More KNF.

34 files changed, 1324 insertions, 1030 deletions

diff --git a/src/lib/libcrypto/asn1/x_algor.c b/src/lib/libcrypto/asn1/x_algor.c
index 7ae473485c..65f81e8692 100644
--- a/src/lib/libcrypto/asn1/x_algor.c
+++ b/src/lib/libcrypto/asn1/x_algor.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -66,8 +66,8 @@ ASN1_SEQUENCE(X509_ALGOR) = {
         ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
 } ASN1_SEQUENCE_END(X509_ALGOR)
 
-ASN1_ITEM_TEMPLATE(X509_ALGORS) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
+ASN1_ITEM_TEMPLATE(X509_ALGORS) =
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
 ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
@@ -77,7 +77,8 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
 IMPLEMENT_STACK_OF(X509_ALGOR)
 IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
 
-int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
+int
+X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
 {
         if (!alg)
                 return 0;
@@ -93,20 +94,20 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
                 alg->algorithm = aobj;
         }
         if (ptype == 0)
-                return 1;       
+                return 1;
         if (ptype == V_ASN1_UNDEF) {
                 if (alg->parameter) {
                         ASN1_TYPE_free(alg->parameter);
                         alg->parameter = NULL;
                 }
-        }
-        else
+        } else
                 ASN1_TYPE_set(alg->parameter, ptype, pval);
         return 1;
 }
 
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
-                                                X509_ALGOR *algor)
+void
+X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+    X509_ALGOR *algor)
 {
         if (paobj)
                 *paobj = algor->algorithm;
@@ -114,8 +115,7 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
                 if (algor->parameter == NULL) {
                         *pptype = V_ASN1_UNDEF;
                         return;
-                }
-                else
+                } else
                         *pptype = algor->parameter->type;
                 if (ppval)
                         *ppval = algor->parameter->value.ptr;
@@ -124,7 +124,8 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
 
 /* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
 
-void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
+void
+X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
 {
         int param_type;
 
@@ -134,5 +135,4 @@ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
                 param_type = V_ASN1_NULL;
 
         X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
-
 }
diff --git a/src/lib/libcrypto/asn1/x_attrib.c b/src/lib/libcrypto/asn1/x_attrib.c
index e620e1224e..248a6efa4e 100644
--- a/src/lib/libcrypto/asn1/x_attrib.c
+++ b/src/lib/libcrypto/asn1/x_attrib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -96,23 +96,30 @@ ASN1_SEQUENCE(X509_ATTRIBUTE) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
 
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
+X509_ATTRIBUTE *
+X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
 {
-        X509_ATTRIBUTE *ret=NULL;
-        ASN1_TYPE *val=NULL;
+        X509_ATTRIBUTE *ret = NULL;
+        ASN1_TYPE *val = NULL;
+
+        if ((ret = X509_ATTRIBUTE_new()) == NULL)
+                return (NULL);
+        ret->object = OBJ_nid2obj(nid);
+        ret->single = 0;
+        if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL)
+                goto err;
+        if ((val = ASN1_TYPE_new()) == NULL)
+                goto err;
+        if (!sk_ASN1_TYPE_push(ret->value.set, val))
+                goto err;
 
-        if ((ret=X509_ATTRIBUTE_new()) == NULL)
-                return(NULL);
-        ret->object=OBJ_nid2obj(nid);
-        ret->single=0;
-        if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
-        if ((val=ASN1_TYPE_new()) == NULL) goto err;
-        if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
+        ASN1_TYPE_set(val, atrtype, value);
+        return (ret);
 
-        ASN1_TYPE_set(val,atrtype,value);
-        return(ret);
 err:
-        if (ret != NULL) X509_ATTRIBUTE_free(ret);
-        if (val != NULL) ASN1_TYPE_free(val);
-        return(NULL);
+        if (ret != NULL)
+                X509_ATTRIBUTE_free(ret);
+        if (val != NULL)
+                ASN1_TYPE_free(val);
+        return (NULL);
 }
diff --git a/src/lib/libcrypto/asn1/x_bignum.c b/src/lib/libcrypto/asn1/x_bignum.c
index 9cf3204a1b..bc74164fdc 100644
--- a/src/lib/libcrypto/asn1/x_bignum.c
+++ b/src/lib/libcrypto/asn1/x_bignum.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -72,11 +72,14 @@
 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+    const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+    int utype, char *free_cont, const ASN1_ITEM *it);
 
 static ASN1_PRIMITIVE_FUNCS bignum_pf = {
-        NULL, 0,
+        NULL,
+        0,
         bn_new,
         bn_free,
         0,
@@ -85,55 +88,69 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf = {
 };
 
 ASN1_ITEM_start(BIGNUM)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
 ASN1_ITEM_end(BIGNUM)
 
 ASN1_ITEM_start(CBIGNUM)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
 ASN1_ITEM_end(CBIGNUM)
 
-static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int
+bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
         *pval = (ASN1_VALUE *)BN_new();
-        if(*pval) return 1;
-        else return 0;
+        if (*pval)
+                return 1;
+        else
+                return 0;
 }
 
-static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static void
+bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-        if(!*pval) return;
-        if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
-        else BN_free((BIGNUM *)*pval);
+        if (!*pval)
+                return;
+        if (it->size & BN_SENSITIVE)
+                BN_clear_free((BIGNUM *)*pval);
+        else
+                BN_free((BIGNUM *)*pval);
         *pval = NULL;
 }
 
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+static int
+bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
 {
         BIGNUM *bn;
         int pad;
-        if(!*pval) return -1;
+
+        if (!*pval)
+                return -1;
         bn = (BIGNUM *)*pval;
         /* If MSB set in an octet we need a padding byte */
-        if(BN_num_bits(bn) & 0x7) pad = 0;
-        else pad = 1;
-        if(cont) {
-                if(pad) *cont++ = 0;
+        if (BN_num_bits(bn) & 0x7)
+                pad = 0;
+        else
+                pad = 1;
+        if (cont) {
+                if (pad)
+                        *cont++ = 0;
                 BN_bn2bin(bn, cont);
         }
         return pad + BN_num_bytes(bn);
 }
 
-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
-                  int utype, char *free_cont, const ASN1_ITEM *it)
+static int
+bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
+    char *free_cont, const ASN1_ITEM *it)
 {
         BIGNUM *bn;
-        if(!*pval) bn_new(pval, it);
-        bn  = (BIGNUM *)*pval;
-        if(!BN_bin2bn(cont, len, bn)) {
+
+        if (!*pval)
+                bn_new(pval, it);
+        bn = (BIGNUM *)*pval;
+        if (!BN_bin2bn(cont, len, bn)) {
                 bn_free(pval, it);
                 return 0;
         }
         return 1;
 }
-
-
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
index ea94f026b2..674cca4a1c 100644
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,23 +64,23 @@
 #include <openssl/x509v3.h>
 
 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
-                                const X509_REVOKED * const *b);
+    const X509_REVOKED * const *b);
 static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
 
 ASN1_SEQUENCE(X509_REVOKED) = {
-        ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
-        ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
-        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+        ASN1_SIMPLE(X509_REVOKED, serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REVOKED, revocationDate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_REVOKED, extensions, X509_EXTENSION)
 } ASN1_SEQUENCE_END(X509_REVOKED)
 
 static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
-static int def_crl_lookup(X509_CRL *crl,
-                X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer);
+static int def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret,
+    ASN1_INTEGER *serial, X509_NAME *issuer);
 
-static X509_CRL_METHOD int_crl_meth =
-{
+static X509_CRL_METHOD int_crl_meth = {
+        0,
+        0,
         0,
-        0,0,
         def_crl_lookup,
         def_crl_verify
 };
@@ -91,18 +91,19 @@ static const X509_CRL_METHOD *default_crl_method = &int_crl_meth;
  * Since we cache the original encoding the signature wont be affected by
  * reordering of the revoked field.
  */
-static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                                                                void *exarg)
+static int
+crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
         X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
 
-        if(!a || !a->revoked) return 1;
-        switch(operation) {
+        if (!a || !a->revoked)
+                return 1;
+        switch (operation) {
                 /* Just set cmp function here. We don't sort because that
                  * would affect the output of X509_CRL_print().
                  */
         case ASN1_OP_D2I_POST:
-                (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
+                (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp);
                 break;
         }
         return 1;
@@ -123,9 +124,9 @@ ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
  * Check for unhandled critical CRL entry extensions.
  */
 
-static int crl_set_issuers(X509_CRL *crl)
+static int
+crl_set_issuers(X509_CRL *crl)
 {
-
         int i, j;
         GENERAL_NAMES *gens, *gtmp;
         STACK_OF(X509_REVOKED) *revoked;
@@ -138,9 +139,8 @@ static int crl_set_issuers(X509_CRL *crl)
                 STACK_OF(X509_EXTENSION) *exts;
                 ASN1_ENUMERATED *reason;
                 X509_EXTENSION *ext;
-                gtmp = X509_REVOKED_get_ext_d2i(rev, 
-                                                NID_certificate_issuer,
-                                                &j, NULL);
+                gtmp = X509_REVOKED_get_ext_d2i(rev, NID_certificate_issuer,
+                    &j, NULL);
                 if (!gtmp && (j != -1)) {
                         crl->flags |= EXFLAG_INVALID;
                         return 1;
@@ -159,7 +159,7 @@ static int crl_set_issuers(X509_CRL *crl)
                 rev->issuer = gens;
 
                 reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason,
-                                                                &j, NULL);
+                    &j, NULL);
                 if (!reason && (j != -1)) {
                         crl->flags |= EXFLAG_INVALID;
                         return 1;
@@ -169,7 +169,7 @@ static int crl_set_issuers(X509_CRL *crl)
                         rev->reason = ASN1_ENUMERATED_get(reason);
                         ASN1_ENUMERATED_free(reason);
                 } else
-                        rev->reason = CRL_REASON_NONE;  
+                        rev->reason = CRL_REASON_NONE;
 
                 /* Check for critical CRL entry extensions */
 
@@ -179,32 +179,29 @@ static int crl_set_issuers(X509_CRL *crl)
                         ext = sk_X509_EXTENSION_value(exts, j);
                         if (ext->critical > 0) {
                                 if (OBJ_obj2nid(ext->object) ==
-                                        NID_certificate_issuer)
+                                    NID_certificate_issuer)
                                         continue;
                                 crl->flags |= EXFLAG_CRITICAL;
                                 break;
                         }
                 }
-
-
         }
 
         return 1;
-
 }
 
 /* The X509_CRL structure needs a bit of customisation. Cache some extensions
  * and hash of the whole CRL.
  */
-static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                                                                void *exarg)
+static int
+crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
         X509_CRL *crl = (X509_CRL *)*pval;
         STACK_OF(X509_EXTENSION) *exts;
         X509_EXTENSION *ext;
         int idx;
 
-        switch(operation) {
+        switch (operation) {
         case ASN1_OP_NEW_POST:
                 crl->idp = NULL;
                 crl->akid = NULL;
@@ -223,23 +220,23 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                 X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
 #endif
                 crl->idp = X509_CRL_get_ext_d2i(crl,
-                                NID_issuing_distribution_point, NULL, NULL);
+                    NID_issuing_distribution_point, NULL, NULL);
                 if (crl->idp)
                         setup_idp(crl, crl->idp);
 
                 crl->akid = X509_CRL_get_ext_d2i(crl,
-                                NID_authority_key_identifier, NULL, NULL);      
+                    NID_authority_key_identifier, NULL, NULL);
 
                 crl->crl_number = X509_CRL_get_ext_d2i(crl,
-                                NID_crl_number, NULL, NULL);    
+                    NID_crl_number, NULL, NULL);
 
                 crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
-                                NID_delta_crl, NULL, NULL);     
+                    NID_delta_crl, NULL, NULL);
                 /* Delta CRLs must have CRL number */
                 if (crl->base_crl_number && !crl->crl_number)
                         crl->flags |= EXFLAG_INVALID;
 
-                /* See if we have any unhandled critical CRL extensions and 
+                /* See if we have any unhandled critical CRL extensions and
                  * indicate this in a flag. We only currently handle IDP so
                  * anything else critical sets the flag.
                  *
@@ -257,15 +254,14 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                                 crl->flags |= EXFLAG_FRESHEST;
                         if (ext->critical > 0) {
                                 /* We handle IDP and deltas */
-                                if ((nid == NID_issuing_distribution_point)
-                                        || (nid == NID_delta_crl))
+                                if ((nid == NID_issuing_distribution_point) ||
+                                    (nid == NID_delta_crl))
                                         break;;
                                 crl->flags |= EXFLAG_CRITICAL;
                                 break;
                         }
                 }
 
-
                 if (!crl_set_issuers(crl))
                         return 0;
 
@@ -294,9 +290,11 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 
 /* Convert IDP into a more convenient form */
 
-static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
+static void
+setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
 {
         int idp_only = 0;
+
         /* Set various flags according to IDP */
         crl->idp_flags |= IDP_PRESENT;
         if (idp->onlyuser > 0) {
@@ -324,7 +322,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
                         crl->idp_reasons = idp->onlysomereasons->data[0];
                 if (idp->onlysomereasons->length > 1)
                         crl->idp_reasons |=
-                                (idp->onlysomereasons->data[1] << 8);
+                            (idp->onlysomereasons->data[1] << 8);
                 crl->idp_reasons &= CRLDP_ALL_REASONS;
         }
 
@@ -342,60 +340,65 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
 IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
 
-static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
-                        const X509_REVOKED * const *b)
+static int
+X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b)
 {
         return(ASN1_STRING_cmp(
-                (ASN1_STRING *)(*a)->serialNumber,
-                (ASN1_STRING *)(*b)->serialNumber));
+            (ASN1_STRING *)(*a)->serialNumber,
+            (ASN1_STRING *)(*b)->serialNumber));
 }
 
-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+int
+X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
 {
         X509_CRL_INFO *inf;
+
         inf = crl->crl;
-        if(!inf->revoked)
+        if (!inf->revoked)
                 inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
-        if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+        if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
                 ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
                 return 0;
-}
+        }
         inf->enc.modified = 1;
         return 1;
 }
 
-int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
+int
+X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
 {
         if (crl->meth->crl_verify)
                 return crl->meth->crl_verify(crl, r);
         return 0;
 }
 
-int X509_CRL_get0_by_serial(X509_CRL *crl,
-                X509_REVOKED **ret, ASN1_INTEGER *serial)
+int
+X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret,
+    ASN1_INTEGER *serial)
 {
         if (crl->meth->crl_lookup)
                 return crl->meth->crl_lookup(crl, ret, serial, NULL);
         return 0;
 }
 
-int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
+int
+X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
 {
         if (crl->meth->crl_lookup)
                 return crl->meth->crl_lookup(crl, ret,
-                                                X509_get_serialNumber(x),
-                                                X509_get_issuer_name(x));
+                    X509_get_serialNumber(x), X509_get_issuer_name(x));
         return 0;
 }
 
-static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
+static int
+def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
 {
         return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
-                crl->sig_alg, crl->signature,crl->crl,r));
+            crl->sig_alg, crl->signature, crl->crl, r));
 }
 
-static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
-                                                X509_REVOKED *rev)
+static int
+crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, X509_REVOKED *rev)
 {
         int i;
 
@@ -421,11 +424,13 @@ static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
 
 }
 
-static int def_crl_lookup(X509_CRL *crl,
-                X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer)
+static int
+def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial,
+    X509_NAME *issuer)
 {
         X509_REVOKED rtmp, *rev;
         int idx;
+
         rtmp.serialNumber = serial;
         /* Sort revoked into serial number order if not already sorted.
          * Do this under a lock to avoid race condition.
@@ -436,10 +441,10 @@ static int def_crl_lookup(X509_CRL *crl,
                 CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
         }
         idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
-        if(idx < 0)
+        if (idx < 0)
                 return 0;
         /* Need to look for matching name */
-        for(;idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) {
+        for (; idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) {
                 rev = sk_X509_REVOKED_value(crl->crl->revoked, idx);
                 if (ASN1_INTEGER_cmp(rev->serialNumber, serial))
                         return 0;
@@ -454,22 +459,24 @@ static int def_crl_lookup(X509_CRL *crl,
         return 0;
 }
 
-void X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
+void
+X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
 {
         if (meth == NULL)
                 default_crl_method = &int_crl_meth;
-        else 
+        else
                 default_crl_method = meth;
 }
 
-X509_CRL_METHOD *X509_CRL_METHOD_new(
-        int (*crl_init)(X509_CRL *crl),
-        int (*crl_free)(X509_CRL *crl),
-        int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
-                                ASN1_INTEGER *ser, X509_NAME *issuer),
-        int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk))
+X509_CRL_METHOD *
+X509_CRL_METHOD_new(int (*crl_init)(X509_CRL *crl),
+    int (*crl_free)(X509_CRL *crl),
+    int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
+    ASN1_INTEGER *ser, X509_NAME *issuer),
+    int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk))
 {
         X509_CRL_METHOD *m;
+
         m = malloc(sizeof(X509_CRL_METHOD));
         if (!m)
                 return NULL;
@@ -481,19 +488,22 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(
         return m;
 }
 
-void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
+void
+X509_CRL_METHOD_free(X509_CRL_METHOD *m)
 {
         if (!(m->flags & X509_CRL_METHOD_DYNAMIC))
                 return;
         free(m);
 }
 
-void X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
+void
+X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
 {
         crl->meth_data = dat;
 }
 
-void *X509_CRL_get_meth_data(X509_CRL *crl)
+void *
+X509_CRL_get_meth_data(X509_CRL *crl)
 {
         return crl->meth_data;
 }
diff --git a/src/lib/libcrypto/asn1/x_exten.c b/src/lib/libcrypto/asn1/x_exten.c
index 3a21239926..5b3f49ed0f 100644
--- a/src/lib/libcrypto/asn1/x_exten.c
+++ b/src/lib/libcrypto/asn1/x_exten.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -67,8 +67,8 @@ ASN1_SEQUENCE(X509_EXTENSION) = {
         ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(X509_EXTENSION)
 
-ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
+ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
 ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
diff --git a/src/lib/libcrypto/asn1/x_info.c b/src/lib/libcrypto/asn1/x_info.c
index 07ce15dbd7..4d3e2ebd17 100644
--- a/src/lib/libcrypto/asn1/x_info.c
+++ b/src/lib/libcrypto/asn1/x_info.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,42 +62,49 @@
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
 
-X509_INFO *X509_INFO_new(void)
+X509_INFO *
+X509_INFO_new(void)
 {
-        X509_INFO *ret=NULL;
+        X509_INFO *ret = NULL;
 
-        ret=(X509_INFO *)malloc(sizeof(X509_INFO));
+        ret = (X509_INFO *)malloc(sizeof(X509_INFO));
         if (ret == NULL) {
-                ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
-                return(NULL);
+                ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE);
+                return (NULL);
         }
- 
-        ret->enc_cipher.cipher=NULL;
-        ret->enc_len=0;
-        ret->enc_data=NULL;
- 
-        ret->references=1;
-        ret->x509=NULL;
-        ret->crl=NULL;
-        ret->x_pkey=NULL;
-        return(ret);
+
+        ret->enc_cipher.cipher = NULL;
+        ret->enc_len = 0;
+        ret->enc_data = NULL;
+
+        ret->references = 1;
+        ret->x509 = NULL;
+        ret->crl = NULL;
+        ret->x_pkey = NULL;
+        return (ret);
 }
 
-void X509_INFO_free(X509_INFO *x)
+void
+X509_INFO_free(X509_INFO *x)
 {
         int i;
 
-        if (x == NULL) return;
+        if (x == NULL)
+                return;
 
-        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
-        if (i > 0) return;
+        i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_INFO);
+        if (i > 0)
+                return;
 
-        if (x->x509 != NULL) X509_free(x->x509);
-        if (x->crl != NULL) X509_CRL_free(x->crl);
-        if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
-        if (x->enc_data != NULL) free(x->enc_data);
+        if (x->x509 != NULL)
+                X509_free(x->x509);
+        if (x->crl != NULL)
+                X509_CRL_free(x->crl);
+        if (x->x_pkey != NULL)
+                X509_PKEY_free(x->x_pkey);
+        if (x->enc_data != NULL)
+                free(x->enc_data);
         free(x);
 }
 
 IMPLEMENT_STACK_OF(X509_INFO)
-
diff --git a/src/lib/libcrypto/asn1/x_long.c b/src/lib/libcrypto/asn1/x_long.c
index 1417284d3c..81dcc4fc29 100644
--- a/src/lib/libcrypto/asn1/x_long.c
+++ b/src/lib/libcrypto/asn1/x_long.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -84,25 +84,29 @@ static ASN1_PRIMITIVE_FUNCS long_pf = {
 };
 
 ASN1_ITEM_start(LONG)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
 ASN1_ITEM_end(LONG)
 
 ASN1_ITEM_start(ZLONG)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
 ASN1_ITEM_end(ZLONG)
 
-static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int
+long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
         *(long *)pval = it->size;
         return 1;
 }
 
-static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static void
+long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
         *(long *)pval = it->size;
 }
 
-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+static int
+long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+    const ASN1_ITEM *it)
 {
         long ltmp;
         unsigned long utmp;
@@ -113,58 +117,70 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A
         /* use memcpy, because we may not be long aligned */
         memcpy(&ltmp, cp, sizeof(long));
 
-        if(ltmp == it->size) return -1;
+        if (ltmp == it->size)
+                return -1;
         /* Convert the long to positive: we subtract one if negative so
          * we can cleanly handle the padding if only the MSB of the leading
-         * octet is set. 
+         * octet is set.
          */
-        if(ltmp < 0) utmp = -ltmp - 1;
-        else utmp = ltmp;
+        if (ltmp < 0)
+                utmp = -ltmp - 1;
+        else
+                utmp = ltmp;
         clen = BN_num_bits_word(utmp);
         /* If MSB of leading octet set we need to pad */
-        if(!(clen & 0x7)) pad = 1;
-        else pad = 0;
+        if (!(clen & 0x7))
+                pad = 1;
+        else
+                pad = 0;
 
         /* Convert number of bits to number of octets */
         clen = (clen + 7) >> 3;
 
-        if(cont) {
-                if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
-                for(i = clen - 1; i >= 0; i--) {
+        if (cont) {
+                if (pad)
+                        *cont++ = (ltmp < 0) ? 0xff : 0;
+                for (i = clen - 1; i >= 0; i--) {
                         cont[i] = (unsigned char)(utmp & 0xff);
-                        if(ltmp < 0) cont[i] ^= 0xff;
+                        if (ltmp < 0)
+                                cont[i] ^= 0xff;
                         utmp >>= 8;
                 }
         }
         return clen + pad;
 }
 
-static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
-                    int utype, char *free_cont, const ASN1_ITEM *it)
+static int
+long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
+    char *free_cont, const ASN1_ITEM *it)
 {
         int neg, i;
         long ltmp;
         unsigned long utmp = 0;
         char *cp = (char *)pval;
-        if(len > (int)sizeof(long)) {
+        if (len > (int)sizeof(long)) {
                 ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
                 return 0;
         }
         /* Is it negative? */
-        if(len && (cont[0] & 0x80)) neg = 1;
-        else neg = 0;
+        if (len && (cont[0] & 0x80))
+                neg = 1;
+        else
+                neg = 0;
         utmp = 0;
-        for(i = 0; i < len; i++) {
+        for (i = 0; i < len; i++) {
                 utmp <<= 8;
-                if(neg) utmp |= cont[i] ^ 0xff;
-                else utmp |= cont[i];
+                if (neg)
+                        utmp |= cont[i] ^ 0xff;
+                else
+                        utmp |= cont[i];
         }
         ltmp = (long)utmp;
-        if(neg) {
+        if (neg) {
                 ltmp++;
                 ltmp = -ltmp;
         }
-        if(ltmp == it->size) {
+        if (ltmp == it->size) {
                 ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
                 return 0;
         }
@@ -172,8 +188,9 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         return 1;
 }
 
-static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                        int indent, const ASN1_PCTX *pctx)
+static int
+long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent,
+    const ASN1_PCTX *pctx)
 {
         return BIO_printf(out, "%ld\n", *(long *)pval);
 }
diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c
index d10ac5acd1..70459babc4 100644
--- a/src/lib/libcrypto/asn1/x_name.c
+++ b/src/lib/libcrypto/asn1/x_name.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -66,13 +66,12 @@
 typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
 DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
 
-static int x509_name_ex_d2i(ASN1_VALUE **val,
-                                const unsigned char **in, long len,
-                                const ASN1_ITEM *it,
-                                int tag, int aclass, char opt, ASN1_TLC *ctx);
+static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in,
+    long len, const ASN1_ITEM *it, int tag, int aclass, char opt,
+    ASN1_TLC *ctx);
 
 static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
-                                const ASN1_ITEM *it, int tag, int aclass);
+    const ASN1_ITEM *it, int tag, int aclass);
 static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
 static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
 
@@ -80,13 +79,10 @@ static int x509_name_encode(X509_NAME *a);
 static int x509_name_canon(X509_NAME *a);
 static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in);
 static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname,
-                          unsigned char **in);
+    unsigned char **in);
 
-
-static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
-                                                int indent,
-                                                const char *fname, 
-                                                const ASN1_PCTX *pctx);
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, int indent,
+    const char *fname, const ASN1_PCTX *pctx);
 
 ASN1_SEQUENCE(X509_NAME_ENTRY) = {
         ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
@@ -101,11 +97,11 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
  */
 
 ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
 ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
 
 ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
 ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
 
 /* Normally that's where it would end: we'd have two nested STACK structures
@@ -124,26 +120,30 @@ const ASN1_EXTERN_FUNCS x509_name_ff = {
         x509_name_ex_print
 };
 
-IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
 
-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+static int
+x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
 {
         X509_NAME *ret = NULL;
+
         ret = malloc(sizeof(X509_NAME));
-        if(!ret) goto memerr;
-        if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
+        if (!ret)
+                goto memerr;
+        if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
+                goto memerr;
+        if ((ret->bytes = BUF_MEM_new()) == NULL)
                 goto memerr;
-        if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
         ret->canon_enc = NULL;
         ret->canon_enclen = 0;
-        ret->modified=1;
+        ret->modified = 1;
         *val = (ASN1_VALUE *)ret;
         return 1;
 
- memerr:
+memerr:
         ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
         if (ret) {
                 if (ret->entries)
@@ -153,54 +153,64 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
         return 0;
 }
 
-static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static void
+x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
         X509_NAME *a;
-        if(!pval || !*pval)
-            return;
+
+        if (!pval || !*pval)
+                return;
         a = (X509_NAME *)*pval;
 
         BUF_MEM_free(a->bytes);
-        sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+        sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
         if (a->canon_enc)
                 free(a->canon_enc);
         free(a);
         *pval = NULL;
 }
 
-static int x509_name_ex_d2i(ASN1_VALUE **val,
-                        const unsigned char **in, long len, const ASN1_ITEM *it,
-                                int tag, int aclass, char opt, ASN1_TLC *ctx)
+static int
+x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
+    const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx)
 {
         const unsigned char *p = *in, *q;
-        union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
-                ASN1_VALUE *a; } intname = {NULL};
-        union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
+        union {
+                STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+                ASN1_VALUE *a;
+        } intname = {NULL};
+        union {
+                X509_NAME *x;
+                ASN1_VALUE *a;
+        } nm = {NULL};
         int i, j, ret;
         STACK_OF(X509_NAME_ENTRY) *entries;
         X509_NAME_ENTRY *entry;
         q = p;
 
         /* Get internal representation of Name */
-        ret = ASN1_item_ex_d2i(&intname.a,
-                               &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
-                               tag, aclass, opt, ctx);
-        
-        if(ret <= 0) return ret;
-
-        if(*val) x509_name_ex_free(val, NULL);
-        if(!x509_name_ex_new(&nm.a, NULL)) goto err;
+        ret = ASN1_item_ex_d2i(&intname.a, &p, len,
+            ASN1_ITEM_rptr(X509_NAME_INTERNAL), tag, aclass, opt, ctx);
+
+        if (ret <= 0)
+                return ret;
+
+        if (*val)
+                x509_name_ex_free(val, NULL);
+        if (!x509_name_ex_new(&nm.a, NULL))
+                goto err;
         /* We've decoded it: now cache encoding */
-        if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err;
+        if (!BUF_MEM_grow(nm.x->bytes, p - q))
+                goto err;
         memcpy(nm.x->bytes->data, q, p - q);
 
         /* Convert internal representation to X509_NAME structure */
-        for(i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
+        for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
                 entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
-                for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+                for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
                         entry = sk_X509_NAME_ENTRY_value(entries, j);
                         entry->set = i;
-                        if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
+                        if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
                                 goto err;
                 }
                 sk_X509_NAME_ENTRY_free(entries);
@@ -213,90 +223,104 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
         *val = nm.a;
         *in = p;
         return ret;
+
 err:
-        if (nm.x != NULL)
+        if (nm.x != NULL)
                 X509_NAME_free(nm.x);
         ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
         return 0;
 }
 
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+static int
+x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it,
+    int tag, int aclass)
 {
         int ret;
         X509_NAME *a = (X509_NAME *)*val;
-        if(a->modified) {
+
+        if (a->modified) {
                 ret = x509_name_encode(a);
-                if(ret < 0)
+                if (ret < 0)
                         return ret;
                 ret = x509_name_canon(a);
-                if(ret < 0)
+                if (ret < 0)
                         return ret;
         }
         ret = a->bytes->length;
-        if(out != NULL) {
-                memcpy(*out,a->bytes->data,ret);
-                *out+=ret;
+        if (out != NULL) {
+                memcpy(*out, a->bytes->data, ret);
+                *out += ret;
         }
         return ret;
 }
 
-static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
+static void
+local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
 {
         sk_X509_NAME_ENTRY_free(ne);
 }
 
-static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
+static void
+local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
 {
         sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
 }
 
-static int x509_name_encode(X509_NAME *a)
+static int
+x509_name_encode(X509_NAME *a)
 {
-        union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
-                ASN1_VALUE *a; } intname = {NULL};
+        union {
+                STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+                ASN1_VALUE *a;
+        } intname = {NULL};
         int len;
         unsigned char *p;
         STACK_OF(X509_NAME_ENTRY) *entries = NULL;
         X509_NAME_ENTRY *entry;
         int i, set = -1;
+
         intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
-        if(!intname.s) goto memerr;
-        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        if (!intname.s)
+                goto memerr;
+        for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
                 entry = sk_X509_NAME_ENTRY_value(a->entries, i);
-                if(entry->set != set) {
+                if (entry->set != set) {
                         entries = sk_X509_NAME_ENTRY_new_null();
-                        if(!entries) goto memerr;
-                        if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s,
-                                                             entries))
+                        if (!entries)
+                                goto memerr;
+                        if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s,
+                            entries))
                                 goto memerr;
                         set = entry->set;
                 }
-                if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
+                if (!sk_X509_NAME_ENTRY_push(entries, entry))
+                        goto memerr;
         }
         len = ASN1_item_ex_i2d(&intname.a, NULL,
-                               ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-        if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
-        p=(unsigned char *)a->bytes->data;
-        ASN1_item_ex_i2d(&intname.a,
-                         &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+            ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+        if (!BUF_MEM_grow(a->bytes, len))
+                goto memerr;
+        p = (unsigned char *)a->bytes->data;
+        ASN1_item_ex_i2d(&intname.a, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+            -1, -1);
         sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
-                                             local_sk_X509_NAME_ENTRY_free);
+            local_sk_X509_NAME_ENTRY_free);
         a->modified = 0;
         return len;
+
 memerr:
         sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
-                                             local_sk_X509_NAME_ENTRY_free);
+            local_sk_X509_NAME_ENTRY_free);
         ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
         return -1;
 }
 
-static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
-                                                int indent,
-                                                const char *fname, 
-                                                const ASN1_PCTX *pctx)
+static int
+x509_name_ex_print(BIO *out, ASN1_VALUE **pval, int indent, const char *fname,
+    const ASN1_PCTX *pctx)
 {
-        if (X509_NAME_print_ex(out, (X509_NAME *)*pval,
-                                        indent, pctx->nm_flags) <= 0)
+        if (X509_NAME_print_ex(out, (X509_NAME *)*pval, indent,
+            pctx->nm_flags) <= 0)
                 return 0;
         return 2;
 }
@@ -314,7 +338,8 @@ static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
  * dirName can also be checked with a simple memcmp().
  */
 
-static int x509_name_canon(X509_NAME *a)
+static int
+x509_name_canon(X509_NAME *a)
 {
         unsigned char *p;
         STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
@@ -325,22 +350,22 @@ static int x509_name_canon(X509_NAME *a)
         if (a->canon_enc) {
                 free(a->canon_enc);
                 a->canon_enc = NULL;
-                }
+        }
         /* Special case: empty X509_NAME => null encoding */
         if (sk_X509_NAME_ENTRY_num(a->entries) == 0) {
                 a->canon_enclen = 0;
                 return 1;
         }
         intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
-        if(!intname)
+        if (!intname)
                 goto err;
-        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
                 entry = sk_X509_NAME_ENTRY_value(a->entries, i);
-                if(entry->set != set) {
+                if (entry->set != set) {
                         entries = sk_X509_NAME_ENTRY_new_null();
-                        if(!entries)
+                        if (!entries)
                                 goto err;
-                        if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
+                        if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
                                 goto err;
                         set = entry->set;
                 }
@@ -348,33 +373,27 @@ static int x509_name_canon(X509_NAME *a)
                 tmpentry->object = OBJ_dup(entry->object);
                 if (!asn1_string_canon(tmpentry->value, entry->value))
                         goto err;
-                if(!sk_X509_NAME_ENTRY_push(entries, tmpentry))
+                if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))
                         goto err;
                 tmpentry = NULL;
         }
 
         /* Finally generate encoding */
-
         a->canon_enclen = i2d_name_canon(intname, NULL);
-
         p = malloc(a->canon_enclen);
-
         if (!p)
                 goto err;
-
         a->canon_enc = p;
-
         i2d_name_canon(intname, &p);
-
         ret = 1;
 
-        err:
+err:
 
         if (tmpentry)
                 X509_NAME_ENTRY_free(tmpentry);
         if (intname)
                 sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
-                                        local_sk_X509_NAME_ENTRY_pop_free);
+                    local_sk_X509_NAME_ENTRY_pop_free);
         return ret;
 }
 
@@ -384,9 +403,10 @@ static int x509_name_canon(X509_NAME *a)
         (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \
         | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
         | B_ASN1_VISIBLESTRING)
-        
 
-static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
+
+static int
+asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
 {
         unsigned char *to, *from;
         int len, i;
@@ -415,7 +435,7 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
          */
 
         /* Ignore leading spaces */
-        while((len > 0) && !(*from & 0x80) && isspace(*from)) {
+        while ((len > 0) && !(*from & 0x80) && isspace(*from)) {
                 from++;
                 len--;
         }
@@ -431,24 +451,24 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
         to = out->data;
 
         i = 0;
-        while(i < len) {
+        while (i < len) {
                 /* If MSB set just copy across */
                 if (*from & 0x80) {
                         *to++ = *from++;
                         i++;
-                        }
+                }
                 /* Collapse multiple spaces */
                 else if (isspace(*from)) {
                         /* Copy one space across */
                         *to++ = ' ';
                         /* Ignore subsequent spaces. Note: don't need to
-                         * check len here because we know the last 
+                         * check len here because we know the last
                          * character is a non-space so we can't overflow.
                          */
                         do {
                                 from++;
                                 i++;
-                        } while(!(*from & 0x80) && isspace(*from));
+                        } while (!(*from & 0x80) && isspace(*from));
                 } else {
                         *to++ = tolower(*from);
                         from++;
@@ -459,11 +479,10 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
         out->length = to - out->data;
 
         return 1;
-
 }
 
-static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
-                          unsigned char **in)
+static int
+i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname, unsigned char **in)
 {
         int i, len, ltmp;
         ASN1_VALUE *v;
@@ -473,7 +492,7 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
         for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) {
                 v = sk_ASN1_VALUE_value(intname, i);
                 ltmp = ASN1_item_ex_i2d(&v, in,
-                        ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
+                    ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
                 if (ltmp < 0)
                         return ltmp;
                 len += ltmp;
@@ -481,21 +500,23 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
         return len;
 }
 
-int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
+int
+X509_NAME_set(X509_NAME **xn, X509_NAME *name)
 {
         X509_NAME *in;
 
-        if (!xn || !name) return(0);
+        if (!xn || !name)
+                return (0);
 
         if (*xn != name) {
-                in=X509_NAME_dup(name);
+                in = X509_NAME_dup(name);
                 if (in != NULL) {
                         X509_NAME_free(*xn);
-                        *xn=in;
+                        *xn = in;
                 }
         }
-        return(*xn != NULL);
+        return (*xn != NULL);
 }
-        
+
 IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
 IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
diff --git a/src/lib/libcrypto/asn1/x_nx509.c b/src/lib/libcrypto/asn1/x_nx509.c
index fbd9a22db3..538a9f95eb 100644
--- a/src/lib/libcrypto/asn1/x_nx509.c
+++ b/src/lib/libcrypto/asn1/x_nx509.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -69,4 +69,3 @@ ASN1_SEQUENCE(NETSCAPE_X509) = {
 } ASN1_SEQUENCE_END(NETSCAPE_X509)
 
 IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509)
-
diff --git a/src/lib/libcrypto/asn1/x_pkey.c b/src/lib/libcrypto/asn1/x_pkey.c
index eac134a1ee..d18b8f6f5e 100644
--- a/src/lib/libcrypto/asn1/x_pkey.c
+++ b/src/lib/libcrypto/asn1/x_pkey.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,75 +64,85 @@
 #include <openssl/x509.h>
 
 /* need to implement */
-int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
+int
+i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
 {
-        return(0);
+        return (0);
 }
 
-X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
+X509_PKEY *
+d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
 {
         int i;
-        M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
+        M_ASN1_D2I_vars(a, X509_PKEY *, X509_PKEY_new);
 
         M_ASN1_D2I_Init();
         M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get_x(X509_ALGOR,ret->enc_algor,d2i_X509_ALGOR);
-        M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->enc_pkey,d2i_ASN1_OCTET_STRING);
+        M_ASN1_D2I_get_x(X509_ALGOR, ret->enc_algor, d2i_X509_ALGOR);
+        M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->enc_pkey,
+            d2i_ASN1_OCTET_STRING);
 
-        ret->cipher.cipher=EVP_get_cipherbyname(
-                OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
+        ret->cipher.cipher = EVP_get_cipherbyname(
+            OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
         if (ret->cipher.cipher == NULL) {
-                c.error=ASN1_R_UNSUPPORTED_CIPHER;
-                c.line=__LINE__;
+                c.error = ASN1_R_UNSUPPORTED_CIPHER;
+                c.line = __LINE__;
                 goto err;
         }
         if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) {
-                i=ret->enc_algor->parameter->value.octet_string->length;
+                i = ret->enc_algor->parameter->value.octet_string->length;
                 if (i > EVP_MAX_IV_LENGTH) {
-                        c.error=ASN1_R_IV_TOO_LARGE;
-                        c.line=__LINE__;
+                        c.error = ASN1_R_IV_TOO_LARGE;
+                        c.line = __LINE__;
                         goto err;
                 }
                 memcpy(ret->cipher.iv,
-                        ret->enc_algor->parameter->value.octet_string->data,i);
-        }
-        else
-                memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
-        M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
+                    ret->enc_algor->parameter->value.octet_string->data, i);
+        } else
+                memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
+        M_ASN1_D2I_Finish(a, X509_PKEY_free, ASN1_F_D2I_X509_PKEY);
 }
 
-X509_PKEY *X509_PKEY_new(void)
+X509_PKEY *
+X509_PKEY_new(void)
 {
-        X509_PKEY *ret=NULL;
+        X509_PKEY *ret = NULL;
         ASN1_CTX c;
 
-        M_ASN1_New_Malloc(ret,X509_PKEY);
-        ret->version=0;
-        M_ASN1_New(ret->enc_algor,X509_ALGOR_new);
-        M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new);
-        ret->dec_pkey=NULL;
-        ret->key_length=0;
-        ret->key_data=NULL;
-        ret->key_free=0;
-        ret->cipher.cipher=NULL;
-        memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
-        ret->references=1;
-        return(ret);
+        M_ASN1_New_Malloc(ret, X509_PKEY);
+        ret->version = 0;
+        M_ASN1_New(ret->enc_algor, X509_ALGOR_new);
+        M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new);
+        ret->dec_pkey = NULL;
+        ret->key_length = 0;
+        ret->key_data = NULL;
+        ret->key_free = 0;
+        ret->cipher.cipher = NULL;
+        memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
+        ret->references = 1;
+        return (ret);
         M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
 }
 
-void X509_PKEY_free(X509_PKEY *x)
+void
+X509_PKEY_free(X509_PKEY *x)
 {
         int i;
 
-        if (x == NULL) return;
+        if (x == NULL)
+                return;
 
-        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);
-        if (i > 0) return;
+        i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY);
+        if (i > 0)
+                return;
 
-        if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
-        if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey);
-        if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
-        if ((x->key_data != NULL) && (x->key_free)) free(x->key_data);
+        if (x->enc_algor != NULL)
+                X509_ALGOR_free(x->enc_algor);
+        if (x->enc_pkey != NULL)
+                M_ASN1_OCTET_STRING_free(x->enc_pkey);
+        if (x->dec_pkey != NULL)
+                EVP_PKEY_free(x->dec_pkey);
+        if ((x->key_data != NULL) && (x->key_free))
+                free(x->key_data);
         free(x);
 }
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
index 1d6ab6580a..df915e2dfd 100644
--- a/src/lib/libcrypto/asn1/x_pubkey.c
+++ b/src/lib/libcrypto/asn1/x_pubkey.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -69,8 +69,8 @@
 #endif
 
 /* Minor tweak to operation: free up EVP_PKEY */
-static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                        void *exarg)
+static int
+pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
         if (operation == ASN1_OP_FREE_POST) {
                 X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
@@ -86,54 +86,61 @@ ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
 
-int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
+int
+X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 {
-        X509_PUBKEY *pk=NULL;
+        X509_PUBKEY *pk = NULL;
 
-        if (x == NULL) return(0);
-
-        if ((pk=X509_PUBKEY_new()) == NULL) goto error;
+        if (x == NULL)
+                return (0);
+        if ((pk = X509_PUBKEY_new()) == NULL)
+                goto error;
 
         if (pkey->ameth) {
                 if (pkey->ameth->pub_encode) {
                         if (!pkey->ameth->pub_encode(pk, pkey)) {
                                 X509err(X509_F_X509_PUBKEY_SET,
-                                        X509_R_PUBLIC_KEY_ENCODE_ERROR);
+                                    X509_R_PUBLIC_KEY_ENCODE_ERROR);
                                 goto error;
                         }
                 } else {
                         X509err(X509_F_X509_PUBKEY_SET,
-                                X509_R_METHOD_NOT_SUPPORTED);
+                            X509_R_METHOD_NOT_SUPPORTED);
                         goto error;
                 }
         } else {
-                X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
+                X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM);
                 goto error;
         }
 
         if (*x != NULL)
                 X509_PUBKEY_free(*x);
 
-        *x=pk;
+        *x = pk;
 
         return 1;
+
 error:
-        if (pk != NULL) X509_PUBKEY_free(pk);
+        if (pk != NULL)
+                X509_PUBKEY_free(pk);
         return 0;
 }
 
-EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+EVP_PKEY *
+X509_PUBKEY_get(X509_PUBKEY *key)
 {
-        EVP_PKEY *ret=NULL;
+        EVP_PKEY *ret = NULL;
 
-        if (key == NULL) goto error;
+        if (key == NULL)
+                goto error;
 
         if (key->pkey != NULL) {
                 CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
                 return key->pkey;
         }
 
-        if (key->public_key == NULL) goto error;
+        if (key->public_key == NULL)
+                goto error;
 
         if ((ret = EVP_PKEY_new()) == NULL) {
                 X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
@@ -141,14 +148,14 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
         }
 
         if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) {
-                X509err(X509_F_X509_PUBKEY_GET,X509_R_UNSUPPORTED_ALGORITHM);
+                X509err(X509_F_X509_PUBKEY_GET, X509_R_UNSUPPORTED_ALGORITHM);
                 goto error;
         }
 
         if (ret->ameth->pub_decode) {
                 if (!ret->ameth->pub_decode(ret, key)) {
                         X509err(X509_F_X509_PUBKEY_GET,
-                                                X509_R_PUBLIC_KEY_DECODE_ERROR);
+                            X509_R_PUBLIC_KEY_DECODE_ERROR);
                         goto error;
                 }
         } else {
@@ -170,39 +177,44 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 
         return ret;
 
-        error:
+error:
         if (ret != NULL)
                 EVP_PKEY_free(ret);
-        return(NULL);
+        return (NULL);
 }
 
 /* Now two pseudo ASN1 routines that take an EVP_PKEY structure
  * and encode or decode as X509_PUBKEY
  */
 
-EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,
-             long length)
+EVP_PKEY *
+d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
 {
         X509_PUBKEY *xpk;
         EVP_PKEY *pktmp;
         xpk = d2i_X509_PUBKEY(NULL, pp, length);
-        if(!xpk) return NULL;
+        if (!xpk)
+                return NULL;
         pktmp = X509_PUBKEY_get(xpk);
         X509_PUBKEY_free(xpk);
-        if(!pktmp) return NULL;
-        if(a) {
+        if (!pktmp)
+                return NULL;
+        if (a) {
                 EVP_PKEY_free(*a);
                 *a = pktmp;
         }
         return pktmp;
 }
 
-int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
+int
+i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
 {
-        X509_PUBKEY *xpk=NULL;
+        X509_PUBKEY *xpk = NULL;
         int ret;
-        if(!a) return 0;
-        if(!X509_PUBKEY_set(&xpk, a)) return 0;
+        if (!a)
+                return 0;
+        if (!X509_PUBKEY_set(&xpk, a))
+                return 0;
         ret = i2d_X509_PUBKEY(xpk, pp);
         X509_PUBKEY_free(xpk);
         return ret;
@@ -212,18 +224,20 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
  * keys
  */
 #ifndef OPENSSL_NO_RSA
-RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
-             long length)
+RSA *
+d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length)
 {
         EVP_PKEY *pkey;
         RSA *key;
         const unsigned char *q;
         q = *pp;
         pkey = d2i_PUBKEY(NULL, &q, length);
-        if (!pkey) return NULL;
+        if (!pkey)
+                return NULL;
         key = EVP_PKEY_get1_RSA(pkey);
         EVP_PKEY_free(pkey);
-        if (!key) return NULL;
+        if (!key)
+                return NULL;
         *pp = q;
         if (a) {
                 RSA_free(*a);
@@ -232,11 +246,13 @@ RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
         return key;
 }
 
-int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
+int
+i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
 {
         EVP_PKEY *pktmp;
         int ret;
-        if (!a) return 0;
+        if (!a)
+                return 0;
         pktmp = EVP_PKEY_new();
         if (!pktmp) {
                 ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
@@ -250,18 +266,20 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
 #endif
 
 #ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
-             long length)
+DSA *
+d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
 {
         EVP_PKEY *pkey;
         DSA *key;
         const unsigned char *q;
         q = *pp;
         pkey = d2i_PUBKEY(NULL, &q, length);
-        if (!pkey) return NULL;
+        if (!pkey)
+                return NULL;
         key = EVP_PKEY_get1_DSA(pkey);
         EVP_PKEY_free(pkey);
-        if (!key) return NULL;
+        if (!key)
+                return NULL;
         *pp = q;
         if (a) {
                 DSA_free(*a);
@@ -270,13 +288,15 @@ DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
         return key;
 }
 
-int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
+int
+i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
 {
         EVP_PKEY *pktmp;
         int ret;
-        if(!a) return 0;
+        if (!a)
+                return 0;
         pktmp = EVP_PKEY_new();
-        if(!pktmp) {
+        if (!pktmp) {
                 ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
                 return 0;
         }
@@ -288,44 +308,49 @@ int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
 #endif
 
 #ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
+EC_KEY *
+d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
 {
         EVP_PKEY *pkey;
         EC_KEY *key;
         const unsigned char *q;
         q = *pp;
         pkey = d2i_PUBKEY(NULL, &q, length);
-        if (!pkey) return(NULL);
+        if (!pkey)
+                return (NULL);
         key = EVP_PKEY_get1_EC_KEY(pkey);
         EVP_PKEY_free(pkey);
-        if (!key)  return(NULL);
+        if (!key)
+                return (NULL);
         *pp = q;
         if (a) {
                 EC_KEY_free(*a);
                 *a = key;
         }
-        return(key);
+        return (key);
 }
 
-int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
+int
+i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
 {
         EVP_PKEY *pktmp;
         int ret;
-        if (!a) return(0);
+        if (!a)
+                return (0);
         if ((pktmp = EVP_PKEY_new()) == NULL) {
                 ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
-                return(0);
+                return (0);
         }
         EVP_PKEY_set1_EC_KEY(pktmp, a);
         ret = i2d_PUBKEY(pktmp, pp);
         EVP_PKEY_free(pktmp);
-        return(ret);
+        return (ret);
 }
 #endif
 
-int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
-                                        int ptype, void *pval,
-                                        unsigned char *penc, int penclen)
+int
+X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype,
+    void *pval, unsigned char *penc, int penclen)
 {
         if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
                 return 0;
@@ -334,17 +359,16 @@ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                         free(pub->public_key->data);
                 pub->public_key->data = penc;
                 pub->public_key->length = penclen;
-                /* Set number of unused bits to zero */
+                /* Set number of unused bits to zero */
                 pub->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-                pub->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+                pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
         }
         return 1;
 }
 
-int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
-                const unsigned char **pk, int *ppklen,
-                X509_ALGOR **pa,
-                X509_PUBKEY *pub)
+int
+X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk,
+    int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub)
 {
         if (ppkalg)
                 *ppkalg = pub->algor->algorithm;
diff --git a/src/lib/libcrypto/asn1/x_req.c b/src/lib/libcrypto/asn1/x_req.c
index d57555827c..442f56a144 100644
--- a/src/lib/libcrypto/asn1/x_req.c
+++ b/src/lib/libcrypto/asn1/x_req.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -66,7 +66,7 @@
  * encode the attributes field if it is empty. This is in
  * violation of PKCS#10 but we need to tolerate it. We do
  * this by making the attributes field OPTIONAL then using
- * the callback to initialise it to an empty STACK. 
+ * the callback to initialise it to an empty STACK.
  *
  * This means that the field will be correctly encoded unless
  * we NULL out the field.
@@ -79,14 +79,15 @@
  *
  */
 
-static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                                                        void *exarg)
+static int
+rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
         X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
 
-        if(operation == ASN1_OP_NEW_POST) {
+        if (operation == ASN1_OP_NEW_POST) {
                 rinf->attributes = sk_X509_ATTRIBUTE_new_null();
-                if(!rinf->attributes) return 0;
+                if (!rinf->attributes)
+                        return 0;
         }
         return 1;
 }
diff --git a/src/lib/libcrypto/asn1/x_sig.c b/src/lib/libcrypto/asn1/x_sig.c
index 42efa86c1c..5c9aef0365 100644
--- a/src/lib/libcrypto/asn1/x_sig.c
+++ b/src/lib/libcrypto/asn1/x_sig.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
diff --git a/src/lib/libcrypto/asn1/x_spki.c b/src/lib/libcrypto/asn1/x_spki.c
index 2aece077c5..34fe81443c 100644
--- a/src/lib/libcrypto/asn1/x_spki.c
+++ b/src/lib/libcrypto/asn1/x_spki.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
diff --git a/src/lib/libcrypto/asn1/x_val.c b/src/lib/libcrypto/asn1/x_val.c
index dc17c67758..6436f0cb55 100644
--- a/src/lib/libcrypto/asn1/x_val.c
+++ b/src/lib/libcrypto/asn1/x_val.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
diff --git a/src/lib/libcrypto/asn1/x_x509.c b/src/lib/libcrypto/asn1/x_x509.c
index 20448a8e3b..e7d613e20f 100644
--- a/src/lib/libcrypto/asn1/x_x509.c
+++ b/src/lib/libcrypto/asn1/x_x509.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -81,15 +81,15 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
 
 extern void policy_cache_free(X509_POLICY_CACHE *cache);
 
-static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                                                                void *exarg)
+static int
+x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
         X509 *ret = (X509 *)*pval;
 
-        switch(operation) {
+        switch (operation) {
 
         case ASN1_OP_NEW_POST:
-                ret->valid=0;
+                ret->valid = 0;
                 ret->name = NULL;
                 ret->ex_flags = 0;
                 ret->ex_pathlen = -1;
@@ -105,8 +105,9 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                 break;
 
         case ASN1_OP_D2I_POST:
-                if (ret->name != NULL) free(ret->name);
-                ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+                if (ret->name != NULL)
+                        free(ret->name);
+                ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0);
                 break;
 
         case ASN1_OP_FREE_POST:
@@ -122,14 +123,12 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                 sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
                 ASIdentifiers_free(ret->rfc3779_asid);
 #endif
-
-                if (ret->name != NULL) free(ret->name);
+                if (ret->name != NULL)
+                        free(ret->name);
                 break;
-
         }
 
         return 1;
-
 }
 
 ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
@@ -141,21 +140,24 @@ ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509)
 
-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+int
+X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
 {
         return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
-                                new_func, dup_func, free_func);
+            new_func, dup_func, free_func);
 }
 
-int X509_set_ex_data(X509 *r, int idx, void *arg)
+int
+X509_set_ex_data(X509 *r, int idx, void *arg)
 {
-        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
 }
 
-void *X509_get_ex_data(X509 *r, int idx)
+void *
+X509_get_ex_data(X509 *r, int idx)
 {
-        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        return (CRYPTO_get_ex_data(&r->ex_data, idx));
 }
 
 /* X509_AUX ASN1 routines. X509_AUX is the name given to
@@ -166,29 +168,38 @@ void *X509_get_ex_data(X509 *r, int idx)
  *
  */
 
-X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
+X509 *
+d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
 {
         const unsigned char *q;
         X509 *ret;
+
         /* Save start position */
         q = *pp;
         ret = d2i_X509(a, pp, length);
         /* If certificate unreadable then forget it */
-        if(!ret) return NULL;
+        if (!ret)
+                return NULL;
         /* update length */
         length -= *pp - q;
-        if(!length) return ret;
-        if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
+        if (!length)
+                return ret;
+        if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
+                goto err;
         return ret;
-        err:
+
+err:
         X509_free(ret);
         return NULL;
 }
 
-int i2d_X509_AUX(X509 *a, unsigned char **pp)
+int
+i2d_X509_AUX(X509 *a, unsigned char **pp)
 {
         int length;
+
         length = i2d_X509(a, pp);
-        if(a) length += i2d_X509_CERT_AUX(a->aux, pp);
+        if (a)
+                length += i2d_X509_CERT_AUX(a->aux, pp);
         return length;
 }
diff --git a/src/lib/libcrypto/asn1/x_x509a.c b/src/lib/libcrypto/asn1/x_x509a.c
index 287d780830..69ea725709 100644
--- a/src/lib/libcrypto/asn1/x_x509a.c
+++ b/src/lib/libcrypto/asn1/x_x509a.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -66,7 +66,7 @@
  * user modifiable data about a certificate. This data is
  * appended to the X509 encoding when the *_X509_AUX routines
  * are used. This means that the "traditional" X509 routines
- * will simply ignore the extra data. 
+ * will simply ignore the extra data.
  */
 
 static X509_CERT_AUX *aux_get(X509 *x);
@@ -81,14 +81,18 @@ ASN1_SEQUENCE(X509_CERT_AUX) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
 
-static X509_CERT_AUX *aux_get(X509 *x)
+static X509_CERT_AUX *
+aux_get(X509 *x)
 {
-        if(!x) return NULL;
-        if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL;
+        if (!x)
+                return NULL;
+        if (!x->aux && !(x->aux = X509_CERT_AUX_new()))
+                return NULL;
         return x->aux;
 }
 
-int X509_alias_set1(X509 *x, unsigned char *name, int len)
+int
+X509_alias_set1(X509 *x, unsigned char *name, int len)
 {
         X509_CERT_AUX *aux;
         if (!name) {
@@ -98,12 +102,15 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len)
                 x->aux->alias = NULL;
                 return 1;
         }
-        if(!(aux = aux_get(x))) return 0;
-        if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;
+        if (!(aux = aux_get(x)))
+                return 0;
+        if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new()))
+                return 0;
         return ASN1_STRING_set(aux->alias, name, len);
 }
 
-int X509_keyid_set1(X509 *x, unsigned char *id, int len)
+int
+X509_keyid_set1(X509 *x, unsigned char *id, int len)
 {
         X509_CERT_AUX *aux;
         if (!id) {
@@ -113,58 +120,74 @@ int X509_keyid_set1(X509 *x, unsigned char *id, int len)
                 x->aux->keyid = NULL;
                 return 1;
         }
-        if(!(aux = aux_get(x))) return 0;
-        if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
+        if (!(aux = aux_get(x)))
+                return 0;
+        if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new()))
+                return 0;
         return ASN1_STRING_set(aux->keyid, id, len);
 }
 
-unsigned char *X509_alias_get0(X509 *x, int *len)
+unsigned char *
+X509_alias_get0(X509 *x, int *len)
 {
-        if(!x->aux || !x->aux->alias) return NULL;
-        if(len) *len = x->aux->alias->length;
+        if (!x->aux || !x->aux->alias)
+                return NULL;
+        if (len)
+                *len = x->aux->alias->length;
         return x->aux->alias->data;
 }
 
-unsigned char *X509_keyid_get0(X509 *x, int *len)
+unsigned char *
+X509_keyid_get0(X509 *x, int *len)
 {
-        if(!x->aux || !x->aux->keyid) return NULL;
-        if(len) *len = x->aux->keyid->length;
+        if (!x->aux || !x->aux->keyid)
+                return NULL;
+        if (len)
+                *len = x->aux->keyid->length;
         return x->aux->keyid->data;
 }
 
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
+int
+X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
 {
         X509_CERT_AUX *aux;
         ASN1_OBJECT *objtmp;
-        if(!(objtmp = OBJ_dup(obj))) return 0;
-        if(!(aux = aux_get(x))) return 0;
-        if(!aux->trust
-                && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
+        if (!(objtmp = OBJ_dup(obj)))
+                return 0;
+        if (!(aux = aux_get(x)))
+                return 0;
+        if (!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null()))
+                return 0;
         return sk_ASN1_OBJECT_push(aux->trust, objtmp);
 }
 
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
+int
+X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
 {
         X509_CERT_AUX *aux;
         ASN1_OBJECT *objtmp;
-        if(!(objtmp = OBJ_dup(obj))) return 0;
-        if(!(aux = aux_get(x))) return 0;
-        if(!aux->reject
-                && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0;
+        if (!(objtmp = OBJ_dup(obj)))
+                return 0;
+        if (!(aux = aux_get(x)))
+                return 0;
+        if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null()))
+                return 0;
         return sk_ASN1_OBJECT_push(aux->reject, objtmp);
 }
 
-void X509_trust_clear(X509 *x)
+void
+X509_trust_clear(X509 *x)
 {
-        if(x->aux && x->aux->trust) {
+        if (x->aux && x->aux->trust) {
                 sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
                 x->aux->trust = NULL;
         }
 }
 
-void X509_reject_clear(X509 *x)
+void
+X509_reject_clear(X509 *x)
 {
-        if(x->aux && x->aux->reject) {
+        if (x->aux && x->aux->reject) {
                 sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
                 x->aux->reject = NULL;
         }
diff --git a/src/lib/libssl/src/crypto/asn1/x_algor.c b/src/lib/libssl/src/crypto/asn1/x_algor.c
index 7ae473485c..65f81e8692 100644
--- a/src/lib/libssl/src/crypto/asn1/x_algor.c
+++ b/src/lib/libssl/src/crypto/asn1/x_algor.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -66,8 +66,8 @@ ASN1_SEQUENCE(X509_ALGOR) = {
         ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
 } ASN1_SEQUENCE_END(X509_ALGOR)
 
-ASN1_ITEM_TEMPLATE(X509_ALGORS) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
+ASN1_ITEM_TEMPLATE(X509_ALGORS) =
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
 ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
@@ -77,7 +77,8 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
 IMPLEMENT_STACK_OF(X509_ALGOR)
 IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
 
-int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
+int
+X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
 {
         if (!alg)
                 return 0;
@@ -93,20 +94,20 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
                 alg->algorithm = aobj;
         }
         if (ptype == 0)
-                return 1;       
+                return 1;
         if (ptype == V_ASN1_UNDEF) {
                 if (alg->parameter) {
                         ASN1_TYPE_free(alg->parameter);
                         alg->parameter = NULL;
                 }
-        }
-        else
+        } else
                 ASN1_TYPE_set(alg->parameter, ptype, pval);
         return 1;
 }
 
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
-                                                X509_ALGOR *algor)
+void
+X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+    X509_ALGOR *algor)
 {
         if (paobj)
                 *paobj = algor->algorithm;
@@ -114,8 +115,7 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
                 if (algor->parameter == NULL) {
                         *pptype = V_ASN1_UNDEF;
                         return;
-                }
-                else
+                } else
                         *pptype = algor->parameter->type;
                 if (ppval)
                         *ppval = algor->parameter->value.ptr;
@@ -124,7 +124,8 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
 
 /* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
 
-void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
+void
+X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
 {
         int param_type;
 
@@ -134,5 +135,4 @@ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
                 param_type = V_ASN1_NULL;
 
         X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
-
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_attrib.c b/src/lib/libssl/src/crypto/asn1/x_attrib.c
index e620e1224e..248a6efa4e 100644
--- a/src/lib/libssl/src/crypto/asn1/x_attrib.c
+++ b/src/lib/libssl/src/crypto/asn1/x_attrib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -96,23 +96,30 @@ ASN1_SEQUENCE(X509_ATTRIBUTE) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
 
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
+X509_ATTRIBUTE *
+X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
 {
-        X509_ATTRIBUTE *ret=NULL;
-        ASN1_TYPE *val=NULL;
+        X509_ATTRIBUTE *ret = NULL;
+        ASN1_TYPE *val = NULL;
+
+        if ((ret = X509_ATTRIBUTE_new()) == NULL)
+                return (NULL);
+        ret->object = OBJ_nid2obj(nid);
+        ret->single = 0;
+        if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL)
+                goto err;
+        if ((val = ASN1_TYPE_new()) == NULL)
+                goto err;
+        if (!sk_ASN1_TYPE_push(ret->value.set, val))
+                goto err;
 
-        if ((ret=X509_ATTRIBUTE_new()) == NULL)
-                return(NULL);
-        ret->object=OBJ_nid2obj(nid);
-        ret->single=0;
-        if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
-        if ((val=ASN1_TYPE_new()) == NULL) goto err;
-        if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
+        ASN1_TYPE_set(val, atrtype, value);
+        return (ret);
 
-        ASN1_TYPE_set(val,atrtype,value);
-        return(ret);
 err:
-        if (ret != NULL) X509_ATTRIBUTE_free(ret);
-        if (val != NULL) ASN1_TYPE_free(val);
-        return(NULL);
+        if (ret != NULL)
+                X509_ATTRIBUTE_free(ret);
+        if (val != NULL)
+                ASN1_TYPE_free(val);
+        return (NULL);
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_bignum.c b/src/lib/libssl/src/crypto/asn1/x_bignum.c
index 9cf3204a1b..bc74164fdc 100644
--- a/src/lib/libssl/src/crypto/asn1/x_bignum.c
+++ b/src/lib/libssl/src/crypto/asn1/x_bignum.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -72,11 +72,14 @@
 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+    const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+    int utype, char *free_cont, const ASN1_ITEM *it);
 
 static ASN1_PRIMITIVE_FUNCS bignum_pf = {
-        NULL, 0,
+        NULL,
+        0,
         bn_new,
         bn_free,
         0,
@@ -85,55 +88,69 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf = {
 };
 
 ASN1_ITEM_start(BIGNUM)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
 ASN1_ITEM_end(BIGNUM)
 
 ASN1_ITEM_start(CBIGNUM)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
 ASN1_ITEM_end(CBIGNUM)
 
-static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int
+bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
         *pval = (ASN1_VALUE *)BN_new();
-        if(*pval) return 1;
-        else return 0;
+        if (*pval)
+                return 1;
+        else
+                return 0;
 }
 
-static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static void
+bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-        if(!*pval) return;
-        if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
-        else BN_free((BIGNUM *)*pval);
+        if (!*pval)
+                return;
+        if (it->size & BN_SENSITIVE)
+                BN_clear_free((BIGNUM *)*pval);
+        else
+                BN_free((BIGNUM *)*pval);
         *pval = NULL;
 }
 
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+static int
+bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
 {
         BIGNUM *bn;
         int pad;
-        if(!*pval) return -1;
+
+        if (!*pval)
+                return -1;
         bn = (BIGNUM *)*pval;
         /* If MSB set in an octet we need a padding byte */
-        if(BN_num_bits(bn) & 0x7) pad = 0;
-        else pad = 1;
-        if(cont) {
-                if(pad) *cont++ = 0;
+        if (BN_num_bits(bn) & 0x7)
+                pad = 0;
+        else
+                pad = 1;
+        if (cont) {
+                if (pad)
+                        *cont++ = 0;
                 BN_bn2bin(bn, cont);
         }
         return pad + BN_num_bytes(bn);
 }
 
-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
-                  int utype, char *free_cont, const ASN1_ITEM *it)
+static int
+bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
+    char *free_cont, const ASN1_ITEM *it)
 {
         BIGNUM *bn;
-        if(!*pval) bn_new(pval, it);
-        bn  = (BIGNUM *)*pval;
-        if(!BN_bin2bn(cont, len, bn)) {
+
+        if (!*pval)
+                bn_new(pval, it);
+        bn = (BIGNUM *)*pval;
+        if (!BN_bin2bn(cont, len, bn)) {
                 bn_free(pval, it);
                 return 0;
         }
         return 1;
 }
-
-
diff --git a/src/lib/libssl/src/crypto/asn1/x_crl.c b/src/lib/libssl/src/crypto/asn1/x_crl.c
index ea94f026b2..674cca4a1c 100644
--- a/src/lib/libssl/src/crypto/asn1/x_crl.c
+++ b/src/lib/libssl/src/crypto/asn1/x_crl.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,23 +64,23 @@
 #include <openssl/x509v3.h>
 
 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
-                                const X509_REVOKED * const *b);
+    const X509_REVOKED * const *b);
 static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
 
 ASN1_SEQUENCE(X509_REVOKED) = {
-        ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
-        ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
-        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+        ASN1_SIMPLE(X509_REVOKED, serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REVOKED, revocationDate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_REVOKED, extensions, X509_EXTENSION)
 } ASN1_SEQUENCE_END(X509_REVOKED)
 
 static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
-static int def_crl_lookup(X509_CRL *crl,
-                X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer);
+static int def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret,
+    ASN1_INTEGER *serial, X509_NAME *issuer);
 
-static X509_CRL_METHOD int_crl_meth =
-{
+static X509_CRL_METHOD int_crl_meth = {
+        0,
+        0,
         0,
-        0,0,
         def_crl_lookup,
         def_crl_verify
 };
@@ -91,18 +91,19 @@ static const X509_CRL_METHOD *default_crl_method = &int_crl_meth;
  * Since we cache the original encoding the signature wont be affected by
  * reordering of the revoked field.
  */
-static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                                                                void *exarg)
+static int
+crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
         X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
 
-        if(!a || !a->revoked) return 1;
-        switch(operation) {
+        if (!a || !a->revoked)
+                return 1;
+        switch (operation) {
                 /* Just set cmp function here. We don't sort because that
                  * would affect the output of X509_CRL_print().
                  */
         case ASN1_OP_D2I_POST:
-                (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
+                (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp);
                 break;
         }
         return 1;
@@ -123,9 +124,9 @@ ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
  * Check for unhandled critical CRL entry extensions.
  */
 
-static int crl_set_issuers(X509_CRL *crl)
+static int
+crl_set_issuers(X509_CRL *crl)
 {
-
         int i, j;
         GENERAL_NAMES *gens, *gtmp;
         STACK_OF(X509_REVOKED) *revoked;
@@ -138,9 +139,8 @@ static int crl_set_issuers(X509_CRL *crl)
                 STACK_OF(X509_EXTENSION) *exts;
                 ASN1_ENUMERATED *reason;
                 X509_EXTENSION *ext;
-                gtmp = X509_REVOKED_get_ext_d2i(rev, 
-                                                NID_certificate_issuer,
-                                                &j, NULL);
+                gtmp = X509_REVOKED_get_ext_d2i(rev, NID_certificate_issuer,
+                    &j, NULL);
                 if (!gtmp && (j != -1)) {
                         crl->flags |= EXFLAG_INVALID;
                         return 1;
@@ -159,7 +159,7 @@ static int crl_set_issuers(X509_CRL *crl)
                 rev->issuer = gens;
 
                 reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason,
-                                                                &j, NULL);
+                    &j, NULL);
                 if (!reason && (j != -1)) {
                         crl->flags |= EXFLAG_INVALID;
                         return 1;
@@ -169,7 +169,7 @@ static int crl_set_issuers(X509_CRL *crl)
                         rev->reason = ASN1_ENUMERATED_get(reason);
                         ASN1_ENUMERATED_free(reason);
                 } else
-                        rev->reason = CRL_REASON_NONE;  
+                        rev->reason = CRL_REASON_NONE;
 
                 /* Check for critical CRL entry extensions */
 
@@ -179,32 +179,29 @@ static int crl_set_issuers(X509_CRL *crl)
                         ext = sk_X509_EXTENSION_value(exts, j);
                         if (ext->critical > 0) {
                                 if (OBJ_obj2nid(ext->object) ==
-                                        NID_certificate_issuer)
+                                    NID_certificate_issuer)
                                         continue;
                                 crl->flags |= EXFLAG_CRITICAL;
                                 break;
                         }
                 }
-
-
         }
 
         return 1;
-
 }
 
 /* The X509_CRL structure needs a bit of customisation. Cache some extensions
  * and hash of the whole CRL.
  */
-static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                                                                void *exarg)
+static int
+crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
         X509_CRL *crl = (X509_CRL *)*pval;
         STACK_OF(X509_EXTENSION) *exts;
         X509_EXTENSION *ext;
         int idx;
 
-        switch(operation) {
+        switch (operation) {
         case ASN1_OP_NEW_POST:
                 crl->idp = NULL;
                 crl->akid = NULL;
@@ -223,23 +220,23 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                 X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
 #endif
                 crl->idp = X509_CRL_get_ext_d2i(crl,
-                                NID_issuing_distribution_point, NULL, NULL);
+                    NID_issuing_distribution_point, NULL, NULL);
                 if (crl->idp)
                         setup_idp(crl, crl->idp);
 
                 crl->akid = X509_CRL_get_ext_d2i(crl,
-                                NID_authority_key_identifier, NULL, NULL);      
+                    NID_authority_key_identifier, NULL, NULL);
 
                 crl->crl_number = X509_CRL_get_ext_d2i(crl,
-                                NID_crl_number, NULL, NULL);    
+                    NID_crl_number, NULL, NULL);
 
                 crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
-                                NID_delta_crl, NULL, NULL);     
+                    NID_delta_crl, NULL, NULL);
                 /* Delta CRLs must have CRL number */
                 if (crl->base_crl_number && !crl->crl_number)
                         crl->flags |= EXFLAG_INVALID;
 
-                /* See if we have any unhandled critical CRL extensions and 
+                /* See if we have any unhandled critical CRL extensions and
                  * indicate this in a flag. We only currently handle IDP so
                  * anything else critical sets the flag.
                  *
@@ -257,15 +254,14 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                                 crl->flags |= EXFLAG_FRESHEST;
                         if (ext->critical > 0) {
                                 /* We handle IDP and deltas */
-                                if ((nid == NID_issuing_distribution_point)
-                                        || (nid == NID_delta_crl))
+                                if ((nid == NID_issuing_distribution_point) ||
+                                    (nid == NID_delta_crl))
                                         break;;
                                 crl->flags |= EXFLAG_CRITICAL;
                                 break;
                         }
                 }
 
-
                 if (!crl_set_issuers(crl))
                         return 0;
 
@@ -294,9 +290,11 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 
 /* Convert IDP into a more convenient form */
 
-static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
+static void
+setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
 {
         int idp_only = 0;
+
         /* Set various flags according to IDP */
         crl->idp_flags |= IDP_PRESENT;
         if (idp->onlyuser > 0) {
@@ -324,7 +322,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
                         crl->idp_reasons = idp->onlysomereasons->data[0];
                 if (idp->onlysomereasons->length > 1)
                         crl->idp_reasons |=
-                                (idp->onlysomereasons->data[1] << 8);
+                            (idp->onlysomereasons->data[1] << 8);
                 crl->idp_reasons &= CRLDP_ALL_REASONS;
         }
 
@@ -342,60 +340,65 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
 IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
 
-static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
-                        const X509_REVOKED * const *b)
+static int
+X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b)
 {
         return(ASN1_STRING_cmp(
-                (ASN1_STRING *)(*a)->serialNumber,
-                (ASN1_STRING *)(*b)->serialNumber));
+            (ASN1_STRING *)(*a)->serialNumber,
+            (ASN1_STRING *)(*b)->serialNumber));
 }
 
-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+int
+X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
 {
         X509_CRL_INFO *inf;
+
         inf = crl->crl;
-        if(!inf->revoked)
+        if (!inf->revoked)
                 inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
-        if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+        if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
                 ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
                 return 0;
-}
+        }
         inf->enc.modified = 1;
         return 1;
 }
 
-int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
+int
+X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
 {
         if (crl->meth->crl_verify)
                 return crl->meth->crl_verify(crl, r);
         return 0;
 }
 
-int X509_CRL_get0_by_serial(X509_CRL *crl,
-                X509_REVOKED **ret, ASN1_INTEGER *serial)
+int
+X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret,
+    ASN1_INTEGER *serial)
 {
         if (crl->meth->crl_lookup)
                 return crl->meth->crl_lookup(crl, ret, serial, NULL);
         return 0;
 }
 
-int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
+int
+X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
 {
         if (crl->meth->crl_lookup)
                 return crl->meth->crl_lookup(crl, ret,
-                                                X509_get_serialNumber(x),
-                                                X509_get_issuer_name(x));
+                    X509_get_serialNumber(x), X509_get_issuer_name(x));
         return 0;
 }
 
-static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
+static int
+def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
 {
         return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
-                crl->sig_alg, crl->signature,crl->crl,r));
+            crl->sig_alg, crl->signature, crl->crl, r));
 }
 
-static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
-                                                X509_REVOKED *rev)
+static int
+crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, X509_REVOKED *rev)
 {
         int i;
 
@@ -421,11 +424,13 @@ static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
 
 }
 
-static int def_crl_lookup(X509_CRL *crl,
-                X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer)
+static int
+def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial,
+    X509_NAME *issuer)
 {
         X509_REVOKED rtmp, *rev;
         int idx;
+
         rtmp.serialNumber = serial;
         /* Sort revoked into serial number order if not already sorted.
          * Do this under a lock to avoid race condition.
@@ -436,10 +441,10 @@ static int def_crl_lookup(X509_CRL *crl,
                 CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
         }
         idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
-        if(idx < 0)
+        if (idx < 0)
                 return 0;
         /* Need to look for matching name */
-        for(;idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) {
+        for (; idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) {
                 rev = sk_X509_REVOKED_value(crl->crl->revoked, idx);
                 if (ASN1_INTEGER_cmp(rev->serialNumber, serial))
                         return 0;
@@ -454,22 +459,24 @@ static int def_crl_lookup(X509_CRL *crl,
         return 0;
 }
 
-void X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
+void
+X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
 {
         if (meth == NULL)
                 default_crl_method = &int_crl_meth;
-        else 
+        else
                 default_crl_method = meth;
 }
 
-X509_CRL_METHOD *X509_CRL_METHOD_new(
-        int (*crl_init)(X509_CRL *crl),
-        int (*crl_free)(X509_CRL *crl),
-        int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
-                                ASN1_INTEGER *ser, X509_NAME *issuer),
-        int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk))
+X509_CRL_METHOD *
+X509_CRL_METHOD_new(int (*crl_init)(X509_CRL *crl),
+    int (*crl_free)(X509_CRL *crl),
+    int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
+    ASN1_INTEGER *ser, X509_NAME *issuer),
+    int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk))
 {
         X509_CRL_METHOD *m;
+
         m = malloc(sizeof(X509_CRL_METHOD));
         if (!m)
                 return NULL;
@@ -481,19 +488,22 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(
         return m;
 }
 
-void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
+void
+X509_CRL_METHOD_free(X509_CRL_METHOD *m)
 {
         if (!(m->flags & X509_CRL_METHOD_DYNAMIC))
                 return;
         free(m);
 }
 
-void X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
+void
+X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
 {
         crl->meth_data = dat;
 }
 
-void *X509_CRL_get_meth_data(X509_CRL *crl)
+void *
+X509_CRL_get_meth_data(X509_CRL *crl)
 {
         return crl->meth_data;
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_exten.c b/src/lib/libssl/src/crypto/asn1/x_exten.c
index 3a21239926..5b3f49ed0f 100644
--- a/src/lib/libssl/src/crypto/asn1/x_exten.c
+++ b/src/lib/libssl/src/crypto/asn1/x_exten.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -67,8 +67,8 @@ ASN1_SEQUENCE(X509_EXTENSION) = {
         ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(X509_EXTENSION)
 
-ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = 
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
+ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
 ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
diff --git a/src/lib/libssl/src/crypto/asn1/x_info.c b/src/lib/libssl/src/crypto/asn1/x_info.c
index 07ce15dbd7..4d3e2ebd17 100644
--- a/src/lib/libssl/src/crypto/asn1/x_info.c
+++ b/src/lib/libssl/src/crypto/asn1/x_info.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,42 +62,49 @@
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
 
-X509_INFO *X509_INFO_new(void)
+X509_INFO *
+X509_INFO_new(void)
 {
-        X509_INFO *ret=NULL;
+        X509_INFO *ret = NULL;
 
-        ret=(X509_INFO *)malloc(sizeof(X509_INFO));
+        ret = (X509_INFO *)malloc(sizeof(X509_INFO));
         if (ret == NULL) {
-                ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
-                return(NULL);
+                ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE);
+                return (NULL);
         }
- 
-        ret->enc_cipher.cipher=NULL;
-        ret->enc_len=0;
-        ret->enc_data=NULL;
- 
-        ret->references=1;
-        ret->x509=NULL;
-        ret->crl=NULL;
-        ret->x_pkey=NULL;
-        return(ret);
+
+        ret->enc_cipher.cipher = NULL;
+        ret->enc_len = 0;
+        ret->enc_data = NULL;
+
+        ret->references = 1;
+        ret->x509 = NULL;
+        ret->crl = NULL;
+        ret->x_pkey = NULL;
+        return (ret);
 }
 
-void X509_INFO_free(X509_INFO *x)
+void
+X509_INFO_free(X509_INFO *x)
 {
         int i;
 
-        if (x == NULL) return;
+        if (x == NULL)
+                return;
 
-        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
-        if (i > 0) return;
+        i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_INFO);
+        if (i > 0)
+                return;
 
-        if (x->x509 != NULL) X509_free(x->x509);
-        if (x->crl != NULL) X509_CRL_free(x->crl);
-        if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
-        if (x->enc_data != NULL) free(x->enc_data);
+        if (x->x509 != NULL)
+                X509_free(x->x509);
+        if (x->crl != NULL)
+                X509_CRL_free(x->crl);
+        if (x->x_pkey != NULL)
+                X509_PKEY_free(x->x_pkey);
+        if (x->enc_data != NULL)
+                free(x->enc_data);
         free(x);
 }
 
 IMPLEMENT_STACK_OF(X509_INFO)
-
diff --git a/src/lib/libssl/src/crypto/asn1/x_long.c b/src/lib/libssl/src/crypto/asn1/x_long.c
index 1417284d3c..81dcc4fc29 100644
--- a/src/lib/libssl/src/crypto/asn1/x_long.c
+++ b/src/lib/libssl/src/crypto/asn1/x_long.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -84,25 +84,29 @@ static ASN1_PRIMITIVE_FUNCS long_pf = {
 };
 
 ASN1_ITEM_start(LONG)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
 ASN1_ITEM_end(LONG)
 
 ASN1_ITEM_start(ZLONG)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
 ASN1_ITEM_end(ZLONG)
 
-static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int
+long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
         *(long *)pval = it->size;
         return 1;
 }
 
-static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static void
+long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
         *(long *)pval = it->size;
 }
 
-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+static int
+long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+    const ASN1_ITEM *it)
 {
         long ltmp;
         unsigned long utmp;
@@ -113,58 +117,70 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A
         /* use memcpy, because we may not be long aligned */
         memcpy(&ltmp, cp, sizeof(long));
 
-        if(ltmp == it->size) return -1;
+        if (ltmp == it->size)
+                return -1;
         /* Convert the long to positive: we subtract one if negative so
          * we can cleanly handle the padding if only the MSB of the leading
-         * octet is set. 
+         * octet is set.
          */
-        if(ltmp < 0) utmp = -ltmp - 1;
-        else utmp = ltmp;
+        if (ltmp < 0)
+                utmp = -ltmp - 1;
+        else
+                utmp = ltmp;
         clen = BN_num_bits_word(utmp);
         /* If MSB of leading octet set we need to pad */
-        if(!(clen & 0x7)) pad = 1;
-        else pad = 0;
+        if (!(clen & 0x7))
+                pad = 1;
+        else
+                pad = 0;
 
         /* Convert number of bits to number of octets */
         clen = (clen + 7) >> 3;
 
-        if(cont) {
-                if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
-                for(i = clen - 1; i >= 0; i--) {
+        if (cont) {
+                if (pad)
+                        *cont++ = (ltmp < 0) ? 0xff : 0;
+                for (i = clen - 1; i >= 0; i--) {
                         cont[i] = (unsigned char)(utmp & 0xff);
-                        if(ltmp < 0) cont[i] ^= 0xff;
+                        if (ltmp < 0)
+                                cont[i] ^= 0xff;
                         utmp >>= 8;
                 }
         }
         return clen + pad;
 }
 
-static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
-                    int utype, char *free_cont, const ASN1_ITEM *it)
+static int
+long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
+    char *free_cont, const ASN1_ITEM *it)
 {
         int neg, i;
         long ltmp;
         unsigned long utmp = 0;
         char *cp = (char *)pval;
-        if(len > (int)sizeof(long)) {
+        if (len > (int)sizeof(long)) {
                 ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
                 return 0;
         }
         /* Is it negative? */
-        if(len && (cont[0] & 0x80)) neg = 1;
-        else neg = 0;
+        if (len && (cont[0] & 0x80))
+                neg = 1;
+        else
+                neg = 0;
         utmp = 0;
-        for(i = 0; i < len; i++) {
+        for (i = 0; i < len; i++) {
                 utmp <<= 8;
-                if(neg) utmp |= cont[i] ^ 0xff;
-                else utmp |= cont[i];
+                if (neg)
+                        utmp |= cont[i] ^ 0xff;
+                else
+                        utmp |= cont[i];
         }
         ltmp = (long)utmp;
-        if(neg) {
+        if (neg) {
                 ltmp++;
                 ltmp = -ltmp;
         }
-        if(ltmp == it->size) {
+        if (ltmp == it->size) {
                 ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
                 return 0;
         }
@@ -172,8 +188,9 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
         return 1;
 }
 
-static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                        int indent, const ASN1_PCTX *pctx)
+static int
+long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent,
+    const ASN1_PCTX *pctx)
 {
         return BIO_printf(out, "%ld\n", *(long *)pval);
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_name.c b/src/lib/libssl/src/crypto/asn1/x_name.c
index d10ac5acd1..70459babc4 100644
--- a/src/lib/libssl/src/crypto/asn1/x_name.c
+++ b/src/lib/libssl/src/crypto/asn1/x_name.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -66,13 +66,12 @@
 typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
 DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
 
-static int x509_name_ex_d2i(ASN1_VALUE **val,
-                                const unsigned char **in, long len,
-                                const ASN1_ITEM *it,
-                                int tag, int aclass, char opt, ASN1_TLC *ctx);
+static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in,
+    long len, const ASN1_ITEM *it, int tag, int aclass, char opt,
+    ASN1_TLC *ctx);
 
 static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
-                                const ASN1_ITEM *it, int tag, int aclass);
+    const ASN1_ITEM *it, int tag, int aclass);
 static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
 static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
 
@@ -80,13 +79,10 @@ static int x509_name_encode(X509_NAME *a);
 static int x509_name_canon(X509_NAME *a);
 static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in);
 static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname,
-                          unsigned char **in);
+    unsigned char **in);
 
-
-static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
-                                                int indent,
-                                                const char *fname, 
-                                                const ASN1_PCTX *pctx);
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, int indent,
+    const char *fname, const ASN1_PCTX *pctx);
 
 ASN1_SEQUENCE(X509_NAME_ENTRY) = {
         ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
@@ -101,11 +97,11 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
  */
 
 ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
 ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
 
 ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
 ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
 
 /* Normally that's where it would end: we'd have two nested STACK structures
@@ -124,26 +120,30 @@ const ASN1_EXTERN_FUNCS x509_name_ff = {
         x509_name_ex_print
 };
 
-IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
 
-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+static int
+x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
 {
         X509_NAME *ret = NULL;
+
         ret = malloc(sizeof(X509_NAME));
-        if(!ret) goto memerr;
-        if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
+        if (!ret)
+                goto memerr;
+        if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
+                goto memerr;
+        if ((ret->bytes = BUF_MEM_new()) == NULL)
                 goto memerr;
-        if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
         ret->canon_enc = NULL;
         ret->canon_enclen = 0;
-        ret->modified=1;
+        ret->modified = 1;
         *val = (ASN1_VALUE *)ret;
         return 1;
 
- memerr:
+memerr:
         ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
         if (ret) {
                 if (ret->entries)
@@ -153,54 +153,64 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
         return 0;
 }
 
-static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static void
+x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
         X509_NAME *a;
-        if(!pval || !*pval)
-            return;
+
+        if (!pval || !*pval)
+                return;
         a = (X509_NAME *)*pval;
 
         BUF_MEM_free(a->bytes);
-        sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+        sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
         if (a->canon_enc)
                 free(a->canon_enc);
         free(a);
         *pval = NULL;
 }
 
-static int x509_name_ex_d2i(ASN1_VALUE **val,
-                        const unsigned char **in, long len, const ASN1_ITEM *it,
-                                int tag, int aclass, char opt, ASN1_TLC *ctx)
+static int
+x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
+    const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx)
 {
         const unsigned char *p = *in, *q;
-        union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
-                ASN1_VALUE *a; } intname = {NULL};
-        union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
+        union {
+                STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+                ASN1_VALUE *a;
+        } intname = {NULL};
+        union {
+                X509_NAME *x;
+                ASN1_VALUE *a;
+        } nm = {NULL};
         int i, j, ret;
         STACK_OF(X509_NAME_ENTRY) *entries;
         X509_NAME_ENTRY *entry;
         q = p;
 
         /* Get internal representation of Name */
-        ret = ASN1_item_ex_d2i(&intname.a,
-                               &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
-                               tag, aclass, opt, ctx);
-        
-        if(ret <= 0) return ret;
-
-        if(*val) x509_name_ex_free(val, NULL);
-        if(!x509_name_ex_new(&nm.a, NULL)) goto err;
+        ret = ASN1_item_ex_d2i(&intname.a, &p, len,
+            ASN1_ITEM_rptr(X509_NAME_INTERNAL), tag, aclass, opt, ctx);
+
+        if (ret <= 0)
+                return ret;
+
+        if (*val)
+                x509_name_ex_free(val, NULL);
+        if (!x509_name_ex_new(&nm.a, NULL))
+                goto err;
         /* We've decoded it: now cache encoding */
-        if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err;
+        if (!BUF_MEM_grow(nm.x->bytes, p - q))
+                goto err;
         memcpy(nm.x->bytes->data, q, p - q);
 
         /* Convert internal representation to X509_NAME structure */
-        for(i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
+        for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
                 entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
-                for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+                for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
                         entry = sk_X509_NAME_ENTRY_value(entries, j);
                         entry->set = i;
-                        if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
+                        if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
                                 goto err;
                 }
                 sk_X509_NAME_ENTRY_free(entries);
@@ -213,90 +223,104 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
         *val = nm.a;
         *in = p;
         return ret;
+
 err:
-        if (nm.x != NULL)
+        if (nm.x != NULL)
                 X509_NAME_free(nm.x);
         ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
         return 0;
 }
 
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+static int
+x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it,
+    int tag, int aclass)
 {
         int ret;
         X509_NAME *a = (X509_NAME *)*val;
-        if(a->modified) {
+
+        if (a->modified) {
                 ret = x509_name_encode(a);
-                if(ret < 0)
+                if (ret < 0)
                         return ret;
                 ret = x509_name_canon(a);
-                if(ret < 0)
+                if (ret < 0)
                         return ret;
         }
         ret = a->bytes->length;
-        if(out != NULL) {
-                memcpy(*out,a->bytes->data,ret);
-                *out+=ret;
+        if (out != NULL) {
+                memcpy(*out, a->bytes->data, ret);
+                *out += ret;
         }
         return ret;
 }
 
-static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
+static void
+local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
 {
         sk_X509_NAME_ENTRY_free(ne);
 }
 
-static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
+static void
+local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
 {
         sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
 }
 
-static int x509_name_encode(X509_NAME *a)
+static int
+x509_name_encode(X509_NAME *a)
 {
-        union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
-                ASN1_VALUE *a; } intname = {NULL};
+        union {
+                STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+                ASN1_VALUE *a;
+        } intname = {NULL};
         int len;
         unsigned char *p;
         STACK_OF(X509_NAME_ENTRY) *entries = NULL;
         X509_NAME_ENTRY *entry;
         int i, set = -1;
+
         intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
-        if(!intname.s) goto memerr;
-        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        if (!intname.s)
+                goto memerr;
+        for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
                 entry = sk_X509_NAME_ENTRY_value(a->entries, i);
-                if(entry->set != set) {
+                if (entry->set != set) {
                         entries = sk_X509_NAME_ENTRY_new_null();
-                        if(!entries) goto memerr;
-                        if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s,
-                                                             entries))
+                        if (!entries)
+                                goto memerr;
+                        if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s,
+                            entries))
                                 goto memerr;
                         set = entry->set;
                 }
-                if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
+                if (!sk_X509_NAME_ENTRY_push(entries, entry))
+                        goto memerr;
         }
         len = ASN1_item_ex_i2d(&intname.a, NULL,
-                               ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-        if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
-        p=(unsigned char *)a->bytes->data;
-        ASN1_item_ex_i2d(&intname.a,
-                         &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+            ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+        if (!BUF_MEM_grow(a->bytes, len))
+                goto memerr;
+        p = (unsigned char *)a->bytes->data;
+        ASN1_item_ex_i2d(&intname.a, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+            -1, -1);
         sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
-                                             local_sk_X509_NAME_ENTRY_free);
+            local_sk_X509_NAME_ENTRY_free);
         a->modified = 0;
         return len;
+
 memerr:
         sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
-                                             local_sk_X509_NAME_ENTRY_free);
+            local_sk_X509_NAME_ENTRY_free);
         ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
         return -1;
 }
 
-static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
-                                                int indent,
-                                                const char *fname, 
-                                                const ASN1_PCTX *pctx)
+static int
+x509_name_ex_print(BIO *out, ASN1_VALUE **pval, int indent, const char *fname,
+    const ASN1_PCTX *pctx)
 {
-        if (X509_NAME_print_ex(out, (X509_NAME *)*pval,
-                                        indent, pctx->nm_flags) <= 0)
+        if (X509_NAME_print_ex(out, (X509_NAME *)*pval, indent,
+            pctx->nm_flags) <= 0)
                 return 0;
         return 2;
 }
@@ -314,7 +338,8 @@ static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
  * dirName can also be checked with a simple memcmp().
  */
 
-static int x509_name_canon(X509_NAME *a)
+static int
+x509_name_canon(X509_NAME *a)
 {
         unsigned char *p;
         STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
@@ -325,22 +350,22 @@ static int x509_name_canon(X509_NAME *a)
         if (a->canon_enc) {
                 free(a->canon_enc);
                 a->canon_enc = NULL;
-                }
+        }
         /* Special case: empty X509_NAME => null encoding */
         if (sk_X509_NAME_ENTRY_num(a->entries) == 0) {
                 a->canon_enclen = 0;
                 return 1;
         }
         intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
-        if(!intname)
+        if (!intname)
                 goto err;
-        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
                 entry = sk_X509_NAME_ENTRY_value(a->entries, i);
-                if(entry->set != set) {
+                if (entry->set != set) {
                         entries = sk_X509_NAME_ENTRY_new_null();
-                        if(!entries)
+                        if (!entries)
                                 goto err;
-                        if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
+                        if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
                                 goto err;
                         set = entry->set;
                 }
@@ -348,33 +373,27 @@ static int x509_name_canon(X509_NAME *a)
                 tmpentry->object = OBJ_dup(entry->object);
                 if (!asn1_string_canon(tmpentry->value, entry->value))
                         goto err;
-                if(!sk_X509_NAME_ENTRY_push(entries, tmpentry))
+                if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))
                         goto err;
                 tmpentry = NULL;
         }
 
         /* Finally generate encoding */
-
         a->canon_enclen = i2d_name_canon(intname, NULL);
-
         p = malloc(a->canon_enclen);
-
         if (!p)
                 goto err;
-
         a->canon_enc = p;
-
         i2d_name_canon(intname, &p);
-
         ret = 1;
 
-        err:
+err:
 
         if (tmpentry)
                 X509_NAME_ENTRY_free(tmpentry);
         if (intname)
                 sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
-                                        local_sk_X509_NAME_ENTRY_pop_free);
+                    local_sk_X509_NAME_ENTRY_pop_free);
         return ret;
 }
 
@@ -384,9 +403,10 @@ static int x509_name_canon(X509_NAME *a)
         (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \
         | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
         | B_ASN1_VISIBLESTRING)
-        
 
-static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
+
+static int
+asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
 {
         unsigned char *to, *from;
         int len, i;
@@ -415,7 +435,7 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
          */
 
         /* Ignore leading spaces */
-        while((len > 0) && !(*from & 0x80) && isspace(*from)) {
+        while ((len > 0) && !(*from & 0x80) && isspace(*from)) {
                 from++;
                 len--;
         }
@@ -431,24 +451,24 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
         to = out->data;
 
         i = 0;
-        while(i < len) {
+        while (i < len) {
                 /* If MSB set just copy across */
                 if (*from & 0x80) {
                         *to++ = *from++;
                         i++;
-                        }
+                }
                 /* Collapse multiple spaces */
                 else if (isspace(*from)) {
                         /* Copy one space across */
                         *to++ = ' ';
                         /* Ignore subsequent spaces. Note: don't need to
-                         * check len here because we know the last 
+                         * check len here because we know the last
                          * character is a non-space so we can't overflow.
                          */
                         do {
                                 from++;
                                 i++;
-                        } while(!(*from & 0x80) && isspace(*from));
+                        } while (!(*from & 0x80) && isspace(*from));
                 } else {
                         *to++ = tolower(*from);
                         from++;
@@ -459,11 +479,10 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
         out->length = to - out->data;
 
         return 1;
-
 }
 
-static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
-                          unsigned char **in)
+static int
+i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname, unsigned char **in)
 {
         int i, len, ltmp;
         ASN1_VALUE *v;
@@ -473,7 +492,7 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
         for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) {
                 v = sk_ASN1_VALUE_value(intname, i);
                 ltmp = ASN1_item_ex_i2d(&v, in,
-                        ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
+                    ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
                 if (ltmp < 0)
                         return ltmp;
                 len += ltmp;
@@ -481,21 +500,23 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
         return len;
 }
 
-int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
+int
+X509_NAME_set(X509_NAME **xn, X509_NAME *name)
 {
         X509_NAME *in;
 
-        if (!xn || !name) return(0);
+        if (!xn || !name)
+                return (0);
 
         if (*xn != name) {
-                in=X509_NAME_dup(name);
+                in = X509_NAME_dup(name);
                 if (in != NULL) {
                         X509_NAME_free(*xn);
-                        *xn=in;
+                        *xn = in;
                 }
         }
-        return(*xn != NULL);
+        return (*xn != NULL);
 }
-        
+
 IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
 IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
diff --git a/src/lib/libssl/src/crypto/asn1/x_nx509.c b/src/lib/libssl/src/crypto/asn1/x_nx509.c
index fbd9a22db3..538a9f95eb 100644
--- a/src/lib/libssl/src/crypto/asn1/x_nx509.c
+++ b/src/lib/libssl/src/crypto/asn1/x_nx509.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -69,4 +69,3 @@ ASN1_SEQUENCE(NETSCAPE_X509) = {
 } ASN1_SEQUENCE_END(NETSCAPE_X509)
 
 IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509)
-
diff --git a/src/lib/libssl/src/crypto/asn1/x_pkey.c b/src/lib/libssl/src/crypto/asn1/x_pkey.c
index eac134a1ee..d18b8f6f5e 100644
--- a/src/lib/libssl/src/crypto/asn1/x_pkey.c
+++ b/src/lib/libssl/src/crypto/asn1/x_pkey.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,75 +64,85 @@
 #include <openssl/x509.h>
 
 /* need to implement */
-int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
+int
+i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
 {
-        return(0);
+        return (0);
 }
 
-X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
+X509_PKEY *
+d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
 {
         int i;
-        M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
+        M_ASN1_D2I_vars(a, X509_PKEY *, X509_PKEY_new);
 
         M_ASN1_D2I_Init();
         M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get_x(X509_ALGOR,ret->enc_algor,d2i_X509_ALGOR);
-        M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->enc_pkey,d2i_ASN1_OCTET_STRING);
+        M_ASN1_D2I_get_x(X509_ALGOR, ret->enc_algor, d2i_X509_ALGOR);
+        M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->enc_pkey,
+            d2i_ASN1_OCTET_STRING);
 
-        ret->cipher.cipher=EVP_get_cipherbyname(
-                OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
+        ret->cipher.cipher = EVP_get_cipherbyname(
+            OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
         if (ret->cipher.cipher == NULL) {
-                c.error=ASN1_R_UNSUPPORTED_CIPHER;
-                c.line=__LINE__;
+                c.error = ASN1_R_UNSUPPORTED_CIPHER;
+                c.line = __LINE__;
                 goto err;
         }
         if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) {
-                i=ret->enc_algor->parameter->value.octet_string->length;
+                i = ret->enc_algor->parameter->value.octet_string->length;
                 if (i > EVP_MAX_IV_LENGTH) {
-                        c.error=ASN1_R_IV_TOO_LARGE;
-                        c.line=__LINE__;
+                        c.error = ASN1_R_IV_TOO_LARGE;
+                        c.line = __LINE__;
                         goto err;
                 }
                 memcpy(ret->cipher.iv,
-                        ret->enc_algor->parameter->value.octet_string->data,i);
-        }
-        else
-                memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
-        M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
+                    ret->enc_algor->parameter->value.octet_string->data, i);
+        } else
+                memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
+        M_ASN1_D2I_Finish(a, X509_PKEY_free, ASN1_F_D2I_X509_PKEY);
 }
 
-X509_PKEY *X509_PKEY_new(void)
+X509_PKEY *
+X509_PKEY_new(void)
 {
-        X509_PKEY *ret=NULL;
+        X509_PKEY *ret = NULL;
         ASN1_CTX c;
 
-        M_ASN1_New_Malloc(ret,X509_PKEY);
-        ret->version=0;
-        M_ASN1_New(ret->enc_algor,X509_ALGOR_new);
-        M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new);
-        ret->dec_pkey=NULL;
-        ret->key_length=0;
-        ret->key_data=NULL;
-        ret->key_free=0;
-        ret->cipher.cipher=NULL;
-        memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
-        ret->references=1;
-        return(ret);
+        M_ASN1_New_Malloc(ret, X509_PKEY);
+        ret->version = 0;
+        M_ASN1_New(ret->enc_algor, X509_ALGOR_new);
+        M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new);
+        ret->dec_pkey = NULL;
+        ret->key_length = 0;
+        ret->key_data = NULL;
+        ret->key_free = 0;
+        ret->cipher.cipher = NULL;
+        memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
+        ret->references = 1;
+        return (ret);
         M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
 }
 
-void X509_PKEY_free(X509_PKEY *x)
+void
+X509_PKEY_free(X509_PKEY *x)
 {
         int i;
 
-        if (x == NULL) return;
+        if (x == NULL)
+                return;
 
-        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);
-        if (i > 0) return;
+        i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY);
+        if (i > 0)
+                return;
 
-        if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
-        if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey);
-        if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
-        if ((x->key_data != NULL) && (x->key_free)) free(x->key_data);
+        if (x->enc_algor != NULL)
+                X509_ALGOR_free(x->enc_algor);
+        if (x->enc_pkey != NULL)
+                M_ASN1_OCTET_STRING_free(x->enc_pkey);
+        if (x->dec_pkey != NULL)
+                EVP_PKEY_free(x->dec_pkey);
+        if ((x->key_data != NULL) && (x->key_free))
+                free(x->key_data);
         free(x);
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_pubkey.c b/src/lib/libssl/src/crypto/asn1/x_pubkey.c
index 1d6ab6580a..df915e2dfd 100644
--- a/src/lib/libssl/src/crypto/asn1/x_pubkey.c
+++ b/src/lib/libssl/src/crypto/asn1/x_pubkey.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -69,8 +69,8 @@
 #endif
 
 /* Minor tweak to operation: free up EVP_PKEY */
-static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                        void *exarg)
+static int
+pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
         if (operation == ASN1_OP_FREE_POST) {
                 X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
@@ -86,54 +86,61 @@ ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
 
-int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
+int
+X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 {
-        X509_PUBKEY *pk=NULL;
+        X509_PUBKEY *pk = NULL;
 
-        if (x == NULL) return(0);
-
-        if ((pk=X509_PUBKEY_new()) == NULL) goto error;
+        if (x == NULL)
+                return (0);
+        if ((pk = X509_PUBKEY_new()) == NULL)
+                goto error;
 
         if (pkey->ameth) {
                 if (pkey->ameth->pub_encode) {
                         if (!pkey->ameth->pub_encode(pk, pkey)) {
                                 X509err(X509_F_X509_PUBKEY_SET,
-                                        X509_R_PUBLIC_KEY_ENCODE_ERROR);
+                                    X509_R_PUBLIC_KEY_ENCODE_ERROR);
                                 goto error;
                         }
                 } else {
                         X509err(X509_F_X509_PUBKEY_SET,
-                                X509_R_METHOD_NOT_SUPPORTED);
+                            X509_R_METHOD_NOT_SUPPORTED);
                         goto error;
                 }
         } else {
-                X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
+                X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM);
                 goto error;
         }
 
         if (*x != NULL)
                 X509_PUBKEY_free(*x);
 
-        *x=pk;
+        *x = pk;
 
         return 1;
+
 error:
-        if (pk != NULL) X509_PUBKEY_free(pk);
+        if (pk != NULL)
+                X509_PUBKEY_free(pk);
         return 0;
 }
 
-EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+EVP_PKEY *
+X509_PUBKEY_get(X509_PUBKEY *key)
 {
-        EVP_PKEY *ret=NULL;
+        EVP_PKEY *ret = NULL;
 
-        if (key == NULL) goto error;
+        if (key == NULL)
+                goto error;
 
         if (key->pkey != NULL) {
                 CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
                 return key->pkey;
         }
 
-        if (key->public_key == NULL) goto error;
+        if (key->public_key == NULL)
+                goto error;
 
         if ((ret = EVP_PKEY_new()) == NULL) {
                 X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
@@ -141,14 +148,14 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
         }
 
         if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) {
-                X509err(X509_F_X509_PUBKEY_GET,X509_R_UNSUPPORTED_ALGORITHM);
+                X509err(X509_F_X509_PUBKEY_GET, X509_R_UNSUPPORTED_ALGORITHM);
                 goto error;
         }
 
         if (ret->ameth->pub_decode) {
                 if (!ret->ameth->pub_decode(ret, key)) {
                         X509err(X509_F_X509_PUBKEY_GET,
-                                                X509_R_PUBLIC_KEY_DECODE_ERROR);
+                            X509_R_PUBLIC_KEY_DECODE_ERROR);
                         goto error;
                 }
         } else {
@@ -170,39 +177,44 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
 
         return ret;
 
-        error:
+error:
         if (ret != NULL)
                 EVP_PKEY_free(ret);
-        return(NULL);
+        return (NULL);
 }
 
 /* Now two pseudo ASN1 routines that take an EVP_PKEY structure
  * and encode or decode as X509_PUBKEY
  */
 
-EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,
-             long length)
+EVP_PKEY *
+d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
 {
         X509_PUBKEY *xpk;
         EVP_PKEY *pktmp;
         xpk = d2i_X509_PUBKEY(NULL, pp, length);
-        if(!xpk) return NULL;
+        if (!xpk)
+                return NULL;
         pktmp = X509_PUBKEY_get(xpk);
         X509_PUBKEY_free(xpk);
-        if(!pktmp) return NULL;
-        if(a) {
+        if (!pktmp)
+                return NULL;
+        if (a) {
                 EVP_PKEY_free(*a);
                 *a = pktmp;
         }
         return pktmp;
 }
 
-int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
+int
+i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
 {
-        X509_PUBKEY *xpk=NULL;
+        X509_PUBKEY *xpk = NULL;
         int ret;
-        if(!a) return 0;
-        if(!X509_PUBKEY_set(&xpk, a)) return 0;
+        if (!a)
+                return 0;
+        if (!X509_PUBKEY_set(&xpk, a))
+                return 0;
         ret = i2d_X509_PUBKEY(xpk, pp);
         X509_PUBKEY_free(xpk);
         return ret;
@@ -212,18 +224,20 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
  * keys
  */
 #ifndef OPENSSL_NO_RSA
-RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
-             long length)
+RSA *
+d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length)
 {
         EVP_PKEY *pkey;
         RSA *key;
         const unsigned char *q;
         q = *pp;
         pkey = d2i_PUBKEY(NULL, &q, length);
-        if (!pkey) return NULL;
+        if (!pkey)
+                return NULL;
         key = EVP_PKEY_get1_RSA(pkey);
         EVP_PKEY_free(pkey);
-        if (!key) return NULL;
+        if (!key)
+                return NULL;
         *pp = q;
         if (a) {
                 RSA_free(*a);
@@ -232,11 +246,13 @@ RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
         return key;
 }
 
-int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
+int
+i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
 {
         EVP_PKEY *pktmp;
         int ret;
-        if (!a) return 0;
+        if (!a)
+                return 0;
         pktmp = EVP_PKEY_new();
         if (!pktmp) {
                 ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
@@ -250,18 +266,20 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
 #endif
 
 #ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
-             long length)
+DSA *
+d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
 {
         EVP_PKEY *pkey;
         DSA *key;
         const unsigned char *q;
         q = *pp;
         pkey = d2i_PUBKEY(NULL, &q, length);
-        if (!pkey) return NULL;
+        if (!pkey)
+                return NULL;
         key = EVP_PKEY_get1_DSA(pkey);
         EVP_PKEY_free(pkey);
-        if (!key) return NULL;
+        if (!key)
+                return NULL;
         *pp = q;
         if (a) {
                 DSA_free(*a);
@@ -270,13 +288,15 @@ DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
         return key;
 }
 
-int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
+int
+i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
 {
         EVP_PKEY *pktmp;
         int ret;
-        if(!a) return 0;
+        if (!a)
+                return 0;
         pktmp = EVP_PKEY_new();
-        if(!pktmp) {
+        if (!pktmp) {
                 ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
                 return 0;
         }
@@ -288,44 +308,49 @@ int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
 #endif
 
 #ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
+EC_KEY *
+d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
 {
         EVP_PKEY *pkey;
         EC_KEY *key;
         const unsigned char *q;
         q = *pp;
         pkey = d2i_PUBKEY(NULL, &q, length);
-        if (!pkey) return(NULL);
+        if (!pkey)
+                return (NULL);
         key = EVP_PKEY_get1_EC_KEY(pkey);
         EVP_PKEY_free(pkey);
-        if (!key)  return(NULL);
+        if (!key)
+                return (NULL);
         *pp = q;
         if (a) {
                 EC_KEY_free(*a);
                 *a = key;
         }
-        return(key);
+        return (key);
 }
 
-int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
+int
+i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
 {
         EVP_PKEY *pktmp;
         int ret;
-        if (!a) return(0);
+        if (!a)
+                return (0);
         if ((pktmp = EVP_PKEY_new()) == NULL) {
                 ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
-                return(0);
+                return (0);
         }
         EVP_PKEY_set1_EC_KEY(pktmp, a);
         ret = i2d_PUBKEY(pktmp, pp);
         EVP_PKEY_free(pktmp);
-        return(ret);
+        return (ret);
 }
 #endif
 
-int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
-                                        int ptype, void *pval,
-                                        unsigned char *penc, int penclen)
+int
+X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype,
+    void *pval, unsigned char *penc, int penclen)
 {
         if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
                 return 0;
@@ -334,17 +359,16 @@ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                         free(pub->public_key->data);
                 pub->public_key->data = penc;
                 pub->public_key->length = penclen;
-                /* Set number of unused bits to zero */
+                /* Set number of unused bits to zero */
                 pub->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-                pub->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+                pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
         }
         return 1;
 }
 
-int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
-                const unsigned char **pk, int *ppklen,
-                X509_ALGOR **pa,
-                X509_PUBKEY *pub)
+int
+X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk,
+    int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub)
 {
         if (ppkalg)
                 *ppkalg = pub->algor->algorithm;
diff --git a/src/lib/libssl/src/crypto/asn1/x_req.c b/src/lib/libssl/src/crypto/asn1/x_req.c
index d57555827c..442f56a144 100644
--- a/src/lib/libssl/src/crypto/asn1/x_req.c
+++ b/src/lib/libssl/src/crypto/asn1/x_req.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -66,7 +66,7 @@
  * encode the attributes field if it is empty. This is in
  * violation of PKCS#10 but we need to tolerate it. We do
  * this by making the attributes field OPTIONAL then using
- * the callback to initialise it to an empty STACK. 
+ * the callback to initialise it to an empty STACK.
  *
  * This means that the field will be correctly encoded unless
  * we NULL out the field.
@@ -79,14 +79,15 @@
  *
  */
 
-static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                                                        void *exarg)
+static int
+rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
         X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
 
-        if(operation == ASN1_OP_NEW_POST) {
+        if (operation == ASN1_OP_NEW_POST) {
                 rinf->attributes = sk_X509_ATTRIBUTE_new_null();
-                if(!rinf->attributes) return 0;
+                if (!rinf->attributes)
+                        return 0;
         }
         return 1;
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_sig.c b/src/lib/libssl/src/crypto/asn1/x_sig.c
index 42efa86c1c..5c9aef0365 100644
--- a/src/lib/libssl/src/crypto/asn1/x_sig.c
+++ b/src/lib/libssl/src/crypto/asn1/x_sig.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
diff --git a/src/lib/libssl/src/crypto/asn1/x_spki.c b/src/lib/libssl/src/crypto/asn1/x_spki.c
index 2aece077c5..34fe81443c 100644
--- a/src/lib/libssl/src/crypto/asn1/x_spki.c
+++ b/src/lib/libssl/src/crypto/asn1/x_spki.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
diff --git a/src/lib/libssl/src/crypto/asn1/x_val.c b/src/lib/libssl/src/crypto/asn1/x_val.c
index dc17c67758..6436f0cb55 100644
--- a/src/lib/libssl/src/crypto/asn1/x_val.c
+++ b/src/lib/libssl/src/crypto/asn1/x_val.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
diff --git a/src/lib/libssl/src/crypto/asn1/x_x509.c b/src/lib/libssl/src/crypto/asn1/x_x509.c
index 20448a8e3b..e7d613e20f 100644
--- a/src/lib/libssl/src/crypto/asn1/x_x509.c
+++ b/src/lib/libssl/src/crypto/asn1/x_x509.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -81,15 +81,15 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
 
 extern void policy_cache_free(X509_POLICY_CACHE *cache);
 
-static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
-                                                                void *exarg)
+static int
+x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
         X509 *ret = (X509 *)*pval;
 
-        switch(operation) {
+        switch (operation) {
 
         case ASN1_OP_NEW_POST:
-                ret->valid=0;
+                ret->valid = 0;
                 ret->name = NULL;
                 ret->ex_flags = 0;
                 ret->ex_pathlen = -1;
@@ -105,8 +105,9 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                 break;
 
         case ASN1_OP_D2I_POST:
-                if (ret->name != NULL) free(ret->name);
-                ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+                if (ret->name != NULL)
+                        free(ret->name);
+                ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0);
                 break;
 
         case ASN1_OP_FREE_POST:
@@ -122,14 +123,12 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                 sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
                 ASIdentifiers_free(ret->rfc3779_asid);
 #endif
-
-                if (ret->name != NULL) free(ret->name);
+                if (ret->name != NULL)
+                        free(ret->name);
                 break;
-
         }
 
         return 1;
-
 }
 
 ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
@@ -141,21 +140,24 @@ ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509)
 
-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+int
+X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
 {
         return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
-                                new_func, dup_func, free_func);
+            new_func, dup_func, free_func);
 }
 
-int X509_set_ex_data(X509 *r, int idx, void *arg)
+int
+X509_set_ex_data(X509 *r, int idx, void *arg)
 {
-        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
 }
 
-void *X509_get_ex_data(X509 *r, int idx)
+void *
+X509_get_ex_data(X509 *r, int idx)
 {
-        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        return (CRYPTO_get_ex_data(&r->ex_data, idx));
 }
 
 /* X509_AUX ASN1 routines. X509_AUX is the name given to
@@ -166,29 +168,38 @@ void *X509_get_ex_data(X509 *r, int idx)
  *
  */
 
-X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
+X509 *
+d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
 {
         const unsigned char *q;
         X509 *ret;
+
         /* Save start position */
         q = *pp;
         ret = d2i_X509(a, pp, length);
         /* If certificate unreadable then forget it */
-        if(!ret) return NULL;
+        if (!ret)
+                return NULL;
         /* update length */
         length -= *pp - q;
-        if(!length) return ret;
-        if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
+        if (!length)
+                return ret;
+        if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
+                goto err;
         return ret;
-        err:
+
+err:
         X509_free(ret);
         return NULL;
 }
 
-int i2d_X509_AUX(X509 *a, unsigned char **pp)
+int
+i2d_X509_AUX(X509 *a, unsigned char **pp)
 {
         int length;
+
         length = i2d_X509(a, pp);
-        if(a) length += i2d_X509_CERT_AUX(a->aux, pp);
+        if (a)
+                length += i2d_X509_CERT_AUX(a->aux, pp);
         return length;
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_x509a.c b/src/lib/libssl/src/crypto/asn1/x_x509a.c
index 287d780830..69ea725709 100644
--- a/src/lib/libssl/src/crypto/asn1/x_x509a.c
+++ b/src/lib/libssl/src/crypto/asn1/x_x509a.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -66,7 +66,7 @@
  * user modifiable data about a certificate. This data is
  * appended to the X509 encoding when the *_X509_AUX routines
  * are used. This means that the "traditional" X509 routines
- * will simply ignore the extra data. 
+ * will simply ignore the extra data.
  */
 
 static X509_CERT_AUX *aux_get(X509 *x);
@@ -81,14 +81,18 @@ ASN1_SEQUENCE(X509_CERT_AUX) = {
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
 
-static X509_CERT_AUX *aux_get(X509 *x)
+static X509_CERT_AUX *
+aux_get(X509 *x)
 {
-        if(!x) return NULL;
-        if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL;
+        if (!x)
+                return NULL;
+        if (!x->aux && !(x->aux = X509_CERT_AUX_new()))
+                return NULL;
         return x->aux;
 }
 
-int X509_alias_set1(X509 *x, unsigned char *name, int len)
+int
+X509_alias_set1(X509 *x, unsigned char *name, int len)
 {
         X509_CERT_AUX *aux;
         if (!name) {
@@ -98,12 +102,15 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len)
                 x->aux->alias = NULL;
                 return 1;
         }
-        if(!(aux = aux_get(x))) return 0;
-        if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;
+        if (!(aux = aux_get(x)))
+                return 0;
+        if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new()))
+                return 0;
         return ASN1_STRING_set(aux->alias, name, len);
 }
 
-int X509_keyid_set1(X509 *x, unsigned char *id, int len)
+int
+X509_keyid_set1(X509 *x, unsigned char *id, int len)
 {
         X509_CERT_AUX *aux;
         if (!id) {
@@ -113,58 +120,74 @@ int X509_keyid_set1(X509 *x, unsigned char *id, int len)
                 x->aux->keyid = NULL;
                 return 1;
         }
-        if(!(aux = aux_get(x))) return 0;
-        if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
+        if (!(aux = aux_get(x)))
+                return 0;
+        if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new()))
+                return 0;
         return ASN1_STRING_set(aux->keyid, id, len);
 }
 
-unsigned char *X509_alias_get0(X509 *x, int *len)
+unsigned char *
+X509_alias_get0(X509 *x, int *len)
 {
-        if(!x->aux || !x->aux->alias) return NULL;
-        if(len) *len = x->aux->alias->length;
+        if (!x->aux || !x->aux->alias)
+                return NULL;
+        if (len)
+                *len = x->aux->alias->length;
         return x->aux->alias->data;
 }
 
-unsigned char *X509_keyid_get0(X509 *x, int *len)
+unsigned char *
+X509_keyid_get0(X509 *x, int *len)
 {
-        if(!x->aux || !x->aux->keyid) return NULL;
-        if(len) *len = x->aux->keyid->length;
+        if (!x->aux || !x->aux->keyid)
+                return NULL;
+        if (len)
+                *len = x->aux->keyid->length;
         return x->aux->keyid->data;
 }
 
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
+int
+X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
 {
         X509_CERT_AUX *aux;
         ASN1_OBJECT *objtmp;
-        if(!(objtmp = OBJ_dup(obj))) return 0;
-        if(!(aux = aux_get(x))) return 0;
-        if(!aux->trust
-                && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
+        if (!(objtmp = OBJ_dup(obj)))
+                return 0;
+        if (!(aux = aux_get(x)))
+                return 0;
+        if (!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null()))
+                return 0;
         return sk_ASN1_OBJECT_push(aux->trust, objtmp);
 }
 
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
+int
+X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
 {
         X509_CERT_AUX *aux;
         ASN1_OBJECT *objtmp;
-        if(!(objtmp = OBJ_dup(obj))) return 0;
-        if(!(aux = aux_get(x))) return 0;
-        if(!aux->reject
-                && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0;
+        if (!(objtmp = OBJ_dup(obj)))
+                return 0;
+        if (!(aux = aux_get(x)))
+                return 0;
+        if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null()))
+                return 0;
         return sk_ASN1_OBJECT_push(aux->reject, objtmp);
 }
 
-void X509_trust_clear(X509 *x)
+void
+X509_trust_clear(X509 *x)
 {
-        if(x->aux && x->aux->trust) {
+        if (x->aux && x->aux->trust) {
                 sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
                 x->aux->trust = NULL;
         }
 }
 
-void X509_reject_clear(X509 *x)
+void
+X509_reject_clear(X509 *x)
 {
-        if(x->aux && x->aux->reject) {
+        if (x->aux && x->aux->reject) {
                 sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
                 x->aux->reject = NULL;
         }