(
diff --git a/crypto/slhdsa/params.h b/crypto/slhdsa/params.h
index a194351..7e7c5ed 100644
--- a/crypto/slhdsa/params.h
+++ b/crypto/slhdsa/params.h
@@ -35,7 +35,7 @@
 // Total number of FORS tree used.
 #define SLHDSA_SHA2_128S_FORS_TREES 14
 // Size of a FORS signature
-#define SLHDSA_SHA2_128S_FORS_BYTES                                  \
+#define SLHDSA_SHA2_128S_FORS_BYTES                                   \
   ((SLHDSA_SHA2_128S_FORS_HEIGHT + 1) * SLHDSA_SHA2_128S_FORS_TREES * \
    SLHDSA_SHA2_128S_N)
 // The number of bytes at the beginning of M', the augmented message, before the
@@ -58,7 +58,7 @@
 
 // Size of the message digest (NOTE: This is only correct for the SHA-256 params
 // here)
-#define SLHDSA_SHA2_128S_DIGEST_SIZE                                          \
+#define SLHDSA_SHA2_128S_DIGEST_SIZE                                           \
   (((SLHDSA_SHA2_128S_FORS_TREES * SLHDSA_SHA2_128S_FORS_HEIGHT) / 8) +        \
    (((SLHDSA_SHA2_128S_FULL_HEIGHT - SLHDSA_SHA2_128S_TREE_HEIGHT) / 8) + 1) + \
    (SLHDSA_SHA2_128S_TREE_HEIGHT / 8) + 1)
diff --git a/crypto/slhdsa/slhdsa.c b/crypto/slhdsa/slhdsa.c
index c724a86..ca04c3d 100644
--- a/crypto/slhdsa/slhdsa.c
+++ b/crypto/slhdsa/slhdsa.c
@@ -118,8 +118,9 @@
   slhdsa_fors_pk_from_sig(pk_fors, out_signature + SLHDSA_SHA2_128S_N,
                           fors_digest, pk_seed, addr);
 
-  slhdsa_ht_sign(out_signature + SLHDSA_SHA2_128S_N + SLHDSA_SHA2_128S_FORS_BYTES,
-                 pk_fors, idx_tree, idx_leaf, sk_seed, pk_seed);
+  slhdsa_ht_sign(
+      out_signature + SLHDSA_SHA2_128S_N + SLHDSA_SHA2_128S_FORS_BYTES, pk_fors,
+      idx_tree, idx_leaf, sk_seed, pk_seed);
 }
 
 int SLHDSA_SHA2_128S_sign(
@@ -139,7 +140,7 @@
   uint8_t entropy[SLHDSA_SHA2_128S_N];
   RAND_bytes(entropy, sizeof(entropy));
   SLHDSA_SHA2_128S_sign_internal(out_signature, private_key, M_prime_header,
-                                context, context_len, msg, msg_len, entropy);
+                                 context, context_len, msg, msg_len, entropy);
   return 1;
 }
 
@@ -159,8 +160,8 @@
   M_prime_header[1] = (uint8_t)context_len;
 
   return SLHDSA_SHA2_128S_verify_internal(signature, signature_len, public_key,
-                                         M_prime_header, context, context_len,
-                                         msg, msg_len);
+                                          M_prime_header, context, context_len,
+                                          msg, msg_len);
 }
 
 int SLHDSA_SHA2_128S_verify_internal(
diff --git a/crypto/slhdsa/slhdsa_test.cc b/crypto/slhdsa/slhdsa_test.cc
index 0864bbc..fe70fbd 100644
--- a/crypto/slhdsa/slhdsa_test.cc
+++ b/crypto/slhdsa/slhdsa_test.cc
@@ -65,21 +65,21 @@
   uint8_t kContext[256] = {0};
   uint8_t signature[SLHDSA_SHA2_128S_SIGNATURE_BYTES];
   ASSERT_TRUE(SLHDSA_SHA2_128S_sign(signature, priv, kMessage, sizeof(kMessage),
-                                   nullptr, 0));
+                                    nullptr, 0));
   EXPECT_EQ(SLHDSA_SHA2_128S_verify(signature, sizeof(signature), pub, kMessage,
-                                   sizeof(kMessage), nullptr, 0),
+                                    sizeof(kMessage), nullptr, 0),
             1);
   EXPECT_EQ(SLHDSA_SHA2_128S_verify(signature, sizeof(signature), pub, kMessage,
-                                   sizeof(kMessage), kContext, 1),
+                                    sizeof(kMessage), kContext, 1),
             0);
   EXPECT_EQ(SLHDSA_SHA2_128S_verify(signature, sizeof(signature), pub, kMessage,
-                                   sizeof(kMessage), kContext, 256),
+                                    sizeof(kMessage), kContext, 256),
             0);
 
   ASSERT_TRUE(SLHDSA_SHA2_128S_sign(signature, priv, kMessage, sizeof(kMessage),
-                                   kContext, 1));
+                                    kContext, 1));
   EXPECT_EQ(SLHDSA_SHA2_128S_verify(signature, sizeof(signature), pub, kMessage,
-                                   sizeof(kMessage), kContext, 1),
+                                    sizeof(kMessage), kContext, 1),
             1);
 }
 
@@ -114,7 +114,7 @@
 
   uint8_t sig[SLHDSA_SHA2_128S_SIGNATURE_BYTES];
   SLHDSA_SHA2_128S_sign_internal(sig, priv.data(), nullptr, nullptr, 0,
-                                msg.data(), msg.size(), entropy.data());
+                                 msg.data(), msg.size(), entropy.data());
 
   EXPECT_EQ(Bytes(sig), Bytes(expected_sig));
 }
@@ -134,8 +134,8 @@
   ASSERT_TRUE(t->GetAttribute(&valid, "valid"));
 
   int ok = SLHDSA_SHA2_128S_verify_internal(sig.data(), sig.size(), pub.data(),
-                                           nullptr, nullptr, 0, msg.data(),
-                                           msg.size());
+                                            nullptr, nullptr, 0, msg.data(),
+                                            msg.size());
   EXPECT_EQ(ok, valid == "true");
 }
 
diff --git a/crypto/slhdsa/thash.c b/crypto/slhdsa/thash.c
index 7715c30..a717de2 100644
--- a/crypto/slhdsa/thash.c
+++ b/crypto/slhdsa/thash.c
@@ -105,7 +105,8 @@
   // index
   uint8_t input_buffer[2 * SLHDSA_SHA2_128S_N + 32 + 4] = {0};
   OPENSSL_memcpy(input_buffer, r, SLHDSA_SHA2_128S_N);
-  OPENSSL_memcpy(input_buffer + SLHDSA_SHA2_128S_N, pk_seed, SLHDSA_SHA2_128S_N);
+  OPENSSL_memcpy(input_buffer + SLHDSA_SHA2_128S_N, pk_seed,
+                 SLHDSA_SHA2_128S_N);
 
   // Inner hash
   SHA256_CTX sha_ctx;
diff --git a/crypto/slhdsa/thash.h b/crypto/slhdsa/thash.h
index 03c99c9..19d9cd3 100644
--- a/crypto/slhdsa/thash.h
+++ b/crypto/slhdsa/thash.h
@@ -60,13 +60,15 @@
 // produces an n-byte output. (Section 4.1, page 11)
 void slhdsa_thash_h(uint8_t output[SLHDSA_SHA2_128S_N],
                     const uint8_t input[2 * SLHDSA_SHA2_128S_N],
-                    const uint8_t pk_seed[SLHDSA_SHA2_128S_N], uint8_t addr[32]);
+                    const uint8_t pk_seed[SLHDSA_SHA2_128S_N],
+                    uint8_t addr[32]);
 
 // Implements F: a hash function that takes an n-byte message as input and
 // produces an n-byte output. (Section 4.1, page 11)
 void slhdsa_thash_f(uint8_t output[SLHDSA_SHA2_128S_N],
                     const uint8_t input[SLHDSA_SHA2_128S_N],
-                    const uint8_t pk_seed[SLHDSA_SHA2_128S_N], uint8_t addr[32]);
+                    const uint8_t pk_seed[SLHDSA_SHA2_128S_N],
+                    uint8_t addr[32]);
 
 // Implements T_k: a hash function that maps a k*n-byte message to an n-byte
 // message. Used for FORS public key compression. (Section 4.1, page 11)
diff --git a/include/openssl/slhdsa.h b/include/openssl/slhdsa.h
index 85edf50..2f807b3 100644
--- a/include/openssl/slhdsa.h
+++ b/include/openssl/slhdsa.h
@@ -50,9 +50,9 @@
 // using |private_key| and writes it to |out_signature|. The |context| argument
 // is also signed over and can be used to include implicit contextual
 // information that isn't included in |msg|. The same value of |context| must be
-// presented to |SLHDSA_SHA2_128S_verify| in order for the generated signature to
-// be considered valid. |context| and |context_len| may be |NULL| and 0 to use
-// an empty context (this is common). It returns 1 on success and 0 if
+// presented to |SLHDSA_SHA2_128S_verify| in order for the generated signature
+// to be considered valid. |context| and |context_len| may be |NULL| and 0 to
+// use an empty context (this is common). It returns 1 on success and 0 if
 // |context_len| is larger than 255.
 OPENSSL_EXPORT int SLHDSA_SHA2_128S_sign(
     uint8_t out_signature[SLHDSA_SHA2_128S_SIGNATURE_BYTES],
@@ -60,10 +60,11 @@
     const uint8_t *msg, size_t msg_len, const uint8_t *context,
     size_t context_len);
 
-// SLHDSA_SHA2_128S_verify verifies that |signature| is a valid SLH-DSA-SHA2-128s
-// signature of |msg| by |public_key|. The value of |context| must equal the
-// value that was passed to |SLHDSA_SHA2_128S_sign| when the signature was
-// generated. It returns 1 if the signature is valid and 0 otherwise.
+// SLHDSA_SHA2_128S_verify verifies that |signature| is a valid
+// SLH-DSA-SHA2-128s signature of |msg| by |public_key|. The value of |context|
+// must equal the value that was passed to |SLHDSA_SHA2_128S_sign| when the
+// signature was generated. It returns 1 if the signature is valid and 0
+// otherwise.
 OPENSSL_EXPORT int SLHDSA_SHA2_128S_verify(
     const uint8_t *signature, size_t signature_len,
     const uint8_t public_key[SLHDSA_SHA2_128S_PUBLIC_KEY_BYTES],