More KNF.

38 files changed, 662 insertions, 644 deletions

diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c
index 8e15e3f535..813c634f31 100644
--- a/src/lib/libcrypto/rsa/rsa_ameth.c
+++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ameth.c,v 1.7 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_ameth.c,v 1.8 2014/07/09 19:51:38 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -104,8 +104,8 @@ rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
 static int
 rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
 {
-        if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 ||
-            BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
+        if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 ||
+            BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
                 return 0;
         return 1;
 }
@@ -256,7 +256,7 @@ do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
         ret = 1;
 err:
         free(m);
-        return(ret);
+        return (ret);
 }
 
 static int
@@ -282,13 +282,14 @@ rsa_pss_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash)
 
         if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE)
                 return NULL;
+
         p = alg->parameter->value.sequence->data;
         plen = alg->parameter->value.sequence->length;
         pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);
 
         if (!pss)
                 return NULL;
-        
+
         if (pss->maskGenAlgorithm) {
                 ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
                 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
@@ -351,7 +352,7 @@ rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, X509_ALGOR *maskHash,
         if (!BIO_indent(bp, indent, 128))
                 goto err;
         if (BIO_puts(bp, "Salt Length: 0x") <= 0)
-                        goto err;
+                goto err;
         if (pss->saltLength) {
                 if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
                         goto err;
@@ -369,7 +370,7 @@ rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, X509_ALGOR *maskHash,
         } else if (BIO_puts(bp, "BC (default)") <= 0)
                 goto err;
         BIO_puts(bp, "\n");
-        
+
         rv = 1;
 
 err:
@@ -403,6 +404,7 @@ static int
 rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 {
         X509_ALGOR *alg = NULL;
+
         switch (op) {
         case ASN1_PKEY_CTRL_PKCS7_SIGN:
                 if (arg1 == 0)
@@ -422,7 +424,7 @@ rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
         case ASN1_PKEY_CTRL_CMS_ENVELOPE:
                 if (arg1 == 0)
                         CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
-        break;
+                break;
 #endif
 
         case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
@@ -440,8 +442,8 @@ rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
         return 1;
 }
 
-/* Customised RSA item verification routine. This is called 
- * when a signature is encountered requiring special handling. We 
+/* Customised RSA item verification routine. This is called
+ * when a signature is encountered requiring special handling. We
  * currently only handle PSS.
  */
 static int
@@ -460,6 +462,7 @@ rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
                 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
                 return -1;
         }
+
         /* Decode PSS parameters */
         pss = rsa_pss_decode(sigalg, &maskHash);
 
@@ -544,7 +547,7 @@ err:
 
 static int
 rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-   X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig)
+    X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig)
 {
         int pad_mode;
         EVP_PKEY_CTX *pkctx = ctx->pctx;
diff --git a/src/lib/libcrypto/rsa/rsa_asn1.c b/src/lib/libcrypto/rsa/rsa_asn1.c
index e876dbdf49..9bc5f17b06 100644
--- a/src/lib/libcrypto/rsa/rsa_asn1.c
+++ b/src/lib/libcrypto/rsa/rsa_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_asn1.c,v 1.7 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_asn1.c,v 1.8 2014/07/09 19:51:38 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -99,10 +99,10 @@ ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
 } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
 
 ASN1_SEQUENCE(RSA_PSS_PARAMS) = {
-        ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),
-        ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),
-        ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),
-        ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3)
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR, 0),
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR, 1),
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER, 2),
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER, 3)
 } ASN1_SEQUENCE_END(RSA_PSS_PARAMS)
 
 IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c
index 54113f89f6..0f9e0944db 100644
--- a/src/lib/libcrypto/rsa/rsa_chk.c
+++ b/src/lib/libcrypto/rsa/rsa_chk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_chk.c,v 1.7 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_chk.c,v 1.8 2014/07/09 19:51:38 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -65,7 +65,7 @@ RSA_check_key(const RSA *key)
                 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
                 return 0;
         }
-        
+
         i = BN_new();
         j = BN_new();
         k = BN_new();
@@ -78,7 +78,7 @@ RSA_check_key(const RSA *key)
                 RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
                 goto err;
         }
-        
+
         /* p prime? */
         r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
         if (r != 1) {
@@ -87,7 +87,7 @@ RSA_check_key(const RSA *key)
                         goto err;
                 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
         }
-        
+
         /* q prime? */
         r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
         if (r != 1) {
@@ -96,19 +96,19 @@ RSA_check_key(const RSA *key)
                         goto err;
                 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
         }
-        
+
         /* n = p*q? */
         r = BN_mul(i, key->p, key->q, ctx);
         if (!r) {
                 ret = -1;
                 goto err;
         }
-        
+
         if (BN_cmp(i, key->n) != 0) {
                 ret = 0;
                 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
         }
-        
+
         /* d*e = 1  mod lcm(p-1,q-1)? */
 
         r = BN_sub(i, key->p, BN_value_one());
@@ -149,7 +149,7 @@ RSA_check_key(const RSA *key)
                 ret = 0;
                 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
         }
-        
+
         if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
                 /* dmp1 = d mod (p-1)? */
                 r = BN_sub(i, key->p, BN_value_one());
@@ -169,14 +169,14 @@ RSA_check_key(const RSA *key)
                         RSAerr(RSA_F_RSA_CHECK_KEY,
                             RSA_R_DMP1_NOT_CONGRUENT_TO_D);
                 }
-        
-                /* dmq1 = d mod (q-1)? */    
+
+                /* dmq1 = d mod (q-1)? */
                 r = BN_sub(i, key->q, BN_value_one());
                 if (!r) {
                         ret = -1;
                         goto err;
                 }
-        
+
                 r = BN_mod(j, key->d, i, ctx);
                 if (!r) {
                         ret = -1;
@@ -188,7 +188,7 @@ RSA_check_key(const RSA *key)
                         RSAerr(RSA_F_RSA_CHECK_KEY,
                             RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
                 }
-        
+
                 /* iqmp = q^-1 mod p? */
                 if (!BN_mod_inverse(i, key->q, key->p, ctx)) {
                         ret = -1;
@@ -202,7 +202,7 @@ RSA_check_key(const RSA *key)
                 }
         }
 
- err:
+err:
         if (i != NULL)
                 BN_free(i);
         if (j != NULL)
diff --git a/src/lib/libcrypto/rsa/rsa_crpt.c b/src/lib/libcrypto/rsa/rsa_crpt.c
index 16679cfd14..fb09d235e1 100644
--- a/src/lib/libcrypto/rsa/rsa_crpt.c
+++ b/src/lib/libcrypto/rsa/rsa_crpt.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_crpt.c,v 1.5 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_crpt.c,v 1.6 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -134,7 +134,7 @@ RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
         rsa->flags &= ~RSA_FLAG_NO_BLINDING;
         ret = 1;
 err:
-        return(ret);
+        return (ret);
 }
 
 static BIGNUM *
@@ -181,7 +181,7 @@ RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
                 ctx = in_ctx;
 
         BN_CTX_start(ctx);
-        e  = BN_CTX_get(ctx);
+        e = BN_CTX_get(ctx);
         if (e == NULL) {
                 RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
                 goto err;
diff --git a/src/lib/libcrypto/rsa/rsa_depr.c b/src/lib/libcrypto/rsa/rsa_depr.c
index 6808b5aecb..7a3ecca666 100644
--- a/src/lib/libcrypto/rsa/rsa_depr.c
+++ b/src/lib/libcrypto/rsa/rsa_depr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_depr.c,v 1.4 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_depr.c,v 1.5 2014/07/09 19:51:38 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 06bd8ded96..ede772cb83 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_eay.c,v 1.30 2014/07/09 08:44:53 miod Exp $ */
+/* $OpenBSD: rsa_eay.c,v 1.31 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -116,16 +116,17 @@
 #include <openssl/rand.h>
 
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
+    unsigned char *to, RSA *rsa, int padding);
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
+    unsigned char *to, RSA *rsa, int padding);
 static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
+    unsigned char *to, RSA *rsa, int padding);
 static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
+    unsigned char *to, RSA *rsa, int padding);
 static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
 static int RSA_eay_init(RSA *rsa);
 static int RSA_eay_finish(RSA *rsa);
+
 static RSA_METHOD rsa_pkcs1_eay_meth = {
         .name = "Eric Young's PKCS#1 RSA",
         .rsa_pub_enc = RSA_eay_public_encrypt,
@@ -170,8 +171,8 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
                         return -1;
                 }
         }
-        
-        if ((ctx=BN_CTX_new()) == NULL)
+
+        if ((ctx = BN_CTX_new()) == NULL)
                 goto err;
         BN_CTX_start(ctx);
         f = BN_CTX_get(ctx);
@@ -179,7 +180,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
         num = BN_num_bytes(rsa->n);
         buf = malloc(num);
         if (!f || !ret || !buf) {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -189,7 +190,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
                 break;
 #ifndef OPENSSL_NO_SHA
         case RSA_PKCS1_OAEP_PADDING:
-                i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
+                i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
                 break;
 #endif
         case RSA_SSLV23_PADDING:
@@ -208,7 +209,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
 
         if (BN_bin2bn(buf, num, f) == NULL)
                 goto err;
-        
+
         if (BN_ucmp(f, rsa->n) >= 0) {
                 /* usually the padding functions would catch this */
                 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
@@ -221,7 +222,8 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
                     CRYPTO_LOCK_RSA, rsa->n, ctx))
                         goto err;
 
-        if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n))
+        if (!rsa->meth->bn_mod_exp(ret, f,rsa->e, rsa->n, ctx,
+            rsa->_method_mod_n))
                 goto err;
 
         /* put in leading 0 bytes if the number is less than the
@@ -286,7 +288,7 @@ rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
                                 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
                                 got_write_lock = 1;
                         }
-                        
+
                         if (rsa->mt_blinding == NULL)
                                 rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
                 }
@@ -355,7 +357,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
         BIGNUM *unblind = NULL;
         BN_BLINDING *blinding = NULL;
 
-        if ((ctx=BN_CTX_new()) == NULL)
+        if ((ctx = BN_CTX_new()) == NULL)
                 goto err;
         BN_CTX_start(ctx);
         f = BN_CTX_get(ctx);
@@ -386,10 +388,10 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
         if (i <= 0)
                 goto err;
 
-        if (BN_bin2bn(buf,num,f) == NULL)
+        if (BN_bin2bn(buf, num, f) == NULL)
                 goto err;
-        
-        if (BN_ucmp(f, rsa->n) >= 0) {  
+
+                if (BN_ucmp(f, rsa->n) >= 0) {
                 /* usually the padding functions would catch this */
                 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
                     RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
@@ -404,7 +406,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
                         goto err;
                 }
         }
-        
+
         if (blinding != NULL) {
                 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
                         RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
@@ -417,13 +419,13 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
 
         if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
             (rsa->p != NULL && rsa->q != NULL && rsa->dmp1 != NULL &&
-             rsa->dmq1 != NULL && rsa->iqmp != NULL)) { 
+            rsa->dmq1 != NULL && rsa->iqmp != NULL)) {
                 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
                         goto err;
         } else {
                 BIGNUM local_d;
                 BIGNUM *d = NULL;
-                
+
                 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
                         BN_init(&local_d);
                         d = &local_d;
@@ -436,7 +438,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
                             CRYPTO_LOCK_RSA, rsa->n, ctx))
                                 goto err;
 
-                if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n,ctx,
+                if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
                     rsa->_method_mod_n))
                         goto err;
         }
@@ -530,7 +532,7 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
                         goto err;
                 }
         }
-        
+
         if (blinding != NULL) {
                 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
                         RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
@@ -544,13 +546,13 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
         /* do the decrypt */
         if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
             (rsa->p != NULL && rsa->q != NULL && rsa->dmp1 != NULL &&
-             rsa->dmq1 != NULL && rsa->iqmp != NULL)) {
+            rsa->dmq1 != NULL && rsa->iqmp != NULL)) {
                 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
                         goto err;
         } else {
                 BIGNUM local_d;
                 BIGNUM *d = NULL;
-                
+
                 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
                         d = &local_d;
                         BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
@@ -578,11 +580,11 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
                 r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
                 break;
 #ifndef OPENSSL_NO_SHA
-        case RSA_PKCS1_OAEP_PADDING:
-                r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
-                break;
+        case RSA_PKCS1_OAEP_PADDING:
+                r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
+                break;
 #endif
-        case RSA_SSLV23_PADDING:
+        case RSA_SSLV23_PADDING:
                 r = RSA_padding_check_SSLv23(to, num, buf, j, num);
                 break;
         case RSA_NO_PADDING:
@@ -603,7 +605,7 @@ err:
                 BN_CTX_free(ctx);
         }
         if (buf != NULL) {
-                OPENSSL_cleanse(buf,num);
+                OPENSSL_cleanse(buf, num);
                 free(buf);
         }
         return r;
@@ -615,7 +617,7 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
     RSA *rsa, int padding)
 {
         BIGNUM *f, *ret;
-        int i, num = 0,r = -1;
+        int i, num = 0, r = -1;
         unsigned char *p;
         unsigned char *buf = NULL;
         BN_CTX *ctx = NULL;
@@ -637,7 +639,7 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
                         return -1;
                 }
         }
-        
+
         if ((ctx = BN_CTX_new()) == NULL)
                 goto err;
         BN_CTX_start(ctx);
@@ -658,7 +660,7 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
                 goto err;
         }
 
-        if (BN_bin2bn(from,flen,f) == NULL)
+        if (BN_bin2bn(from, flen, f) == NULL)
                 goto err;
 
         if (BN_ucmp(f, rsa->n) >= 0) {
@@ -801,7 +803,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
                 BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
         } else
                 dmp1 = rsa->dmp1;
-        if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p,ctx,
+        if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx,
             rsa->_method_mod_p))
                 goto err;
 
@@ -824,7 +826,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
                 BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
         } else
                 pr1 = r1;
-        if (!BN_mod(r0, pr1, rsa->p,ctx))
+        if (!BN_mod(r0, pr1, rsa->p, ctx))
                 goto err;
 
         /*
@@ -869,7 +871,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 
                         BIGNUM local_d;
                         BIGNUM *d = NULL;
-                
+
                         if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
                                 d = &local_d;
                                 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
@@ -890,7 +892,7 @@ static int
 RSA_eay_init(RSA *rsa)
 {
         rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
-        return 1 ;
+        return 1;
 }
 
 static int
@@ -902,5 +904,6 @@ RSA_eay_finish(RSA *rsa)
                 BN_MONT_CTX_free(rsa->_method_mod_p);
         if (rsa->_method_mod_q != NULL)
                 BN_MONT_CTX_free(rsa->_method_mod_q);
+
         return 1;
 }
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c
index c7d6881100..893069a892 100644
--- a/src/lib/libcrypto/rsa/rsa_err.c
+++ b/src/lib/libcrypto/rsa/rsa_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_err.c,v 1.13 2014/07/09 08:44:53 miod Exp $ */
+/* $OpenBSD: rsa_err.c,v 1.14 2014/07/09 19:51:38 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -68,136 +68,133 @@
 #define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
 
-static ERR_STRING_DATA RSA_str_functs[]=
-        {
-{ERR_FUNC(RSA_F_CHECK_PADDING_MD),      "CHECK_PADDING_MD"},
-{ERR_FUNC(RSA_F_DO_RSA_PRINT),  "DO_RSA_PRINT"},
-{ERR_FUNC(RSA_F_INT_RSA_VERIFY),        "INT_RSA_VERIFY"},
-{ERR_FUNC(RSA_F_MEMORY_LOCK),   "MEMORY_LOCK"},
-{ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE),   "OLD_RSA_PRIV_DECODE"},
-{ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"},
-{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR),     "PKEY_RSA_CTRL_STR"},
-{ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
-{ERR_FUNC(RSA_F_PKEY_RSA_VERIFY),       "PKEY_RSA_VERIFY"},
-{ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER),        "PKEY_RSA_VERIFYRECOVER"},
-{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),    "RSA_BUILTIN_KEYGEN"},
-{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT),       "RSA_EAY_PRIVATE_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT),       "RSA_EAY_PRIVATE_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT),        "RSA_EAY_PUBLIC_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT),        "RSA_EAY_PUBLIC_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_GENERATE_KEY),      "RSA_generate_key"},
-{ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX),   "RSA_generate_key_ex"},
-{ERR_FUNC(RSA_F_RSA_ITEM_VERIFY),       "RSA_ITEM_VERIFY"},
-{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK),       "RSA_memory_lock"},
-{ERR_FUNC(RSA_F_RSA_NEW_METHOD),        "RSA_new_method"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE),  "RSA_padding_add_none"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),    "RSA_padding_add_PKCS1_OAEP"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS),     "RSA_padding_add_PKCS1_PSS"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1),        "RSA_padding_add_PKCS1_PSS_mgf1"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1),  "RSA_padding_add_PKCS1_type_1"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2),  "RSA_padding_add_PKCS1_type_2"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23),        "RSA_padding_add_SSLv23"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931),  "RSA_padding_add_X931"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE),        "RSA_padding_check_none"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP),  "RSA_padding_check_PKCS1_OAEP"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),        "RSA_padding_check_PKCS1_type_1"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),        "RSA_padding_check_PKCS1_type_2"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23),      "RSA_padding_check_SSLv23"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931),        "RSA_padding_check_X931"},
-{ERR_FUNC(RSA_F_RSA_PRINT),     "RSA_print"},
-{ERR_FUNC(RSA_F_RSA_PRINT_FP),  "RSA_print_fp"},
-{ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT),   "RSA_private_decrypt"},
-{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT),   "RSA_private_encrypt"},
-{ERR_FUNC(RSA_F_RSA_PRIV_DECODE),       "RSA_PRIV_DECODE"},
-{ERR_FUNC(RSA_F_RSA_PRIV_ENCODE),       "RSA_PRIV_ENCODE"},
-{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT),    "RSA_public_decrypt"},
-{ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT),    "RSA_public_encrypt"},
-{ERR_FUNC(RSA_F_RSA_PUB_DECODE),        "RSA_PUB_DECODE"},
-{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING),    "RSA_setup_blinding"},
-{ERR_FUNC(RSA_F_RSA_SIGN),      "RSA_sign"},
-{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),    "RSA_sign_ASN1_OCTET_STRING"},
-{ERR_FUNC(RSA_F_RSA_VERIFY),    "RSA_verify"},
-{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),  "RSA_verify_ASN1_OCTET_STRING"},
-{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS),  "RSA_verify_PKCS1_PSS"},
-{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1),     "RSA_verify_PKCS1_PSS_mgf1"},
-{0,NULL}
-        };
+static ERR_STRING_DATA RSA_str_functs[] = {
+        {ERR_FUNC(RSA_F_CHECK_PADDING_MD),      "CHECK_PADDING_MD"},
+        {ERR_FUNC(RSA_F_DO_RSA_PRINT),  "DO_RSA_PRINT"},
+        {ERR_FUNC(RSA_F_INT_RSA_VERIFY),        "INT_RSA_VERIFY"},
+        {ERR_FUNC(RSA_F_MEMORY_LOCK),   "MEMORY_LOCK"},
+        {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE),   "OLD_RSA_PRIV_DECODE"},
+        {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"},
+        {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR),     "PKEY_RSA_CTRL_STR"},
+        {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
+        {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY),       "PKEY_RSA_VERIFY"},
+        {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER),        "PKEY_RSA_VERIFYRECOVER"},
+        {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),    "RSA_BUILTIN_KEYGEN"},
+        {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
+        {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT),       "RSA_EAY_PRIVATE_DECRYPT"},
+        {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT),       "RSA_EAY_PRIVATE_ENCRYPT"},
+        {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT),        "RSA_EAY_PUBLIC_DECRYPT"},
+        {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT),        "RSA_EAY_PUBLIC_ENCRYPT"},
+        {ERR_FUNC(RSA_F_RSA_GENERATE_KEY),      "RSA_generate_key"},
+        {ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX),   "RSA_generate_key_ex"},
+        {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY),       "RSA_ITEM_VERIFY"},
+        {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK),       "RSA_memory_lock"},
+        {ERR_FUNC(RSA_F_RSA_NEW_METHOD),        "RSA_new_method"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE),  "RSA_padding_add_none"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),    "RSA_padding_add_PKCS1_OAEP"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS),     "RSA_padding_add_PKCS1_PSS"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1),        "RSA_padding_add_PKCS1_PSS_mgf1"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1),  "RSA_padding_add_PKCS1_type_1"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2),  "RSA_padding_add_PKCS1_type_2"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23),        "RSA_padding_add_SSLv23"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931),  "RSA_padding_add_X931"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE),        "RSA_padding_check_none"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP),  "RSA_padding_check_PKCS1_OAEP"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),        "RSA_padding_check_PKCS1_type_1"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),        "RSA_padding_check_PKCS1_type_2"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23),      "RSA_padding_check_SSLv23"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931),        "RSA_padding_check_X931"},
+        {ERR_FUNC(RSA_F_RSA_PRINT),     "RSA_print"},
+        {ERR_FUNC(RSA_F_RSA_PRINT_FP),  "RSA_print_fp"},
+        {ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT),   "RSA_private_decrypt"},
+        {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT),   "RSA_private_encrypt"},
+        {ERR_FUNC(RSA_F_RSA_PRIV_DECODE),       "RSA_PRIV_DECODE"},
+        {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE),       "RSA_PRIV_ENCODE"},
+        {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT),    "RSA_public_decrypt"},
+        {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT),    "RSA_public_encrypt"},
+        {ERR_FUNC(RSA_F_RSA_PUB_DECODE),        "RSA_PUB_DECODE"},
+        {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING),    "RSA_setup_blinding"},
+        {ERR_FUNC(RSA_F_RSA_SIGN),      "RSA_sign"},
+        {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),    "RSA_sign_ASN1_OCTET_STRING"},
+        {ERR_FUNC(RSA_F_RSA_VERIFY),    "RSA_verify"},
+        {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),  "RSA_verify_ASN1_OCTET_STRING"},
+        {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS),  "RSA_verify_PKCS1_PSS"},
+        {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1),     "RSA_verify_PKCS1_PSS_mgf1"},
+        {0, NULL}
+};
 
-static ERR_STRING_DATA RSA_str_reasons[]=
-        {
-{ERR_REASON(RSA_R_ALGORITHM_MISMATCH)    ,"algorithm mismatch"},
-{ERR_REASON(RSA_R_BAD_E_VALUE)           ,"bad e value"},
-{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT),"bad fixed header decrypt"},
-{ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT)    ,"bad pad byte count"},
-{ERR_REASON(RSA_R_BAD_SIGNATURE)         ,"bad signature"},
-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01)  ,"block type is not 01"},
-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02)  ,"block type is not 02"},
-{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),"data greater than mod len"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE)        ,"data too large"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),"data too large for modulus"},
-{ERR_REASON(RSA_R_DATA_TOO_SMALL)        ,"data too small"},
-{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),"data too small for key size"},
-{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),"digest too big for rsa key"},
-{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"},
-{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
-{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
-{ERR_REASON(RSA_R_FIRST_OCTET_INVALID)   ,"first octet invalid"},
-{ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),"illegal or unsupported padding mode"},
-{ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) ,"invalid digest length"},
-{ERR_REASON(RSA_R_INVALID_HEADER)        ,"invalid header"},
-{ERR_REASON(RSA_R_INVALID_KEYBITS)       ,"invalid keybits"},
-{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
-{ERR_REASON(RSA_R_INVALID_MGF1_MD)       ,"invalid mgf1 md"},
-{ERR_REASON(RSA_R_INVALID_PADDING)       ,"invalid padding"},
-{ERR_REASON(RSA_R_INVALID_PADDING_MODE)  ,"invalid padding mode"},
-{ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS),"invalid pss parameters"},
-{ERR_REASON(RSA_R_INVALID_PSS_SALTLEN)   ,"invalid pss saltlen"},
-{ERR_REASON(RSA_R_INVALID_SALT_LENGTH)   ,"invalid salt length"},
-{ERR_REASON(RSA_R_INVALID_TRAILER)       ,"invalid trailer"},
-{ERR_REASON(RSA_R_INVALID_X931_DIGEST)   ,"invalid x931 digest"},
-{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
-{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
-{ERR_REASON(RSA_R_LAST_OCTET_INVALID)    ,"last octet invalid"},
-{ERR_REASON(RSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
-{ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD)   ,"non fips rsa method"},
-{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT)    ,"no public exponent"},
-{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
-{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
-{ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
-{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
-{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
-{ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
-{ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
-{ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},
-{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
-{ERR_REASON(RSA_R_SLEN_CHECK_FAILED)     ,"salt length check failed"},
-{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED)  ,"salt length recovery failed"},
-{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"},
-{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
-{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
-{ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST)   ,"unknown mask digest"},
-{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  ,"unknown padding type"},
-{ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST)    ,"unknown pss digest"},
-{ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM),"unsupported mask algorithm"},
-{ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER),"unsupported mask parameter"},
-{ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE),"unsupported signature type"},
-{ERR_REASON(RSA_R_VALUE_MISSING)         ,"value missing"},
-{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
-{0,NULL}
-        };
+static ERR_STRING_DATA RSA_str_reasons[] = {
+        {ERR_REASON(RSA_R_ALGORITHM_MISMATCH)    , "algorithm mismatch"},
+        {ERR_REASON(RSA_R_BAD_E_VALUE)           , "bad e value"},
+        {ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT), "bad fixed header decrypt"},
+        {ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT)    , "bad pad byte count"},
+        {ERR_REASON(RSA_R_BAD_SIGNATURE)         , "bad signature"},
+        {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01)  , "block type is not 01"},
+        {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02)  , "block type is not 02"},
+        {ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN), "data greater than mod len"},
+        {ERR_REASON(RSA_R_DATA_TOO_LARGE)        , "data too large"},
+        {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), "data too large for key size"},
+        {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS), "data too large for modulus"},
+        {ERR_REASON(RSA_R_DATA_TOO_SMALL)        , "data too small"},
+        {ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE), "data too small for key size"},
+        {ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY), "digest too big for rsa key"},
+        {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D), "dmp1 not congruent to d"},
+        {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D), "dmq1 not congruent to d"},
+        {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1), "d e not congruent to 1"},
+        {ERR_REASON(RSA_R_FIRST_OCTET_INVALID)   , "first octet invalid"},
+        {ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), "illegal or unsupported padding mode"},
+        {ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) , "invalid digest length"},
+        {ERR_REASON(RSA_R_INVALID_HEADER)        , "invalid header"},
+        {ERR_REASON(RSA_R_INVALID_KEYBITS)       , "invalid keybits"},
+        {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"},
+        {ERR_REASON(RSA_R_INVALID_MGF1_MD)       , "invalid mgf1 md"},
+        {ERR_REASON(RSA_R_INVALID_PADDING)       , "invalid padding"},
+        {ERR_REASON(RSA_R_INVALID_PADDING_MODE)  , "invalid padding mode"},
+        {ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS), "invalid pss parameters"},
+        {ERR_REASON(RSA_R_INVALID_PSS_SALTLEN)   , "invalid pss saltlen"},
+        {ERR_REASON(RSA_R_INVALID_SALT_LENGTH)   , "invalid salt length"},
+        {ERR_REASON(RSA_R_INVALID_TRAILER)       , "invalid trailer"},
+        {ERR_REASON(RSA_R_INVALID_X931_DIGEST)   , "invalid x931 digest"},
+        {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) , "iqmp not inverse of q"},
+        {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    , "key size too small"},
+        {ERR_REASON(RSA_R_LAST_OCTET_INVALID)    , "last octet invalid"},
+        {ERR_REASON(RSA_R_MODULUS_TOO_LARGE)     , "modulus too large"},
+        {ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD)   , "non fips rsa method"},
+        {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT)    , "no public exponent"},
+        {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING), "null before block missing"},
+        {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  , "n does not equal p q"},
+        {ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   , "oaep decoding error"},
+        {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), "operation not allowed in fips mode"},
+        {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"},
+        {ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  , "padding check failed"},
+        {ERR_REASON(RSA_R_P_NOT_PRIME)           , "p not prime"},
+        {ERR_REASON(RSA_R_Q_NOT_PRIME)           , "q not prime"},
+        {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED), "rsa operations not supported"},
+        {ERR_REASON(RSA_R_SLEN_CHECK_FAILED)     , "salt length check failed"},
+        {ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED)  , "salt length recovery failed"},
+        {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) , "sslv3 rollback attack"},
+        {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), "the asn1 object identifier is not known for this md"},
+        {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"},
+        {ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST)   , "unknown mask digest"},
+        {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  , "unknown padding type"},
+        {ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST)    , "unknown pss digest"},
+        {ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM), "unsupported mask algorithm"},
+        {ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER), "unsupported mask parameter"},
+        {ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE), "unsupported signature type"},
+        {ERR_REASON(RSA_R_VALUE_MISSING)         , "value missing"},
+        {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
+        {0, NULL}
+};
 
 #endif
 
-void ERR_load_RSA_strings(void)
-        {
+void
+ERR_load_RSA_strings(void)
+{
 #ifndef OPENSSL_NO_ERR
-
-        if (ERR_func_error_string(RSA_str_functs[0].error) == NULL)
-                {
-                ERR_load_strings(0,RSA_str_functs);
-                ERR_load_strings(0,RSA_str_reasons);
-                }
-#endif
+        if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) {
+                ERR_load_strings(0, RSA_str_functs);
+                ERR_load_strings(0, RSA_str_reasons);
         }
+#endif
+}
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index 3a6aa1ca7a..f000b41940 100644
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_gen.c,v 1.14 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_gen.c,v 1.15 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -154,8 +154,8 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
                         if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL,
                             cb))
                                 goto err;
-                        } while (BN_cmp(rsa->p, rsa->q) == 0 &&
-                            ++degenerate < 3);
+                } while (BN_cmp(rsa->p, rsa->q) == 0 &&
+                    ++degenerate < 3);
                 if (degenerate == 3) {
                         ok = 0; /* we set our own err */
                         RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,
@@ -173,7 +173,7 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
         }
         if (!BN_GENCB_call(cb, 3, 1))
                 goto err;
-        if (BN_cmp(rsa->p,rsa->q) < 0) {
+        if (BN_cmp(rsa->p, rsa->q) < 0) {
                 tmp = rsa->p;
                 rsa->p = rsa->q;
                 rsa->q = tmp;
@@ -191,8 +191,8 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
         if (!BN_mul(r0, r1, r2, ctx))                   /* (p-1)(q-1) */
                 goto err;
         if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-                  pr0 = &local_r0;
-                  BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
+                pr0 = &local_r0;
+                BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
         } else
                 pr0 = r0;
         if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx))  /* d */
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 44a86700c2..5afed37825 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_lib.c,v 1.24 2014/07/09 11:10:51 bcook Exp $ */
+/* $OpenBSD: rsa_lib.c,v 1.25 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -144,7 +144,7 @@ RSA_new_method(ENGINE *engine)
                 ret->engine = engine;
         } else
                 ret->engine = ENGINE_get_default_RSA();
-        if(ret->engine) {
+        if (ret->engine) {
                 ret->meth = ENGINE_get_RSA(ret->engine);
                 if (!ret->meth) {
                         RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
diff --git a/src/lib/libcrypto/rsa/rsa_none.c b/src/lib/libcrypto/rsa/rsa_none.c
index fde5eb6ef6..818fd26fa4 100644
--- a/src/lib/libcrypto/rsa/rsa_none.c
+++ b/src/lib/libcrypto/rsa/rsa_none.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_none.c,v 1.5 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_none.c,v 1.6 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -77,7 +77,7 @@ RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *from,
                     RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
                 return 0;
         }
-        
+
         memcpy(to, from, (unsigned int)flen);
         return 1;
 }
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index df288fa615..1e862a99e0 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_oaep.c,v 1.18 2014/07/09 17:08:40 miod Exp $ */
+/* $OpenBSD: rsa_oaep.c,v 1.19 2014/07/09 19:51:38 jsing Exp $ */
 /* Written by Ulf Moeller. This software is distributed on an "AS IS"
    basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
 
@@ -8,7 +8,7 @@
  * <URL: http://www.shoup.net/papers/oaep.ps.Z>
  * for problems with the security proof for the
  * original OAEP scheme, which EME-OAEP is based on.
- * 
+ *
  * A new proof can be found in E. Fujisaki, T. Okamoto,
  * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!",
  * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>.
@@ -29,7 +29,7 @@
 #include <openssl/sha.h>
 
 static int MGF1(unsigned char *mask, long len, const unsigned char *seed,
-            long seedlen);
+    long seedlen);
 
 int
 RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -142,7 +142,7 @@ RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
                 return -1;
         for (i = 0; i < SHA_DIGEST_LENGTH; i++)
                 seed[i] ^= padded_from[i];
-  
+
         if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH))
                 return -1;
         for (i = 0; i < dblen; i++)
@@ -204,7 +204,7 @@ PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
                 cnt[1] = (unsigned char)((i >> 16) & 255);
                 cnt[2] = (unsigned char)((i >> 8)) & 255;
                 cnt[3] = (unsigned char)(i & 255);
-                if (!EVP_DigestInit_ex(&c,dgst, NULL) ||
+                if (!EVP_DigestInit_ex(&c, dgst, NULL) ||
                     !EVP_DigestUpdate(&c, seed, seedlen) ||
                     !EVP_DigestUpdate(&c, cnt, 4))
                         goto err;
diff --git a/src/lib/libcrypto/rsa/rsa_pk1.c b/src/lib/libcrypto/rsa/rsa_pk1.c
index f5492315cc..d394b300c6 100644
--- a/src/lib/libcrypto/rsa/rsa_pk1.c
+++ b/src/lib/libcrypto/rsa/rsa_pk1.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_pk1.c,v 1.8 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_pk1.c,v 1.9 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -69,12 +69,12 @@ RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
         int j;
         unsigned char *p;
 
-        if (flen > (tlen-RSA_PKCS1_PADDING_SIZE)) {
+        if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
                 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,
                     RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return 0;
         }
-        
+
         p = (unsigned char *)to;
 
         *(p++) = 0;
@@ -86,6 +86,7 @@ RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
         p += j;
         *(p++) = '\0';
         memcpy(p, from, (unsigned int)flen);
+
         return 1;
 }
 
@@ -106,7 +107,8 @@ RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
         /* scan over padding data */
         j = flen - 1; /* one for type. */
         for (i = 0; i < j; i++) {
-                if (*p != 0xff) { /* should decrypt to 0xff */
+                if (*p != 0xff) {
+                        /* should decrypt to 0xff */
                         if (*p == 0) {
                                 p++;
                                 break;
@@ -146,15 +148,15 @@ int
 RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
     const unsigned char *from, int flen)
 {
-        int i,j;
+        int i, j;
         unsigned char *p;
-        
+
         if (flen > tlen - 11) {
                 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,
                     RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return 0;
         }
-        
+
         p = (unsigned char *)to;
 
         *(p++) = 0;
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
index 4a662c2894..f35b5800ab 100644
--- a/src/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.9 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.10 2014/07/09 19:51:38 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -110,7 +110,7 @@ pkey_rsa_init(EVP_PKEY_CTX *ctx)
         ctx->data = rctx;
         ctx->keygen_info = rctx->gentmp;
         ctx->keygen_info_count = 2;
-        
+
         return 1;
 }
 
@@ -121,7 +121,7 @@ pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 
         if (!pkey_rsa_init(dst))
                 return 0;
-        sctx = src->data;
+        sctx = src->data;
         dctx = dst->data;
         dctx->nbits = sctx->nbits;
         if (sctx->pub_exp) {
@@ -236,7 +236,7 @@ pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen,
                                 return 0;
                         ret--;
                         if (rctx->tbuf[ret] !=
-                            RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
+                                RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
                                 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
                                     RSA_R_ALGORITHM_MISMATCH);
                                 return 0;
@@ -371,6 +371,7 @@ static int
 pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 {
         RSA_PKEY_CTX *rctx = ctx->data;
+
         switch (type) {
         case EVP_PKEY_CTRL_RSA_PADDING:
                 if (p1 >= RSA_PKCS1_PADDING && p1 <= RSA_PKCS1_PSS_PADDING) {
@@ -458,17 +459,18 @@ bad_pad:
                 return 1;
 #ifndef OPENSSL_NO_CMS
         case EVP_PKEY_CTRL_CMS_DECRYPT:
-            {
-                X509_ALGOR *alg = NULL;
-                ASN1_OBJECT *encalg = NULL;
-
-                if (p2)
-                        CMS_RecipientInfo_ktri_get0_algs(p2, NULL, NULL, &alg);
-                if (alg)
-                        X509_ALGOR_get0(&encalg, NULL, NULL, alg);
-                if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
-                        rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
-            }
+                {
+                        X509_ALGOR *alg = NULL;
+                        ASN1_OBJECT *encalg = NULL;
+
+                        if (p2)
+                                CMS_RecipientInfo_ktri_get0_algs(p2, NULL,
+                                    NULL, &alg);
+                        if (alg)
+                                X509_ALGOR_get0(&encalg, NULL, NULL, alg);
+                        if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
+                                rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
+                }
                 /* FALLTHROUGH */
 
         case EVP_PKEY_CTRL_CMS_ENCRYPT:
@@ -477,18 +479,18 @@ bad_pad:
 #endif
         case EVP_PKEY_CTRL_PEER_KEY:
                 RSAerr(RSA_F_PKEY_RSA_CTRL,
-                RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-                return -2;      
+                    RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
 
         default:
                 return -2;
         }
 }
-                        
+
 static int
 pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
 {
-        long lval;
+        long lval;
         char *ep;
 
         if (!value) {
diff --git a/src/lib/libcrypto/rsa/rsa_prn.c b/src/lib/libcrypto/rsa/rsa_prn.c
index 89cf2b45b0..5d5b0e29d8 100644
--- a/src/lib/libcrypto/rsa/rsa_prn.c
+++ b/src/lib/libcrypto/rsa/rsa_prn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_prn.c,v 1.4 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_prn.c,v 1.5 2014/07/09 19:51:38 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
diff --git a/src/lib/libcrypto/rsa/rsa_pss.c b/src/lib/libcrypto/rsa/rsa_pss.c
index 4c6a90c1c7..09bf32439b 100644
--- a/src/lib/libcrypto/rsa/rsa_pss.c
+++ b/src/lib/libcrypto/rsa/rsa_pss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pss.c,v 1.6 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_pss.c,v 1.7 2014/07/09 19:51:38 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -121,7 +121,8 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
                 EM++;
                 emLen--;
         }
-        if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */
+        if (emLen < (hLen + sLen + 2)) {
+                /* sLen can be small negative */
                 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
                 goto err;
         }
@@ -143,7 +144,7 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
                 DB[i] ^= EM[i];
         if (MSBits)
                 DB[0] &= 0xFF >> (8 - MSBits);
-        for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++)
+        for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++)
                 ;
         if (DB[i++] != 0x1) {
                 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
@@ -168,7 +169,7 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
         if (memcmp(H_, H, hLen)) {
                 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE);
                 ret = 0;
-        } else 
+        } else
                 ret = 1;
 
 err:
diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c
index 50dfef7e71..0ff9f570f4 100644
--- a/src/lib/libcrypto/rsa/rsa_saos.c
+++ b/src/lib/libcrypto/rsa/rsa_saos.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_saos.c,v 1.12 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_saos.c,v 1.13 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -69,7 +69,7 @@ RSA_sign_ASN1_OCTET_STRING(int type, const unsigned char *m, unsigned int m_len,
 {
         ASN1_OCTET_STRING sig;
         int i, j, ret = 1;
-        unsigned char *p,*s;
+        unsigned char *p, *s;
 
         sig.type = V_ASN1_OCTET_STRING;
         sig.length = m_len;
@@ -132,7 +132,7 @@ RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m,
                 goto err;
 
         if ((unsigned int)sig->length != m_len ||
-            memcmp(m,sig->data, m_len) != 0) {
+            memcmp(m, sig->data, m_len) != 0) {
                 RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
                     RSA_R_BAD_SIGNATURE);
         } else
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 9718589be7..11ee2d128d 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_sign.c,v 1.19 2014/07/09 09:04:14 miod Exp $ */
+/* $OpenBSD: rsa_sign.c,v 1.20 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -137,7 +137,7 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
                 OPENSSL_cleanse(tmps, (unsigned int)j + 1);
                 free(tmps);
         }
-        return(ret);
+        return (ret);
 }
 
 int
@@ -199,7 +199,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
                 else
                         ret = 1;
         } else {
-                const unsigned char *p=s;
+                const unsigned char *p = s;
 
                 sig = d2i_X509_SIG(NULL, &p, (long)i);
 
@@ -240,7 +240,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
                                 ret = 1;
                         }
                 } else if ((unsigned int)sig->digest->length != m_len ||
-                    memcmp(m,sig->digest->data,m_len) != 0) {
+                    memcmp(m, sig->digest->data, m_len) != 0) {
                         RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
                 } else
                         ret = 1;
diff --git a/src/lib/libcrypto/rsa/rsa_ssl.c b/src/lib/libcrypto/rsa/rsa_ssl.c
index c6ab71c674..09deb08985 100644
--- a/src/lib/libcrypto/rsa/rsa_ssl.c
+++ b/src/lib/libcrypto/rsa/rsa_ssl.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_ssl.c,v 1.8 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_ssl.c,v 1.9 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -66,15 +66,15 @@ int
 RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *from,
     int flen)
 {
-        int i,j;
+        int i, j;
         unsigned char *p;
-        
+
         if (flen > tlen - 11) {
                 RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,
                     RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return 0;
         }
-        
+
         p = (unsigned char *)to;
 
         *(p++) = 0;
diff --git a/src/lib/libcrypto/rsa/rsa_x931.c b/src/lib/libcrypto/rsa/rsa_x931.c
index c3305139f8..74c4af91a5 100644
--- a/src/lib/libcrypto/rsa/rsa_x931.c
+++ b/src/lib/libcrypto/rsa/rsa_x931.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_x931.c,v 1.4 2014/07/09 09:07:00 miod Exp $ */
+/* $OpenBSD: rsa_x931.c,v 1.5 2014/07/09 19:51:38 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -81,7 +81,7 @@ RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *from,
                     RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return -1;
         }
-        
+
         p = (unsigned char *)to;
 
         /* If no padding start and end nibbles are in one byte */
@@ -103,7 +103,7 @@ RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *from,
 
 int
 RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from,
-   int flen, int num)
+    int flen, int num)
 {
         int i = 0, j;
         const unsigned char *p = from;
@@ -121,13 +121,14 @@ RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from,
                                 break;
                         if (c != 0xBB) {
                                 RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
-                                        RSA_R_INVALID_PADDING);
+                                    RSA_R_INVALID_PADDING);
                                 return -1;
                         }
                 }
 
                 if (i == 0) {
-                        RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+                        RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
+                            RSA_R_INVALID_PADDING);
                         return -1;
                 }
 
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_ameth.c b/src/lib/libssl/src/crypto/rsa/rsa_ameth.c
index 8e15e3f535..813c634f31 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_ameth.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ameth.c,v 1.7 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_ameth.c,v 1.8 2014/07/09 19:51:38 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -104,8 +104,8 @@ rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
 static int
 rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
 {
-        if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0 ||
-            BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
+        if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0 ||
+            BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
                 return 0;
         return 1;
 }
@@ -256,7 +256,7 @@ do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
         ret = 1;
 err:
         free(m);
-        return(ret);
+        return (ret);
 }
 
 static int
@@ -282,13 +282,14 @@ rsa_pss_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash)
 
         if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE)
                 return NULL;
+
         p = alg->parameter->value.sequence->data;
         plen = alg->parameter->value.sequence->length;
         pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);
 
         if (!pss)
                 return NULL;
-        
+
         if (pss->maskGenAlgorithm) {
                 ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
                 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 &&
@@ -351,7 +352,7 @@ rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, X509_ALGOR *maskHash,
         if (!BIO_indent(bp, indent, 128))
                 goto err;
         if (BIO_puts(bp, "Salt Length: 0x") <= 0)
-                        goto err;
+                goto err;
         if (pss->saltLength) {
                 if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
                         goto err;
@@ -369,7 +370,7 @@ rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, X509_ALGOR *maskHash,
         } else if (BIO_puts(bp, "BC (default)") <= 0)
                 goto err;
         BIO_puts(bp, "\n");
-        
+
         rv = 1;
 
 err:
@@ -403,6 +404,7 @@ static int
 rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
 {
         X509_ALGOR *alg = NULL;
+
         switch (op) {
         case ASN1_PKEY_CTRL_PKCS7_SIGN:
                 if (arg1 == 0)
@@ -422,7 +424,7 @@ rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
         case ASN1_PKEY_CTRL_CMS_ENVELOPE:
                 if (arg1 == 0)
                         CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
-        break;
+                break;
 #endif
 
         case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
@@ -440,8 +442,8 @@ rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
         return 1;
 }
 
-/* Customised RSA item verification routine. This is called 
- * when a signature is encountered requiring special handling. We 
+/* Customised RSA item verification routine. This is called
+ * when a signature is encountered requiring special handling. We
  * currently only handle PSS.
  */
 static int
@@ -460,6 +462,7 @@ rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
                 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
                 return -1;
         }
+
         /* Decode PSS parameters */
         pss = rsa_pss_decode(sigalg, &maskHash);
 
@@ -544,7 +547,7 @@ err:
 
 static int
 rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
-   X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig)
+    X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig)
 {
         int pad_mode;
         EVP_PKEY_CTX *pkctx = ctx->pctx;
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_asn1.c b/src/lib/libssl/src/crypto/rsa/rsa_asn1.c
index e876dbdf49..9bc5f17b06 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_asn1.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_asn1.c,v 1.7 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_asn1.c,v 1.8 2014/07/09 19:51:38 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -99,10 +99,10 @@ ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
 } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
 
 ASN1_SEQUENCE(RSA_PSS_PARAMS) = {
-        ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),
-        ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),
-        ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),
-        ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3)
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR, 0),
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR, 1),
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER, 2),
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER, 3)
 } ASN1_SEQUENCE_END(RSA_PSS_PARAMS)
 
 IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_chk.c b/src/lib/libssl/src/crypto/rsa/rsa_chk.c
index 54113f89f6..0f9e0944db 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_chk.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_chk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_chk.c,v 1.7 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_chk.c,v 1.8 2014/07/09 19:51:38 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -65,7 +65,7 @@ RSA_check_key(const RSA *key)
                 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
                 return 0;
         }
-        
+
         i = BN_new();
         j = BN_new();
         k = BN_new();
@@ -78,7 +78,7 @@ RSA_check_key(const RSA *key)
                 RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
                 goto err;
         }
-        
+
         /* p prime? */
         r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
         if (r != 1) {
@@ -87,7 +87,7 @@ RSA_check_key(const RSA *key)
                         goto err;
                 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
         }
-        
+
         /* q prime? */
         r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
         if (r != 1) {
@@ -96,19 +96,19 @@ RSA_check_key(const RSA *key)
                         goto err;
                 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
         }
-        
+
         /* n = p*q? */
         r = BN_mul(i, key->p, key->q, ctx);
         if (!r) {
                 ret = -1;
                 goto err;
         }
-        
+
         if (BN_cmp(i, key->n) != 0) {
                 ret = 0;
                 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
         }
-        
+
         /* d*e = 1  mod lcm(p-1,q-1)? */
 
         r = BN_sub(i, key->p, BN_value_one());
@@ -149,7 +149,7 @@ RSA_check_key(const RSA *key)
                 ret = 0;
                 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
         }
-        
+
         if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
                 /* dmp1 = d mod (p-1)? */
                 r = BN_sub(i, key->p, BN_value_one());
@@ -169,14 +169,14 @@ RSA_check_key(const RSA *key)
                         RSAerr(RSA_F_RSA_CHECK_KEY,
                             RSA_R_DMP1_NOT_CONGRUENT_TO_D);
                 }
-        
-                /* dmq1 = d mod (q-1)? */    
+
+                /* dmq1 = d mod (q-1)? */
                 r = BN_sub(i, key->q, BN_value_one());
                 if (!r) {
                         ret = -1;
                         goto err;
                 }
-        
+
                 r = BN_mod(j, key->d, i, ctx);
                 if (!r) {
                         ret = -1;
@@ -188,7 +188,7 @@ RSA_check_key(const RSA *key)
                         RSAerr(RSA_F_RSA_CHECK_KEY,
                             RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
                 }
-        
+
                 /* iqmp = q^-1 mod p? */
                 if (!BN_mod_inverse(i, key->q, key->p, ctx)) {
                         ret = -1;
@@ -202,7 +202,7 @@ RSA_check_key(const RSA *key)
                 }
         }
 
- err:
+err:
         if (i != NULL)
                 BN_free(i);
         if (j != NULL)
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_crpt.c b/src/lib/libssl/src/crypto/rsa/rsa_crpt.c
index 16679cfd14..fb09d235e1 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_crpt.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_crpt.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_crpt.c,v 1.5 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_crpt.c,v 1.6 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -134,7 +134,7 @@ RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
         rsa->flags &= ~RSA_FLAG_NO_BLINDING;
         ret = 1;
 err:
-        return(ret);
+        return (ret);
 }
 
 static BIGNUM *
@@ -181,7 +181,7 @@ RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
                 ctx = in_ctx;
 
         BN_CTX_start(ctx);
-        e  = BN_CTX_get(ctx);
+        e = BN_CTX_get(ctx);
         if (e == NULL) {
                 RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
                 goto err;
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_depr.c b/src/lib/libssl/src/crypto/rsa/rsa_depr.c
index 6808b5aecb..7a3ecca666 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_depr.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_depr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_depr.c,v 1.4 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_depr.c,v 1.5 2014/07/09 19:51:38 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
index 06bd8ded96..ede772cb83 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_eay.c,v 1.30 2014/07/09 08:44:53 miod Exp $ */
+/* $OpenBSD: rsa_eay.c,v 1.31 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -116,16 +116,17 @@
 #include <openssl/rand.h>
 
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
+    unsigned char *to, RSA *rsa, int padding);
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
+    unsigned char *to, RSA *rsa, int padding);
 static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
+    unsigned char *to, RSA *rsa, int padding);
 static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
+    unsigned char *to, RSA *rsa, int padding);
 static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
 static int RSA_eay_init(RSA *rsa);
 static int RSA_eay_finish(RSA *rsa);
+
 static RSA_METHOD rsa_pkcs1_eay_meth = {
         .name = "Eric Young's PKCS#1 RSA",
         .rsa_pub_enc = RSA_eay_public_encrypt,
@@ -170,8 +171,8 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
                         return -1;
                 }
         }
-        
-        if ((ctx=BN_CTX_new()) == NULL)
+
+        if ((ctx = BN_CTX_new()) == NULL)
                 goto err;
         BN_CTX_start(ctx);
         f = BN_CTX_get(ctx);
@@ -179,7 +180,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
         num = BN_num_bytes(rsa->n);
         buf = malloc(num);
         if (!f || !ret || !buf) {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
+                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
                 goto err;
         }
 
@@ -189,7 +190,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
                 break;
 #ifndef OPENSSL_NO_SHA
         case RSA_PKCS1_OAEP_PADDING:
-                i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
+                i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
                 break;
 #endif
         case RSA_SSLV23_PADDING:
@@ -208,7 +209,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
 
         if (BN_bin2bn(buf, num, f) == NULL)
                 goto err;
-        
+
         if (BN_ucmp(f, rsa->n) >= 0) {
                 /* usually the padding functions would catch this */
                 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
@@ -221,7 +222,8 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
                     CRYPTO_LOCK_RSA, rsa->n, ctx))
                         goto err;
 
-        if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n))
+        if (!rsa->meth->bn_mod_exp(ret, f,rsa->e, rsa->n, ctx,
+            rsa->_method_mod_n))
                 goto err;
 
         /* put in leading 0 bytes if the number is less than the
@@ -286,7 +288,7 @@ rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
                                 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
                                 got_write_lock = 1;
                         }
-                        
+
                         if (rsa->mt_blinding == NULL)
                                 rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
                 }
@@ -355,7 +357,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
         BIGNUM *unblind = NULL;
         BN_BLINDING *blinding = NULL;
 
-        if ((ctx=BN_CTX_new()) == NULL)
+        if ((ctx = BN_CTX_new()) == NULL)
                 goto err;
         BN_CTX_start(ctx);
         f = BN_CTX_get(ctx);
@@ -386,10 +388,10 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
         if (i <= 0)
                 goto err;
 
-        if (BN_bin2bn(buf,num,f) == NULL)
+        if (BN_bin2bn(buf, num, f) == NULL)
                 goto err;
-        
-        if (BN_ucmp(f, rsa->n) >= 0) {  
+
+                if (BN_ucmp(f, rsa->n) >= 0) {
                 /* usually the padding functions would catch this */
                 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
                     RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
@@ -404,7 +406,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
                         goto err;
                 }
         }
-        
+
         if (blinding != NULL) {
                 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
                         RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
@@ -417,13 +419,13 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
 
         if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
             (rsa->p != NULL && rsa->q != NULL && rsa->dmp1 != NULL &&
-             rsa->dmq1 != NULL && rsa->iqmp != NULL)) { 
+            rsa->dmq1 != NULL && rsa->iqmp != NULL)) {
                 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
                         goto err;
         } else {
                 BIGNUM local_d;
                 BIGNUM *d = NULL;
-                
+
                 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
                         BN_init(&local_d);
                         d = &local_d;
@@ -436,7 +438,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
                             CRYPTO_LOCK_RSA, rsa->n, ctx))
                                 goto err;
 
-                if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n,ctx,
+                if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
                     rsa->_method_mod_n))
                         goto err;
         }
@@ -530,7 +532,7 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
                         goto err;
                 }
         }
-        
+
         if (blinding != NULL) {
                 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
                         RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
@@ -544,13 +546,13 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
         /* do the decrypt */
         if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
             (rsa->p != NULL && rsa->q != NULL && rsa->dmp1 != NULL &&
-             rsa->dmq1 != NULL && rsa->iqmp != NULL)) {
+            rsa->dmq1 != NULL && rsa->iqmp != NULL)) {
                 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
                         goto err;
         } else {
                 BIGNUM local_d;
                 BIGNUM *d = NULL;
-                
+
                 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
                         d = &local_d;
                         BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
@@ -578,11 +580,11 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
                 r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
                 break;
 #ifndef OPENSSL_NO_SHA
-        case RSA_PKCS1_OAEP_PADDING:
-                r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
-                break;
+        case RSA_PKCS1_OAEP_PADDING:
+                r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
+                break;
 #endif
-        case RSA_SSLV23_PADDING:
+        case RSA_SSLV23_PADDING:
                 r = RSA_padding_check_SSLv23(to, num, buf, j, num);
                 break;
         case RSA_NO_PADDING:
@@ -603,7 +605,7 @@ err:
                 BN_CTX_free(ctx);
         }
         if (buf != NULL) {
-                OPENSSL_cleanse(buf,num);
+                OPENSSL_cleanse(buf, num);
                 free(buf);
         }
         return r;
@@ -615,7 +617,7 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
     RSA *rsa, int padding)
 {
         BIGNUM *f, *ret;
-        int i, num = 0,r = -1;
+        int i, num = 0, r = -1;
         unsigned char *p;
         unsigned char *buf = NULL;
         BN_CTX *ctx = NULL;
@@ -637,7 +639,7 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
                         return -1;
                 }
         }
-        
+
         if ((ctx = BN_CTX_new()) == NULL)
                 goto err;
         BN_CTX_start(ctx);
@@ -658,7 +660,7 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
                 goto err;
         }
 
-        if (BN_bin2bn(from,flen,f) == NULL)
+        if (BN_bin2bn(from, flen, f) == NULL)
                 goto err;
 
         if (BN_ucmp(f, rsa->n) >= 0) {
@@ -801,7 +803,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
                 BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
         } else
                 dmp1 = rsa->dmp1;
-        if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p,ctx,
+        if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx,
             rsa->_method_mod_p))
                 goto err;
 
@@ -824,7 +826,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
                 BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
         } else
                 pr1 = r1;
-        if (!BN_mod(r0, pr1, rsa->p,ctx))
+        if (!BN_mod(r0, pr1, rsa->p, ctx))
                 goto err;
 
         /*
@@ -869,7 +871,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 
                         BIGNUM local_d;
                         BIGNUM *d = NULL;
-                
+
                         if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
                                 d = &local_d;
                                 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
@@ -890,7 +892,7 @@ static int
 RSA_eay_init(RSA *rsa)
 {
         rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
-        return 1 ;
+        return 1;
 }
 
 static int
@@ -902,5 +904,6 @@ RSA_eay_finish(RSA *rsa)
                 BN_MONT_CTX_free(rsa->_method_mod_p);
         if (rsa->_method_mod_q != NULL)
                 BN_MONT_CTX_free(rsa->_method_mod_q);
+
         return 1;
 }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_err.c b/src/lib/libssl/src/crypto/rsa/rsa_err.c
index c7d6881100..893069a892 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_err.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_err.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_err.c,v 1.13 2014/07/09 08:44:53 miod Exp $ */
+/* $OpenBSD: rsa_err.c,v 1.14 2014/07/09 19:51:38 jsing Exp $ */
 /* ====================================================================
  * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
  *
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -68,136 +68,133 @@
 #define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
 #define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
 
-static ERR_STRING_DATA RSA_str_functs[]=
-        {
-{ERR_FUNC(RSA_F_CHECK_PADDING_MD),      "CHECK_PADDING_MD"},
-{ERR_FUNC(RSA_F_DO_RSA_PRINT),  "DO_RSA_PRINT"},
-{ERR_FUNC(RSA_F_INT_RSA_VERIFY),        "INT_RSA_VERIFY"},
-{ERR_FUNC(RSA_F_MEMORY_LOCK),   "MEMORY_LOCK"},
-{ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE),   "OLD_RSA_PRIV_DECODE"},
-{ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"},
-{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR),     "PKEY_RSA_CTRL_STR"},
-{ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
-{ERR_FUNC(RSA_F_PKEY_RSA_VERIFY),       "PKEY_RSA_VERIFY"},
-{ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER),        "PKEY_RSA_VERIFYRECOVER"},
-{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),    "RSA_BUILTIN_KEYGEN"},
-{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT),       "RSA_EAY_PRIVATE_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT),       "RSA_EAY_PRIVATE_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT),        "RSA_EAY_PUBLIC_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT),        "RSA_EAY_PUBLIC_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_GENERATE_KEY),      "RSA_generate_key"},
-{ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX),   "RSA_generate_key_ex"},
-{ERR_FUNC(RSA_F_RSA_ITEM_VERIFY),       "RSA_ITEM_VERIFY"},
-{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK),       "RSA_memory_lock"},
-{ERR_FUNC(RSA_F_RSA_NEW_METHOD),        "RSA_new_method"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE),  "RSA_padding_add_none"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),    "RSA_padding_add_PKCS1_OAEP"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS),     "RSA_padding_add_PKCS1_PSS"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1),        "RSA_padding_add_PKCS1_PSS_mgf1"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1),  "RSA_padding_add_PKCS1_type_1"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2),  "RSA_padding_add_PKCS1_type_2"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23),        "RSA_padding_add_SSLv23"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931),  "RSA_padding_add_X931"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE),        "RSA_padding_check_none"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP),  "RSA_padding_check_PKCS1_OAEP"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),        "RSA_padding_check_PKCS1_type_1"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),        "RSA_padding_check_PKCS1_type_2"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23),      "RSA_padding_check_SSLv23"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931),        "RSA_padding_check_X931"},
-{ERR_FUNC(RSA_F_RSA_PRINT),     "RSA_print"},
-{ERR_FUNC(RSA_F_RSA_PRINT_FP),  "RSA_print_fp"},
-{ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT),   "RSA_private_decrypt"},
-{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT),   "RSA_private_encrypt"},
-{ERR_FUNC(RSA_F_RSA_PRIV_DECODE),       "RSA_PRIV_DECODE"},
-{ERR_FUNC(RSA_F_RSA_PRIV_ENCODE),       "RSA_PRIV_ENCODE"},
-{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT),    "RSA_public_decrypt"},
-{ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT),    "RSA_public_encrypt"},
-{ERR_FUNC(RSA_F_RSA_PUB_DECODE),        "RSA_PUB_DECODE"},
-{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING),    "RSA_setup_blinding"},
-{ERR_FUNC(RSA_F_RSA_SIGN),      "RSA_sign"},
-{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),    "RSA_sign_ASN1_OCTET_STRING"},
-{ERR_FUNC(RSA_F_RSA_VERIFY),    "RSA_verify"},
-{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),  "RSA_verify_ASN1_OCTET_STRING"},
-{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS),  "RSA_verify_PKCS1_PSS"},
-{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1),     "RSA_verify_PKCS1_PSS_mgf1"},
-{0,NULL}
-        };
+static ERR_STRING_DATA RSA_str_functs[] = {
+        {ERR_FUNC(RSA_F_CHECK_PADDING_MD),      "CHECK_PADDING_MD"},
+        {ERR_FUNC(RSA_F_DO_RSA_PRINT),  "DO_RSA_PRINT"},
+        {ERR_FUNC(RSA_F_INT_RSA_VERIFY),        "INT_RSA_VERIFY"},
+        {ERR_FUNC(RSA_F_MEMORY_LOCK),   "MEMORY_LOCK"},
+        {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE),   "OLD_RSA_PRIV_DECODE"},
+        {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"},
+        {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR),     "PKEY_RSA_CTRL_STR"},
+        {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
+        {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY),       "PKEY_RSA_VERIFY"},
+        {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER),        "PKEY_RSA_VERIFYRECOVER"},
+        {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),    "RSA_BUILTIN_KEYGEN"},
+        {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
+        {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT),       "RSA_EAY_PRIVATE_DECRYPT"},
+        {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT),       "RSA_EAY_PRIVATE_ENCRYPT"},
+        {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT),        "RSA_EAY_PUBLIC_DECRYPT"},
+        {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT),        "RSA_EAY_PUBLIC_ENCRYPT"},
+        {ERR_FUNC(RSA_F_RSA_GENERATE_KEY),      "RSA_generate_key"},
+        {ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX),   "RSA_generate_key_ex"},
+        {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY),       "RSA_ITEM_VERIFY"},
+        {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK),       "RSA_memory_lock"},
+        {ERR_FUNC(RSA_F_RSA_NEW_METHOD),        "RSA_new_method"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE),  "RSA_padding_add_none"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),    "RSA_padding_add_PKCS1_OAEP"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS),     "RSA_padding_add_PKCS1_PSS"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1),        "RSA_padding_add_PKCS1_PSS_mgf1"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1),  "RSA_padding_add_PKCS1_type_1"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2),  "RSA_padding_add_PKCS1_type_2"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23),        "RSA_padding_add_SSLv23"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931),  "RSA_padding_add_X931"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE),        "RSA_padding_check_none"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP),  "RSA_padding_check_PKCS1_OAEP"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),        "RSA_padding_check_PKCS1_type_1"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),        "RSA_padding_check_PKCS1_type_2"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23),      "RSA_padding_check_SSLv23"},
+        {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931),        "RSA_padding_check_X931"},
+        {ERR_FUNC(RSA_F_RSA_PRINT),     "RSA_print"},
+        {ERR_FUNC(RSA_F_RSA_PRINT_FP),  "RSA_print_fp"},
+        {ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT),   "RSA_private_decrypt"},
+        {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT),   "RSA_private_encrypt"},
+        {ERR_FUNC(RSA_F_RSA_PRIV_DECODE),       "RSA_PRIV_DECODE"},
+        {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE),       "RSA_PRIV_ENCODE"},
+        {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT),    "RSA_public_decrypt"},
+        {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT),    "RSA_public_encrypt"},
+        {ERR_FUNC(RSA_F_RSA_PUB_DECODE),        "RSA_PUB_DECODE"},
+        {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING),    "RSA_setup_blinding"},
+        {ERR_FUNC(RSA_F_RSA_SIGN),      "RSA_sign"},
+        {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),    "RSA_sign_ASN1_OCTET_STRING"},
+        {ERR_FUNC(RSA_F_RSA_VERIFY),    "RSA_verify"},
+        {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),  "RSA_verify_ASN1_OCTET_STRING"},
+        {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS),  "RSA_verify_PKCS1_PSS"},
+        {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1),     "RSA_verify_PKCS1_PSS_mgf1"},
+        {0, NULL}
+};
 
-static ERR_STRING_DATA RSA_str_reasons[]=
-        {
-{ERR_REASON(RSA_R_ALGORITHM_MISMATCH)    ,"algorithm mismatch"},
-{ERR_REASON(RSA_R_BAD_E_VALUE)           ,"bad e value"},
-{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT),"bad fixed header decrypt"},
-{ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT)    ,"bad pad byte count"},
-{ERR_REASON(RSA_R_BAD_SIGNATURE)         ,"bad signature"},
-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01)  ,"block type is not 01"},
-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02)  ,"block type is not 02"},
-{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),"data greater than mod len"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE)        ,"data too large"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),"data too large for modulus"},
-{ERR_REASON(RSA_R_DATA_TOO_SMALL)        ,"data too small"},
-{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),"data too small for key size"},
-{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),"digest too big for rsa key"},
-{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"},
-{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
-{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
-{ERR_REASON(RSA_R_FIRST_OCTET_INVALID)   ,"first octet invalid"},
-{ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),"illegal or unsupported padding mode"},
-{ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) ,"invalid digest length"},
-{ERR_REASON(RSA_R_INVALID_HEADER)        ,"invalid header"},
-{ERR_REASON(RSA_R_INVALID_KEYBITS)       ,"invalid keybits"},
-{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
-{ERR_REASON(RSA_R_INVALID_MGF1_MD)       ,"invalid mgf1 md"},
-{ERR_REASON(RSA_R_INVALID_PADDING)       ,"invalid padding"},
-{ERR_REASON(RSA_R_INVALID_PADDING_MODE)  ,"invalid padding mode"},
-{ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS),"invalid pss parameters"},
-{ERR_REASON(RSA_R_INVALID_PSS_SALTLEN)   ,"invalid pss saltlen"},
-{ERR_REASON(RSA_R_INVALID_SALT_LENGTH)   ,"invalid salt length"},
-{ERR_REASON(RSA_R_INVALID_TRAILER)       ,"invalid trailer"},
-{ERR_REASON(RSA_R_INVALID_X931_DIGEST)   ,"invalid x931 digest"},
-{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
-{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
-{ERR_REASON(RSA_R_LAST_OCTET_INVALID)    ,"last octet invalid"},
-{ERR_REASON(RSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
-{ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD)   ,"non fips rsa method"},
-{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT)    ,"no public exponent"},
-{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
-{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
-{ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
-{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
-{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
-{ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
-{ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
-{ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},
-{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
-{ERR_REASON(RSA_R_SLEN_CHECK_FAILED)     ,"salt length check failed"},
-{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED)  ,"salt length recovery failed"},
-{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"},
-{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
-{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
-{ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST)   ,"unknown mask digest"},
-{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  ,"unknown padding type"},
-{ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST)    ,"unknown pss digest"},
-{ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM),"unsupported mask algorithm"},
-{ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER),"unsupported mask parameter"},
-{ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE),"unsupported signature type"},
-{ERR_REASON(RSA_R_VALUE_MISSING)         ,"value missing"},
-{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
-{0,NULL}
-        };
+static ERR_STRING_DATA RSA_str_reasons[] = {
+        {ERR_REASON(RSA_R_ALGORITHM_MISMATCH)    , "algorithm mismatch"},
+        {ERR_REASON(RSA_R_BAD_E_VALUE)           , "bad e value"},
+        {ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT), "bad fixed header decrypt"},
+        {ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT)    , "bad pad byte count"},
+        {ERR_REASON(RSA_R_BAD_SIGNATURE)         , "bad signature"},
+        {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01)  , "block type is not 01"},
+        {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02)  , "block type is not 02"},
+        {ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN), "data greater than mod len"},
+        {ERR_REASON(RSA_R_DATA_TOO_LARGE)        , "data too large"},
+        {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE), "data too large for key size"},
+        {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS), "data too large for modulus"},
+        {ERR_REASON(RSA_R_DATA_TOO_SMALL)        , "data too small"},
+        {ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE), "data too small for key size"},
+        {ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY), "digest too big for rsa key"},
+        {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D), "dmp1 not congruent to d"},
+        {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D), "dmq1 not congruent to d"},
+        {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1), "d e not congruent to 1"},
+        {ERR_REASON(RSA_R_FIRST_OCTET_INVALID)   , "first octet invalid"},
+        {ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE), "illegal or unsupported padding mode"},
+        {ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) , "invalid digest length"},
+        {ERR_REASON(RSA_R_INVALID_HEADER)        , "invalid header"},
+        {ERR_REASON(RSA_R_INVALID_KEYBITS)       , "invalid keybits"},
+        {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"},
+        {ERR_REASON(RSA_R_INVALID_MGF1_MD)       , "invalid mgf1 md"},
+        {ERR_REASON(RSA_R_INVALID_PADDING)       , "invalid padding"},
+        {ERR_REASON(RSA_R_INVALID_PADDING_MODE)  , "invalid padding mode"},
+        {ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS), "invalid pss parameters"},
+        {ERR_REASON(RSA_R_INVALID_PSS_SALTLEN)   , "invalid pss saltlen"},
+        {ERR_REASON(RSA_R_INVALID_SALT_LENGTH)   , "invalid salt length"},
+        {ERR_REASON(RSA_R_INVALID_TRAILER)       , "invalid trailer"},
+        {ERR_REASON(RSA_R_INVALID_X931_DIGEST)   , "invalid x931 digest"},
+        {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) , "iqmp not inverse of q"},
+        {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    , "key size too small"},
+        {ERR_REASON(RSA_R_LAST_OCTET_INVALID)    , "last octet invalid"},
+        {ERR_REASON(RSA_R_MODULUS_TOO_LARGE)     , "modulus too large"},
+        {ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD)   , "non fips rsa method"},
+        {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT)    , "no public exponent"},
+        {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING), "null before block missing"},
+        {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  , "n does not equal p q"},
+        {ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   , "oaep decoding error"},
+        {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE), "operation not allowed in fips mode"},
+        {ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"},
+        {ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  , "padding check failed"},
+        {ERR_REASON(RSA_R_P_NOT_PRIME)           , "p not prime"},
+        {ERR_REASON(RSA_R_Q_NOT_PRIME)           , "q not prime"},
+        {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED), "rsa operations not supported"},
+        {ERR_REASON(RSA_R_SLEN_CHECK_FAILED)     , "salt length check failed"},
+        {ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED)  , "salt length recovery failed"},
+        {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) , "sslv3 rollback attack"},
+        {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), "the asn1 object identifier is not known for this md"},
+        {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"},
+        {ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST)   , "unknown mask digest"},
+        {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  , "unknown padding type"},
+        {ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST)    , "unknown pss digest"},
+        {ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM), "unsupported mask algorithm"},
+        {ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER), "unsupported mask parameter"},
+        {ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE), "unsupported signature type"},
+        {ERR_REASON(RSA_R_VALUE_MISSING)         , "value missing"},
+        {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
+        {0, NULL}
+};
 
 #endif
 
-void ERR_load_RSA_strings(void)
-        {
+void
+ERR_load_RSA_strings(void)
+{
 #ifndef OPENSSL_NO_ERR
-
-        if (ERR_func_error_string(RSA_str_functs[0].error) == NULL)
-                {
-                ERR_load_strings(0,RSA_str_functs);
-                ERR_load_strings(0,RSA_str_reasons);
-                }
-#endif
+        if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) {
+                ERR_load_strings(0, RSA_str_functs);
+                ERR_load_strings(0, RSA_str_reasons);
         }
+#endif
+}
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_gen.c b/src/lib/libssl/src/crypto/rsa/rsa_gen.c
index 3a6aa1ca7a..f000b41940 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_gen.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_gen.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_gen.c,v 1.14 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_gen.c,v 1.15 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -154,8 +154,8 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
                         if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL,
                             cb))
                                 goto err;
-                        } while (BN_cmp(rsa->p, rsa->q) == 0 &&
-                            ++degenerate < 3);
+                } while (BN_cmp(rsa->p, rsa->q) == 0 &&
+                    ++degenerate < 3);
                 if (degenerate == 3) {
                         ok = 0; /* we set our own err */
                         RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,
@@ -173,7 +173,7 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
         }
         if (!BN_GENCB_call(cb, 3, 1))
                 goto err;
-        if (BN_cmp(rsa->p,rsa->q) < 0) {
+        if (BN_cmp(rsa->p, rsa->q) < 0) {
                 tmp = rsa->p;
                 rsa->p = rsa->q;
                 rsa->q = tmp;
@@ -191,8 +191,8 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
         if (!BN_mul(r0, r1, r2, ctx))                   /* (p-1)(q-1) */
                 goto err;
         if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
-                  pr0 = &local_r0;
-                  BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
+                pr0 = &local_r0;
+                BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
         } else
                 pr0 = r0;
         if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx))  /* d */
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_lib.c b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
index 44a86700c2..5afed37825 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_lib.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_lib.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_lib.c,v 1.24 2014/07/09 11:10:51 bcook Exp $ */
+/* $OpenBSD: rsa_lib.c,v 1.25 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -144,7 +144,7 @@ RSA_new_method(ENGINE *engine)
                 ret->engine = engine;
         } else
                 ret->engine = ENGINE_get_default_RSA();
-        if(ret->engine) {
+        if (ret->engine) {
                 ret->meth = ENGINE_get_RSA(ret->engine);
                 if (!ret->meth) {
                         RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_none.c b/src/lib/libssl/src/crypto/rsa/rsa_none.c
index fde5eb6ef6..818fd26fa4 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_none.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_none.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_none.c,v 1.5 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_none.c,v 1.6 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -77,7 +77,7 @@ RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *from,
                     RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
                 return 0;
         }
-        
+
         memcpy(to, from, (unsigned int)flen);
         return 1;
 }
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
index df288fa615..1e862a99e0 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_oaep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_oaep.c,v 1.18 2014/07/09 17:08:40 miod Exp $ */
+/* $OpenBSD: rsa_oaep.c,v 1.19 2014/07/09 19:51:38 jsing Exp $ */
 /* Written by Ulf Moeller. This software is distributed on an "AS IS"
    basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
 
@@ -8,7 +8,7 @@
  * <URL: http://www.shoup.net/papers/oaep.ps.Z>
  * for problems with the security proof for the
  * original OAEP scheme, which EME-OAEP is based on.
- * 
+ *
  * A new proof can be found in E. Fujisaki, T. Okamoto,
  * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!",
  * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>.
@@ -29,7 +29,7 @@
 #include <openssl/sha.h>
 
 static int MGF1(unsigned char *mask, long len, const unsigned char *seed,
-            long seedlen);
+    long seedlen);
 
 int
 RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -142,7 +142,7 @@ RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
                 return -1;
         for (i = 0; i < SHA_DIGEST_LENGTH; i++)
                 seed[i] ^= padded_from[i];
-  
+
         if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH))
                 return -1;
         for (i = 0; i < dblen; i++)
@@ -204,7 +204,7 @@ PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
                 cnt[1] = (unsigned char)((i >> 16) & 255);
                 cnt[2] = (unsigned char)((i >> 8)) & 255;
                 cnt[3] = (unsigned char)(i & 255);
-                if (!EVP_DigestInit_ex(&c,dgst, NULL) ||
+                if (!EVP_DigestInit_ex(&c, dgst, NULL) ||
                     !EVP_DigestUpdate(&c, seed, seedlen) ||
                     !EVP_DigestUpdate(&c, cnt, 4))
                         goto err;
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pk1.c b/src/lib/libssl/src/crypto/rsa/rsa_pk1.c
index f5492315cc..d394b300c6 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_pk1.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_pk1.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_pk1.c,v 1.8 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_pk1.c,v 1.9 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -69,12 +69,12 @@ RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
         int j;
         unsigned char *p;
 
-        if (flen > (tlen-RSA_PKCS1_PADDING_SIZE)) {
+        if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
                 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,
                     RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return 0;
         }
-        
+
         p = (unsigned char *)to;
 
         *(p++) = 0;
@@ -86,6 +86,7 @@ RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
         p += j;
         *(p++) = '\0';
         memcpy(p, from, (unsigned int)flen);
+
         return 1;
 }
 
@@ -106,7 +107,8 @@ RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
         /* scan over padding data */
         j = flen - 1; /* one for type. */
         for (i = 0; i < j; i++) {
-                if (*p != 0xff) { /* should decrypt to 0xff */
+                if (*p != 0xff) {
+                        /* should decrypt to 0xff */
                         if (*p == 0) {
                                 p++;
                                 break;
@@ -146,15 +148,15 @@ int
 RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
     const unsigned char *from, int flen)
 {
-        int i,j;
+        int i, j;
         unsigned char *p;
-        
+
         if (flen > tlen - 11) {
                 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,
                     RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return 0;
         }
-        
+
         p = (unsigned char *)to;
 
         *(p++) = 0;
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
index 4a662c2894..f35b5800ab 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.9 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.10 2014/07/09 19:51:38 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -110,7 +110,7 @@ pkey_rsa_init(EVP_PKEY_CTX *ctx)
         ctx->data = rctx;
         ctx->keygen_info = rctx->gentmp;
         ctx->keygen_info_count = 2;
-        
+
         return 1;
 }
 
@@ -121,7 +121,7 @@ pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
 
         if (!pkey_rsa_init(dst))
                 return 0;
-        sctx = src->data;
+        sctx = src->data;
         dctx = dst->data;
         dctx->nbits = sctx->nbits;
         if (sctx->pub_exp) {
@@ -236,7 +236,7 @@ pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen,
                                 return 0;
                         ret--;
                         if (rctx->tbuf[ret] !=
-                            RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
+                                RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
                                 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
                                     RSA_R_ALGORITHM_MISMATCH);
                                 return 0;
@@ -371,6 +371,7 @@ static int
 pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 {
         RSA_PKEY_CTX *rctx = ctx->data;
+
         switch (type) {
         case EVP_PKEY_CTRL_RSA_PADDING:
                 if (p1 >= RSA_PKCS1_PADDING && p1 <= RSA_PKCS1_PSS_PADDING) {
@@ -458,17 +459,18 @@ bad_pad:
                 return 1;
 #ifndef OPENSSL_NO_CMS
         case EVP_PKEY_CTRL_CMS_DECRYPT:
-            {
-                X509_ALGOR *alg = NULL;
-                ASN1_OBJECT *encalg = NULL;
-
-                if (p2)
-                        CMS_RecipientInfo_ktri_get0_algs(p2, NULL, NULL, &alg);
-                if (alg)
-                        X509_ALGOR_get0(&encalg, NULL, NULL, alg);
-                if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
-                        rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
-            }
+                {
+                        X509_ALGOR *alg = NULL;
+                        ASN1_OBJECT *encalg = NULL;
+
+                        if (p2)
+                                CMS_RecipientInfo_ktri_get0_algs(p2, NULL,
+                                    NULL, &alg);
+                        if (alg)
+                                X509_ALGOR_get0(&encalg, NULL, NULL, alg);
+                        if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
+                                rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
+                }
                 /* FALLTHROUGH */
 
         case EVP_PKEY_CTRL_CMS_ENCRYPT:
@@ -477,18 +479,18 @@ bad_pad:
 #endif
         case EVP_PKEY_CTRL_PEER_KEY:
                 RSAerr(RSA_F_PKEY_RSA_CTRL,
-                RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-                return -2;      
+                    RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+                return -2;
 
         default:
                 return -2;
         }
 }
-                        
+
 static int
 pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
 {
-        long lval;
+        long lval;
         char *ep;
 
         if (!value) {
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_prn.c b/src/lib/libssl/src/crypto/rsa/rsa_prn.c
index 89cf2b45b0..5d5b0e29d8 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_prn.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_prn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_prn.c,v 1.4 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_prn.c,v 1.5 2014/07/09 19:51:38 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_pss.c b/src/lib/libssl/src/crypto/rsa/rsa_pss.c
index 4c6a90c1c7..09bf32439b 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_pss.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_pss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pss.c,v 1.6 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_pss.c,v 1.7 2014/07/09 19:51:38 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -121,7 +121,8 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
                 EM++;
                 emLen--;
         }
-        if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */
+        if (emLen < (hLen + sLen + 2)) {
+                /* sLen can be small negative */
                 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
                 goto err;
         }
@@ -143,7 +144,7 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
                 DB[i] ^= EM[i];
         if (MSBits)
                 DB[0] &= 0xFF >> (8 - MSBits);
-        for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++)
+        for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++)
                 ;
         if (DB[i++] != 0x1) {
                 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1,
@@ -168,7 +169,7 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
         if (memcmp(H_, H, hLen)) {
                 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE);
                 ret = 0;
-        } else 
+        } else
                 ret = 1;
 
 err:
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_saos.c b/src/lib/libssl/src/crypto/rsa/rsa_saos.c
index 50dfef7e71..0ff9f570f4 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_saos.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_saos.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_saos.c,v 1.12 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_saos.c,v 1.13 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -69,7 +69,7 @@ RSA_sign_ASN1_OCTET_STRING(int type, const unsigned char *m, unsigned int m_len,
 {
         ASN1_OCTET_STRING sig;
         int i, j, ret = 1;
-        unsigned char *p,*s;
+        unsigned char *p, *s;
 
         sig.type = V_ASN1_OCTET_STRING;
         sig.length = m_len;
@@ -132,7 +132,7 @@ RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m,
                 goto err;
 
         if ((unsigned int)sig->length != m_len ||
-            memcmp(m,sig->data, m_len) != 0) {
+            memcmp(m, sig->data, m_len) != 0) {
                 RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
                     RSA_R_BAD_SIGNATURE);
         } else
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_sign.c b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
index 9718589be7..11ee2d128d 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_sign.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_sign.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_sign.c,v 1.19 2014/07/09 09:04:14 miod Exp $ */
+/* $OpenBSD: rsa_sign.c,v 1.20 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -137,7 +137,7 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
                 OPENSSL_cleanse(tmps, (unsigned int)j + 1);
                 free(tmps);
         }
-        return(ret);
+        return (ret);
 }
 
 int
@@ -199,7 +199,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
                 else
                         ret = 1;
         } else {
-                const unsigned char *p=s;
+                const unsigned char *p = s;
 
                 sig = d2i_X509_SIG(NULL, &p, (long)i);
 
@@ -240,7 +240,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
                                 ret = 1;
                         }
                 } else if ((unsigned int)sig->digest->length != m_len ||
-                    memcmp(m,sig->digest->data,m_len) != 0) {
+                    memcmp(m, sig->digest->data, m_len) != 0) {
                         RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
                 } else
                         ret = 1;
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_ssl.c b/src/lib/libssl/src/crypto/rsa/rsa_ssl.c
index c6ab71c674..09deb08985 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_ssl.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_ssl.c
@@ -1,25 +1,25 @@
-/* $OpenBSD: rsa_ssl.c,v 1.8 2014/07/09 08:20:08 miod Exp $ */
+/* $OpenBSD: rsa_ssl.c,v 1.9 2014/07/09 19:51:38 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -66,15 +66,15 @@ int
 RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *from,
     int flen)
 {
-        int i,j;
+        int i, j;
         unsigned char *p;
-        
+
         if (flen > tlen - 11) {
                 RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,
                     RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return 0;
         }
-        
+
         p = (unsigned char *)to;
 
         *(p++) = 0;
diff --git a/src/lib/libssl/src/crypto/rsa/rsa_x931.c b/src/lib/libssl/src/crypto/rsa/rsa_x931.c
index c3305139f8..74c4af91a5 100644
--- a/src/lib/libssl/src/crypto/rsa/rsa_x931.c
+++ b/src/lib/libssl/src/crypto/rsa/rsa_x931.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_x931.c,v 1.4 2014/07/09 09:07:00 miod Exp $ */
+/* $OpenBSD: rsa_x931.c,v 1.5 2014/07/09 19:51:38 jsing Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2005.
  */
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -81,7 +81,7 @@ RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *from,
                     RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
                 return -1;
         }
-        
+
         p = (unsigned char *)to;
 
         /* If no padding start and end nibbles are in one byte */
@@ -103,7 +103,7 @@ RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *from,
 
 int
 RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from,
-   int flen, int num)
+    int flen, int num)
 {
         int i = 0, j;
         const unsigned char *p = from;
@@ -121,13 +121,14 @@ RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from,
                                 break;
                         if (c != 0xBB) {
                                 RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
-                                        RSA_R_INVALID_PADDING);
+                                    RSA_R_INVALID_PADDING);
                                 return -1;
                         }
                 }
 
                 if (i == 0) {
-                        RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+                        RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
+                            RSA_R_INVALID_PADDING);
                         return -1;
                 }