18 files changed, 945 insertions, 999 deletions

diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
index 3e0fe918a3..beb740154c 100644
--- a/src/lib/libssl/dtls1.h
+++ b/src/lib/libssl/dtls1.h
@@ -100,30 +100,27 @@ extern "C" {
 #define DTLS1_SCTP_AUTH_LABEL   "EXPORTER_DTLS_OVER_SCTP"
 #endif
 
-typedef struct dtls1_bitmap_st
-        {
+typedef struct dtls1_bitmap_st {
         unsigned long map;              /* track 32 packets on 32-bit systems
                                            and 64 - on 64-bit systems */
         unsigned char max_seq_num[8];   /* max record number seen so far,
                                            64-bit value in big-endian
                                            encoding */
-        } DTLS1_BITMAP;
+} DTLS1_BITMAP;
 
-struct dtls1_retransmit_state
-        {
+struct dtls1_retransmit_state {
         EVP_CIPHER_CTX *enc_write_ctx;  /* cryptographic state */
-        EVP_MD_CTX *write_hash;                 /* used for mac generation */
+        EVP_MD_CTX *write_hash;         /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
-        COMP_CTX *compress;                             /* compression */
+        COMP_CTX *compress;             /* compression */
 #else
-        char *compress; 
+        char *compress;
 #endif
         SSL_SESSION *session;
         unsigned short epoch;
-        };
+};
 
-struct hm_header_st
-        {
+struct hm_header_st {
         unsigned char type;
         unsigned long msg_len;
         unsigned short seq;
@@ -131,41 +128,36 @@ struct hm_header_st
         unsigned long frag_len;
         unsigned int is_ccs;
         struct dtls1_retransmit_state saved_retransmit_state;
-        };
+};
 
-struct ccs_header_st
-        {
+struct ccs_header_st {
         unsigned char type;
         unsigned short seq;
-        };
+};
 
-struct dtls1_timeout_st
-        {
+struct dtls1_timeout_st {
         /* Number of read timeouts so far */
         unsigned int read_timeouts;
-        
+
         /* Number of write timeouts so far */
         unsigned int write_timeouts;
-        
+
         /* Number of alerts received so far */
         unsigned int num_alerts;
-        };
+};
 
-typedef struct record_pqueue_st
-        {
+typedef struct record_pqueue_st {
         unsigned short epoch;
         pqueue q;
-        } record_pqueue;
+} record_pqueue;
 
-typedef struct hm_fragment_st
-        {
+typedef struct hm_fragment_st {
         struct hm_header_st msg_header;
         unsigned char *fragment;
         unsigned char *reassembly;
-        } hm_fragment;
+} hm_fragment;
 
-typedef struct dtls1_state_st
-        {
+typedef struct dtls1_state_st {
         unsigned int send_cookie;
         unsigned char cookie[DTLS1_COOKIE_LENGTH];
         unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
@@ -244,10 +236,9 @@ typedef struct dtls1_state_st
         int shutdown_received;
 #endif
 
-        } DTLS1_STATE;
+} DTLS1_STATE;
 
-typedef struct dtls1_record_data_st
-        {
+typedef struct dtls1_record_data_st {
         unsigned char *packet;
         unsigned int   packet_length;
         SSL3_BUFFER    rbuf;
@@ -255,7 +246,7 @@ typedef struct dtls1_record_data_st
 #ifndef OPENSSL_NO_SCTP
         struct bio_dgram_sctp_rcvinfo recordinfo;
 #endif
-        } DTLS1_RECORD_DATA;
+} DTLS1_RECORD_DATA;
 
 #endif
 
@@ -269,4 +260,3 @@ typedef struct dtls1_record_data_st
 }
 #endif
 #endif
-
diff --git a/src/lib/libssl/src/ssl/dtls1.h b/src/lib/libssl/src/ssl/dtls1.h
index 3e0fe918a3..beb740154c 100644
--- a/src/lib/libssl/src/ssl/dtls1.h
+++ b/src/lib/libssl/src/ssl/dtls1.h
@@ -100,30 +100,27 @@ extern "C" {
 #define DTLS1_SCTP_AUTH_LABEL   "EXPORTER_DTLS_OVER_SCTP"
 #endif
 
-typedef struct dtls1_bitmap_st
-        {
+typedef struct dtls1_bitmap_st {
         unsigned long map;              /* track 32 packets on 32-bit systems
                                            and 64 - on 64-bit systems */
         unsigned char max_seq_num[8];   /* max record number seen so far,
                                            64-bit value in big-endian
                                            encoding */
-        } DTLS1_BITMAP;
+} DTLS1_BITMAP;
 
-struct dtls1_retransmit_state
-        {
+struct dtls1_retransmit_state {
         EVP_CIPHER_CTX *enc_write_ctx;  /* cryptographic state */
-        EVP_MD_CTX *write_hash;                 /* used for mac generation */
+        EVP_MD_CTX *write_hash;         /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
-        COMP_CTX *compress;                             /* compression */
+        COMP_CTX *compress;             /* compression */
 #else
-        char *compress; 
+        char *compress;
 #endif
         SSL_SESSION *session;
         unsigned short epoch;
-        };
+};
 
-struct hm_header_st
-        {
+struct hm_header_st {
         unsigned char type;
         unsigned long msg_len;
         unsigned short seq;
@@ -131,41 +128,36 @@ struct hm_header_st
         unsigned long frag_len;
         unsigned int is_ccs;
         struct dtls1_retransmit_state saved_retransmit_state;
-        };
+};
 
-struct ccs_header_st
-        {
+struct ccs_header_st {
         unsigned char type;
         unsigned short seq;
-        };
+};
 
-struct dtls1_timeout_st
-        {
+struct dtls1_timeout_st {
         /* Number of read timeouts so far */
         unsigned int read_timeouts;
-        
+
         /* Number of write timeouts so far */
         unsigned int write_timeouts;
-        
+
         /* Number of alerts received so far */
         unsigned int num_alerts;
-        };
+};
 
-typedef struct record_pqueue_st
-        {
+typedef struct record_pqueue_st {
         unsigned short epoch;
         pqueue q;
-        } record_pqueue;
+} record_pqueue;
 
-typedef struct hm_fragment_st
-        {
+typedef struct hm_fragment_st {
         struct hm_header_st msg_header;
         unsigned char *fragment;
         unsigned char *reassembly;
-        } hm_fragment;
+} hm_fragment;
 
-typedef struct dtls1_state_st
-        {
+typedef struct dtls1_state_st {
         unsigned int send_cookie;
         unsigned char cookie[DTLS1_COOKIE_LENGTH];
         unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
@@ -244,10 +236,9 @@ typedef struct dtls1_state_st
         int shutdown_received;
 #endif
 
-        } DTLS1_STATE;
+} DTLS1_STATE;
 
-typedef struct dtls1_record_data_st
-        {
+typedef struct dtls1_record_data_st {
         unsigned char *packet;
         unsigned int   packet_length;
         SSL3_BUFFER    rbuf;
@@ -255,7 +246,7 @@ typedef struct dtls1_record_data_st
 #ifndef OPENSSL_NO_SCTP
         struct bio_dgram_sctp_rcvinfo recordinfo;
 #endif
-        } DTLS1_RECORD_DATA;
+} DTLS1_RECORD_DATA;
 
 #endif
 
@@ -269,4 +260,3 @@ typedef struct dtls1_record_data_st
 }
 #endif
 #endif
-
diff --git a/src/lib/libssl/src/ssl/kssl.h b/src/lib/libssl/src/ssl/kssl.h
index ca0ebac147..b61e3240c8 100644
--- a/src/lib/libssl/src/ssl/kssl.h
+++ b/src/lib/libssl/src/ssl/kssl.h
@@ -117,19 +117,18 @@ typedef unsigned char krb5_octet;
 #endif
 
 #define KSSL_ERR_MAX    256
-typedef struct kssl_err_st  {
+typedef struct kssl_err_st {
         int  reason;
         char text[KSSL_ERR_MAX];
-        } KSSL_ERR;
+} KSSL_ERR;
 
 
 /*      Context for passing
 **              (1) Kerberos session key to SSL, and
 **              (2)     Config data between application and SSL lib
 */
-typedef struct kssl_ctx_st
-        {
-                                /*      used by:    disposition:            */
+typedef struct kssl_ctx_st {
+                                /*      used by:    disposition:            */
         char *service_name;     /*      C,S         default ok (kssl)       */
         char *service_host;     /*      C           input, REQUIRED         */
         char *client_princ;     /*      S           output from krb5 ticket */
@@ -138,7 +137,7 @@ typedef struct kssl_ctx_st
         krb5_enctype enctype;
         int length;
         krb5_octet FAR *key;
-        } KSSL_CTX;
+} KSSL_CTX;
 
 #define KSSL_CLIENT     1
 #define KSSL_SERVER     2
@@ -155,25 +154,25 @@ KSSL_CTX *kssl_ctx_new(void);
 KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
 void kssl_ctx_show(KSSL_CTX *kssl_ctx);
 krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
-        krb5_data *realm, krb5_data *entity, int nentities);
-krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx,  krb5_data **enc_tktp,
-        krb5_data *authenp, KSSL_ERR *kssl_err);
-krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx,  krb5_data *indata,
-        krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
+    krb5_data *realm, krb5_data *entity, int nentities);
+krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
+    krb5_data *authenp, KSSL_ERR *kssl_err);
+krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,
+    krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
 krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
-void    kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
+void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
 void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
-krb5_error_code  kssl_build_principal_2(krb5_context context,
-                        krb5_principal *princ, int rlen, const char *realm,
-                        int slen, const char *svc, int hlen, const char *host);
-krb5_error_code  kssl_validate_times(krb5_timestamp atime,
-                                        krb5_ticket_times *ttimes);
-krb5_error_code  kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
-                                    krb5_timestamp *atimep, KSSL_ERR *kssl_err);
-unsigned char   *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
+krb5_error_code kssl_build_principal_2(krb5_context context,
+    krb5_principal *princ, int rlen, const char *realm, int slen,
+    const char *svc, int hlen, const char *host);
+krb5_error_code kssl_validate_times(krb5_timestamp atime,
+    krb5_ticket_times *ttimes);
+krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
+    krb5_timestamp *atimep, KSSL_ERR *kssl_err);
+unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
 
 void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
-KSSL_CTX * SSL_get0_kssl_ctx(SSL *s);
+KSSL_CTX *SSL_get0_kssl_ctx(SSL *s);
 char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
 
 #ifdef  __cplusplus
diff --git a/src/lib/libssl/src/ssl/o_dir.h b/src/lib/libssl/src/ssl/o_dir.h
index 4b725c0312..cf4a95911a 100644
--- a/src/lib/libssl/src/ssl/o_dir.h
+++ b/src/lib/libssl/src/ssl/o_dir.h
@@ -38,13 +38,14 @@
 extern "C" {
 #endif
 
-  typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
+typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
 
-  /* returns NULL on error or end-of-directory.
-     If it is end-of-directory, errno will be zero */
-  const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
-  /* returns 1 on success, 0 on error */
-  int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
+/* returns NULL on error or end-of-directory.
+   If it is end-of-directory, errno will be zero */
+const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
+
+/* returns 1 on success, 0 on error */
+int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
 
 #ifdef __cplusplus
 }
diff --git a/src/lib/libssl/src/ssl/srtp.h b/src/lib/libssl/src/ssl/srtp.h
index c0cf33ef28..06075f2c86 100644
--- a/src/lib/libssl/src/ssl/srtp.h
+++ b/src/lib/libssl/src/ssl/srtp.h
@@ -122,7 +122,6 @@
 extern "C" {
 #endif
 
-     
 #define SRTP_AES128_CM_SHA1_80 0x0001
 #define SRTP_AES128_CM_SHA1_32 0x0002
 #define SRTP_AES128_F8_SHA1_80 0x0003
@@ -142,4 +141,3 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
 #endif
 
 #endif
-
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index bf4b2f2cb6..97e4a3f96c 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -260,9 +260,9 @@ extern "C" {
 #define SSL_TXT_aKRB5           "aKRB5"
 #define SSL_TXT_aECDSA          "aECDSA"
 #define SSL_TXT_aPSK            "aPSK"
-#define SSL_TXT_aGOST94 "aGOST94"
-#define SSL_TXT_aGOST01 "aGOST01"
-#define SSL_TXT_aGOST  "aGOST"
+#define SSL_TXT_aGOST94         "aGOST94"
+#define SSL_TXT_aGOST01         "aGOST01"
+#define SSL_TXT_aGOST           "aGOST"
 
 #define SSL_TXT_DSS             "DSS"
 #define SSL_TXT_DH              "DH"
@@ -369,23 +369,22 @@ typedef struct ssl_session_st SSL_SESSION;
 DECLARE_STACK_OF(SSL_CIPHER)
 
 /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
-typedef struct srtp_protection_profile_st
-       {
-       const char *name;
-       unsigned long id;
-       } SRTP_PROTECTION_PROFILE;
+typedef struct srtp_protection_profile_st {
+        const char *name;
+        unsigned long id;
+} SRTP_PROTECTION_PROFILE;
 
 DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
 
-typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
-typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
-
+typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
+    int len, void *arg);
+typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
+    STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
 
 #ifndef OPENSSL_NO_SSL_INTERN
 
 /* used to hold info on the particular ciphers used */
-struct ssl_cipher_st
-        {
+struct ssl_cipher_st {
         int valid;
         const char *name;               /* text name */
         unsigned long id;               /* id, 4 bytes, first is version */
@@ -401,34 +400,33 @@ struct ssl_cipher_st
         unsigned long algorithm2;       /* Extra flags */
         int strength_bits;              /* Number of bits really used */
         int alg_bits;                   /* Number of bits for algorithm */
-        };
+};
 
 
 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-struct ssl_method_st
-        {
+struct ssl_method_st {
         int version;
         int (*ssl_new)(SSL *s);
         void (*ssl_clear)(SSL *s);
         void (*ssl_free)(SSL *s);
         int (*ssl_accept)(SSL *s);
         int (*ssl_connect)(SSL *s);
-        int (*ssl_read)(SSL *s,void *buf,int len);
-        int (*ssl_peek)(SSL *s,void *buf,int len);
-        int (*ssl_write)(SSL *s,const void *buf,int len);
+        int (*ssl_read)(SSL *s, void *buf, int len);
+        int (*ssl_peek)(SSL *s, void *buf, int len);
+        int (*ssl_write)(SSL *s, const void *buf, int len);
         int (*ssl_shutdown)(SSL *s);
         int (*ssl_renegotiate)(SSL *s);
         int (*ssl_renegotiate_check)(SSL *s);
-        long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
-                max, int *ok);
-        int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 
-                int peek);
+        long (*ssl_get_message)(SSL *s, int st1, int stn, int mt,
+            long max, int *ok);
+        int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf,
+            int len, int peek);
         int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
         int (*ssl_dispatch_alert)(SSL *s);
-        long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
-        long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
+        long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg);
+        long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg);
         const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
-        int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
+        int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
         int (*ssl_pending)(const SSL *s);
         int (*num_ciphers)(void);
         const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
@@ -438,7 +436,7 @@ struct ssl_method_st
         int (*ssl_version)(void);
         long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
         long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
-        };
+};
 
 /* Lets make this into an ASN.1 type structure as follows
  * SSL_SESSION_ID ::= SEQUENCE {
@@ -465,8 +463,7 @@ struct ssl_method_st
  * Look in ssl/ssl_asn1.c for more details
  * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
  */
-struct ssl_session_st
-        {
+struct ssl_session_st {
         int ssl_version;        /* what ssl version session info is
                                  * being kept in here? */
 
@@ -485,8 +482,8 @@ struct ssl_session_st
         unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 
 #ifndef OPENSSL_NO_KRB5
-        unsigned int krb5_client_princ_len;
-        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
+        unsigned int krb5_client_princ_len;
+        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
 #endif /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_PSK
         char *psk_identity_hint;
@@ -526,7 +523,7 @@ struct ssl_session_st
 
         /* These are used to make removal of session-ids more
          * efficient and to implement a maximum cache size. */
-        struct ssl_session_st *prev,*next;
+        struct ssl_session_st *prev, *next;
 #ifndef OPENSSL_NO_TLSEXT
         char *tlsext_hostname;
 #ifndef OPENSSL_NO_EC
@@ -543,7 +540,7 @@ struct ssl_session_st
 #ifndef OPENSSL_NO_SRP
         char *srp_username;
 #endif
-        };
+};
 
 #endif
 
@@ -684,8 +681,11 @@ struct ssl_session_st
 #define SSL_get_secure_renegotiation_support(ssl) \
         SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
 
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p,
+    int version, int content_type, const void *buf, size_t len, SSL *ssl,
+    void *arg));
+void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
+    int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
 #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 
@@ -693,8 +693,7 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
 
 #ifndef OPENSSL_NO_SSL_INTERN
 
-typedef struct srp_ctx_st
-        {
+typedef struct srp_ctx_st {
         /* param for all the callbacks */
         void *SRP_cb_arg;
         /* set client Hello login callback */
@@ -705,13 +704,13 @@ typedef struct srp_ctx_st
         char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
 
         char *login;
-        BIGNUM *N,*g,*s,*B,*A;
-        BIGNUM *a,*b,*v;
+        BIGNUM *N, *g, *s, *B, *A;
+        BIGNUM *a, *b, *v;
         char *info;
         int strength;
 
         unsigned long srp_Mask;
-        } SRP_CTX;
+} SRP_CTX;
 
 #endif
 
@@ -721,9 +720,9 @@ int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
 int SSL_SRP_CTX_free(SSL *ctx);
 int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
 int SSL_srp_server_param_with_username(SSL *s, int *ad);
-int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key);
+int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key);
 int SRP_Calc_A_param(SSL *s);
-int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);
+int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);
 
 #endif
 
@@ -745,14 +744,13 @@ int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);
  * returns in this case. It is also an error for the callback to set the size to
  * zero. */
 typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
-                                unsigned int *id_len);
+    unsigned int *id_len);
 
 typedef struct ssl_comp_st SSL_COMP;
 
 #ifndef OPENSSL_NO_SSL_INTERN
 
-struct ssl_comp_st
-        {
+struct ssl_comp_st {
         int id;
         const char *name;
 #ifndef OPENSSL_NO_COMP
@@ -760,13 +758,12 @@ struct ssl_comp_st
 #else
         char *method;
 #endif
-        };
+};
 
 DECLARE_STACK_OF(SSL_COMP)
 DECLARE_LHASH_OF(SSL_SESSION);
 
-struct ssl_ctx_st
-        {
+struct ssl_ctx_st {
         const SSL_METHOD *method;
 
         STACK_OF(SSL_CIPHER) *cipher_list;
@@ -801,13 +798,12 @@ struct ssl_ctx_st
          * If remove_session_cb is not null, it will be called when
          * a session-id is removed from the cache.  After the call,
          * OpenSSL will SSL_SESSION_free() it. */
-        int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
-        void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
+        int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
+        void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
         SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
-                unsigned char *data,int len,int *copy);
+        unsigned char *data, int len, int *copy);
 
-        struct
-                {
+        struct {
                 int sess_connect;       /* SSL new conn - started */
                 int sess_connect_renegotiate;/* SSL reneg - requested */
                 int sess_connect_good;  /* SSL new conne/reneg - finished */
@@ -824,7 +820,7 @@ struct ssl_ctx_st
                                          * indicates that the application is
                                          * supplying session-id's from other
                                          * processes - spooky :-) */
-                } stats;
+        } stats;
 
         int references;
 
@@ -843,19 +839,19 @@ struct ssl_ctx_st
         /* get client cert callback */
         int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
 
-    /* cookie generate callback */
-    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, 
-        unsigned int *cookie_len);
+        /* cookie generate callback */
+        int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
+        unsigned int *cookie_len);
 
-    /* verify cookie callback */
-    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, 
-        unsigned int cookie_len);
+        /* verify cookie callback */
+        int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
+        unsigned int cookie_len);
 
         CRYPTO_EX_DATA ex_data;
 
-        const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
+        const EVP_MD *rsa_md5;  /* For SSLv2 - name is 'ssl2-md5' */
         const EVP_MD *md5;      /* For SSLv3/TLSv1 'ssl3-md5' */
-        const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
+        const EVP_MD *sha1;     /* For SSLv3/TLSv1 'ssl3->sha1' */
 
         STACK_OF(X509) *extra_certs;
         STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
@@ -879,7 +875,8 @@ struct ssl_ctx_st
         int read_ahead;
 
         /* callback that allows applications to peek at protocol messages */
-        void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+        void (*msg_callback)(int write_p, int version, int content_type,
+            const void *buf, size_t len, SSL *ssl, void *arg);
         void *msg_callback_arg;
 
         int verify_mode;
@@ -920,10 +917,8 @@ struct ssl_ctx_st
         unsigned char tlsext_tick_hmac_key[16];
         unsigned char tlsext_tick_aes_key[16];
         /* Callback to support customisation of ticket key setting */
-        int (*tlsext_ticket_key_cb)(SSL *ssl,
-                                        unsigned char *name, unsigned char *iv,
-                                        EVP_CIPHER_CTX *ectx,
-                                        HMAC_CTX *hctx, int enc);
+        int (*tlsext_ticket_key_cb)(SSL *ssl, unsigned char *name,
+            unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
 
         /* certificate status request info */
         /* Callback for status request */
@@ -931,17 +926,18 @@ struct ssl_ctx_st
         void *tlsext_status_arg;
 
         /* draft-rescorla-tls-opaque-prf-input-00.txt information */
-        int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
+        int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput,
+            size_t len, void *arg);
         void *tlsext_opaque_prf_input_callback_arg;
 #endif
 
 #ifndef OPENSSL_NO_PSK
         char *psk_identity_hint;
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
-                unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len);
+        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
+            char *identity, unsigned int max_identity_len, unsigned char *psk,
+            unsigned int max_psk_len);
         unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len);
+            unsigned char *psk, unsigned int max_psk_len);
 #endif
 
 #ifndef OPENSSL_NO_BUF_FREELISTS
@@ -963,21 +959,20 @@ struct ssl_ctx_st
         /* For a server, this contains a callback function by which the set of
          * advertised protocols can be provided. */
         int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
-                                         unsigned int *len, void *arg);
+            unsigned int *len, void *arg);
         void *next_protos_advertised_cb_arg;
         /* For a client, this contains a callback function that selects the
          * next protocol from the list provided by the server. */
         int (*next_proto_select_cb)(SSL *s, unsigned char **out,
-                                    unsigned char *outlen,
-                                    const unsigned char *in,
-                                    unsigned int inlen,
-                                    void *arg);
+            unsigned char *outlen, const unsigned char *in,
+            unsigned int inlen, void *arg);
         void *next_proto_select_cb_arg;
 # endif
-        /* SRTP profiles we are willing to do from RFC 5764 */
-        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  
+        /* SRTP profiles we are willing to do from RFC 5764 */
+        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+
 #endif
-        };
+};
 
 #endif
 
@@ -1018,42 +1013,49 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
 #define SSL_CTX_sess_cache_full(ctx) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
 
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
-SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
-void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+    int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess));
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+    SSL_SESSION *sess);
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+    void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess));
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
+    SSL_SESSION *sess);
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+    SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
+    int len, int *copy));
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+    unsigned char *Data, int len, int *copy);
+void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,
+    int type, int val));
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type,
+    int val);
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+    int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
+    EVP_PKEY **pkey);
 #ifndef OPENSSL_NO_ENGINE
 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
 #endif
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
+    unsigned int *cookie_len));
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
+    unsigned int cookie_len));
 #ifndef OPENSSL_NO_NEXTPROTONEG
-void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
-                                           int (*cb) (SSL *ssl,
-                                                      const unsigned char **out,
-                                                      unsigned int *outlen,
-                                                      void *arg),
-                                           void *arg);
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
-                                      int (*cb) (SSL *ssl,
-                                                 unsigned char **out,
-                                                 unsigned char *outlen,
-                                                 const unsigned char *in,
-                                                 unsigned int inlen,
-                                                 void *arg),
-                                      void *arg);
+void
+SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
+    const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
+    unsigned char **out, unsigned char *outlen, const unsigned char *in,
+    unsigned int inlen, void *arg), void *arg);
 
 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-                          const unsigned char *in, unsigned int inlen,
-                          const unsigned char *client, unsigned int client_len);
-void SSL_get0_next_proto_negotiated(const SSL *s,
-                                    const unsigned char **data, unsigned *len);
+    const unsigned char *in, unsigned int inlen, const unsigned char *client,
+    unsigned int client_len);
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+    unsigned *len);
 
 #define OPENSSL_NPN_UNSUPPORTED 0
 #define OPENSSL_NPN_NEGOTIATED  1
@@ -1065,20 +1067,20 @@ void SSL_get0_next_proto_negotiated(const SSL *s,
  * resulting identity/psk */
 #define PSK_MAX_IDENTITY_LEN 128
 #define PSK_MAX_PSK_LEN 256
-void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
-                char *identity, unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len));
-void SSL_set_psk_client_callback(SSL *ssl, 
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
-                char *identity, unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len));
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 
-        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len));
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
+    unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
+    char *identity, unsigned int max_identity_len, unsigned char *psk,
+    unsigned int max_psk_len));
+void SSL_set_psk_client_callback(SSL *ssl,
+    unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
+    char *identity, unsigned int max_identity_len, unsigned char *psk,
+    unsigned int max_psk_len));
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
+    unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+    unsigned char *psk, unsigned int max_psk_len));
 void SSL_set_psk_server_callback(SSL *ssl,
-        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len));
+    unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+    unsigned char *psk, unsigned int max_psk_len));
 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
 int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
 const char *SSL_get_psk_identity_hint(const SSL *s);
@@ -1101,8 +1103,7 @@ const char *SSL_get_psk_identity(const SSL *s);
 
 #ifndef OPENSSL_NO_SSL_INTERN
 
-struct ssl_st
-        {
+struct ssl_st {
         /* protocol version
          * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
          */
@@ -1146,9 +1147,9 @@ struct ssl_st
         int server;     /* are we the server side? - mostly used by SSL_clear*/
 
         int new_session;/* Generate a new session or reuse an old one.
-                         * NB: For servers, the 'new' session may actually be a previously
-                         * cached session or even the previous session unless
-                         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+                         * NB: For servers, the 'new' session may actually be a previously
+                         * cached session or even the previous session unless
+                         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
         int quiet_shutdown;/* don't send shutdown packets */
         int shutdown;   /* we have shut things down, 0x01 sent, 0x02
                          * for received */
@@ -1156,7 +1157,7 @@ struct ssl_st
         int rstate;     /* where we are when reading */
 
         BUF_MEM *init_buf;      /* buffer used during init */
-        void *init_msg;         /* pointer to handshake message body, set by ssl3_get_message() */
+        void *init_msg;         /* pointer to handshake message body, set by ssl3_get_message() */
         int init_num;           /* amount read/written */
         int init_off;           /* amount read/written */
 
@@ -1169,10 +1170,11 @@ struct ssl_st
         struct dtls1_state_st *d1; /* DTLSv1 variables */
 
         int read_ahead;         /* Read as many input bytes as possible
-                                 * (for non-blocking reads) */
+                                 * (for non-blocking reads) */
 
         /* callback that allows applications to peek at protocol messages */
-        void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+        void (*msg_callback)(int write_p, int version, int content_type,
+            const void *buf, size_t len, SSL *ssl, void *arg);
         void *msg_callback_arg;
 
         int hit;                /* reusing a previous session */
@@ -1190,9 +1192,10 @@ struct ssl_st
 
         /* These are the ones being used, the ones in SSL_SESSION are
          * the ones to be 'copied' into these ones */
-        int mac_flags; 
+        int mac_flags;
+
         EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
-        EVP_MD_CTX *read_hash;          /* used for mac generation */
+        EVP_MD_CTX *read_hash;                  /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
         COMP_CTX *expand;                       /* uncompress */
 #else
@@ -1200,11 +1203,12 @@ struct ssl_st
 #endif
 
         EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
-        EVP_MD_CTX *write_hash;         /* used for mac generation */
+        EVP_MD_CTX *write_hash;                 /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
         COMP_CTX *compress;                     /* compression */
 #else
-        char *compress; 
+        char *compress;
+
 #endif
 
         /* session info */
@@ -1235,21 +1239,22 @@ struct ssl_st
         int error_code;         /* actual code */
 
 #ifndef OPENSSL_NO_KRB5
-        KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
+        KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
 #endif  /* OPENSSL_NO_KRB5 */
 
 #ifndef OPENSSL_NO_PSK
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
-                unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len);
+        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
+            char *identity, unsigned int max_identity_len, unsigned char *psk,
+            unsigned int max_psk_len);
         unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len);
+            unsigned char *psk, unsigned int max_psk_len);
 #endif
 
         SSL_CTX *ctx;
         /* set this flag to 1 and a sleep(1) is put into all SSL_read()
          * and SSL_write() calls, good for nbio debuging :-) */
-        int debug;      
+        int debug;
+
 
         /* extra application data */
         long verify_result;
@@ -1269,15 +1274,14 @@ struct ssl_st
 #ifndef OPENSSL_NO_TLSEXT
         /* TLS extension debug callback */
         void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
-                                        unsigned char *data, int len,
-                                        void *arg);
+            unsigned char *data, int len, void *arg);
         void *tlsext_debug_arg;
         char *tlsext_hostname;
-        int servername_done;   /* no further mod of servername 
-                                  0 : call the servername extension callback.
-                                  1 : prepare 2, allow last ack just after in server callback.
-                                  2 : don't call servername callback, no ack in server hello
-                               */
+        int servername_done;    /* no further mod of servername 
+                                   0 : call the servername extension callback.
+                                   1 : prepare 2, allow last ack just after in server callback.
+                                   2 : don't call servername callback, no ack in server hello
+                                   */
         /* certificate status request info */
         /* Status type or -1 if no status type */
         int tlsext_status_type;
@@ -1330,28 +1334,28 @@ struct ssl_st
 
 #define session_ctx initial_ctx
 
-        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  /* What we'll do */
-        SRTP_PROTECTION_PROFILE *srtp_profile;            /* What's been chosen */
+        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;       /* What we'll do */
+        SRTP_PROTECTION_PROFILE *srtp_profile;                  /* What's been chosen */
 
-        unsigned int tlsext_heartbeat;  /* Is use of the Heartbeat extension negotiated?
-                                           0: disabled
-                                           1: enabled
-                                           2: enabled, but not allowed to send Requests
-                                         */
+        unsigned int tlsext_heartbeat;  /* Is use of the Heartbeat extension negotiated?
+                                           0: disabled
+                                           1: enabled
+                                           2: enabled, but not allowed to send Requests
+                                           */
         unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
-        unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
+        unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
 #else
 #define session_ctx ctx
 #endif /* OPENSSL_NO_TLSEXT */
 
         int renegotiate;/* 1 if we are renegotiating.
-                         * 2 if we are a server and are inside a handshake
+                         * 2 if we are a server and are inside a handshake
                          * (i.e. not just sending a HelloRequest) */
 
 #ifndef OPENSSL_NO_SRP
         SRP_CTX srp_ctx; /* ctx for SRP authentication */
 #endif
-        };
+};
 
 #endif
 
@@ -1361,10 +1365,10 @@ struct ssl_st
 
 #include <openssl/ssl2.h>
 #include <openssl/ssl3.h>
-#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
-#include <openssl/dtls1.h> /* Datagram TLS */
+#include <openssl/tls1.h>       /* This is mostly sslv3 with a few tweaks */
+#include <openssl/dtls1.h>      /* Datagram TLS */
 #include <openssl/ssl23.h>
-#include <openssl/srtp.h>  /* Support for the use_srtp extension */
+#include <openssl/srtp.h>       /* Support for the use_srtp extension */
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1417,9 +1421,9 @@ extern "C" {
 
 /* The following 2 states are kept in ssl->rstate when reads fail,
  * you should not need these */
-#define SSL_ST_READ_HEADER                      0xF0
-#define SSL_ST_READ_BODY                        0xF1
-#define SSL_ST_READ_DONE                        0xF2
+#define SSL_ST_READ_HEADER              0xF0
+#define SSL_ST_READ_BODY                0xF1
+#define SSL_ST_READ_DONE                0xF2
 
 /* Obtain latest Finished message
  *   -- that we sent (SSL_get_finished)
@@ -1646,28 +1650,27 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
-BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
 BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
 BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-int BIO_ssl_copy_session_id(BIO *to,BIO *from);
+int BIO_ssl_copy_session_id(BIO *to, BIO *from);
 void BIO_ssl_shutdown(BIO *ssl_bio);
-
 #endif
 
-int     SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
+int     SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
 void    SSL_CTX_free(SSL_CTX *);
-long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
+long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
 long SSL_CTX_get_timeout(const SSL_CTX *ctx);
 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
-void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
+void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
 int SSL_want(const SSL *s);
 int     SSL_clear(SSL *s);
 
-void    SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
+void    SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
 
 const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-int     SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
+int     SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
 char *  SSL_CIPHER_get_version(const SSL_CIPHER *c);
 const char *    SSL_CIPHER_get_name(const SSL_CIPHER *c);
 unsigned long   SSL_CIPHER_get_id(const SSL_CIPHER *c);
@@ -1675,7 +1678,7 @@ unsigned long 	SSL_CIPHER_get_id(const SSL_CIPHER *c);
 int     SSL_get_fd(const SSL *s);
 int     SSL_get_rfd(const SSL *s);
 int     SSL_get_wfd(const SSL *s);
-const char  * SSL_get_cipher_list(const SSL *s,int n);
+const char  * SSL_get_cipher_list(const SSL *s, int n);
 char *  SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
 int     SSL_get_read_ahead(const SSL * s);
 int     SSL_pending(const SSL *s);
@@ -1685,7 +1688,7 @@ int	SSL_set_rfd(SSL *s, int fd);
 int     SSL_set_wfd(SSL *s, int fd);
 #endif
 #ifndef OPENSSL_NO_BIO
-void    SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
+void    SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
 BIO *   SSL_get_rbio(const SSL *s);
 BIO *   SSL_get_wbio(const SSL *s);
 #endif
@@ -1693,16 +1696,16 @@ int	SSL_set_cipher_list(SSL *s, const char *str);
 void    SSL_set_read_ahead(SSL *s, int yes);
 int     SSL_get_verify_mode(const SSL *s);
 int     SSL_get_verify_depth(const SSL *s);
-int     (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
+int     (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *);
 void    SSL_set_verify(SSL *s, int mode,
-                       int (*callback)(int ok,X509_STORE_CTX *ctx));
+            int (*callback)(int ok, X509_STORE_CTX *ctx));
 void    SSL_set_verify_depth(SSL *s, int depth);
 #ifndef OPENSSL_NO_RSA
 int     SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
 #endif
 int     SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
 int     SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int     SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
+int     SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len);
 int     SSL_use_certificate(SSL *ssl, X509 *x);
 int     SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
 
@@ -1716,9 +1719,9 @@ int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
 int     SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
 int     SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-                                            const char *file);
+            const char *file);
 int     SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-                                            const char *dir);
+            const char *dir);
 #endif
 
 void    SSL_load_error_strings(void );
@@ -1730,32 +1733,34 @@ long	SSL_SESSION_get_time(const SSL_SESSION *s);
 long    SSL_SESSION_set_time(SSL_SESSION *s, long t);
 long    SSL_SESSION_get_timeout(const SSL_SESSION *s);
 long    SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-void    SSL_copy_session_id(SSL *to,const SSL *from);
+void    SSL_copy_session_id(SSL *to, const SSL *from);
 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
-int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
-                               unsigned int sid_ctx_len);
+int
+SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+unsigned int sid_ctx_len);
 
 SSL_SESSION *SSL_SESSION_new(void);
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
-                                        unsigned int *len);
+const unsigned char
+*SSL_SESSION_get_id(const SSL_SESSION *s,
+unsigned int *len);
 unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
 #ifndef OPENSSL_NO_FP_API
-int     SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
+int     SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
 #endif
 #ifndef OPENSSL_NO_BIO
-int     SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
+int     SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
 #endif
 void    SSL_SESSION_free(SSL_SESSION *ses);
-int     i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
+int     i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
 int     SSL_set_session(SSL *to, SSL_SESSION *session);
 int     SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-int     SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
+int     SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
 int     SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
 int     SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
 int     SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
-                                        unsigned int id_len);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
-                             long length);
+            unsigned int id_len);
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+            long length);
 
 #ifdef HEADER_X509_H
 X509 *  SSL_get_peer_certificate(const SSL *s);
@@ -1765,18 +1770,17 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
 
 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
-                        int (*callback)(int, X509_STORE_CTX *));
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+    int (*callback)(int, X509_STORE_CTX *));
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg);
 #ifndef OPENSSL_NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
 #endif
 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
-int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
-        const unsigned char *d, long len);
+int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);
 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
 
@@ -1786,12 +1790,10 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
 int SSL_CTX_check_private_key(const SSL_CTX *ctx);
 int SSL_check_private_key(const SSL *ctx);
 
-int     SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
-                                       unsigned int sid_ctx_len);
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
 
-SSL *   SSL_new(SSL_CTX *ctx);
-int     SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
-                                   unsigned int sid_ctx_len);
+SSL *SSL_new(SSL_CTX *ctx);
+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
 
 int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
 int SSL_set_purpose(SSL *s, int purpose);
@@ -1802,21 +1804,16 @@ int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
 int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
 
 #ifndef OPENSSL_NO_SRP
-int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name);
-int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password);
+int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
+int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
 int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
-int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
-                                        char *(*cb)(SSL *,void *));
-int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
-                                          int (*cb)(SSL *,void *));
-int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
-                                      int (*cb)(SSL *,int *,void *));
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *, void *));
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *, void *));
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, int (*cb)(SSL *, int *, void *));
 int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
 
-int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
-                             BIGNUM *sa, BIGNUM *v, char *info);
-int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
-                                const char *grp);
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, BIGNUM *sa, BIGNUM *v, char *info);
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp);
 
 BIGNUM *SSL_get_srp_g(SSL *s);
 BIGNUM *SSL_get_srp_N(SSL *s);
@@ -1828,15 +1825,15 @@ char *SSL_get_srp_userinfo(SSL *s);
 void    SSL_free(SSL *ssl);
 int     SSL_accept(SSL *ssl);
 int     SSL_connect(SSL *ssl);
-int     SSL_read(SSL *ssl,void *buf,int num);
-int     SSL_peek(SSL *ssl,void *buf,int num);
-int     SSL_write(SSL *ssl,const void *buf,int num);
-long    SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
+int     SSL_read(SSL *ssl, void *buf, int num);
+int     SSL_peek(SSL *ssl, void *buf, int num);
+int     SSL_write(SSL *ssl, const void *buf, int num);
+long    SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
 long    SSL_callback_ctrl(SSL *, int, void (*)(void));
-long    SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
+long    SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
 long    SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
 
-int     SSL_get_error(const SSL *s,int ret_code);
+int     SSL_get_error(const SSL *s, int ret_code);
 const char *SSL_get_version(const SSL *s);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
@@ -1852,7 +1849,7 @@ const SSL_METHOD *SSLv3_method(void);		/* SSLv3 */
 const SSL_METHOD *SSLv3_server_method(void);    /* SSLv3 */
 const SSL_METHOD *SSLv3_client_method(void);    /* SSLv3 */
 
-const SSL_METHOD *SSLv23_method(void);  /* SSLv3 but can rollback to v2 */
+const SSL_METHOD *SSLv23_method(void);          /* SSLv3 but can rollback to v2 */
 const SSL_METHOD *SSLv23_server_method(void);   /* SSLv3 but can rollback to v2 */
 const SSL_METHOD *SSLv23_client_method(void);   /* SSLv3 but can rollback to v2 */
 
@@ -1892,8 +1889,8 @@ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
-int SSL_add_client_CA(SSL *ssl,X509 *x);
-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
+int SSL_add_client_CA(SSL *ssl, X509 *x);
+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
 
 void SSL_set_connect_state(SSL *s);
 void SSL_set_accept_state(SSL *s);
@@ -1902,7 +1899,7 @@ long SSL_get_default_timeout(const SSL *s);
 
 int SSL_library_init(void );
 
-char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
+char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
 
 SSL *SSL_dup(SSL *ssl);
@@ -1919,35 +1916,36 @@ int SSL_get_shutdown(const SSL *ssl);
 int SSL_version(const SSL *ssl);
 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
-        const char *CApath);
+    const char *CApath);
 #define SSL_get0_session SSL_get_session /* just peek at pointer */
 SSL_SESSION *SSL_get_session(const SSL *ssl);
 SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
 void SSL_set_info_callback(SSL *ssl,
-                           void (*cb)(const SSL *ssl,int type,int val));
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
+    void (*cb)(const SSL *ssl, int type, int val));
+void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val);
 int SSL_state(const SSL *ssl);
 void SSL_set_state(SSL *ssl, int state);
 
-void SSL_set_verify_result(SSL *ssl,long v);
+void SSL_set_verify_result(SSL *ssl, long v);
 long SSL_get_verify_result(const SSL *ssl);
 
-int SSL_set_ex_data(SSL *ssl,int idx,void *data);
-void *SSL_get_ex_data(const SSL *ssl,int idx);
+int SSL_set_ex_data(SSL *ssl, int idx, void *data);
+void *SSL_get_ex_data(const SSL *ssl, int idx);
 int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
+int SSL_SESSION_get_ex_new_index(long argl, void *argp,
+    CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+    CRYPTO_EX_free *free_func);
 
-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
-void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
+int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
+void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
 int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 
 int SSL_get_ex_data_X509_STORE_CTX_idx(void );
 
@@ -1980,31 +1978,25 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
 #define SSL_set_max_send_fragment(ssl,m) \
         SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
 
-     /* NB: the keylength is only applicable when is_export is true */
+/* NB: the keylength is only applicable when is_export is true */
 #ifndef OPENSSL_NO_RSA
 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
-                                  RSA *(*cb)(SSL *ssl,int is_export,
-                                             int keylength));
+    RSA *(*cb)(SSL *ssl, int is_export, int keylength));
 
 void SSL_set_tmp_rsa_callback(SSL *ssl,
-                                  RSA *(*cb)(SSL *ssl,int is_export,
-                                             int keylength));
+    RSA *(*cb)(SSL *ssl, int is_export, int keylength));
 #endif
 #ifndef OPENSSL_NO_DH
 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
-                                 DH *(*dh)(SSL *ssl,int is_export,
-                                           int keylength));
+    DH *(*dh)(SSL *ssl, int is_export, int keylength));
 void SSL_set_tmp_dh_callback(SSL *ssl,
-                                 DH *(*dh)(SSL *ssl,int is_export,
-                                           int keylength));
+    DH *(*dh)(SSL *ssl, int is_export, int keylength));
 #endif
 #ifndef OPENSSL_NO_ECDH
 void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
-                                 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
-                                           int keylength));
+    EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
 void SSL_set_tmp_ecdh_callback(SSL *ssl,
-                                 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
-                                           int keylength));
+    EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
 #endif
 
 #ifndef OPENSSL_NO_COMP
@@ -2012,23 +2004,24 @@ const COMP_METHOD *SSL_get_current_compression(SSL *s);
 const COMP_METHOD *SSL_get_current_expansion(SSL *s);
 const char *SSL_COMP_get_name(const COMP_METHOD *comp);
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
 #else
 const void *SSL_get_current_compression(SSL *s);
 const void *SSL_get_current_expansion(SSL *s);
 const char *SSL_COMP_get_name(const void *comp);
 void *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,void *cm);
+int SSL_COMP_add_compression_method(int id, void *cm);
 #endif
 
 /* TLS extensions functions */
 int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
 
-int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
-                                  void *arg);
+int SSL_set_session_ticket_ext_cb(SSL *s,
+    tls_session_ticket_ext_cb_fn cb, void *arg);
 
 /* Pre-shared secret session resumption functions */
-int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
+int SSL_set_session_secret_cb(SSL *s,
+    tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
 
 void SSL_set_debug(SSL *s, int debug);
 int SSL_cache_hit(SSL *s);
diff --git a/src/lib/libssl/src/ssl/ssl2.h b/src/lib/libssl/src/ssl/ssl2.h
index 29033c8be7..4052b11868 100644
--- a/src/lib/libssl/src/ssl/ssl2.h
+++ b/src/lib/libssl/src/ssl/ssl2.h
@@ -100,7 +100,7 @@ extern "C" {
 #define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5       0x020700c0
 #define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA       0x020701c0 /* v3 */
 #define SSL2_CK_RC4_64_WITH_MD5                 0x02080080 /* MS hack */
- 
+
 #define SSL2_CK_DES_64_CFB64_WITH_MD5_1         0x02ff0800 /* SSLeay */
 #define SSL2_CK_NULL                            0x02ff0810 /* SSLeay */
 
@@ -133,8 +133,8 @@ extern "C" {
 
 /* Upper/Lower Bounds */
 #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS      256
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    32767u  /* 2^15-1 */
-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER    16383 /* 2^14-1 */
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    32767u  /* 2^15-1 */
+#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER    16383   /* 2^14-1 */
 
 #define SSL2_CHALLENGE_LENGTH   16
 /*#define SSL2_CHALLENGE_LENGTH 32 */
@@ -153,8 +153,7 @@ extern "C" {
 
 #ifndef OPENSSL_NO_SSL_INTERN
 
-typedef struct ssl2_state_st
-        {
+typedef struct ssl2_state_st {
         int three_byte_header;
         int clear_text;         /* clear text */
         int escape;             /* not used in SSLv2 */
@@ -167,8 +166,8 @@ typedef struct ssl2_state_st
         const unsigned char *wpend_buf;
 
         int wpend_off;  /* offset to data to write */
-        int wpend_len;  /* number of bytes passwd to write */
-        int wpend_ret;  /* number of bytes to return to caller */
+        int wpend_len;  /* number of bytes passwd to write */
+        int wpend_ret;  /* number of bytes to return to caller */
 
         /* buffer raw data */
         int rbuf_left;
@@ -191,7 +190,7 @@ typedef struct ssl2_state_st
         unsigned char *read_key;
         unsigned char *write_key;
 
-                /* Stuff specifically to do with this SSL session */
+        /* Stuff specifically to do with this SSL session */
         unsigned int challenge_length;
         unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
         unsigned int conn_id_length;
@@ -202,20 +201,23 @@ typedef struct ssl2_state_st
         unsigned long read_sequence;
         unsigned long write_sequence;
 
-        struct  {
+        struct {
                 unsigned int conn_id_length;
-                unsigned int cert_type; 
+                unsigned int cert_type;
+
                 unsigned int cert_length;
-                unsigned int csl; 
+                unsigned int csl;
+
                 unsigned int clear;
-                unsigned int enc; 
+                unsigned int enc;
+
                 unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
                 unsigned int cipher_spec_length;
                 unsigned int session_id_length;
                 unsigned int clen;
                 unsigned int rlen;
-                } tmp;
-        } SSL2_STATE;
+        } tmp;
+} SSL2_STATE;
 
 #endif
 
@@ -265,4 +267,3 @@ typedef struct ssl2_state_st
 }
 #endif
 #endif
-
diff --git a/src/lib/libssl/src/ssl/ssl23.h b/src/lib/libssl/src/ssl/ssl23.h
index d3228983c7..4e28a06796 100644
--- a/src/lib/libssl/src/ssl/ssl23.h
+++ b/src/lib/libssl/src/ssl/ssl23.h
@@ -80,4 +80,3 @@ extern "C" {
 }
 #endif
 #endif
-
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h
index cb8b2492ec..2b25357917 100644
--- a/src/lib/libssl/src/ssl/ssl3.h
+++ b/src/lib/libssl/src/ssl/ssl3.h
@@ -163,13 +163,13 @@ extern "C" {
 #define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
 
 #if 0
-        #define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
-        #define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
-        #if 0 /* Because it clashes with KRB5, is never used any more, and is safe
-                 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
-                 of the ietf-tls list */
-        #define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
-        #endif
+#define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
+#define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
+#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
+         to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
+         of the ietf-tls list */
+#define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
+#endif
 #endif
 
 /*    VRS Additional Kerberos5 entries
@@ -222,9 +222,9 @@ extern "C" {
 #define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
 
 #if 0
-        #define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
-        #define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
-        #define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
+#define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
+#define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
+#define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
 #endif
 
 #define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
@@ -342,11 +342,10 @@ extern "C" {
 
 #define TLS1_HB_REQUEST         1
 #define TLS1_HB_RESPONSE        2
-        
+
 #ifndef OPENSSL_NO_SSL_INTERN
 
-typedef struct ssl3_record_st
-        {
+typedef struct ssl3_record_st {
 /*r */  int type;               /* type of record */
 /*rw*/  unsigned int length;    /* How many bytes available */
 /*r */  unsigned int off;       /* read/write offset into 'buf' */
@@ -355,16 +354,15 @@ typedef struct ssl3_record_st
 /*r */  unsigned char *comp;    /* only used with decompression - malloc()ed */
 /*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
 /*r */  unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
-        } SSL3_RECORD;
+} SSL3_RECORD;
 
-typedef struct ssl3_buffer_st
-        {
-        unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
+typedef struct ssl3_buffer_st {
+        unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
                                  * see ssl3_setup_buffers() */
-        size_t len;             /* buffer size */
-        int offset;             /* where to 'copy from' */
-        int left;               /* how many bytes left */
-        } SSL3_BUFFER;
+        size_t len;             /* buffer size */
+        int offset;             /* where to 'copy from' */
+        int left;               /* how many bytes left */
+} SSL3_BUFFER;
 
 #endif
 
@@ -388,7 +386,7 @@ typedef struct ssl3_buffer_st
 #define TLS1_FLAGS_TLS_PADDING_BUG              0x0008
 #define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
 #define TLS1_FLAGS_KEEP_HANDSHAKE               0x0020
- 
+
 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
  * restart a handshake because of MS SGC and so prevents us
  * from restarting the handshake in a loop. It's reset on a
@@ -402,8 +400,7 @@ typedef struct ssl3_buffer_st
 
 #ifndef OPENSSL_NO_SSL_INTERN
 
-typedef struct ssl3_state_st
-        {
+typedef struct ssl3_state_st {
         long flags;
         int delay_buf_pop_ret;
 
@@ -471,7 +468,8 @@ typedef struct ssl3_state_st
 
         /* Opaque PRF input as used for the current handshake.
          * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
-         * (otherwise, they are merely present to improve binary compatibility) */
+         * (otherwise, they are merely present to improve binary compatibility)
+         */
         void *client_opaque_prf_input;
         size_t client_opaque_prf_input_len;
         void *server_opaque_prf_input;
@@ -501,7 +499,7 @@ typedef struct ssl3_state_st
 #endif
 
                 /* used when SSL_ST_FLUSH_DATA is entered */
-                int next_state;                 
+                int next_state;
 
                 int reuse_message;
 
@@ -526,17 +524,18 @@ typedef struct ssl3_state_st
                 char *new_compression;
 #endif
                 int cert_request;
-                } tmp;
+        } tmp;
 
-        /* Connection binding to prevent renegotiation attacks */
-        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_client_finished_len;
-        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_server_finished_len;
-        int send_connection_binding; /* TODOEKR */
+        /* Connection binding to prevent renegotiation attacks */
+        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_client_finished_len;
+        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_server_finished_len;
+        int send_connection_binding; /* TODOEKR */
 
 #ifndef OPENSSL_NO_NEXTPROTONEG
-        /* Set if we saw the Next Protocol Negotiation extension from our peer. */
+        /* Set if we saw the Next Protocol Negotiation extension from our peer.
+         */
         int next_proto_neg_seen;
 #endif
 
@@ -548,7 +547,7 @@ typedef struct ssl3_state_st
         char is_probably_safari;
 #endif /* !OPENSSL_NO_EC */
 #endif /* !OPENSSL_NO_TLSEXT */
-        } SSL3_STATE;
+} SSL3_STATE;
 
 #endif
 
@@ -690,4 +689,3 @@ typedef struct ssl3_state_st
 }
 #endif
 #endif
-
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 7311d984ae..203a47480f 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -480,21 +480,19 @@
 #define NAMED_CURVE_TYPE           3
 #endif  /* OPENSSL_NO_EC */
 
-typedef struct cert_pkey_st
-        {
+typedef struct cert_pkey_st {
         X509 *x509;
         EVP_PKEY *privatekey;
         /* Digest to use when signing */
         const EVP_MD *digest;
-        } CERT_PKEY;
+} CERT_PKEY;
 
-typedef struct cert_st
-        {
+typedef struct cert_st {
         /* Current active set */
         CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
                          * Probably it would make more sense to store
                          * an index, not a pointer. */
- 
+
         /* The following masks are for the key and auth
          * algorithms that are supported by the certs below */
         int valid;
@@ -504,26 +502,25 @@ typedef struct cert_st
         unsigned long export_mask_a;
 #ifndef OPENSSL_NO_RSA
         RSA *rsa_tmp;
-        RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
+        RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize);
 #endif
 #ifndef OPENSSL_NO_DH
         DH *dh_tmp;
-        DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
+        DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
 #endif
 #ifndef OPENSSL_NO_ECDH
         EC_KEY *ecdh_tmp;
         /* Callback for generating ephemeral ECDH keys */
-        EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
+        EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize);
 #endif
 
         CERT_PKEY pkeys[SSL_PKEY_NUM];
 
         int references; /* >1 only if SSL_copy_session_id is used */
-        } CERT;
+} CERT;
 
 
-typedef struct sess_cert_st
-        {
+typedef struct sess_cert_st {
         STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
 
         /* The 'peer_...' members are used only by clients. */
@@ -545,7 +542,7 @@ typedef struct sess_cert_st
 #endif
 
         int references; /* actually always 1 at the moment */
-        } SESS_CERT;
+} SESS_CERT;
 
 
 /*#define MAC_DEBUG     */
@@ -568,12 +565,12 @@ typedef struct sess_cert_st
 /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
  * It is a bit of a mess of functions, but hell, think of it as
  * an opaque structure :-) */
-typedef struct ssl3_enc_method
-        {
+typedef struct ssl3_enc_method {
         int (*enc)(SSL *, int);
         int (*mac)(SSL *, unsigned char *, int);
         int (*setup_key_block)(SSL *);
-        int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
+        int (*generate_master_secret)(SSL *, unsigned char *,
+            unsigned char *, int);
         int (*change_cipher_state)(SSL *, int);
         int (*final_finish_mac)(SSL *,  const char *, int, unsigned char *);
         int finish_mac_length;
@@ -584,33 +581,29 @@ typedef struct ssl3_enc_method
         int server_finished_label_len;
         int (*alert_value)(int);
         int (*export_keying_material)(SSL *, unsigned char *, size_t,
-                                      const char *, size_t,
-                                      const unsigned char *, size_t,
-                                      int use_context);
-        } SSL3_ENC_METHOD;
+            const char *, size_t, const unsigned char *, size_t,
+            int use_context);
+} SSL3_ENC_METHOD;
 
 #ifndef OPENSSL_NO_COMP
 /* Used for holding the relevant compression methods loaded into SSL_CTX */
-typedef struct ssl3_comp_st
-        {
+typedef struct ssl3_comp_st {
         int comp_id;    /* The identifier byte for this compression type */
         char *name;     /* Text name used for the compression type */
         COMP_METHOD *method; /* The method :-) */
-        } SSL3_COMP;
+} SSL3_COMP;
 #endif
 
 #ifndef OPENSSL_NO_BUF_FREELISTS
-typedef struct ssl3_buf_freelist_st
-        {
+typedef struct ssl3_buf_freelist_st {
         size_t chunklen;
         unsigned int len;
         struct ssl3_buf_freelist_entry_st *head;
-        } SSL3_BUF_FREELIST;
+} SSL3_BUF_FREELIST;
 
-typedef struct ssl3_buf_freelist_entry_st
-        {
+typedef struct ssl3_buf_freelist_entry_st {
         struct ssl3_buf_freelist_entry_st *next;
-        } SSL3_BUF_FREELIST_ENTRY;
+} SSL3_BUF_FREELIST_ENTRY;
 #endif
 
 extern SSL3_ENC_METHOD ssl3_undef_enc_method;
@@ -822,32 +815,33 @@ SESS_CERT *ssl_sess_cert_new(void);
 void ssl_sess_cert_free(SESS_CERT *sc);
 int ssl_set_peer_cert_type(SESS_CERT *c, int type);
 int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
-int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
-DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
-                                  ssl_cipher_id);
+int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
+    const unsigned char *limit);
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
+DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
-                        const SSL_CIPHER * const *bp);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
-                                               STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
-                             int (*put_cb)(const SSL_CIPHER *, unsigned char *));
+    const SSL_CIPHER * const *bp);
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
+    int num, STACK_OF(SSL_CIPHER) **skp);
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
+    unsigned char *p, int (*put_cb)(const SSL_CIPHER *, unsigned char *));
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
-                                             STACK_OF(SSL_CIPHER) **pref,
-                                             STACK_OF(SSL_CIPHER) **sorted,
-                                             const char *rule_str);
+    STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted,
+    const char *rule_str);
 void ssl_update_cache(SSL *s, int mode);
-int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
-                       const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
-int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);                          
-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
+int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+    const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,
+    SSL_COMP **comp);
+int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md);
+
+int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
 int ssl_undefined_function(SSL *s);
 int ssl_undefined_void_function(void);
 int ssl_undefined_const_function(const SSL *s);
 CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
 X509 *ssl_get_server_send_cert(const SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
-int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
+EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd);
+int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
@@ -856,14 +850,14 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
 
 int ssl2_enc_init(SSL *s, int client);
 int ssl2_generate_key_material(SSL *s);
-void ssl2_enc(SSL *s,int send_data);
-void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
+void ssl2_enc(SSL *s, int send_data);
+void ssl2_mac(SSL *s, unsigned char *mac, int send_data);
 const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
+int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
 int ssl2_part_read(SSL *s, unsigned long f, int i);
 int ssl2_do_write(SSL *s);
 int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
-void ssl2_return_error(SSL *s,int reason);
+void ssl2_return_error(SSL *s, int reason);
 void ssl2_write_error(SSL *s);
 int ssl2_num_ciphers(void);
 const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
@@ -876,47 +870,50 @@ int	ssl2_peek(SSL *s, void *buf, int len);
 int     ssl2_write(SSL *s, const void *buf, int len);
 int     ssl2_shutdown(SSL *s);
 void    ssl2_clear(SSL *s);
-long    ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
-long    ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long    ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
-long    ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
+long    ssl2_ctrl(SSL *s, int cmd, long larg, void *parg);
+long    ssl2_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
+long    ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
+long    ssl2_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
 int     ssl2_pending(const SSL *s);
 long    ssl2_default_timeout(void );
 
 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
 void ssl3_init_finished_mac(SSL *s);
 int ssl3_send_server_certificate(SSL *s);
 int ssl3_send_newsession_ticket(SSL *s);
 int ssl3_send_cert_status(SSL *s);
-int ssl3_get_finished(SSL *s,int state_a,int state_b);
+int ssl3_get_finished(SSL *s, int state_a, int state_b);
 int ssl3_setup_key_block(SSL *s);
-int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
-int ssl3_change_cipher_state(SSL *s,int which);
+int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
+int ssl3_change_cipher_state(SSL *s, int which);
 void ssl3_cleanup_key_block(SSL *s);
-int ssl3_do_write(SSL *s,int type);
-int ssl3_send_alert(SSL *s,int level, int desc);
+int ssl3_do_write(SSL *s, int type);
+int ssl3_send_alert(SSL *s, int level, int desc);
 int ssl3_generate_master_secret(SSL *s, unsigned char *out,
-        unsigned char *p, int len);
-int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
+    unsigned char *p, int len);
+int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
 long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
+int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
 int ssl3_num_ciphers(void);
 const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
-int ssl3_renegotiate(SSL *ssl); 
-int ssl3_renegotiate_check(SSL *ssl); 
+int ssl3_renegotiate(SSL *ssl);
+
+int ssl3_renegotiate_check(SSL *ssl);
+
 int ssl3_dispatch_alert(SSL *s);
 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p);
+int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
+    unsigned char *p);
 int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
 int ssl3_enc(SSL *s, int send_data);
 int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
 void ssl3_free_digest_list(SSL *s);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
-                               STACK_OF(SSL_CIPHER) *srvr);
+SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
+    STACK_OF(SSL_CIPHER) *srvr);
 int     ssl3_setup_buffers(SSL *s);
 int     ssl3_setup_read_buffer(SSL *s);
 int     ssl3_setup_write_buffer(SSL *s);
@@ -932,10 +929,10 @@ int	ssl3_peek(SSL *s, void *buf, int len);
 int     ssl3_write(SSL *s, const void *buf, int len);
 int     ssl3_shutdown(SSL *s);
 void    ssl3_clear(SSL *s);
-long    ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
-long    ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long    ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
-long    ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
+long    ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
+long    ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
+long    ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
+long    ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
 int     ssl3_pending(const SSL *s);
 
 void ssl3_record_sequence_update(unsigned char *seq);
@@ -952,16 +949,16 @@ const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
 long ssl23_default_timeout(void );
 
 long tls1_default_timeout(void);
-int dtls1_do_write(SSL *s,int type);
+int dtls1_do_write(SSL *s, int type);
 int ssl3_read_n(SSL *s, int n, int max, int extend);
 int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_do_compress(SSL *ssl);
 int ssl3_do_uncompress(SSL *ssl);
 int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-        unsigned int len);
-unsigned char *dtls1_set_message_header(SSL *s, 
-        unsigned char *p, unsigned char mt,     unsigned long len, 
-        unsigned long frag_off, unsigned long frag_len);
+    unsigned int len);
+unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
+    unsigned char mt, unsigned long len, unsigned long frag_off,
+    unsigned long frag_len);
 
 int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
 int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
@@ -971,8 +968,8 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
 unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
 int dtls1_read_failed(SSL *s, int code);
 int dtls1_buffer_message(SSL *s, int ccs);
-int dtls1_retransmit_message(SSL *s, unsigned short seq, 
-        unsigned long frag_off, int *found);
+int dtls1_retransmit_message(SSL *s, unsigned short seq,
+    unsigned long frag_off, int *found);
 int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
 int dtls1_retransmit_buffered_messages(SSL *s);
 void dtls1_clear_record_buffer(SSL *s);
@@ -1049,21 +1046,21 @@ int ssl23_write_bytes(SSL *s);
 int tls1_new(SSL *s);
 void tls1_free(SSL *s);
 void tls1_clear(SSL *s);
-long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
-long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
+long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
+long tls1_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
 
 int dtls1_new(SSL *s);
 int     dtls1_accept(SSL *s);
 int     dtls1_connect(SSL *s);
 void dtls1_free(SSL *s);
 void dtls1_clear(SSL *s);
-long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
 int dtls1_shutdown(SSL *s);
 
 long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
 int dtls1_get_record(SSL *s);
 int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-        unsigned int len, int create_empty_fragement);
+    unsigned int len, int create_empty_fragement);
 int dtls1_dispatch_alert(SSL *s);
 int dtls1_enc(SSL *s, int snd);
 
@@ -1073,15 +1070,14 @@ void ssl_free_wbio_buffer(SSL *s);
 int tls1_change_cipher_state(SSL *s, int which);
 int tls1_setup_key_block(SSL *s);
 int tls1_enc(SSL *s, int snd);
-int tls1_final_finish_mac(SSL *s,
-        const char *str, int slen, unsigned char *p);
+int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p);
 int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 int tls1_mac(SSL *ssl, unsigned char *md, int snd);
 int tls1_generate_master_secret(SSL *s, unsigned char *out,
-        unsigned char *p, int len);
+    unsigned char *p, int len);
 int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-        const char *label, size_t llen,
-        const unsigned char *p, size_t plen, int use_context);
+    const char *label, size_t llen, const unsigned char *p, size_t plen,
+    int use_context);
 int tls1_alert_code(int code);
 int ssl3_alert_code(int code);
 int ssl_ok(SSL *s);
@@ -1098,10 +1094,16 @@ int tls1_ec_nid2curve_id(int nid);
 #endif /* OPENSSL_NO_EC */
 
 #ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
-int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p,
+    unsigned char *limit);
+
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p,
+    unsigned char *limit);
+
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
+    unsigned char *d, int n, int *al);
+int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
+    unsigned char *d, int n, int *al);
 int ssl_prepare_clienthello_tlsext(SSL *s);
 int ssl_prepare_serverhello_tlsext(SSL *s);
 int ssl_check_clienthello_tlsext_early(SSL *s);
@@ -1114,60 +1116,53 @@ int ssl_check_serverhello_tlsext(SSL *s);
 #define tlsext_tick_md  EVP_sha256
 #endif
 int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
-                                const unsigned char *limit, SSL_SESSION **ret);
+    const unsigned char *limit, SSL_SESSION **ret);
 
 int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
-                                const EVP_MD *md);
+    const EVP_MD *md);
 int tls12_get_sigid(const EVP_PKEY *pk);
 const EVP_MD *tls12_get_hash(unsigned char hash_alg);
 
 #endif
-EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
+EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
-int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-                                        int maxlen);
-int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-                                          int *al);
-int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-                                        int maxlen);
-int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-                                          int *al);
+int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p,
+    int *len, int maxlen);
+int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d,
+    int len, int *al);
+int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p,
+    int *len, int maxlen);
+int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d,
+    int len, int *al);
 long ssl_get_algorithm2(SSL *s);
 int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
 int tls12_get_req_sig_algs(SSL *s, unsigned char *p);
 
-int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
-int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
-int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
-int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
+int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p,
+    int *len, int maxlen);
+int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d,
+    int len, int *al);
+int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p,
+    int *len, int maxlen);
+int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d,
+    int len, int *al);
 
 /* s3_cbc.c */
-void ssl3_cbc_copy_mac(unsigned char* out,
-                       const SSL3_RECORD *rec,
-                       unsigned md_size,unsigned orig_len);
-int ssl3_cbc_remove_padding(const SSL* s,
-                            SSL3_RECORD *rec,
-                            unsigned block_size,
-                            unsigned mac_size);
-int tls1_cbc_remove_padding(const SSL* s,
-                            SSL3_RECORD *rec,
-                            unsigned block_size,
-                            unsigned mac_size);
+void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec,
+    unsigned md_size, unsigned orig_len);
+int ssl3_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
+    unsigned block_size, unsigned mac_size);
+int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
+    unsigned block_size, unsigned mac_size);
 char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
-void ssl3_cbc_digest_record(
-        const EVP_MD_CTX *ctx,
-        unsigned char* md_out,
-        size_t* md_out_size,
-        const unsigned char header[13],
-        const unsigned char *data,
-        size_t data_plus_mac_size,
-        size_t data_plus_mac_plus_padding_size,
-        const unsigned char *mac_secret,
-        unsigned mac_secret_length,
-        char is_sslv3);
-
-void tls_fips_digest_extra(
-        const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
-        const unsigned char *data, size_t data_len, size_t orig_len);
+void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
+    size_t *md_out_size, const unsigned char header[13],
+    const unsigned char *data, size_t data_plus_mac_size,
+    size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
+    unsigned mac_secret_length, char is_sslv3);
+
+void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
+    EVP_MD_CTX *mac_ctx, const unsigned char *data, size_t data_len,
+    size_t orig_len);
 
 #endif
diff --git a/src/lib/libssl/src/ssl/tls1.h b/src/lib/libssl/src/ssl/tls1.h
index 7e35f13849..95d6660ac3 100644
--- a/src/lib/libssl/src/ssl/tls1.h
+++ b/src/lib/libssl/src/ssl/tls1.h
@@ -240,9 +240,9 @@ extern "C" {
 #define TLSEXT_TYPE_session_ticket              35
 
 /* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
-#if 0 /* will have to be provided externally for now ,
-       * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
-       * using whatever extension number you'd like to try */
+#if 0   /* will have to be provided externally for now ,
+         * i.e. build with - DTLSEXT_TYPE_opaque_prf_input = 38183
+         * using whatever extension number you'd like to try */
 # define TLSEXT_TYPE_opaque_prf_input           ?? */
 #endif
 
@@ -295,8 +295,8 @@ int SSL_get_servername_type(const SSL *s);
  * It returns 1 on success and zero otherwise.
  */
 int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-        const char *label, size_t llen, const unsigned char *p, size_t plen,
-        int use_context);
+    const char *label, size_t llen, const unsigned char *p, size_t plen,
+    int use_context);
 
 #define SSL_set_tlsext_host_name(s,name) \
 SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
@@ -719,11 +719,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #endif
 
 /* TLS Session Ticket extension struct */
-struct tls_session_ticket_ext_st
-        {
+struct tls_session_ticket_ext_st {
         unsigned short length;
         void *data;
-        };
+};
 
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/srtp.h b/src/lib/libssl/srtp.h
index c0cf33ef28..06075f2c86 100644
--- a/src/lib/libssl/srtp.h
+++ b/src/lib/libssl/srtp.h
@@ -122,7 +122,6 @@
 extern "C" {
 #endif
 
-     
 #define SRTP_AES128_CM_SHA1_80 0x0001
 #define SRTP_AES128_CM_SHA1_32 0x0002
 #define SRTP_AES128_F8_SHA1_80 0x0003
@@ -142,4 +141,3 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
 #endif
 
 #endif
-
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index bf4b2f2cb6..97e4a3f96c 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -260,9 +260,9 @@ extern "C" {
 #define SSL_TXT_aKRB5           "aKRB5"
 #define SSL_TXT_aECDSA          "aECDSA"
 #define SSL_TXT_aPSK            "aPSK"
-#define SSL_TXT_aGOST94 "aGOST94"
-#define SSL_TXT_aGOST01 "aGOST01"
-#define SSL_TXT_aGOST  "aGOST"
+#define SSL_TXT_aGOST94         "aGOST94"
+#define SSL_TXT_aGOST01         "aGOST01"
+#define SSL_TXT_aGOST           "aGOST"
 
 #define SSL_TXT_DSS             "DSS"
 #define SSL_TXT_DH              "DH"
@@ -369,23 +369,22 @@ typedef struct ssl_session_st SSL_SESSION;
 DECLARE_STACK_OF(SSL_CIPHER)
 
 /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
-typedef struct srtp_protection_profile_st
-       {
-       const char *name;
-       unsigned long id;
-       } SRTP_PROTECTION_PROFILE;
+typedef struct srtp_protection_profile_st {
+        const char *name;
+        unsigned long id;
+} SRTP_PROTECTION_PROFILE;
 
 DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
 
-typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
-typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
-
+typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
+    int len, void *arg);
+typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
+    STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
 
 #ifndef OPENSSL_NO_SSL_INTERN
 
 /* used to hold info on the particular ciphers used */
-struct ssl_cipher_st
-        {
+struct ssl_cipher_st {
         int valid;
         const char *name;               /* text name */
         unsigned long id;               /* id, 4 bytes, first is version */
@@ -401,34 +400,33 @@ struct ssl_cipher_st
         unsigned long algorithm2;       /* Extra flags */
         int strength_bits;              /* Number of bits really used */
         int alg_bits;                   /* Number of bits for algorithm */
-        };
+};
 
 
 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-struct ssl_method_st
-        {
+struct ssl_method_st {
         int version;
         int (*ssl_new)(SSL *s);
         void (*ssl_clear)(SSL *s);
         void (*ssl_free)(SSL *s);
         int (*ssl_accept)(SSL *s);
         int (*ssl_connect)(SSL *s);
-        int (*ssl_read)(SSL *s,void *buf,int len);
-        int (*ssl_peek)(SSL *s,void *buf,int len);
-        int (*ssl_write)(SSL *s,const void *buf,int len);
+        int (*ssl_read)(SSL *s, void *buf, int len);
+        int (*ssl_peek)(SSL *s, void *buf, int len);
+        int (*ssl_write)(SSL *s, const void *buf, int len);
         int (*ssl_shutdown)(SSL *s);
         int (*ssl_renegotiate)(SSL *s);
         int (*ssl_renegotiate_check)(SSL *s);
-        long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
-                max, int *ok);
-        int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 
-                int peek);
+        long (*ssl_get_message)(SSL *s, int st1, int stn, int mt,
+            long max, int *ok);
+        int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf,
+            int len, int peek);
         int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
         int (*ssl_dispatch_alert)(SSL *s);
-        long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
-        long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
+        long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg);
+        long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg);
         const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
-        int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
+        int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
         int (*ssl_pending)(const SSL *s);
         int (*num_ciphers)(void);
         const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
@@ -438,7 +436,7 @@ struct ssl_method_st
         int (*ssl_version)(void);
         long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
         long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
-        };
+};
 
 /* Lets make this into an ASN.1 type structure as follows
  * SSL_SESSION_ID ::= SEQUENCE {
@@ -465,8 +463,7 @@ struct ssl_method_st
  * Look in ssl/ssl_asn1.c for more details
  * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
  */
-struct ssl_session_st
-        {
+struct ssl_session_st {
         int ssl_version;        /* what ssl version session info is
                                  * being kept in here? */
 
@@ -485,8 +482,8 @@ struct ssl_session_st
         unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 
 #ifndef OPENSSL_NO_KRB5
-        unsigned int krb5_client_princ_len;
-        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
+        unsigned int krb5_client_princ_len;
+        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
 #endif /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_PSK
         char *psk_identity_hint;
@@ -526,7 +523,7 @@ struct ssl_session_st
 
         /* These are used to make removal of session-ids more
          * efficient and to implement a maximum cache size. */
-        struct ssl_session_st *prev,*next;
+        struct ssl_session_st *prev, *next;
 #ifndef OPENSSL_NO_TLSEXT
         char *tlsext_hostname;
 #ifndef OPENSSL_NO_EC
@@ -543,7 +540,7 @@ struct ssl_session_st
 #ifndef OPENSSL_NO_SRP
         char *srp_username;
 #endif
-        };
+};
 
 #endif
 
@@ -684,8 +681,11 @@ struct ssl_session_st
 #define SSL_get_secure_renegotiation_support(ssl) \
         SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
 
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p,
+    int version, int content_type, const void *buf, size_t len, SSL *ssl,
+    void *arg));
+void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
+    int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
 #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 
@@ -693,8 +693,7 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
 
 #ifndef OPENSSL_NO_SSL_INTERN
 
-typedef struct srp_ctx_st
-        {
+typedef struct srp_ctx_st {
         /* param for all the callbacks */
         void *SRP_cb_arg;
         /* set client Hello login callback */
@@ -705,13 +704,13 @@ typedef struct srp_ctx_st
         char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
 
         char *login;
-        BIGNUM *N,*g,*s,*B,*A;
-        BIGNUM *a,*b,*v;
+        BIGNUM *N, *g, *s, *B, *A;
+        BIGNUM *a, *b, *v;
         char *info;
         int strength;
 
         unsigned long srp_Mask;
-        } SRP_CTX;
+} SRP_CTX;
 
 #endif
 
@@ -721,9 +720,9 @@ int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
 int SSL_SRP_CTX_free(SSL *ctx);
 int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
 int SSL_srp_server_param_with_username(SSL *s, int *ad);
-int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key);
+int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key);
 int SRP_Calc_A_param(SSL *s);
-int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);
+int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);
 
 #endif
 
@@ -745,14 +744,13 @@ int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);
  * returns in this case. It is also an error for the callback to set the size to
  * zero. */
 typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
-                                unsigned int *id_len);
+    unsigned int *id_len);
 
 typedef struct ssl_comp_st SSL_COMP;
 
 #ifndef OPENSSL_NO_SSL_INTERN
 
-struct ssl_comp_st
-        {
+struct ssl_comp_st {
         int id;
         const char *name;
 #ifndef OPENSSL_NO_COMP
@@ -760,13 +758,12 @@ struct ssl_comp_st
 #else
         char *method;
 #endif
-        };
+};
 
 DECLARE_STACK_OF(SSL_COMP)
 DECLARE_LHASH_OF(SSL_SESSION);
 
-struct ssl_ctx_st
-        {
+struct ssl_ctx_st {
         const SSL_METHOD *method;
 
         STACK_OF(SSL_CIPHER) *cipher_list;
@@ -801,13 +798,12 @@ struct ssl_ctx_st
          * If remove_session_cb is not null, it will be called when
          * a session-id is removed from the cache.  After the call,
          * OpenSSL will SSL_SESSION_free() it. */
-        int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
-        void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
+        int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
+        void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
         SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
-                unsigned char *data,int len,int *copy);
+        unsigned char *data, int len, int *copy);
 
-        struct
-                {
+        struct {
                 int sess_connect;       /* SSL new conn - started */
                 int sess_connect_renegotiate;/* SSL reneg - requested */
                 int sess_connect_good;  /* SSL new conne/reneg - finished */
@@ -824,7 +820,7 @@ struct ssl_ctx_st
                                          * indicates that the application is
                                          * supplying session-id's from other
                                          * processes - spooky :-) */
-                } stats;
+        } stats;
 
         int references;
 
@@ -843,19 +839,19 @@ struct ssl_ctx_st
         /* get client cert callback */
         int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
 
-    /* cookie generate callback */
-    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, 
-        unsigned int *cookie_len);
+        /* cookie generate callback */
+        int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
+        unsigned int *cookie_len);
 
-    /* verify cookie callback */
-    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, 
-        unsigned int cookie_len);
+        /* verify cookie callback */
+        int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
+        unsigned int cookie_len);
 
         CRYPTO_EX_DATA ex_data;
 
-        const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
+        const EVP_MD *rsa_md5;  /* For SSLv2 - name is 'ssl2-md5' */
         const EVP_MD *md5;      /* For SSLv3/TLSv1 'ssl3-md5' */
-        const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
+        const EVP_MD *sha1;     /* For SSLv3/TLSv1 'ssl3->sha1' */
 
         STACK_OF(X509) *extra_certs;
         STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
@@ -879,7 +875,8 @@ struct ssl_ctx_st
         int read_ahead;
 
         /* callback that allows applications to peek at protocol messages */
-        void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+        void (*msg_callback)(int write_p, int version, int content_type,
+            const void *buf, size_t len, SSL *ssl, void *arg);
         void *msg_callback_arg;
 
         int verify_mode;
@@ -920,10 +917,8 @@ struct ssl_ctx_st
         unsigned char tlsext_tick_hmac_key[16];
         unsigned char tlsext_tick_aes_key[16];
         /* Callback to support customisation of ticket key setting */
-        int (*tlsext_ticket_key_cb)(SSL *ssl,
-                                        unsigned char *name, unsigned char *iv,
-                                        EVP_CIPHER_CTX *ectx,
-                                        HMAC_CTX *hctx, int enc);
+        int (*tlsext_ticket_key_cb)(SSL *ssl, unsigned char *name,
+            unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
 
         /* certificate status request info */
         /* Callback for status request */
@@ -931,17 +926,18 @@ struct ssl_ctx_st
         void *tlsext_status_arg;
 
         /* draft-rescorla-tls-opaque-prf-input-00.txt information */
-        int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
+        int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput,
+            size_t len, void *arg);
         void *tlsext_opaque_prf_input_callback_arg;
 #endif
 
 #ifndef OPENSSL_NO_PSK
         char *psk_identity_hint;
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
-                unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len);
+        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
+            char *identity, unsigned int max_identity_len, unsigned char *psk,
+            unsigned int max_psk_len);
         unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len);
+            unsigned char *psk, unsigned int max_psk_len);
 #endif
 
 #ifndef OPENSSL_NO_BUF_FREELISTS
@@ -963,21 +959,20 @@ struct ssl_ctx_st
         /* For a server, this contains a callback function by which the set of
          * advertised protocols can be provided. */
         int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
-                                         unsigned int *len, void *arg);
+            unsigned int *len, void *arg);
         void *next_protos_advertised_cb_arg;
         /* For a client, this contains a callback function that selects the
          * next protocol from the list provided by the server. */
         int (*next_proto_select_cb)(SSL *s, unsigned char **out,
-                                    unsigned char *outlen,
-                                    const unsigned char *in,
-                                    unsigned int inlen,
-                                    void *arg);
+            unsigned char *outlen, const unsigned char *in,
+            unsigned int inlen, void *arg);
         void *next_proto_select_cb_arg;
 # endif
-        /* SRTP profiles we are willing to do from RFC 5764 */
-        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  
+        /* SRTP profiles we are willing to do from RFC 5764 */
+        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+
 #endif
-        };
+};
 
 #endif
 
@@ -1018,42 +1013,49 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
 #define SSL_CTX_sess_cache_full(ctx) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
 
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
-SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
-void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+    int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess));
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+    SSL_SESSION *sess);
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+    void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess));
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
+    SSL_SESSION *sess);
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+    SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
+    int len, int *copy));
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+    unsigned char *Data, int len, int *copy);
+void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,
+    int type, int val));
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type,
+    int val);
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+    int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
+    EVP_PKEY **pkey);
 #ifndef OPENSSL_NO_ENGINE
 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
 #endif
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
+    unsigned int *cookie_len));
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
+    unsigned int cookie_len));
 #ifndef OPENSSL_NO_NEXTPROTONEG
-void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
-                                           int (*cb) (SSL *ssl,
-                                                      const unsigned char **out,
-                                                      unsigned int *outlen,
-                                                      void *arg),
-                                           void *arg);
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
-                                      int (*cb) (SSL *ssl,
-                                                 unsigned char **out,
-                                                 unsigned char *outlen,
-                                                 const unsigned char *in,
-                                                 unsigned int inlen,
-                                                 void *arg),
-                                      void *arg);
+void
+SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
+    const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
+    unsigned char **out, unsigned char *outlen, const unsigned char *in,
+    unsigned int inlen, void *arg), void *arg);
 
 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-                          const unsigned char *in, unsigned int inlen,
-                          const unsigned char *client, unsigned int client_len);
-void SSL_get0_next_proto_negotiated(const SSL *s,
-                                    const unsigned char **data, unsigned *len);
+    const unsigned char *in, unsigned int inlen, const unsigned char *client,
+    unsigned int client_len);
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+    unsigned *len);
 
 #define OPENSSL_NPN_UNSUPPORTED 0
 #define OPENSSL_NPN_NEGOTIATED  1
@@ -1065,20 +1067,20 @@ void SSL_get0_next_proto_negotiated(const SSL *s,
  * resulting identity/psk */
 #define PSK_MAX_IDENTITY_LEN 128
 #define PSK_MAX_PSK_LEN 256
-void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
-                char *identity, unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len));
-void SSL_set_psk_client_callback(SSL *ssl, 
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
-                char *identity, unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len));
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 
-        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len));
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
+    unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
+    char *identity, unsigned int max_identity_len, unsigned char *psk,
+    unsigned int max_psk_len));
+void SSL_set_psk_client_callback(SSL *ssl,
+    unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
+    char *identity, unsigned int max_identity_len, unsigned char *psk,
+    unsigned int max_psk_len));
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
+    unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+    unsigned char *psk, unsigned int max_psk_len));
 void SSL_set_psk_server_callback(SSL *ssl,
-        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len));
+    unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+    unsigned char *psk, unsigned int max_psk_len));
 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
 int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
 const char *SSL_get_psk_identity_hint(const SSL *s);
@@ -1101,8 +1103,7 @@ const char *SSL_get_psk_identity(const SSL *s);
 
 #ifndef OPENSSL_NO_SSL_INTERN
 
-struct ssl_st
-        {
+struct ssl_st {
         /* protocol version
          * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
          */
@@ -1146,9 +1147,9 @@ struct ssl_st
         int server;     /* are we the server side? - mostly used by SSL_clear*/
 
         int new_session;/* Generate a new session or reuse an old one.
-                         * NB: For servers, the 'new' session may actually be a previously
-                         * cached session or even the previous session unless
-                         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+                         * NB: For servers, the 'new' session may actually be a previously
+                         * cached session or even the previous session unless
+                         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
         int quiet_shutdown;/* don't send shutdown packets */
         int shutdown;   /* we have shut things down, 0x01 sent, 0x02
                          * for received */
@@ -1156,7 +1157,7 @@ struct ssl_st
         int rstate;     /* where we are when reading */
 
         BUF_MEM *init_buf;      /* buffer used during init */
-        void *init_msg;         /* pointer to handshake message body, set by ssl3_get_message() */
+        void *init_msg;         /* pointer to handshake message body, set by ssl3_get_message() */
         int init_num;           /* amount read/written */
         int init_off;           /* amount read/written */
 
@@ -1169,10 +1170,11 @@ struct ssl_st
         struct dtls1_state_st *d1; /* DTLSv1 variables */
 
         int read_ahead;         /* Read as many input bytes as possible
-                                 * (for non-blocking reads) */
+                                 * (for non-blocking reads) */
 
         /* callback that allows applications to peek at protocol messages */
-        void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+        void (*msg_callback)(int write_p, int version, int content_type,
+            const void *buf, size_t len, SSL *ssl, void *arg);
         void *msg_callback_arg;
 
         int hit;                /* reusing a previous session */
@@ -1190,9 +1192,10 @@ struct ssl_st
 
         /* These are the ones being used, the ones in SSL_SESSION are
          * the ones to be 'copied' into these ones */
-        int mac_flags; 
+        int mac_flags;
+
         EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
-        EVP_MD_CTX *read_hash;          /* used for mac generation */
+        EVP_MD_CTX *read_hash;                  /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
         COMP_CTX *expand;                       /* uncompress */
 #else
@@ -1200,11 +1203,12 @@ struct ssl_st
 #endif
 
         EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
-        EVP_MD_CTX *write_hash;         /* used for mac generation */
+        EVP_MD_CTX *write_hash;                 /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
         COMP_CTX *compress;                     /* compression */
 #else
-        char *compress; 
+        char *compress;
+
 #endif
 
         /* session info */
@@ -1235,21 +1239,22 @@ struct ssl_st
         int error_code;         /* actual code */
 
 #ifndef OPENSSL_NO_KRB5
-        KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
+        KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
 #endif  /* OPENSSL_NO_KRB5 */
 
 #ifndef OPENSSL_NO_PSK
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
-                unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len);
+        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
+            char *identity, unsigned int max_identity_len, unsigned char *psk,
+            unsigned int max_psk_len);
         unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len);
+            unsigned char *psk, unsigned int max_psk_len);
 #endif
 
         SSL_CTX *ctx;
         /* set this flag to 1 and a sleep(1) is put into all SSL_read()
          * and SSL_write() calls, good for nbio debuging :-) */
-        int debug;      
+        int debug;
+
 
         /* extra application data */
         long verify_result;
@@ -1269,15 +1274,14 @@ struct ssl_st
 #ifndef OPENSSL_NO_TLSEXT
         /* TLS extension debug callback */
         void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
-                                        unsigned char *data, int len,
-                                        void *arg);
+            unsigned char *data, int len, void *arg);
         void *tlsext_debug_arg;
         char *tlsext_hostname;
-        int servername_done;   /* no further mod of servername 
-                                  0 : call the servername extension callback.
-                                  1 : prepare 2, allow last ack just after in server callback.
-                                  2 : don't call servername callback, no ack in server hello
-                               */
+        int servername_done;    /* no further mod of servername 
+                                   0 : call the servername extension callback.
+                                   1 : prepare 2, allow last ack just after in server callback.
+                                   2 : don't call servername callback, no ack in server hello
+                                   */
         /* certificate status request info */
         /* Status type or -1 if no status type */
         int tlsext_status_type;
@@ -1330,28 +1334,28 @@ struct ssl_st
 
 #define session_ctx initial_ctx
 
-        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  /* What we'll do */
-        SRTP_PROTECTION_PROFILE *srtp_profile;            /* What's been chosen */
+        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;       /* What we'll do */
+        SRTP_PROTECTION_PROFILE *srtp_profile;                  /* What's been chosen */
 
-        unsigned int tlsext_heartbeat;  /* Is use of the Heartbeat extension negotiated?
-                                           0: disabled
-                                           1: enabled
-                                           2: enabled, but not allowed to send Requests
-                                         */
+        unsigned int tlsext_heartbeat;  /* Is use of the Heartbeat extension negotiated?
+                                           0: disabled
+                                           1: enabled
+                                           2: enabled, but not allowed to send Requests
+                                           */
         unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
-        unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
+        unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
 #else
 #define session_ctx ctx
 #endif /* OPENSSL_NO_TLSEXT */
 
         int renegotiate;/* 1 if we are renegotiating.
-                         * 2 if we are a server and are inside a handshake
+                         * 2 if we are a server and are inside a handshake
                          * (i.e. not just sending a HelloRequest) */
 
 #ifndef OPENSSL_NO_SRP
         SRP_CTX srp_ctx; /* ctx for SRP authentication */
 #endif
-        };
+};
 
 #endif
 
@@ -1361,10 +1365,10 @@ struct ssl_st
 
 #include <openssl/ssl2.h>
 #include <openssl/ssl3.h>
-#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
-#include <openssl/dtls1.h> /* Datagram TLS */
+#include <openssl/tls1.h>       /* This is mostly sslv3 with a few tweaks */
+#include <openssl/dtls1.h>      /* Datagram TLS */
 #include <openssl/ssl23.h>
-#include <openssl/srtp.h>  /* Support for the use_srtp extension */
+#include <openssl/srtp.h>       /* Support for the use_srtp extension */
 
 #ifdef  __cplusplus
 extern "C" {
@@ -1417,9 +1421,9 @@ extern "C" {
 
 /* The following 2 states are kept in ssl->rstate when reads fail,
  * you should not need these */
-#define SSL_ST_READ_HEADER                      0xF0
-#define SSL_ST_READ_BODY                        0xF1
-#define SSL_ST_READ_DONE                        0xF2
+#define SSL_ST_READ_HEADER              0xF0
+#define SSL_ST_READ_BODY                0xF1
+#define SSL_ST_READ_DONE                0xF2
 
 /* Obtain latest Finished message
  *   -- that we sent (SSL_get_finished)
@@ -1646,28 +1650,27 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
-BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
 BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
 BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-int BIO_ssl_copy_session_id(BIO *to,BIO *from);
+int BIO_ssl_copy_session_id(BIO *to, BIO *from);
 void BIO_ssl_shutdown(BIO *ssl_bio);
-
 #endif
 
-int     SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
+int     SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
 void    SSL_CTX_free(SSL_CTX *);
-long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
+long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
 long SSL_CTX_get_timeout(const SSL_CTX *ctx);
 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
-void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
+void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
 int SSL_want(const SSL *s);
 int     SSL_clear(SSL *s);
 
-void    SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
+void    SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
 
 const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-int     SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
+int     SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
 char *  SSL_CIPHER_get_version(const SSL_CIPHER *c);
 const char *    SSL_CIPHER_get_name(const SSL_CIPHER *c);
 unsigned long   SSL_CIPHER_get_id(const SSL_CIPHER *c);
@@ -1675,7 +1678,7 @@ unsigned long 	SSL_CIPHER_get_id(const SSL_CIPHER *c);
 int     SSL_get_fd(const SSL *s);
 int     SSL_get_rfd(const SSL *s);
 int     SSL_get_wfd(const SSL *s);
-const char  * SSL_get_cipher_list(const SSL *s,int n);
+const char  * SSL_get_cipher_list(const SSL *s, int n);
 char *  SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
 int     SSL_get_read_ahead(const SSL * s);
 int     SSL_pending(const SSL *s);
@@ -1685,7 +1688,7 @@ int	SSL_set_rfd(SSL *s, int fd);
 int     SSL_set_wfd(SSL *s, int fd);
 #endif
 #ifndef OPENSSL_NO_BIO
-void    SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
+void    SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
 BIO *   SSL_get_rbio(const SSL *s);
 BIO *   SSL_get_wbio(const SSL *s);
 #endif
@@ -1693,16 +1696,16 @@ int	SSL_set_cipher_list(SSL *s, const char *str);
 void    SSL_set_read_ahead(SSL *s, int yes);
 int     SSL_get_verify_mode(const SSL *s);
 int     SSL_get_verify_depth(const SSL *s);
-int     (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
+int     (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *);
 void    SSL_set_verify(SSL *s, int mode,
-                       int (*callback)(int ok,X509_STORE_CTX *ctx));
+            int (*callback)(int ok, X509_STORE_CTX *ctx));
 void    SSL_set_verify_depth(SSL *s, int depth);
 #ifndef OPENSSL_NO_RSA
 int     SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
 #endif
 int     SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
 int     SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int     SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
+int     SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len);
 int     SSL_use_certificate(SSL *ssl, X509 *x);
 int     SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
 
@@ -1716,9 +1719,9 @@ int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
 int     SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
 int     SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-                                            const char *file);
+            const char *file);
 int     SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-                                            const char *dir);
+            const char *dir);
 #endif
 
 void    SSL_load_error_strings(void );
@@ -1730,32 +1733,34 @@ long	SSL_SESSION_get_time(const SSL_SESSION *s);
 long    SSL_SESSION_set_time(SSL_SESSION *s, long t);
 long    SSL_SESSION_get_timeout(const SSL_SESSION *s);
 long    SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-void    SSL_copy_session_id(SSL *to,const SSL *from);
+void    SSL_copy_session_id(SSL *to, const SSL *from);
 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
-int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
-                               unsigned int sid_ctx_len);
+int
+SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+unsigned int sid_ctx_len);
 
 SSL_SESSION *SSL_SESSION_new(void);
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
-                                        unsigned int *len);
+const unsigned char
+*SSL_SESSION_get_id(const SSL_SESSION *s,
+unsigned int *len);
 unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
 #ifndef OPENSSL_NO_FP_API
-int     SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
+int     SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
 #endif
 #ifndef OPENSSL_NO_BIO
-int     SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
+int     SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
 #endif
 void    SSL_SESSION_free(SSL_SESSION *ses);
-int     i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
+int     i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
 int     SSL_set_session(SSL *to, SSL_SESSION *session);
 int     SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-int     SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
+int     SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
 int     SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
 int     SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
 int     SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
-                                        unsigned int id_len);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
-                             long length);
+            unsigned int id_len);
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+            long length);
 
 #ifdef HEADER_X509_H
 X509 *  SSL_get_peer_certificate(const SSL *s);
@@ -1765,18 +1770,17 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
 
 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
-                        int (*callback)(int, X509_STORE_CTX *));
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+    int (*callback)(int, X509_STORE_CTX *));
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg);
 #ifndef OPENSSL_NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
 #endif
 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
-int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
-        const unsigned char *d, long len);
+int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);
 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
 
@@ -1786,12 +1790,10 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
 int SSL_CTX_check_private_key(const SSL_CTX *ctx);
 int SSL_check_private_key(const SSL *ctx);
 
-int     SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
-                                       unsigned int sid_ctx_len);
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
 
-SSL *   SSL_new(SSL_CTX *ctx);
-int     SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
-                                   unsigned int sid_ctx_len);
+SSL *SSL_new(SSL_CTX *ctx);
+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
 
 int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
 int SSL_set_purpose(SSL *s, int purpose);
@@ -1802,21 +1804,16 @@ int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
 int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
 
 #ifndef OPENSSL_NO_SRP
-int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name);
-int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password);
+int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
+int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
 int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
-int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
-                                        char *(*cb)(SSL *,void *));
-int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
-                                          int (*cb)(SSL *,void *));
-int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
-                                      int (*cb)(SSL *,int *,void *));
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *, void *));
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *, void *));
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, int (*cb)(SSL *, int *, void *));
 int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
 
-int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
-                             BIGNUM *sa, BIGNUM *v, char *info);
-int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
-                                const char *grp);
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, BIGNUM *sa, BIGNUM *v, char *info);
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp);
 
 BIGNUM *SSL_get_srp_g(SSL *s);
 BIGNUM *SSL_get_srp_N(SSL *s);
@@ -1828,15 +1825,15 @@ char *SSL_get_srp_userinfo(SSL *s);
 void    SSL_free(SSL *ssl);
 int     SSL_accept(SSL *ssl);
 int     SSL_connect(SSL *ssl);
-int     SSL_read(SSL *ssl,void *buf,int num);
-int     SSL_peek(SSL *ssl,void *buf,int num);
-int     SSL_write(SSL *ssl,const void *buf,int num);
-long    SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
+int     SSL_read(SSL *ssl, void *buf, int num);
+int     SSL_peek(SSL *ssl, void *buf, int num);
+int     SSL_write(SSL *ssl, const void *buf, int num);
+long    SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
 long    SSL_callback_ctrl(SSL *, int, void (*)(void));
-long    SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
+long    SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
 long    SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
 
-int     SSL_get_error(const SSL *s,int ret_code);
+int     SSL_get_error(const SSL *s, int ret_code);
 const char *SSL_get_version(const SSL *s);
 
 /* This sets the 'default' SSL version that SSL_new() will create */
@@ -1852,7 +1849,7 @@ const SSL_METHOD *SSLv3_method(void);		/* SSLv3 */
 const SSL_METHOD *SSLv3_server_method(void);    /* SSLv3 */
 const SSL_METHOD *SSLv3_client_method(void);    /* SSLv3 */
 
-const SSL_METHOD *SSLv23_method(void);  /* SSLv3 but can rollback to v2 */
+const SSL_METHOD *SSLv23_method(void);          /* SSLv3 but can rollback to v2 */
 const SSL_METHOD *SSLv23_server_method(void);   /* SSLv3 but can rollback to v2 */
 const SSL_METHOD *SSLv23_client_method(void);   /* SSLv3 but can rollback to v2 */
 
@@ -1892,8 +1889,8 @@ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
-int SSL_add_client_CA(SSL *ssl,X509 *x);
-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
+int SSL_add_client_CA(SSL *ssl, X509 *x);
+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
 
 void SSL_set_connect_state(SSL *s);
 void SSL_set_accept_state(SSL *s);
@@ -1902,7 +1899,7 @@ long SSL_get_default_timeout(const SSL *s);
 
 int SSL_library_init(void );
 
-char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
+char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
 
 SSL *SSL_dup(SSL *ssl);
@@ -1919,35 +1916,36 @@ int SSL_get_shutdown(const SSL *ssl);
 int SSL_version(const SSL *ssl);
 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
-        const char *CApath);
+    const char *CApath);
 #define SSL_get0_session SSL_get_session /* just peek at pointer */
 SSL_SESSION *SSL_get_session(const SSL *ssl);
 SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
 void SSL_set_info_callback(SSL *ssl,
-                           void (*cb)(const SSL *ssl,int type,int val));
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
+    void (*cb)(const SSL *ssl, int type, int val));
+void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val);
 int SSL_state(const SSL *ssl);
 void SSL_set_state(SSL *ssl, int state);
 
-void SSL_set_verify_result(SSL *ssl,long v);
+void SSL_set_verify_result(SSL *ssl, long v);
 long SSL_get_verify_result(const SSL *ssl);
 
-int SSL_set_ex_data(SSL *ssl,int idx,void *data);
-void *SSL_get_ex_data(const SSL *ssl,int idx);
+int SSL_set_ex_data(SSL *ssl, int idx, void *data);
+void *SSL_get_ex_data(const SSL *ssl, int idx);
 int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
+int SSL_SESSION_get_ex_new_index(long argl, void *argp,
+    CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+    CRYPTO_EX_free *free_func);
 
-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
-void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
+int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
+void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
 int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 
 int SSL_get_ex_data_X509_STORE_CTX_idx(void );
 
@@ -1980,31 +1978,25 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
 #define SSL_set_max_send_fragment(ssl,m) \
         SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
 
-     /* NB: the keylength is only applicable when is_export is true */
+/* NB: the keylength is only applicable when is_export is true */
 #ifndef OPENSSL_NO_RSA
 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
-                                  RSA *(*cb)(SSL *ssl,int is_export,
-                                             int keylength));
+    RSA *(*cb)(SSL *ssl, int is_export, int keylength));
 
 void SSL_set_tmp_rsa_callback(SSL *ssl,
-                                  RSA *(*cb)(SSL *ssl,int is_export,
-                                             int keylength));
+    RSA *(*cb)(SSL *ssl, int is_export, int keylength));
 #endif
 #ifndef OPENSSL_NO_DH
 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
-                                 DH *(*dh)(SSL *ssl,int is_export,
-                                           int keylength));
+    DH *(*dh)(SSL *ssl, int is_export, int keylength));
 void SSL_set_tmp_dh_callback(SSL *ssl,
-                                 DH *(*dh)(SSL *ssl,int is_export,
-                                           int keylength));
+    DH *(*dh)(SSL *ssl, int is_export, int keylength));
 #endif
 #ifndef OPENSSL_NO_ECDH
 void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
-                                 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
-                                           int keylength));
+    EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
 void SSL_set_tmp_ecdh_callback(SSL *ssl,
-                                 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
-                                           int keylength));
+    EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
 #endif
 
 #ifndef OPENSSL_NO_COMP
@@ -2012,23 +2004,24 @@ const COMP_METHOD *SSL_get_current_compression(SSL *s);
 const COMP_METHOD *SSL_get_current_expansion(SSL *s);
 const char *SSL_COMP_get_name(const COMP_METHOD *comp);
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
 #else
 const void *SSL_get_current_compression(SSL *s);
 const void *SSL_get_current_expansion(SSL *s);
 const char *SSL_COMP_get_name(const void *comp);
 void *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,void *cm);
+int SSL_COMP_add_compression_method(int id, void *cm);
 #endif
 
 /* TLS extensions functions */
 int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
 
-int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
-                                  void *arg);
+int SSL_set_session_ticket_ext_cb(SSL *s,
+    tls_session_ticket_ext_cb_fn cb, void *arg);
 
 /* Pre-shared secret session resumption functions */
-int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
+int SSL_set_session_secret_cb(SSL *s,
+    tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
 
 void SSL_set_debug(SSL *s, int debug);
 int SSL_cache_hit(SSL *s);
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h
index 29033c8be7..4052b11868 100644
--- a/src/lib/libssl/ssl2.h
+++ b/src/lib/libssl/ssl2.h
@@ -100,7 +100,7 @@ extern "C" {
 #define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5       0x020700c0
 #define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA       0x020701c0 /* v3 */
 #define SSL2_CK_RC4_64_WITH_MD5                 0x02080080 /* MS hack */
- 
+
 #define SSL2_CK_DES_64_CFB64_WITH_MD5_1         0x02ff0800 /* SSLeay */
 #define SSL2_CK_NULL                            0x02ff0810 /* SSLeay */
 
@@ -133,8 +133,8 @@ extern "C" {
 
 /* Upper/Lower Bounds */
 #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS      256
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    32767u  /* 2^15-1 */
-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER    16383 /* 2^14-1 */
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    32767u  /* 2^15-1 */
+#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER    16383   /* 2^14-1 */
 
 #define SSL2_CHALLENGE_LENGTH   16
 /*#define SSL2_CHALLENGE_LENGTH 32 */
@@ -153,8 +153,7 @@ extern "C" {
 
 #ifndef OPENSSL_NO_SSL_INTERN
 
-typedef struct ssl2_state_st
-        {
+typedef struct ssl2_state_st {
         int three_byte_header;
         int clear_text;         /* clear text */
         int escape;             /* not used in SSLv2 */
@@ -167,8 +166,8 @@ typedef struct ssl2_state_st
         const unsigned char *wpend_buf;
 
         int wpend_off;  /* offset to data to write */
-        int wpend_len;  /* number of bytes passwd to write */
-        int wpend_ret;  /* number of bytes to return to caller */
+        int wpend_len;  /* number of bytes passwd to write */
+        int wpend_ret;  /* number of bytes to return to caller */
 
         /* buffer raw data */
         int rbuf_left;
@@ -191,7 +190,7 @@ typedef struct ssl2_state_st
         unsigned char *read_key;
         unsigned char *write_key;
 
-                /* Stuff specifically to do with this SSL session */
+        /* Stuff specifically to do with this SSL session */
         unsigned int challenge_length;
         unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
         unsigned int conn_id_length;
@@ -202,20 +201,23 @@ typedef struct ssl2_state_st
         unsigned long read_sequence;
         unsigned long write_sequence;
 
-        struct  {
+        struct {
                 unsigned int conn_id_length;
-                unsigned int cert_type; 
+                unsigned int cert_type;
+
                 unsigned int cert_length;
-                unsigned int csl; 
+                unsigned int csl;
+
                 unsigned int clear;
-                unsigned int enc; 
+                unsigned int enc;
+
                 unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
                 unsigned int cipher_spec_length;
                 unsigned int session_id_length;
                 unsigned int clen;
                 unsigned int rlen;
-                } tmp;
-        } SSL2_STATE;
+        } tmp;
+} SSL2_STATE;
 
 #endif
 
@@ -265,4 +267,3 @@ typedef struct ssl2_state_st
 }
 #endif
 #endif
-
diff --git a/src/lib/libssl/ssl23.h b/src/lib/libssl/ssl23.h
index d3228983c7..4e28a06796 100644
--- a/src/lib/libssl/ssl23.h
+++ b/src/lib/libssl/ssl23.h
@@ -80,4 +80,3 @@ extern "C" {
 }
 #endif
 #endif
-
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index cb8b2492ec..2b25357917 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -163,13 +163,13 @@ extern "C" {
 #define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
 
 #if 0
-        #define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
-        #define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
-        #if 0 /* Because it clashes with KRB5, is never used any more, and is safe
-                 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
-                 of the ietf-tls list */
-        #define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
-        #endif
+#define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
+#define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
+#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
+         to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
+         of the ietf-tls list */
+#define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
+#endif
 #endif
 
 /*    VRS Additional Kerberos5 entries
@@ -222,9 +222,9 @@ extern "C" {
 #define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
 
 #if 0
-        #define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
-        #define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
-        #define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
+#define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
+#define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
+#define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
 #endif
 
 #define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
@@ -342,11 +342,10 @@ extern "C" {
 
 #define TLS1_HB_REQUEST         1
 #define TLS1_HB_RESPONSE        2
-        
+
 #ifndef OPENSSL_NO_SSL_INTERN
 
-typedef struct ssl3_record_st
-        {
+typedef struct ssl3_record_st {
 /*r */  int type;               /* type of record */
 /*rw*/  unsigned int length;    /* How many bytes available */
 /*r */  unsigned int off;       /* read/write offset into 'buf' */
@@ -355,16 +354,15 @@ typedef struct ssl3_record_st
 /*r */  unsigned char *comp;    /* only used with decompression - malloc()ed */
 /*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
 /*r */  unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
-        } SSL3_RECORD;
+} SSL3_RECORD;
 
-typedef struct ssl3_buffer_st
-        {
-        unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
+typedef struct ssl3_buffer_st {
+        unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
                                  * see ssl3_setup_buffers() */
-        size_t len;             /* buffer size */
-        int offset;             /* where to 'copy from' */
-        int left;               /* how many bytes left */
-        } SSL3_BUFFER;
+        size_t len;             /* buffer size */
+        int offset;             /* where to 'copy from' */
+        int left;               /* how many bytes left */
+} SSL3_BUFFER;
 
 #endif
 
@@ -388,7 +386,7 @@ typedef struct ssl3_buffer_st
 #define TLS1_FLAGS_TLS_PADDING_BUG              0x0008
 #define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
 #define TLS1_FLAGS_KEEP_HANDSHAKE               0x0020
- 
+
 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
  * restart a handshake because of MS SGC and so prevents us
  * from restarting the handshake in a loop. It's reset on a
@@ -402,8 +400,7 @@ typedef struct ssl3_buffer_st
 
 #ifndef OPENSSL_NO_SSL_INTERN
 
-typedef struct ssl3_state_st
-        {
+typedef struct ssl3_state_st {
         long flags;
         int delay_buf_pop_ret;
 
@@ -471,7 +468,8 @@ typedef struct ssl3_state_st
 
         /* Opaque PRF input as used for the current handshake.
          * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
-         * (otherwise, they are merely present to improve binary compatibility) */
+         * (otherwise, they are merely present to improve binary compatibility)
+         */
         void *client_opaque_prf_input;
         size_t client_opaque_prf_input_len;
         void *server_opaque_prf_input;
@@ -501,7 +499,7 @@ typedef struct ssl3_state_st
 #endif
 
                 /* used when SSL_ST_FLUSH_DATA is entered */
-                int next_state;                 
+                int next_state;
 
                 int reuse_message;
 
@@ -526,17 +524,18 @@ typedef struct ssl3_state_st
                 char *new_compression;
 #endif
                 int cert_request;
-                } tmp;
+        } tmp;
 
-        /* Connection binding to prevent renegotiation attacks */
-        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_client_finished_len;
-        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_server_finished_len;
-        int send_connection_binding; /* TODOEKR */
+        /* Connection binding to prevent renegotiation attacks */
+        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_client_finished_len;
+        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_server_finished_len;
+        int send_connection_binding; /* TODOEKR */
 
 #ifndef OPENSSL_NO_NEXTPROTONEG
-        /* Set if we saw the Next Protocol Negotiation extension from our peer. */
+        /* Set if we saw the Next Protocol Negotiation extension from our peer.
+         */
         int next_proto_neg_seen;
 #endif
 
@@ -548,7 +547,7 @@ typedef struct ssl3_state_st
         char is_probably_safari;
 #endif /* !OPENSSL_NO_EC */
 #endif /* !OPENSSL_NO_TLSEXT */
-        } SSL3_STATE;
+} SSL3_STATE;
 
 #endif
 
@@ -690,4 +689,3 @@ typedef struct ssl3_state_st
 }
 #endif
 #endif
-
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 7311d984ae..203a47480f 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -480,21 +480,19 @@
 #define NAMED_CURVE_TYPE           3
 #endif  /* OPENSSL_NO_EC */
 
-typedef struct cert_pkey_st
-        {
+typedef struct cert_pkey_st {
         X509 *x509;
         EVP_PKEY *privatekey;
         /* Digest to use when signing */
         const EVP_MD *digest;
-        } CERT_PKEY;
+} CERT_PKEY;
 
-typedef struct cert_st
-        {
+typedef struct cert_st {
         /* Current active set */
         CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
                          * Probably it would make more sense to store
                          * an index, not a pointer. */
- 
+
         /* The following masks are for the key and auth
          * algorithms that are supported by the certs below */
         int valid;
@@ -504,26 +502,25 @@ typedef struct cert_st
         unsigned long export_mask_a;
 #ifndef OPENSSL_NO_RSA
         RSA *rsa_tmp;
-        RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
+        RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize);
 #endif
 #ifndef OPENSSL_NO_DH
         DH *dh_tmp;
-        DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
+        DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
 #endif
 #ifndef OPENSSL_NO_ECDH
         EC_KEY *ecdh_tmp;
         /* Callback for generating ephemeral ECDH keys */
-        EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
+        EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize);
 #endif
 
         CERT_PKEY pkeys[SSL_PKEY_NUM];
 
         int references; /* >1 only if SSL_copy_session_id is used */
-        } CERT;
+} CERT;
 
 
-typedef struct sess_cert_st
-        {
+typedef struct sess_cert_st {
         STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
 
         /* The 'peer_...' members are used only by clients. */
@@ -545,7 +542,7 @@ typedef struct sess_cert_st
 #endif
 
         int references; /* actually always 1 at the moment */
-        } SESS_CERT;
+} SESS_CERT;
 
 
 /*#define MAC_DEBUG     */
@@ -568,12 +565,12 @@ typedef struct sess_cert_st
 /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
  * It is a bit of a mess of functions, but hell, think of it as
  * an opaque structure :-) */
-typedef struct ssl3_enc_method
-        {
+typedef struct ssl3_enc_method {
         int (*enc)(SSL *, int);
         int (*mac)(SSL *, unsigned char *, int);
         int (*setup_key_block)(SSL *);
-        int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
+        int (*generate_master_secret)(SSL *, unsigned char *,
+            unsigned char *, int);
         int (*change_cipher_state)(SSL *, int);
         int (*final_finish_mac)(SSL *,  const char *, int, unsigned char *);
         int finish_mac_length;
@@ -584,33 +581,29 @@ typedef struct ssl3_enc_method
         int server_finished_label_len;
         int (*alert_value)(int);
         int (*export_keying_material)(SSL *, unsigned char *, size_t,
-                                      const char *, size_t,
-                                      const unsigned char *, size_t,
-                                      int use_context);
-        } SSL3_ENC_METHOD;
+            const char *, size_t, const unsigned char *, size_t,
+            int use_context);
+} SSL3_ENC_METHOD;
 
 #ifndef OPENSSL_NO_COMP
 /* Used for holding the relevant compression methods loaded into SSL_CTX */
-typedef struct ssl3_comp_st
-        {
+typedef struct ssl3_comp_st {
         int comp_id;    /* The identifier byte for this compression type */
         char *name;     /* Text name used for the compression type */
         COMP_METHOD *method; /* The method :-) */
-        } SSL3_COMP;
+} SSL3_COMP;
 #endif
 
 #ifndef OPENSSL_NO_BUF_FREELISTS
-typedef struct ssl3_buf_freelist_st
-        {
+typedef struct ssl3_buf_freelist_st {
         size_t chunklen;
         unsigned int len;
         struct ssl3_buf_freelist_entry_st *head;
-        } SSL3_BUF_FREELIST;
+} SSL3_BUF_FREELIST;
 
-typedef struct ssl3_buf_freelist_entry_st
-        {
+typedef struct ssl3_buf_freelist_entry_st {
         struct ssl3_buf_freelist_entry_st *next;
-        } SSL3_BUF_FREELIST_ENTRY;
+} SSL3_BUF_FREELIST_ENTRY;
 #endif
 
 extern SSL3_ENC_METHOD ssl3_undef_enc_method;
@@ -822,32 +815,33 @@ SESS_CERT *ssl_sess_cert_new(void);
 void ssl_sess_cert_free(SESS_CERT *sc);
 int ssl_set_peer_cert_type(SESS_CERT *c, int type);
 int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
-int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
-DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
-                                  ssl_cipher_id);
+int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
+    const unsigned char *limit);
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
+DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
-                        const SSL_CIPHER * const *bp);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
-                                               STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
-                             int (*put_cb)(const SSL_CIPHER *, unsigned char *));
+    const SSL_CIPHER * const *bp);
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
+    int num, STACK_OF(SSL_CIPHER) **skp);
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
+    unsigned char *p, int (*put_cb)(const SSL_CIPHER *, unsigned char *));
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
-                                             STACK_OF(SSL_CIPHER) **pref,
-                                             STACK_OF(SSL_CIPHER) **sorted,
-                                             const char *rule_str);
+    STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted,
+    const char *rule_str);
 void ssl_update_cache(SSL *s, int mode);
-int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
-                       const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
-int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);                          
-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
+int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+    const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,
+    SSL_COMP **comp);
+int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md);
+
+int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
 int ssl_undefined_function(SSL *s);
 int ssl_undefined_void_function(void);
 int ssl_undefined_const_function(const SSL *s);
 CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
 X509 *ssl_get_server_send_cert(const SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
-int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
+EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd);
+int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
@@ -856,14 +850,14 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
 
 int ssl2_enc_init(SSL *s, int client);
 int ssl2_generate_key_material(SSL *s);
-void ssl2_enc(SSL *s,int send_data);
-void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
+void ssl2_enc(SSL *s, int send_data);
+void ssl2_mac(SSL *s, unsigned char *mac, int send_data);
 const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
+int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
 int ssl2_part_read(SSL *s, unsigned long f, int i);
 int ssl2_do_write(SSL *s);
 int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
-void ssl2_return_error(SSL *s,int reason);
+void ssl2_return_error(SSL *s, int reason);
 void ssl2_write_error(SSL *s);
 int ssl2_num_ciphers(void);
 const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
@@ -876,47 +870,50 @@ int	ssl2_peek(SSL *s, void *buf, int len);
 int     ssl2_write(SSL *s, const void *buf, int len);
 int     ssl2_shutdown(SSL *s);
 void    ssl2_clear(SSL *s);
-long    ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
-long    ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long    ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
-long    ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
+long    ssl2_ctrl(SSL *s, int cmd, long larg, void *parg);
+long    ssl2_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
+long    ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
+long    ssl2_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
 int     ssl2_pending(const SSL *s);
 long    ssl2_default_timeout(void );
 
 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
 void ssl3_init_finished_mac(SSL *s);
 int ssl3_send_server_certificate(SSL *s);
 int ssl3_send_newsession_ticket(SSL *s);
 int ssl3_send_cert_status(SSL *s);
-int ssl3_get_finished(SSL *s,int state_a,int state_b);
+int ssl3_get_finished(SSL *s, int state_a, int state_b);
 int ssl3_setup_key_block(SSL *s);
-int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
-int ssl3_change_cipher_state(SSL *s,int which);
+int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
+int ssl3_change_cipher_state(SSL *s, int which);
 void ssl3_cleanup_key_block(SSL *s);
-int ssl3_do_write(SSL *s,int type);
-int ssl3_send_alert(SSL *s,int level, int desc);
+int ssl3_do_write(SSL *s, int type);
+int ssl3_send_alert(SSL *s, int level, int desc);
 int ssl3_generate_master_secret(SSL *s, unsigned char *out,
-        unsigned char *p, int len);
-int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
+    unsigned char *p, int len);
+int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
 long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
+int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
 int ssl3_num_ciphers(void);
 const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
-int ssl3_renegotiate(SSL *ssl); 
-int ssl3_renegotiate_check(SSL *ssl); 
+int ssl3_renegotiate(SSL *ssl);
+
+int ssl3_renegotiate_check(SSL *ssl);
+
 int ssl3_dispatch_alert(SSL *s);
 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p);
+int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
+    unsigned char *p);
 int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
 int ssl3_enc(SSL *s, int send_data);
 int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
 void ssl3_free_digest_list(SSL *s);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
-                               STACK_OF(SSL_CIPHER) *srvr);
+SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
+    STACK_OF(SSL_CIPHER) *srvr);
 int     ssl3_setup_buffers(SSL *s);
 int     ssl3_setup_read_buffer(SSL *s);
 int     ssl3_setup_write_buffer(SSL *s);
@@ -932,10 +929,10 @@ int	ssl3_peek(SSL *s, void *buf, int len);
 int     ssl3_write(SSL *s, const void *buf, int len);
 int     ssl3_shutdown(SSL *s);
 void    ssl3_clear(SSL *s);
-long    ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
-long    ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
-long    ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
-long    ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
+long    ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
+long    ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
+long    ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
+long    ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
 int     ssl3_pending(const SSL *s);
 
 void ssl3_record_sequence_update(unsigned char *seq);
@@ -952,16 +949,16 @@ const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
 long ssl23_default_timeout(void );
 
 long tls1_default_timeout(void);
-int dtls1_do_write(SSL *s,int type);
+int dtls1_do_write(SSL *s, int type);
 int ssl3_read_n(SSL *s, int n, int max, int extend);
 int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_do_compress(SSL *ssl);
 int ssl3_do_uncompress(SSL *ssl);
 int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-        unsigned int len);
-unsigned char *dtls1_set_message_header(SSL *s, 
-        unsigned char *p, unsigned char mt,     unsigned long len, 
-        unsigned long frag_off, unsigned long frag_len);
+    unsigned int len);
+unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
+    unsigned char mt, unsigned long len, unsigned long frag_off,
+    unsigned long frag_len);
 
 int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
 int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
@@ -971,8 +968,8 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
 unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
 int dtls1_read_failed(SSL *s, int code);
 int dtls1_buffer_message(SSL *s, int ccs);
-int dtls1_retransmit_message(SSL *s, unsigned short seq, 
-        unsigned long frag_off, int *found);
+int dtls1_retransmit_message(SSL *s, unsigned short seq,
+    unsigned long frag_off, int *found);
 int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
 int dtls1_retransmit_buffered_messages(SSL *s);
 void dtls1_clear_record_buffer(SSL *s);
@@ -1049,21 +1046,21 @@ int ssl23_write_bytes(SSL *s);
 int tls1_new(SSL *s);
 void tls1_free(SSL *s);
 void tls1_clear(SSL *s);
-long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
-long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
+long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
+long tls1_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
 
 int dtls1_new(SSL *s);
 int     dtls1_accept(SSL *s);
 int     dtls1_connect(SSL *s);
 void dtls1_free(SSL *s);
 void dtls1_clear(SSL *s);
-long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
 int dtls1_shutdown(SSL *s);
 
 long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
 int dtls1_get_record(SSL *s);
 int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-        unsigned int len, int create_empty_fragement);
+    unsigned int len, int create_empty_fragement);
 int dtls1_dispatch_alert(SSL *s);
 int dtls1_enc(SSL *s, int snd);
 
@@ -1073,15 +1070,14 @@ void ssl_free_wbio_buffer(SSL *s);
 int tls1_change_cipher_state(SSL *s, int which);
 int tls1_setup_key_block(SSL *s);
 int tls1_enc(SSL *s, int snd);
-int tls1_final_finish_mac(SSL *s,
-        const char *str, int slen, unsigned char *p);
+int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p);
 int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 int tls1_mac(SSL *ssl, unsigned char *md, int snd);
 int tls1_generate_master_secret(SSL *s, unsigned char *out,
-        unsigned char *p, int len);
+    unsigned char *p, int len);
 int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-        const char *label, size_t llen,
-        const unsigned char *p, size_t plen, int use_context);
+    const char *label, size_t llen, const unsigned char *p, size_t plen,
+    int use_context);
 int tls1_alert_code(int code);
 int ssl3_alert_code(int code);
 int ssl_ok(SSL *s);
@@ -1098,10 +1094,16 @@ int tls1_ec_nid2curve_id(int nid);
 #endif /* OPENSSL_NO_EC */
 
 #ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
-int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p,
+    unsigned char *limit);
+
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p,
+    unsigned char *limit);
+
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
+    unsigned char *d, int n, int *al);
+int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
+    unsigned char *d, int n, int *al);
 int ssl_prepare_clienthello_tlsext(SSL *s);
 int ssl_prepare_serverhello_tlsext(SSL *s);
 int ssl_check_clienthello_tlsext_early(SSL *s);
@@ -1114,60 +1116,53 @@ int ssl_check_serverhello_tlsext(SSL *s);
 #define tlsext_tick_md  EVP_sha256
 #endif
 int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
-                                const unsigned char *limit, SSL_SESSION **ret);
+    const unsigned char *limit, SSL_SESSION **ret);
 
 int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
-                                const EVP_MD *md);
+    const EVP_MD *md);
 int tls12_get_sigid(const EVP_PKEY *pk);
 const EVP_MD *tls12_get_hash(unsigned char hash_alg);
 
 #endif
-EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
+EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
-int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-                                        int maxlen);
-int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-                                          int *al);
-int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
-                                        int maxlen);
-int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
-                                          int *al);
+int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p,
+    int *len, int maxlen);
+int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d,
+    int len, int *al);
+int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p,
+    int *len, int maxlen);
+int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d,
+    int len, int *al);
 long ssl_get_algorithm2(SSL *s);
 int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
 int tls12_get_req_sig_algs(SSL *s, unsigned char *p);
 
-int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
-int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
-int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
-int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
+int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p,
+    int *len, int maxlen);
+int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d,
+    int len, int *al);
+int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p,
+    int *len, int maxlen);
+int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d,
+    int len, int *al);
 
 /* s3_cbc.c */
-void ssl3_cbc_copy_mac(unsigned char* out,
-                       const SSL3_RECORD *rec,
-                       unsigned md_size,unsigned orig_len);
-int ssl3_cbc_remove_padding(const SSL* s,
-                            SSL3_RECORD *rec,
-                            unsigned block_size,
-                            unsigned mac_size);
-int tls1_cbc_remove_padding(const SSL* s,
-                            SSL3_RECORD *rec,
-                            unsigned block_size,
-                            unsigned mac_size);
+void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec,
+    unsigned md_size, unsigned orig_len);
+int ssl3_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
+    unsigned block_size, unsigned mac_size);
+int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
+    unsigned block_size, unsigned mac_size);
 char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
-void ssl3_cbc_digest_record(
-        const EVP_MD_CTX *ctx,
-        unsigned char* md_out,
-        size_t* md_out_size,
-        const unsigned char header[13],
-        const unsigned char *data,
-        size_t data_plus_mac_size,
-        size_t data_plus_mac_plus_padding_size,
-        const unsigned char *mac_secret,
-        unsigned mac_secret_length,
-        char is_sslv3);
-
-void tls_fips_digest_extra(
-        const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
-        const unsigned char *data, size_t data_len, size_t orig_len);
+void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
+    size_t *md_out_size, const unsigned char header[13],
+    const unsigned char *data, size_t data_plus_mac_size,
+    size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
+    unsigned mac_secret_length, char is_sslv3);
+
+void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
+    EVP_MD_CTX *mac_ctx, const unsigned char *data, size_t data_len,
+    size_t orig_len);
 
 #endif
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 7e35f13849..95d6660ac3 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -240,9 +240,9 @@ extern "C" {
 #define TLSEXT_TYPE_session_ticket              35
 
 /* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
-#if 0 /* will have to be provided externally for now ,
-       * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
-       * using whatever extension number you'd like to try */
+#if 0   /* will have to be provided externally for now ,
+         * i.e. build with - DTLSEXT_TYPE_opaque_prf_input = 38183
+         * using whatever extension number you'd like to try */
 # define TLSEXT_TYPE_opaque_prf_input           ?? */
 #endif
 
@@ -295,8 +295,8 @@ int SSL_get_servername_type(const SSL *s);
  * It returns 1 on success and zero otherwise.
  */
 int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-        const char *label, size_t llen, const unsigned char *p, size_t plen,
-        int use_context);
+    const char *label, size_t llen, const unsigned char *p, size_t plen,
+    int use_context);
 
 #define SSL_set_tlsext_host_name(s,name) \
 SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
@@ -719,11 +719,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #endif
 
 /* TLS Session Ticket extension struct */
-struct tls_session_ticket_ext_st
-        {
+struct tls_session_ticket_ext_st {
         unsigned short length;
         void *data;
-        };
+};
 
 #ifdef  __cplusplus
 }