18 files changed, 945 insertions, 999 deletions
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
index 3e0fe918a3..beb740154c 100644
--- a/src/lib/libssl/dtls1.h
+++ b/src/lib/libssl/dtls1.h
@@ -100,30 +100,27 @@ extern "C" {
 #define DTLS1_SCTP_AUTH_LABEL   "EXPORTER_DTLS_OVER_SCTP"
 #endif
-typedef struct dtls1_bitmap_st
+typedef struct dtls1_bitmap_st {
-        {
        unsigned long map;              /* track 32 packets on 32-bit systems
                                           and 64 - on 64-bit systems */
        unsigned char max_seq_num[8];   /* max record number seen so far,
                                           64-bit value in big-endian
                                           encoding */
-        } DTLS1_BITMAP;
+} DTLS1_BITMAP;
-struct dtls1_retransmit_state
+struct dtls1_retransmit_state {
-        {
        EVP_CIPHER_CTX *enc_write_ctx;  /* cryptographic state */
-        EVP_MD_CTX *write_hash;                 /* used for mac generation */
+        EVP_MD_CTX *write_hash;         /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
-        COMP_CTX *compress;                             /* compression */
+        COMP_CTX *compress;             /* compression */
 #else
-        char *compress; 
+        char *compress;
 #endif
        SSL_SESSION *session;
        unsigned short epoch;
-        };
+};
-struct hm_header_st
+struct hm_header_st {
-        {
        unsigned char type;
        unsigned long msg_len;
        unsigned short seq;
@@ -131,41 +128,36 @@ struct hm_header_st
        unsigned long frag_len;
        unsigned int is_ccs;
        struct dtls1_retransmit_state saved_retransmit_state;
-        };
+};
-struct ccs_header_st
+struct ccs_header_st {
-        {
        unsigned char type;
        unsigned short seq;
-        };
+};
-struct dtls1_timeout_st
+struct dtls1_timeout_st {
-        {
        /* Number of read timeouts so far */
        unsigned int read_timeouts;
-        
        /* Number of write timeouts so far */
        unsigned int write_timeouts;
-        
        /* Number of alerts received so far */
        unsigned int num_alerts;
-        };
+};
-typedef struct record_pqueue_st
+typedef struct record_pqueue_st {
-        {
        unsigned short epoch;
        pqueue q;
-        } record_pqueue;
+} record_pqueue;
-typedef struct hm_fragment_st
+typedef struct hm_fragment_st {
-        {
        struct hm_header_st msg_header;
        unsigned char *fragment;
        unsigned char *reassembly;
-        } hm_fragment;
+} hm_fragment;
-typedef struct dtls1_state_st
+typedef struct dtls1_state_st {
-        {
        unsigned int send_cookie;
        unsigned char cookie[DTLS1_COOKIE_LENGTH];
        unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
@@ -244,10 +236,9 @@ typedef struct dtls1_state_st
        int shutdown_received;
 #endif
-        } DTLS1_STATE;
+} DTLS1_STATE;
-typedef struct dtls1_record_data_st
+typedef struct dtls1_record_data_st {
-        {
        unsigned char *packet;
        unsigned int   packet_length;
        SSL3_BUFFER    rbuf;
@@ -255,7 +246,7 @@ typedef struct dtls1_record_data_st
 #ifndef OPENSSL_NO_SCTP
        struct bio_dgram_sctp_rcvinfo recordinfo;
 #endif
-        } DTLS1_RECORD_DATA;
+} DTLS1_RECORD_DATA;
 #endif
@@ -269,4 +260,3 @@ typedef struct dtls1_record_data_st
 }
 #endif
 #endif
diff --git a/src/lib/libssl/src/ssl/dtls1.h b/src/lib/libssl/src/ssl/dtls1.h
index 3e0fe918a3..beb740154c 100644
--- a/src/lib/libssl/src/ssl/dtls1.h
+++ b/src/lib/libssl/src/ssl/dtls1.h
@@ -100,30 +100,27 @@ extern "C" {
 #define DTLS1_SCTP_AUTH_LABEL   "EXPORTER_DTLS_OVER_SCTP"
 #endif
-typedef struct dtls1_bitmap_st
+typedef struct dtls1_bitmap_st {
-        {
        unsigned long map;              /* track 32 packets on 32-bit systems
                                           and 64 - on 64-bit systems */
        unsigned char max_seq_num[8];   /* max record number seen so far,
                                           64-bit value in big-endian
                                           encoding */
-        } DTLS1_BITMAP;
+} DTLS1_BITMAP;
-struct dtls1_retransmit_state
+struct dtls1_retransmit_state {
-        {
        EVP_CIPHER_CTX *enc_write_ctx;  /* cryptographic state */
-        EVP_MD_CTX *write_hash;                 /* used for mac generation */
+        EVP_MD_CTX *write_hash;         /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
-        COMP_CTX *compress;                             /* compression */
+        COMP_CTX *compress;             /* compression */
 #else
-        char *compress; 
+        char *compress;
 #endif
        SSL_SESSION *session;
        unsigned short epoch;
-        };
+};
-struct hm_header_st
+struct hm_header_st {
-        {
        unsigned char type;
        unsigned long msg_len;
        unsigned short seq;
@@ -131,41 +128,36 @@ struct hm_header_st
        unsigned long frag_len;
        unsigned int is_ccs;
        struct dtls1_retransmit_state saved_retransmit_state;
-        };
+};
-struct ccs_header_st
+struct ccs_header_st {
-        {
        unsigned char type;
        unsigned short seq;
-        };
+};
-struct dtls1_timeout_st
+struct dtls1_timeout_st {
-        {
        /* Number of read timeouts so far */
        unsigned int read_timeouts;
-        
        /* Number of write timeouts so far */
        unsigned int write_timeouts;
-        
        /* Number of alerts received so far */
        unsigned int num_alerts;
-        };
+};
-typedef struct record_pqueue_st
+typedef struct record_pqueue_st {
-        {
        unsigned short epoch;
        pqueue q;
-        } record_pqueue;
+} record_pqueue;
-typedef struct hm_fragment_st
+typedef struct hm_fragment_st {
-        {
        struct hm_header_st msg_header;
        unsigned char *fragment;
        unsigned char *reassembly;
-        } hm_fragment;
+} hm_fragment;
-typedef struct dtls1_state_st
+typedef struct dtls1_state_st {
-        {
        unsigned int send_cookie;
        unsigned char cookie[DTLS1_COOKIE_LENGTH];
        unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
@@ -244,10 +236,9 @@ typedef struct dtls1_state_st
        int shutdown_received;
 #endif
-        } DTLS1_STATE;
+} DTLS1_STATE;
-typedef struct dtls1_record_data_st
+typedef struct dtls1_record_data_st {
-        {
        unsigned char *packet;
        unsigned int   packet_length;
        SSL3_BUFFER    rbuf;
@@ -255,7 +246,7 @@ typedef struct dtls1_record_data_st
 #ifndef OPENSSL_NO_SCTP
        struct bio_dgram_sctp_rcvinfo recordinfo;
 #endif
-        } DTLS1_RECORD_DATA;
+} DTLS1_RECORD_DATA;
 #endif
@@ -269,4 +260,3 @@ typedef struct dtls1_record_data_st
 }
 #endif
 #endif
diff --git a/src/lib/libssl/src/ssl/kssl.h b/src/lib/libssl/src/ssl/kssl.h
index ca0ebac147..b61e3240c8 100644
--- a/src/lib/libssl/src/ssl/kssl.h
+++ b/src/lib/libssl/src/ssl/kssl.h
@@ -117,19 +117,18 @@ typedef unsigned char krb5_octet;
 #endif
 #define KSSL_ERR_MAX    256
-typedef struct kssl_err_st  {
+typedef struct kssl_err_st {
        int  reason;
        char text[KSSL_ERR_MAX];
-        } KSSL_ERR;
+} KSSL_ERR;
 /*      Context for passing
 **              (1) Kerberos session key to SSL, and
 **              (2)     Config data between application and SSL lib
 */
-typedef struct kssl_ctx_st
+typedef struct kssl_ctx_st {
-        {
+                                /*      used by:    disposition:            */
-                                /*      used by:    disposition:            */
        char *service_name;     /*      C,S         default ok (kssl)       */
        char *service_host;     /*      C           input, REQUIRED         */
        char *client_princ;     /*      S           output from krb5 ticket */
@@ -138,7 +137,7 @@ typedef struct kssl_ctx_st
        krb5_enctype enctype;
        int length;
        krb5_octet FAR *key;
-        } KSSL_CTX;
+} KSSL_CTX;
 #define KSSL_CLIENT     1
 #define KSSL_SERVER     2
@@ -155,25 +154,25 @@ KSSL_CTX *kssl_ctx_new(void);
 KSSL_CTX *kssl_ctx_free(KSSL_CTX *kssl_ctx);
 void kssl_ctx_show(KSSL_CTX *kssl_ctx);
 krb5_error_code kssl_ctx_setprinc(KSSL_CTX *kssl_ctx, int which,
-        krb5_data *realm, krb5_data *entity, int nentities);
+    krb5_data *realm, krb5_data *entity, int nentities);
-krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx,  krb5_data **enc_tktp,
+krb5_error_code kssl_cget_tkt(KSSL_CTX *kssl_ctx, krb5_data **enc_tktp,
-        krb5_data *authenp, KSSL_ERR *kssl_err);
+    krb5_data *authenp, KSSL_ERR *kssl_err);
-krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx,  krb5_data *indata,
+krb5_error_code kssl_sget_tkt(KSSL_CTX *kssl_ctx, krb5_data *indata,
-        krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
+    krb5_ticket_times *ttimes, KSSL_ERR *kssl_err);
 krb5_error_code kssl_ctx_setkey(KSSL_CTX *kssl_ctx, krb5_keyblock *session);
-void    kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
+void kssl_err_set(KSSL_ERR *kssl_err, int reason, char *text);
 void kssl_krb5_free_data_contents(krb5_context context, krb5_data *data);
-krb5_error_code  kssl_build_principal_2(krb5_context context,
+krb5_error_code kssl_build_principal_2(krb5_context context,
-                        krb5_principal *princ, int rlen, const char *realm,
+    krb5_principal *princ, int rlen, const char *realm, int slen,
-                        int slen, const char *svc, int hlen, const char *host);
+    const char *svc, int hlen, const char *host);
-krb5_error_code  kssl_validate_times(krb5_timestamp atime,
+krb5_error_code kssl_validate_times(krb5_timestamp atime,
-                                        krb5_ticket_times *ttimes);
+    krb5_ticket_times *ttimes);
-krb5_error_code  kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
+krb5_error_code kssl_check_authent(KSSL_CTX *kssl_ctx, krb5_data *authentp,
-                                    krb5_timestamp *atimep, KSSL_ERR *kssl_err);
+    krb5_timestamp *atimep, KSSL_ERR *kssl_err);
-unsigned char   *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
+unsigned char *kssl_skip_confound(krb5_enctype enctype, unsigned char *authn);
 void SSL_set0_kssl_ctx(SSL *s, KSSL_CTX *kctx);
-KSSL_CTX * SSL_get0_kssl_ctx(SSL *s);
+KSSL_CTX *SSL_get0_kssl_ctx(SSL *s);
 char *kssl_ctx_get0_client_princ(KSSL_CTX *kctx);
 #ifdef  __cplusplus
diff --git a/src/lib/libssl/src/ssl/o_dir.h b/src/lib/libssl/src/ssl/o_dir.h
index 4b725c0312..cf4a95911a 100644
--- a/src/lib/libssl/src/ssl/o_dir.h
+++ b/src/lib/libssl/src/ssl/o_dir.h
@@ -38,13 +38,14 @@
 extern "C" {
 #endif
-  typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
+typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
-  /* returns NULL on error or end-of-directory.
+/* returns NULL on error or end-of-directory.
-     If it is end-of-directory, errno will be zero */
+   If it is end-of-directory, errno will be zero */
-  const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
+const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
-  /* returns 1 on success, 0 on error */
-  int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
+/* returns 1 on success, 0 on error */
+int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
 #ifdef __cplusplus
 }
diff --git a/src/lib/libssl/src/ssl/srtp.h b/src/lib/libssl/src/ssl/srtp.h
index c0cf33ef28..06075f2c86 100644
--- a/src/lib/libssl/src/ssl/srtp.h
+++ b/src/lib/libssl/src/ssl/srtp.h
@@ -122,7 +122,6 @@
 extern "C" {
 #endif
-     
 #define SRTP_AES128_CM_SHA1_80 0x0001
 #define SRTP_AES128_CM_SHA1_32 0x0002
 #define SRTP_AES128_F8_SHA1_80 0x0003
@@ -142,4 +141,3 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
 #endif
 #endif
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h
index bf4b2f2cb6..97e4a3f96c 100644
--- a/src/lib/libssl/src/ssl/ssl.h
+++ b/src/lib/libssl/src/ssl/ssl.h
@@ -260,9 +260,9 @@ extern "C" {
 #define SSL_TXT_aKRB5           "aKRB5"
 #define SSL_TXT_aECDSA          "aECDSA"
 #define SSL_TXT_aPSK            "aPSK"
-#define SSL_TXT_aGOST94 "aGOST94"
+#define SSL_TXT_aGOST94         "aGOST94"
-#define SSL_TXT_aGOST01 "aGOST01"
+#define SSL_TXT_aGOST01         "aGOST01"
-#define SSL_TXT_aGOST  "aGOST"
+#define SSL_TXT_aGOST           "aGOST"
 #define SSL_TXT_DSS             "DSS"
 #define SSL_TXT_DH              "DH"
@@ -369,23 +369,22 @@ typedef struct ssl_session_st SSL_SESSION;
 DECLARE_STACK_OF(SSL_CIPHER)
 /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
-typedef struct srtp_protection_profile_st
+typedef struct srtp_protection_profile_st {
-       {
+        const char *name;
-       const char *name;
+        unsigned long id;
-       unsigned long id;
+} SRTP_PROTECTION_PROFILE;
-       } SRTP_PROTECTION_PROFILE;
 DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
-typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
+typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
-typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
+    int len, void *arg);
+typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
+    STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
 #ifndef OPENSSL_NO_SSL_INTERN
 /* used to hold info on the particular ciphers used */
-struct ssl_cipher_st
+struct ssl_cipher_st {
-        {
        int valid;
        const char *name;               /* text name */
        unsigned long id;               /* id, 4 bytes, first is version */
@@ -401,34 +400,33 @@ struct ssl_cipher_st
        unsigned long algorithm2;       /* Extra flags */
        int strength_bits;              /* Number of bits really used */
        int alg_bits;                   /* Number of bits for algorithm */
-        };
+};
 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-struct ssl_method_st
+struct ssl_method_st {
-        {
        int version;
        int (*ssl_new)(SSL *s);
        void (*ssl_clear)(SSL *s);
        void (*ssl_free)(SSL *s);
        int (*ssl_accept)(SSL *s);
        int (*ssl_connect)(SSL *s);
-        int (*ssl_read)(SSL *s,void *buf,int len);
+        int (*ssl_read)(SSL *s, void *buf, int len);
-        int (*ssl_peek)(SSL *s,void *buf,int len);
+        int (*ssl_peek)(SSL *s, void *buf, int len);
-        int (*ssl_write)(SSL *s,const void *buf,int len);
+        int (*ssl_write)(SSL *s, const void *buf, int len);
        int (*ssl_shutdown)(SSL *s);
        int (*ssl_renegotiate)(SSL *s);
        int (*ssl_renegotiate_check)(SSL *s);
-        long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
+        long (*ssl_get_message)(SSL *s, int st1, int stn, int mt,
-                max, int *ok);
+            long max, int *ok);
-        int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 
+        int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf,
-                int peek);
+            int len, int peek);
        int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
        int (*ssl_dispatch_alert)(SSL *s);
-        long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
+        long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg);
-        long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
+        long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg);
        const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
-        int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
+        int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
        int (*ssl_pending)(const SSL *s);
        int (*num_ciphers)(void);
        const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
@@ -438,7 +436,7 @@ struct ssl_method_st
        int (*ssl_version)(void);
        long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
        long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
-        };
+};
 /* Lets make this into an ASN.1 type structure as follows
 * SSL_SESSION_ID ::= SEQUENCE {
@@ -465,8 +463,7 @@ struct ssl_method_st
 * Look in ssl/ssl_asn1.c for more details
 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
 */
-struct ssl_session_st
+struct ssl_session_st {
-        {
        int ssl_version;        /* what ssl version session info is
                                 * being kept in here? */
@@ -485,8 +482,8 @@ struct ssl_session_st
        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 #ifndef OPENSSL_NO_KRB5
-        unsigned int krb5_client_princ_len;
+        unsigned int krb5_client_princ_len;
-        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
+        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
 #endif /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_PSK
        char *psk_identity_hint;
@@ -526,7 +523,7 @@ struct ssl_session_st
        /* These are used to make removal of session-ids more
         * efficient and to implement a maximum cache size. */
-        struct ssl_session_st *prev,*next;
+        struct ssl_session_st *prev, *next;
 #ifndef OPENSSL_NO_TLSEXT
        char *tlsext_hostname;
 #ifndef OPENSSL_NO_EC
@@ -543,7 +540,7 @@ struct ssl_session_st
 #ifndef OPENSSL_NO_SRP
        char *srp_username;
 #endif
-        };
+};
 #endif
@@ -684,8 +681,11 @@ struct ssl_session_st
 #define SSL_get_secure_renegotiation_support(ssl) \
        SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p,
-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+    int version, int content_type, const void *buf, size_t len, SSL *ssl,
+    void *arg));
+void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
+    int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
 #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
@@ -693,8 +693,7 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
 #ifndef OPENSSL_NO_SSL_INTERN
-typedef struct srp_ctx_st
+typedef struct srp_ctx_st {
-        {
        /* param for all the callbacks */
        void *SRP_cb_arg;
        /* set client Hello login callback */
@@ -705,13 +704,13 @@ typedef struct srp_ctx_st
        char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
        char *login;
-        BIGNUM *N,*g,*s,*B,*A;
+        BIGNUM *N, *g, *s, *B, *A;
-        BIGNUM *a,*b,*v;
+        BIGNUM *a, *b, *v;
        char *info;
        int strength;
        unsigned long srp_Mask;
-        } SRP_CTX;
+} SRP_CTX;
 #endif
@@ -721,9 +720,9 @@ int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
 int SSL_SRP_CTX_free(SSL *ctx);
 int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
 int SSL_srp_server_param_with_username(SSL *s, int *ad);
-int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key);
+int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key);
 int SRP_Calc_A_param(SSL *s);
-int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);
+int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);
 #endif
@@ -745,14 +744,13 @@ int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);
 * returns in this case. It is also an error for the callback to set the size to
 * zero. */
 typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
-                                unsigned int *id_len);
+    unsigned int *id_len);
 typedef struct ssl_comp_st SSL_COMP;
 #ifndef OPENSSL_NO_SSL_INTERN
-struct ssl_comp_st
+struct ssl_comp_st {
-        {
        int id;
        const char *name;
 #ifndef OPENSSL_NO_COMP
@@ -760,13 +758,12 @@ struct ssl_comp_st
 #else
        char *method;
 #endif
-        };
+};
 DECLARE_STACK_OF(SSL_COMP)
 DECLARE_LHASH_OF(SSL_SESSION);
-struct ssl_ctx_st
+struct ssl_ctx_st {
-        {
        const SSL_METHOD *method;
        STACK_OF(SSL_CIPHER) *cipher_list;
@@ -801,13 +798,12 @@ struct ssl_ctx_st
         * If remove_session_cb is not null, it will be called when
         * a session-id is removed from the cache.  After the call,
         * OpenSSL will SSL_SESSION_free() it. */
-        int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
+        int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
-        void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
+        void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
        SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
-                unsigned char *data,int len,int *copy);
+        unsigned char *data, int len, int *copy);
-        struct
+        struct {
-                {
                int sess_connect;       /* SSL new conn - started */
                int sess_connect_renegotiate;/* SSL reneg - requested */
                int sess_connect_good;  /* SSL new conne/reneg - finished */
@@ -824,7 +820,7 @@ struct ssl_ctx_st
                                         * indicates that the application is
                                         * supplying session-id's from other
                                         * processes - spooky :-) */
-                } stats;
+        } stats;
        int references;
@@ -843,19 +839,19 @@ struct ssl_ctx_st
        /* get client cert callback */
        int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-    /* cookie generate callback */
+        /* cookie generate callback */
-    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, 
+        int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
-        unsigned int *cookie_len);
+        unsigned int *cookie_len);
-    /* verify cookie callback */
+        /* verify cookie callback */
-    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, 
+        int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
-        unsigned int cookie_len);
+        unsigned int cookie_len);
        CRYPTO_EX_DATA ex_data;
-        const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
+        const EVP_MD *rsa_md5;  /* For SSLv2 - name is 'ssl2-md5' */
        const EVP_MD *md5;      /* For SSLv3/TLSv1 'ssl3-md5' */
-        const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
+        const EVP_MD *sha1;     /* For SSLv3/TLSv1 'ssl3->sha1' */
        STACK_OF(X509) *extra_certs;
        STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
@@ -879,7 +875,8 @@ struct ssl_ctx_st
        int read_ahead;
        /* callback that allows applications to peek at protocol messages */
-        void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+        void (*msg_callback)(int write_p, int version, int content_type,
+            const void *buf, size_t len, SSL *ssl, void *arg);
        void *msg_callback_arg;
        int verify_mode;
@@ -920,10 +917,8 @@ struct ssl_ctx_st
        unsigned char tlsext_tick_hmac_key[16];
        unsigned char tlsext_tick_aes_key[16];
        /* Callback to support customisation of ticket key setting */
-        int (*tlsext_ticket_key_cb)(SSL *ssl,
+        int (*tlsext_ticket_key_cb)(SSL *ssl, unsigned char *name,
-                                        unsigned char *name, unsigned char *iv,
+            unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
-                                        EVP_CIPHER_CTX *ectx,
-                                        HMAC_CTX *hctx, int enc);
        /* certificate status request info */
        /* Callback for status request */
@@ -931,17 +926,18 @@ struct ssl_ctx_st
        void *tlsext_status_arg;
        /* draft-rescorla-tls-opaque-prf-input-00.txt information */
-        int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
+        int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput,
+            size_t len, void *arg);
        void *tlsext_opaque_prf_input_callback_arg;
 #endif
 #ifndef OPENSSL_NO_PSK
        char *psk_identity_hint;
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
+        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
-                unsigned int max_identity_len, unsigned char *psk,
+            char *identity, unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len);
+            unsigned int max_psk_len);
        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len);
+            unsigned char *psk, unsigned int max_psk_len);
 #endif
 #ifndef OPENSSL_NO_BUF_FREELISTS
@@ -963,21 +959,20 @@ struct ssl_ctx_st
        /* For a server, this contains a callback function by which the set of
         * advertised protocols can be provided. */
        int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
-                                         unsigned int *len, void *arg);
+            unsigned int *len, void *arg);
        void *next_protos_advertised_cb_arg;
        /* For a client, this contains a callback function that selects the
         * next protocol from the list provided by the server. */
        int (*next_proto_select_cb)(SSL *s, unsigned char **out,
-                                    unsigned char *outlen,
+            unsigned char *outlen, const unsigned char *in,
-                                    const unsigned char *in,
+            unsigned int inlen, void *arg);
-                                    unsigned int inlen,
-                                    void *arg);
        void *next_proto_select_cb_arg;
 # endif
-        /* SRTP profiles we are willing to do from RFC 5764 */
+        /* SRTP profiles we are willing to do from RFC 5764 */
-        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  
+        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
 #endif
-        };
+};
 #endif
@@ -1018,42 +1013,49 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
 #define SSL_CTX_sess_cache_full(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
+    int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess));
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+    SSL_SESSION *sess);
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
-SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
+    void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess));
-void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
+    SSL_SESSION *sess);
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+    SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
+    int len, int *copy));
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+    unsigned char *Data, int len, int *copy);
+void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,
+    int type, int val));
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type,
+    int val);
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+    int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
+    EVP_PKEY **pkey);
 #ifndef OPENSSL_NO_ENGINE
 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
 #endif
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
+    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
+    unsigned int *cookie_len));
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
+    unsigned int cookie_len));
 #ifndef OPENSSL_NO_NEXTPROTONEG
-void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
+void
-                                           int (*cb) (SSL *ssl,
+SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
-                                                      const unsigned char **out,
+    const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
-                                                      unsigned int *outlen,
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
-                                                      void *arg),
+    unsigned char **out, unsigned char *outlen, const unsigned char *in,
-                                           void *arg);
+    unsigned int inlen, void *arg), void *arg);
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
-                                      int (*cb) (SSL *ssl,
-                                                 unsigned char **out,
-                                                 unsigned char *outlen,
-                                                 const unsigned char *in,
-                                                 unsigned int inlen,
-                                                 void *arg),
-                                      void *arg);
 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-                          const unsigned char *in, unsigned int inlen,
+    const unsigned char *in, unsigned int inlen, const unsigned char *client,
-                          const unsigned char *client, unsigned int client_len);
+    unsigned int client_len);
-void SSL_get0_next_proto_negotiated(const SSL *s,
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-                                    const unsigned char **data, unsigned *len);
+    unsigned *len);
 #define OPENSSL_NPN_UNSUPPORTED 0
 #define OPENSSL_NPN_NEGOTIATED  1
@@ -1065,20 +1067,20 @@ void SSL_get0_next_proto_negotiated(const SSL *s,
 * resulting identity/psk */
 #define PSK_MAX_IDENTITY_LEN 128
 #define PSK_MAX_PSK_LEN 256
-void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
+    unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
-                char *identity, unsigned int max_identity_len, unsigned char *psk,
+    char *identity, unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len));
+    unsigned int max_psk_len));
-void SSL_set_psk_client_callback(SSL *ssl, 
+void SSL_set_psk_client_callback(SSL *ssl,
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
+    unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
-                char *identity, unsigned int max_identity_len, unsigned char *psk,
+    char *identity, unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len));
+    unsigned int max_psk_len));
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
-        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+    unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len));
+    unsigned char *psk, unsigned int max_psk_len));
 void SSL_set_psk_server_callback(SSL *ssl,
-        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+    unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len));
+    unsigned char *psk, unsigned int max_psk_len));
 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
 int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
 const char *SSL_get_psk_identity_hint(const SSL *s);
@@ -1101,8 +1103,7 @@ const char *SSL_get_psk_identity(const SSL *s);
 #ifndef OPENSSL_NO_SSL_INTERN
-struct ssl_st
+struct ssl_st {
-        {
        /* protocol version
         * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
         */
@@ -1146,9 +1147,9 @@ struct ssl_st
        int server;     /* are we the server side? - mostly used by SSL_clear*/
        int new_session;/* Generate a new session or reuse an old one.
-                         * NB: For servers, the 'new' session may actually be a previously
+                         * NB: For servers, the 'new' session may actually be a previously
-                         * cached session or even the previous session unless
+                         * cached session or even the previous session unless
-                         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+                         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
        int quiet_shutdown;/* don't send shutdown packets */
        int shutdown;   /* we have shut things down, 0x01 sent, 0x02
                         * for received */
@@ -1156,7 +1157,7 @@ struct ssl_st
        int rstate;     /* where we are when reading */
        BUF_MEM *init_buf;      /* buffer used during init */
-        void *init_msg;         /* pointer to handshake message body, set by ssl3_get_message() */
+        void *init_msg;         /* pointer to handshake message body, set by ssl3_get_message() */
        int init_num;           /* amount read/written */
        int init_off;           /* amount read/written */
@@ -1169,10 +1170,11 @@ struct ssl_st
        struct dtls1_state_st *d1; /* DTLSv1 variables */
        int read_ahead;         /* Read as many input bytes as possible
-                                 * (for non-blocking reads) */
+                                 * (for non-blocking reads) */
        /* callback that allows applications to peek at protocol messages */
-        void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+        void (*msg_callback)(int write_p, int version, int content_type,
+            const void *buf, size_t len, SSL *ssl, void *arg);
        void *msg_callback_arg;
        int hit;                /* reusing a previous session */
@@ -1190,9 +1192,10 @@ struct ssl_st
        /* These are the ones being used, the ones in SSL_SESSION are
         * the ones to be 'copied' into these ones */
-        int mac_flags; 
+        int mac_flags;
        EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
-        EVP_MD_CTX *read_hash;          /* used for mac generation */
+        EVP_MD_CTX *read_hash;                  /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
        COMP_CTX *expand;                       /* uncompress */
 #else
@@ -1200,11 +1203,12 @@ struct ssl_st
 #endif
        EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
-        EVP_MD_CTX *write_hash;         /* used for mac generation */
+        EVP_MD_CTX *write_hash;                 /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
        COMP_CTX *compress;                     /* compression */
 #else
-        char *compress; 
+        char *compress;
 #endif
        /* session info */
@@ -1235,21 +1239,22 @@ struct ssl_st
        int error_code;         /* actual code */
 #ifndef OPENSSL_NO_KRB5
-        KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
+        KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
 #endif  /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_PSK
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
+        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
-                unsigned int max_identity_len, unsigned char *psk,
+            char *identity, unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len);
+            unsigned int max_psk_len);
        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len);
+            unsigned char *psk, unsigned int max_psk_len);
 #endif
        SSL_CTX *ctx;
        /* set this flag to 1 and a sleep(1) is put into all SSL_read()
         * and SSL_write() calls, good for nbio debuging :-) */
-        int debug;      
+        int debug;
        /* extra application data */
        long verify_result;
@@ -1269,15 +1274,14 @@ struct ssl_st
 #ifndef OPENSSL_NO_TLSEXT
        /* TLS extension debug callback */
        void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
-                                        unsigned char *data, int len,
+            unsigned char *data, int len, void *arg);
-                                        void *arg);
        void *tlsext_debug_arg;
        char *tlsext_hostname;
-        int servername_done;   /* no further mod of servername 
+        int servername_done;    /* no further mod of servername 
-                                  0 : call the servername extension callback.
+                                   0 : call the servername extension callback.
-                                  1 : prepare 2, allow last ack just after in server callback.
+                                   1 : prepare 2, allow last ack just after in server callback.
-                                  2 : don't call servername callback, no ack in server hello
+                                   2 : don't call servername callback, no ack in server hello
-                               */
+                                   */
        /* certificate status request info */
        /* Status type or -1 if no status type */
        int tlsext_status_type;
@@ -1330,28 +1334,28 @@ struct ssl_st
 #define session_ctx initial_ctx
-        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  /* What we'll do */
+        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;       /* What we'll do */
-        SRTP_PROTECTION_PROFILE *srtp_profile;            /* What's been chosen */
+        SRTP_PROTECTION_PROFILE *srtp_profile;                  /* What's been chosen */
-        unsigned int tlsext_heartbeat;  /* Is use of the Heartbeat extension negotiated?
+        unsigned int tlsext_heartbeat;  /* Is use of the Heartbeat extension negotiated?
-                                           0: disabled
+                                           0: disabled
-                                           1: enabled
+                                           1: enabled
-                                           2: enabled, but not allowed to send Requests
+                                           2: enabled, but not allowed to send Requests
-                                         */
+                                           */
        unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
-        unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
+        unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
 #else
 #define session_ctx ctx
 #endif /* OPENSSL_NO_TLSEXT */
        int renegotiate;/* 1 if we are renegotiating.
-                         * 2 if we are a server and are inside a handshake
+                         * 2 if we are a server and are inside a handshake
                         * (i.e. not just sending a HelloRequest) */
 #ifndef OPENSSL_NO_SRP
        SRP_CTX srp_ctx; /* ctx for SRP authentication */
 #endif
-        };
+};
 #endif
@@ -1361,10 +1365,10 @@ struct ssl_st
 #include <openssl/ssl2.h>
 #include <openssl/ssl3.h>
-#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
+#include <openssl/tls1.h>       /* This is mostly sslv3 with a few tweaks */
-#include <openssl/dtls1.h> /* Datagram TLS */
+#include <openssl/dtls1.h>      /* Datagram TLS */
 #include <openssl/ssl23.h>
-#include <openssl/srtp.h>  /* Support for the use_srtp extension */
+#include <openssl/srtp.h>       /* Support for the use_srtp extension */
 #ifdef  __cplusplus
 extern "C" {
@@ -1417,9 +1421,9 @@ extern "C" {
 /* The following 2 states are kept in ssl->rstate when reads fail,
 * you should not need these */
-#define SSL_ST_READ_HEADER                      0xF0
+#define SSL_ST_READ_HEADER              0xF0
-#define SSL_ST_READ_BODY                        0xF1
+#define SSL_ST_READ_BODY                0xF1
-#define SSL_ST_READ_DONE                        0xF2
+#define SSL_ST_READ_DONE                0xF2
 /* Obtain latest Finished message
 *   -- that we sent (SSL_get_finished)
@@ -1646,28 +1650,27 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
-BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
 BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
 BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-int BIO_ssl_copy_session_id(BIO *to,BIO *from);
+int BIO_ssl_copy_session_id(BIO *to, BIO *from);
 void BIO_ssl_shutdown(BIO *ssl_bio);
 #endif
-int     SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
+int     SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
 void    SSL_CTX_free(SSL_CTX *);
-long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
+long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
 long SSL_CTX_get_timeout(const SSL_CTX *ctx);
 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
-void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
+void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
 int SSL_want(const SSL *s);
 int     SSL_clear(SSL *s);
-void    SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
+void    SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
 const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-int     SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
+int     SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
 char *  SSL_CIPHER_get_version(const SSL_CIPHER *c);
 const char *    SSL_CIPHER_get_name(const SSL_CIPHER *c);
 unsigned long   SSL_CIPHER_get_id(const SSL_CIPHER *c);
@@ -1675,7 +1678,7 @@ unsigned long 	SSL_CIPHER_get_id(const SSL_CIPHER *c);
 int     SSL_get_fd(const SSL *s);
 int     SSL_get_rfd(const SSL *s);
 int     SSL_get_wfd(const SSL *s);
-const char  * SSL_get_cipher_list(const SSL *s,int n);
+const char  * SSL_get_cipher_list(const SSL *s, int n);
 char *  SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
 int     SSL_get_read_ahead(const SSL * s);
 int     SSL_pending(const SSL *s);
@@ -1685,7 +1688,7 @@ int	SSL_set_rfd(SSL *s, int fd);
 int     SSL_set_wfd(SSL *s, int fd);
 #endif
 #ifndef OPENSSL_NO_BIO
-void    SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
+void    SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
 BIO *   SSL_get_rbio(const SSL *s);
 BIO *   SSL_get_wbio(const SSL *s);
 #endif
@@ -1693,16 +1696,16 @@ int	SSL_set_cipher_list(SSL *s, const char *str);
 void    SSL_set_read_ahead(SSL *s, int yes);
 int     SSL_get_verify_mode(const SSL *s);
 int     SSL_get_verify_depth(const SSL *s);
-int     (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
+int     (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *);
 void    SSL_set_verify(SSL *s, int mode,
-                       int (*callback)(int ok,X509_STORE_CTX *ctx));
+            int (*callback)(int ok, X509_STORE_CTX *ctx));
 void    SSL_set_verify_depth(SSL *s, int depth);
 #ifndef OPENSSL_NO_RSA
 int     SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
 #endif
 int     SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
 int     SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int     SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
+int     SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len);
 int     SSL_use_certificate(SSL *ssl, X509 *x);
 int     SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
@@ -1716,9 +1719,9 @@ int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
 int     SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
 int     SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-                                            const char *file);
+            const char *file);
 int     SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-                                            const char *dir);
+            const char *dir);
 #endif
 void    SSL_load_error_strings(void );
@@ -1730,32 +1733,34 @@ long	SSL_SESSION_get_time(const SSL_SESSION *s);
 long    SSL_SESSION_set_time(SSL_SESSION *s, long t);
 long    SSL_SESSION_get_timeout(const SSL_SESSION *s);
 long    SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-void    SSL_copy_session_id(SSL *to,const SSL *from);
+void    SSL_copy_session_id(SSL *to, const SSL *from);
 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
-int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
+int
-                               unsigned int sid_ctx_len);
+SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+unsigned int sid_ctx_len);
 SSL_SESSION *SSL_SESSION_new(void);
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+const unsigned char
-                                        unsigned int *len);
+*SSL_SESSION_get_id(const SSL_SESSION *s,
+unsigned int *len);
 unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
 #ifndef OPENSSL_NO_FP_API
-int     SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
+int     SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
 #endif
 #ifndef OPENSSL_NO_BIO
-int     SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
+int     SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
 #endif
 void    SSL_SESSION_free(SSL_SESSION *ses);
-int     i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
+int     i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
 int     SSL_set_session(SSL *to, SSL_SESSION *session);
 int     SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-int     SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
+int     SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
 int     SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
 int     SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
 int     SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
-                                        unsigned int id_len);
+            unsigned int id_len);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
-                             long length);
+            long length);
 #ifdef HEADER_X509_H
 X509 *  SSL_get_peer_certificate(const SSL *s);
@@ -1765,18 +1770,17 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
-                        int (*callback)(int, X509_STORE_CTX *));
+    int (*callback)(int, X509_STORE_CTX *));
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg);
 #ifndef OPENSSL_NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
 #endif
 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
-int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
+int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);
-        const unsigned char *d, long len);
 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
@@ -1786,12 +1790,10 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
 int SSL_CTX_check_private_key(const SSL_CTX *ctx);
 int SSL_check_private_key(const SSL *ctx);
-int     SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
-                                       unsigned int sid_ctx_len);
-SSL *   SSL_new(SSL_CTX *ctx);
+SSL *SSL_new(SSL_CTX *ctx);
-int     SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
-                                   unsigned int sid_ctx_len);
 int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
 int SSL_set_purpose(SSL *s, int purpose);
@@ -1802,21 +1804,16 @@ int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
 int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
 #ifndef OPENSSL_NO_SRP
-int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name);
+int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
-int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password);
+int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
 int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
-int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *, void *));
-                                        char *(*cb)(SSL *,void *));
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *, void *));
-int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, int (*cb)(SSL *, int *, void *));
-                                          int (*cb)(SSL *,void *));
-int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
-                                      int (*cb)(SSL *,int *,void *));
 int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
-int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, BIGNUM *sa, BIGNUM *v, char *info);
-                             BIGNUM *sa, BIGNUM *v, char *info);
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp);
-int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
-                                const char *grp);
 BIGNUM *SSL_get_srp_g(SSL *s);
 BIGNUM *SSL_get_srp_N(SSL *s);
@@ -1828,15 +1825,15 @@ char *SSL_get_srp_userinfo(SSL *s);
 void    SSL_free(SSL *ssl);
 int     SSL_accept(SSL *ssl);
 int     SSL_connect(SSL *ssl);
-int     SSL_read(SSL *ssl,void *buf,int num);
+int     SSL_read(SSL *ssl, void *buf, int num);
-int     SSL_peek(SSL *ssl,void *buf,int num);
+int     SSL_peek(SSL *ssl, void *buf, int num);
-int     SSL_write(SSL *ssl,const void *buf,int num);
+int     SSL_write(SSL *ssl, const void *buf, int num);
-long    SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
+long    SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
 long    SSL_callback_ctrl(SSL *, int, void (*)(void));
-long    SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
+long    SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
 long    SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
-int     SSL_get_error(const SSL *s,int ret_code);
+int     SSL_get_error(const SSL *s, int ret_code);
 const char *SSL_get_version(const SSL *s);
 /* This sets the 'default' SSL version that SSL_new() will create */
@@ -1852,7 +1849,7 @@ const SSL_METHOD *SSLv3_method(void);		/* SSLv3 */
 const SSL_METHOD *SSLv3_server_method(void);    /* SSLv3 */
 const SSL_METHOD *SSLv3_client_method(void);    /* SSLv3 */
-const SSL_METHOD *SSLv23_method(void);  /* SSLv3 but can rollback to v2 */
+const SSL_METHOD *SSLv23_method(void);          /* SSLv3 but can rollback to v2 */
 const SSL_METHOD *SSLv23_server_method(void);   /* SSLv3 but can rollback to v2 */
 const SSL_METHOD *SSLv23_client_method(void);   /* SSLv3 but can rollback to v2 */
@@ -1892,8 +1889,8 @@ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
-int SSL_add_client_CA(SSL *ssl,X509 *x);
+int SSL_add_client_CA(SSL *ssl, X509 *x);
-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
 void SSL_set_connect_state(SSL *s);
 void SSL_set_accept_state(SSL *s);
@@ -1902,7 +1899,7 @@ long SSL_get_default_timeout(const SSL *s);
 int SSL_library_init(void );
-char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
+char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
 SSL *SSL_dup(SSL *ssl);
@@ -1919,35 +1916,36 @@ int SSL_get_shutdown(const SSL *ssl);
 int SSL_version(const SSL *ssl);
 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
-        const char *CApath);
+    const char *CApath);
 #define SSL_get0_session SSL_get_session /* just peek at pointer */
 SSL_SESSION *SSL_get_session(const SSL *ssl);
 SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
 void SSL_set_info_callback(SSL *ssl,
-                           void (*cb)(const SSL *ssl,int type,int val));
+    void (*cb)(const SSL *ssl, int type, int val));
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
+void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val);
 int SSL_state(const SSL *ssl);
 void SSL_set_state(SSL *ssl, int state);
-void SSL_set_verify_result(SSL *ssl,long v);
+void SSL_set_verify_result(SSL *ssl, long v);
 long SSL_get_verify_result(const SSL *ssl);
-int SSL_set_ex_data(SSL *ssl,int idx,void *data);
+int SSL_set_ex_data(SSL *ssl, int idx, void *data);
-void *SSL_get_ex_data(const SSL *ssl,int idx);
+void *SSL_get_ex_data(const SSL *ssl, int idx);
 int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+int SSL_SESSION_get_ex_new_index(long argl, void *argp,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+    CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+    CRYPTO_EX_free *free_func);
-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
+int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
-void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
+void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
 int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int SSL_get_ex_data_X509_STORE_CTX_idx(void );
@@ -1980,31 +1978,25 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
 #define SSL_set_max_send_fragment(ssl,m) \
        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
-     /* NB: the keylength is only applicable when is_export is true */
+/* NB: the keylength is only applicable when is_export is true */
 #ifndef OPENSSL_NO_RSA
 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
-                                  RSA *(*cb)(SSL *ssl,int is_export,
+    RSA *(*cb)(SSL *ssl, int is_export, int keylength));
-                                             int keylength));
 void SSL_set_tmp_rsa_callback(SSL *ssl,
-                                  RSA *(*cb)(SSL *ssl,int is_export,
+    RSA *(*cb)(SSL *ssl, int is_export, int keylength));
-                                             int keylength));
 #endif
 #ifndef OPENSSL_NO_DH
 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
-                                 DH *(*dh)(SSL *ssl,int is_export,
+    DH *(*dh)(SSL *ssl, int is_export, int keylength));
-                                           int keylength));
 void SSL_set_tmp_dh_callback(SSL *ssl,
-                                 DH *(*dh)(SSL *ssl,int is_export,
+    DH *(*dh)(SSL *ssl, int is_export, int keylength));
-                                           int keylength));
 #endif
 #ifndef OPENSSL_NO_ECDH
 void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
-                                 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+    EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
-                                           int keylength));
 void SSL_set_tmp_ecdh_callback(SSL *ssl,
-                                 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+    EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
-                                           int keylength));
 #endif
 #ifndef OPENSSL_NO_COMP
@@ -2012,23 +2004,24 @@ const COMP_METHOD *SSL_get_current_compression(SSL *s);
 const COMP_METHOD *SSL_get_current_expansion(SSL *s);
 const char *SSL_COMP_get_name(const COMP_METHOD *comp);
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
 #else
 const void *SSL_get_current_compression(SSL *s);
 const void *SSL_get_current_expansion(SSL *s);
 const char *SSL_COMP_get_name(const void *comp);
 void *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,void *cm);
+int SSL_COMP_add_compression_method(int id, void *cm);
 #endif
 /* TLS extensions functions */
 int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
-int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
+int SSL_set_session_ticket_ext_cb(SSL *s,
-                                  void *arg);
+    tls_session_ticket_ext_cb_fn cb, void *arg);
 /* Pre-shared secret session resumption functions */
-int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
+int SSL_set_session_secret_cb(SSL *s,
+    tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
 void SSL_set_debug(SSL *s, int debug);
 int SSL_cache_hit(SSL *s);
diff --git a/src/lib/libssl/src/ssl/ssl2.h b/src/lib/libssl/src/ssl/ssl2.h
index 29033c8be7..4052b11868 100644
--- a/src/lib/libssl/src/ssl/ssl2.h
+++ b/src/lib/libssl/src/ssl/ssl2.h
@@ -100,7 +100,7 @@ extern "C" {
 #define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5       0x020700c0
 #define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA       0x020701c0 /* v3 */
 #define SSL2_CK_RC4_64_WITH_MD5                 0x02080080 /* MS hack */
- 
 #define SSL2_CK_DES_64_CFB64_WITH_MD5_1         0x02ff0800 /* SSLeay */
 #define SSL2_CK_NULL                            0x02ff0810 /* SSLeay */
@@ -133,8 +133,8 @@ extern "C" {
 /* Upper/Lower Bounds */
 #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS      256
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    32767u  /* 2^15-1 */
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    32767u  /* 2^15-1 */
-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER    16383 /* 2^14-1 */
+#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER    16383   /* 2^14-1 */
 #define SSL2_CHALLENGE_LENGTH   16
 /*#define SSL2_CHALLENGE_LENGTH 32 */
@@ -153,8 +153,7 @@ extern "C" {
 #ifndef OPENSSL_NO_SSL_INTERN
-typedef struct ssl2_state_st
+typedef struct ssl2_state_st {
-        {
        int three_byte_header;
        int clear_text;         /* clear text */
        int escape;             /* not used in SSLv2 */
@@ -167,8 +166,8 @@ typedef struct ssl2_state_st
        const unsigned char *wpend_buf;
        int wpend_off;  /* offset to data to write */
-        int wpend_len;  /* number of bytes passwd to write */
+        int wpend_len;  /* number of bytes passwd to write */
-        int wpend_ret;  /* number of bytes to return to caller */
+        int wpend_ret;  /* number of bytes to return to caller */
        /* buffer raw data */
        int rbuf_left;
@@ -191,7 +190,7 @@ typedef struct ssl2_state_st
        unsigned char *read_key;
        unsigned char *write_key;
-                /* Stuff specifically to do with this SSL session */
+        /* Stuff specifically to do with this SSL session */
        unsigned int challenge_length;
        unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
        unsigned int conn_id_length;
@@ -202,20 +201,23 @@ typedef struct ssl2_state_st
        unsigned long read_sequence;
        unsigned long write_sequence;
-        struct  {
+        struct {
                unsigned int conn_id_length;
-                unsigned int cert_type; 
+                unsigned int cert_type;
                unsigned int cert_length;
-                unsigned int csl; 
+                unsigned int csl;
                unsigned int clear;
-                unsigned int enc; 
+                unsigned int enc;
                unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
                unsigned int cipher_spec_length;
                unsigned int session_id_length;
                unsigned int clen;
                unsigned int rlen;
-                } tmp;
+        } tmp;
-        } SSL2_STATE;
+} SSL2_STATE;
 #endif
@@ -265,4 +267,3 @@ typedef struct ssl2_state_st
 }
 #endif
 #endif
diff --git a/src/lib/libssl/src/ssl/ssl23.h b/src/lib/libssl/src/ssl/ssl23.h
index d3228983c7..4e28a06796 100644
--- a/src/lib/libssl/src/ssl/ssl23.h
+++ b/src/lib/libssl/src/ssl/ssl23.h
@@ -80,4 +80,3 @@ extern "C" {
 }
 #endif
 #endif
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h
index cb8b2492ec..2b25357917 100644
--- a/src/lib/libssl/src/ssl/ssl3.h
+++ b/src/lib/libssl/src/ssl/ssl3.h
@@ -163,13 +163,13 @@ extern "C" {
 #define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
 #if 0
-        #define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
+#define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
-        #define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
+#define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
-        #if 0 /* Because it clashes with KRB5, is never used any more, and is safe
+#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
-                 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
+         to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
-                 of the ietf-tls list */
+         of the ietf-tls list */
-        #define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
+#define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
-        #endif
+#endif
 #endif
 /*    VRS Additional Kerberos5 entries
@@ -222,9 +222,9 @@ extern "C" {
 #define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
 #if 0
-        #define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
+#define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
-        #define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
+#define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
-        #define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
+#define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
 #endif
 #define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
@@ -342,11 +342,10 @@ extern "C" {
 #define TLS1_HB_REQUEST         1
 #define TLS1_HB_RESPONSE        2
-        
 #ifndef OPENSSL_NO_SSL_INTERN
-typedef struct ssl3_record_st
+typedef struct ssl3_record_st {
-        {
 /*r */  int type;               /* type of record */
 /*rw*/  unsigned int length;    /* How many bytes available */
 /*r */  unsigned int off;       /* read/write offset into 'buf' */
@@ -355,16 +354,15 @@ typedef struct ssl3_record_st
 /*r */  unsigned char *comp;    /* only used with decompression - malloc()ed */
 /*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
 /*r */  unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
-        } SSL3_RECORD;
+} SSL3_RECORD;
-typedef struct ssl3_buffer_st
+typedef struct ssl3_buffer_st {
-        {
+        unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
-        unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
                                 * see ssl3_setup_buffers() */
-        size_t len;             /* buffer size */
+        size_t len;             /* buffer size */
-        int offset;             /* where to 'copy from' */
+        int offset;             /* where to 'copy from' */
-        int left;               /* how many bytes left */
+        int left;               /* how many bytes left */
-        } SSL3_BUFFER;
+} SSL3_BUFFER;
 #endif
@@ -388,7 +386,7 @@ typedef struct ssl3_buffer_st
 #define TLS1_FLAGS_TLS_PADDING_BUG              0x0008
 #define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
 #define TLS1_FLAGS_KEEP_HANDSHAKE               0x0020
- 
 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
 * restart a handshake because of MS SGC and so prevents us
 * from restarting the handshake in a loop. It's reset on a
@@ -402,8 +400,7 @@ typedef struct ssl3_buffer_st
 #ifndef OPENSSL_NO_SSL_INTERN
-typedef struct ssl3_state_st
+typedef struct ssl3_state_st {
-        {
        long flags;
        int delay_buf_pop_ret;
@@ -471,7 +468,8 @@ typedef struct ssl3_state_st
        /* Opaque PRF input as used for the current handshake.
         * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
-         * (otherwise, they are merely present to improve binary compatibility) */
+         * (otherwise, they are merely present to improve binary compatibility)
+         */
        void *client_opaque_prf_input;
        size_t client_opaque_prf_input_len;
        void *server_opaque_prf_input;
@@ -501,7 +499,7 @@ typedef struct ssl3_state_st
 #endif
                /* used when SSL_ST_FLUSH_DATA is entered */
-                int next_state;                 
+                int next_state;
                int reuse_message;
@@ -526,17 +524,18 @@ typedef struct ssl3_state_st
                char *new_compression;
 #endif
                int cert_request;
-                } tmp;
+        } tmp;
-        /* Connection binding to prevent renegotiation attacks */
+        /* Connection binding to prevent renegotiation attacks */
-        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_client_finished_len;
+        unsigned char previous_client_finished_len;
-        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_server_finished_len;
+        unsigned char previous_server_finished_len;
-        int send_connection_binding; /* TODOEKR */
+        int send_connection_binding; /* TODOEKR */
 #ifndef OPENSSL_NO_NEXTPROTONEG
-        /* Set if we saw the Next Protocol Negotiation extension from our peer. */
+        /* Set if we saw the Next Protocol Negotiation extension from our peer.
+         */
        int next_proto_neg_seen;
 #endif
@@ -548,7 +547,7 @@ typedef struct ssl3_state_st
        char is_probably_safari;
 #endif /* !OPENSSL_NO_EC */
 #endif /* !OPENSSL_NO_TLSEXT */
-        } SSL3_STATE;
+} SSL3_STATE;
 #endif
@@ -690,4 +689,3 @@ typedef struct ssl3_state_st
 }
 #endif
 #endif
diff --git a/src/lib/libssl/src/ssl/ssl_locl.h b/src/lib/libssl/src/ssl/ssl_locl.h
index 7311d984ae..203a47480f 100644
--- a/src/lib/libssl/src/ssl/ssl_locl.h
+++ b/src/lib/libssl/src/ssl/ssl_locl.h
@@ -480,21 +480,19 @@
 #define NAMED_CURVE_TYPE           3
 #endif  /* OPENSSL_NO_EC */
-typedef struct cert_pkey_st
+typedef struct cert_pkey_st {
-        {
        X509 *x509;
        EVP_PKEY *privatekey;
        /* Digest to use when signing */
        const EVP_MD *digest;
-        } CERT_PKEY;
+} CERT_PKEY;
-typedef struct cert_st
+typedef struct cert_st {
-        {
        /* Current active set */
        CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
                         * Probably it would make more sense to store
                         * an index, not a pointer. */
- 
        /* The following masks are for the key and auth
         * algorithms that are supported by the certs below */
        int valid;
@@ -504,26 +502,25 @@ typedef struct cert_st
        unsigned long export_mask_a;
 #ifndef OPENSSL_NO_RSA
        RSA *rsa_tmp;
-        RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
+        RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize);
 #endif
 #ifndef OPENSSL_NO_DH
        DH *dh_tmp;
-        DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
+        DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
 #endif
 #ifndef OPENSSL_NO_ECDH
        EC_KEY *ecdh_tmp;
        /* Callback for generating ephemeral ECDH keys */
-        EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
+        EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize);
 #endif
        CERT_PKEY pkeys[SSL_PKEY_NUM];
        int references; /* >1 only if SSL_copy_session_id is used */
-        } CERT;
+} CERT;
-typedef struct sess_cert_st
+typedef struct sess_cert_st {
-        {
        STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
        /* The 'peer_...' members are used only by clients. */
@@ -545,7 +542,7 @@ typedef struct sess_cert_st
 #endif
        int references; /* actually always 1 at the moment */
-        } SESS_CERT;
+} SESS_CERT;
 /*#define MAC_DEBUG     */
@@ -568,12 +565,12 @@ typedef struct sess_cert_st
 /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
 * It is a bit of a mess of functions, but hell, think of it as
 * an opaque structure :-) */
-typedef struct ssl3_enc_method
+typedef struct ssl3_enc_method {
-        {
        int (*enc)(SSL *, int);
        int (*mac)(SSL *, unsigned char *, int);
        int (*setup_key_block)(SSL *);
-        int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
+        int (*generate_master_secret)(SSL *, unsigned char *,
+            unsigned char *, int);
        int (*change_cipher_state)(SSL *, int);
        int (*final_finish_mac)(SSL *,  const char *, int, unsigned char *);
        int finish_mac_length;
@@ -584,33 +581,29 @@ typedef struct ssl3_enc_method
        int server_finished_label_len;
        int (*alert_value)(int);
        int (*export_keying_material)(SSL *, unsigned char *, size_t,
-                                      const char *, size_t,
+            const char *, size_t, const unsigned char *, size_t,
-                                      const unsigned char *, size_t,
+            int use_context);
-                                      int use_context);
+} SSL3_ENC_METHOD;
-        } SSL3_ENC_METHOD;
 #ifndef OPENSSL_NO_COMP
 /* Used for holding the relevant compression methods loaded into SSL_CTX */
-typedef struct ssl3_comp_st
+typedef struct ssl3_comp_st {
-        {
        int comp_id;    /* The identifier byte for this compression type */
        char *name;     /* Text name used for the compression type */
        COMP_METHOD *method; /* The method :-) */
-        } SSL3_COMP;
+} SSL3_COMP;
 #endif
 #ifndef OPENSSL_NO_BUF_FREELISTS
-typedef struct ssl3_buf_freelist_st
+typedef struct ssl3_buf_freelist_st {
-        {
        size_t chunklen;
        unsigned int len;
        struct ssl3_buf_freelist_entry_st *head;
-        } SSL3_BUF_FREELIST;
+} SSL3_BUF_FREELIST;
-typedef struct ssl3_buf_freelist_entry_st
+typedef struct ssl3_buf_freelist_entry_st {
-        {
        struct ssl3_buf_freelist_entry_st *next;
-        } SSL3_BUF_FREELIST_ENTRY;
+} SSL3_BUF_FREELIST_ENTRY;
 #endif
 extern SSL3_ENC_METHOD ssl3_undef_enc_method;
@@ -822,32 +815,33 @@ SESS_CERT *ssl_sess_cert_new(void);
 void ssl_sess_cert_free(SESS_CERT *sc);
 int ssl_set_peer_cert_type(SESS_CERT *c, int type);
 int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
+int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
-int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+    const unsigned char *limit);
-DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
-                                  ssl_cipher_id);
+DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
-                        const SSL_CIPHER * const *bp);
+    const SSL_CIPHER * const *bp);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
-                                               STACK_OF(SSL_CIPHER) **skp);
+    int num, STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
-                             int (*put_cb)(const SSL_CIPHER *, unsigned char *));
+    unsigned char *p, int (*put_cb)(const SSL_CIPHER *, unsigned char *));
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
-                                             STACK_OF(SSL_CIPHER) **pref,
+    STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted,
-                                             STACK_OF(SSL_CIPHER) **sorted,
+    const char *rule_str);
-                                             const char *rule_str);
 void ssl_update_cache(SSL *s, int mode);
-int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
+int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-                       const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
+    const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,
-int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);                          
+    SSL_COMP **comp);
-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
+int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md);
+int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
 int ssl_undefined_function(SSL *s);
 int ssl_undefined_void_function(void);
 int ssl_undefined_const_function(const SSL *s);
 CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
 X509 *ssl_get_server_send_cert(const SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
+EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd);
-int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
+int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
@@ -856,14 +850,14 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
 int ssl2_enc_init(SSL *s, int client);
 int ssl2_generate_key_material(SSL *s);
-void ssl2_enc(SSL *s,int send_data);
+void ssl2_enc(SSL *s, int send_data);
-void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
+void ssl2_mac(SSL *s, unsigned char *mac, int send_data);
 const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
+int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
 int ssl2_part_read(SSL *s, unsigned long f, int i);
 int ssl2_do_write(SSL *s);
 int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
-void ssl2_return_error(SSL *s,int reason);
+void ssl2_return_error(SSL *s, int reason);
 void ssl2_write_error(SSL *s);
 int ssl2_num_ciphers(void);
 const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
@@ -876,47 +870,50 @@ int	ssl2_peek(SSL *s, void *buf, int len);
 int     ssl2_write(SSL *s, const void *buf, int len);
 int     ssl2_shutdown(SSL *s);
 void    ssl2_clear(SSL *s);
-long    ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
+long    ssl2_ctrl(SSL *s, int cmd, long larg, void *parg);
-long    ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
+long    ssl2_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
-long    ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
+long    ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
-long    ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
+long    ssl2_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
 int     ssl2_pending(const SSL *s);
 long    ssl2_default_timeout(void );
 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
 void ssl3_init_finished_mac(SSL *s);
 int ssl3_send_server_certificate(SSL *s);
 int ssl3_send_newsession_ticket(SSL *s);
 int ssl3_send_cert_status(SSL *s);
-int ssl3_get_finished(SSL *s,int state_a,int state_b);
+int ssl3_get_finished(SSL *s, int state_a, int state_b);
 int ssl3_setup_key_block(SSL *s);
-int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
+int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
-int ssl3_change_cipher_state(SSL *s,int which);
+int ssl3_change_cipher_state(SSL *s, int which);
 void ssl3_cleanup_key_block(SSL *s);
-int ssl3_do_write(SSL *s,int type);
+int ssl3_do_write(SSL *s, int type);
-int ssl3_send_alert(SSL *s,int level, int desc);
+int ssl3_send_alert(SSL *s, int level, int desc);
 int ssl3_generate_master_secret(SSL *s, unsigned char *out,
-        unsigned char *p, int len);
+    unsigned char *p, int len);
-int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
+int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
 long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
+int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
 int ssl3_num_ciphers(void);
 const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
-int ssl3_renegotiate(SSL *ssl); 
+int ssl3_renegotiate(SSL *ssl);
-int ssl3_renegotiate_check(SSL *ssl); 
+int ssl3_renegotiate_check(SSL *ssl);
 int ssl3_dispatch_alert(SSL *s);
 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p);
+int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
+    unsigned char *p);
 int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
 int ssl3_enc(SSL *s, int send_data);
 int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
 void ssl3_free_digest_list(SSL *s);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
+SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
-                               STACK_OF(SSL_CIPHER) *srvr);
+    STACK_OF(SSL_CIPHER) *srvr);
 int     ssl3_setup_buffers(SSL *s);
 int     ssl3_setup_read_buffer(SSL *s);
 int     ssl3_setup_write_buffer(SSL *s);
@@ -932,10 +929,10 @@ int	ssl3_peek(SSL *s, void *buf, int len);
 int     ssl3_write(SSL *s, const void *buf, int len);
 int     ssl3_shutdown(SSL *s);
 void    ssl3_clear(SSL *s);
-long    ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
+long    ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
-long    ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
+long    ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
-long    ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
+long    ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
-long    ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
+long    ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
 int     ssl3_pending(const SSL *s);
 void ssl3_record_sequence_update(unsigned char *seq);
@@ -952,16 +949,16 @@ const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
 long ssl23_default_timeout(void );
 long tls1_default_timeout(void);
-int dtls1_do_write(SSL *s,int type);
+int dtls1_do_write(SSL *s, int type);
 int ssl3_read_n(SSL *s, int n, int max, int extend);
 int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_do_compress(SSL *ssl);
 int ssl3_do_uncompress(SSL *ssl);
 int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-        unsigned int len);
+    unsigned int len);
-unsigned char *dtls1_set_message_header(SSL *s, 
+unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
-        unsigned char *p, unsigned char mt,     unsigned long len, 
+    unsigned char mt, unsigned long len, unsigned long frag_off,
-        unsigned long frag_off, unsigned long frag_len);
+    unsigned long frag_len);
 int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
 int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
@@ -971,8 +968,8 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
 unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
 int dtls1_read_failed(SSL *s, int code);
 int dtls1_buffer_message(SSL *s, int ccs);
-int dtls1_retransmit_message(SSL *s, unsigned short seq, 
+int dtls1_retransmit_message(SSL *s, unsigned short seq,
-        unsigned long frag_off, int *found);
+    unsigned long frag_off, int *found);
 int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
 int dtls1_retransmit_buffered_messages(SSL *s);
 void dtls1_clear_record_buffer(SSL *s);
@@ -1049,21 +1046,21 @@ int ssl23_write_bytes(SSL *s);
 int tls1_new(SSL *s);
 void tls1_free(SSL *s);
 void tls1_clear(SSL *s);
-long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
+long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
-long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
+long tls1_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
 int dtls1_new(SSL *s);
 int     dtls1_accept(SSL *s);
 int     dtls1_connect(SSL *s);
 void dtls1_free(SSL *s);
 void dtls1_clear(SSL *s);
-long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
 int dtls1_shutdown(SSL *s);
 long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
 int dtls1_get_record(SSL *s);
 int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-        unsigned int len, int create_empty_fragement);
+    unsigned int len, int create_empty_fragement);
 int dtls1_dispatch_alert(SSL *s);
 int dtls1_enc(SSL *s, int snd);
@@ -1073,15 +1070,14 @@ void ssl_free_wbio_buffer(SSL *s);
 int tls1_change_cipher_state(SSL *s, int which);
 int tls1_setup_key_block(SSL *s);
 int tls1_enc(SSL *s, int snd);
-int tls1_final_finish_mac(SSL *s,
+int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p);
-        const char *str, int slen, unsigned char *p);
 int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 int tls1_mac(SSL *ssl, unsigned char *md, int snd);
 int tls1_generate_master_secret(SSL *s, unsigned char *out,
-        unsigned char *p, int len);
+    unsigned char *p, int len);
 int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-        const char *label, size_t llen,
+    const char *label, size_t llen, const unsigned char *p, size_t plen,
-        const unsigned char *p, size_t plen, int use_context);
+    int use_context);
 int tls1_alert_code(int code);
 int ssl3_alert_code(int code);
 int ssl_ok(SSL *s);
@@ -1098,10 +1094,16 @@ int tls1_ec_nid2curve_id(int nid);
 #endif /* OPENSSL_NO_EC */
 #ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p,
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
+    unsigned char *limit);
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
-int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p,
+    unsigned char *limit);
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
+    unsigned char *d, int n, int *al);
+int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
+    unsigned char *d, int n, int *al);
 int ssl_prepare_clienthello_tlsext(SSL *s);
 int ssl_prepare_serverhello_tlsext(SSL *s);
 int ssl_check_clienthello_tlsext_early(SSL *s);
@@ -1114,60 +1116,53 @@ int ssl_check_serverhello_tlsext(SSL *s);
 #define tlsext_tick_md  EVP_sha256
 #endif
 int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
-                                const unsigned char *limit, SSL_SESSION **ret);
+    const unsigned char *limit, SSL_SESSION **ret);
 int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
-                                const EVP_MD *md);
+    const EVP_MD *md);
 int tls12_get_sigid(const EVP_PKEY *pk);
 const EVP_MD *tls12_get_hash(unsigned char hash_alg);
 #endif
-EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
+EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
-int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p,
-                                        int maxlen);
+    int *len, int maxlen);
-int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d,
-                                          int *al);
+    int len, int *al);
-int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p,
-                                        int maxlen);
+    int *len, int maxlen);
-int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d,
-                                          int *al);
+    int len, int *al);
 long ssl_get_algorithm2(SSL *s);
 int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
 int tls12_get_req_sig_algs(SSL *s, unsigned char *p);
-int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
+int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p,
-int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
+    int *len, int maxlen);
-int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
+int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d,
-int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
+    int len, int *al);
+int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p,
+    int *len, int maxlen);
+int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d,
+    int len, int *al);
 /* s3_cbc.c */
-void ssl3_cbc_copy_mac(unsigned char* out,
+void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec,
-                       const SSL3_RECORD *rec,
+    unsigned md_size, unsigned orig_len);
-                       unsigned md_size,unsigned orig_len);
+int ssl3_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
-int ssl3_cbc_remove_padding(const SSL* s,
+    unsigned block_size, unsigned mac_size);
-                            SSL3_RECORD *rec,
+int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
-                            unsigned block_size,
+    unsigned block_size, unsigned mac_size);
-                            unsigned mac_size);
-int tls1_cbc_remove_padding(const SSL* s,
-                            SSL3_RECORD *rec,
-                            unsigned block_size,
-                            unsigned mac_size);
 char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
-void ssl3_cbc_digest_record(
+void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
-        const EVP_MD_CTX *ctx,
+    size_t *md_out_size, const unsigned char header[13],
-        unsigned char* md_out,
+    const unsigned char *data, size_t data_plus_mac_size,
-        size_t* md_out_size,
+    size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
-        const unsigned char header[13],
+    unsigned mac_secret_length, char is_sslv3);
-        const unsigned char *data,
-        size_t data_plus_mac_size,
+void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
-        size_t data_plus_mac_plus_padding_size,
+    EVP_MD_CTX *mac_ctx, const unsigned char *data, size_t data_len,
-        const unsigned char *mac_secret,
+    size_t orig_len);
-        unsigned mac_secret_length,
-        char is_sslv3);
-void tls_fips_digest_extra(
-        const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
-        const unsigned char *data, size_t data_len, size_t orig_len);
 #endif
diff --git a/src/lib/libssl/src/ssl/tls1.h b/src/lib/libssl/src/ssl/tls1.h
index 7e35f13849..95d6660ac3 100644
--- a/src/lib/libssl/src/ssl/tls1.h
+++ b/src/lib/libssl/src/ssl/tls1.h
@@ -240,9 +240,9 @@ extern "C" {
 #define TLSEXT_TYPE_session_ticket              35
 /* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
-#if 0 /* will have to be provided externally for now ,
+#if 0   /* will have to be provided externally for now ,
-       * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
+         * i.e. build with - DTLSEXT_TYPE_opaque_prf_input = 38183
-       * using whatever extension number you'd like to try */
+         * using whatever extension number you'd like to try */
 # define TLSEXT_TYPE_opaque_prf_input           ?? */
 #endif
@@ -295,8 +295,8 @@ int SSL_get_servername_type(const SSL *s);
 * It returns 1 on success and zero otherwise.
 */
 int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-        const char *label, size_t llen, const unsigned char *p, size_t plen,
+    const char *label, size_t llen, const unsigned char *p, size_t plen,
-        int use_context);
+    int use_context);
 #define SSL_set_tlsext_host_name(s,name) \
 SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
@@ -719,11 +719,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #endif
 /* TLS Session Ticket extension struct */
-struct tls_session_ticket_ext_st
+struct tls_session_ticket_ext_st {
-        {
        unsigned short length;
        void *data;
-        };
+};
 #ifdef  __cplusplus
 }
diff --git a/src/lib/libssl/srtp.h b/src/lib/libssl/srtp.h
index c0cf33ef28..06075f2c86 100644
--- a/src/lib/libssl/srtp.h
+++ b/src/lib/libssl/srtp.h
@@ -122,7 +122,6 @@
 extern "C" {
 #endif
-     
 #define SRTP_AES128_CM_SHA1_80 0x0001
 #define SRTP_AES128_CM_SHA1_32 0x0002
 #define SRTP_AES128_F8_SHA1_80 0x0003
@@ -142,4 +141,3 @@ SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
 #endif
 #endif
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index bf4b2f2cb6..97e4a3f96c 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -260,9 +260,9 @@ extern "C" {
 #define SSL_TXT_aKRB5           "aKRB5"
 #define SSL_TXT_aECDSA          "aECDSA"
 #define SSL_TXT_aPSK            "aPSK"
-#define SSL_TXT_aGOST94 "aGOST94"
+#define SSL_TXT_aGOST94         "aGOST94"
-#define SSL_TXT_aGOST01 "aGOST01"
+#define SSL_TXT_aGOST01         "aGOST01"
-#define SSL_TXT_aGOST  "aGOST"
+#define SSL_TXT_aGOST           "aGOST"
 #define SSL_TXT_DSS             "DSS"
 #define SSL_TXT_DH              "DH"
@@ -369,23 +369,22 @@ typedef struct ssl_session_st SSL_SESSION;
 DECLARE_STACK_OF(SSL_CIPHER)
 /* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
-typedef struct srtp_protection_profile_st
+typedef struct srtp_protection_profile_st {
-       {
+        const char *name;
-       const char *name;
+        unsigned long id;
-       unsigned long id;
+} SRTP_PROTECTION_PROFILE;
-       } SRTP_PROTECTION_PROFILE;
 DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
-typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data, int len, void *arg);
+typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
-typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
+    int len, void *arg);
+typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
+    STACK_OF(SSL_CIPHER) *peer_ciphers, SSL_CIPHER **cipher, void *arg);
 #ifndef OPENSSL_NO_SSL_INTERN
 /* used to hold info on the particular ciphers used */
-struct ssl_cipher_st
+struct ssl_cipher_st {
-        {
        int valid;
        const char *name;               /* text name */
        unsigned long id;               /* id, 4 bytes, first is version */
@@ -401,34 +400,33 @@ struct ssl_cipher_st
        unsigned long algorithm2;       /* Extra flags */
        int strength_bits;              /* Number of bits really used */
        int alg_bits;                   /* Number of bits for algorithm */
-        };
+};
 /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */
-struct ssl_method_st
+struct ssl_method_st {
-        {
        int version;
        int (*ssl_new)(SSL *s);
        void (*ssl_clear)(SSL *s);
        void (*ssl_free)(SSL *s);
        int (*ssl_accept)(SSL *s);
        int (*ssl_connect)(SSL *s);
-        int (*ssl_read)(SSL *s,void *buf,int len);
+        int (*ssl_read)(SSL *s, void *buf, int len);
-        int (*ssl_peek)(SSL *s,void *buf,int len);
+        int (*ssl_peek)(SSL *s, void *buf, int len);
-        int (*ssl_write)(SSL *s,const void *buf,int len);
+        int (*ssl_write)(SSL *s, const void *buf, int len);
        int (*ssl_shutdown)(SSL *s);
        int (*ssl_renegotiate)(SSL *s);
        int (*ssl_renegotiate_check)(SSL *s);
-        long (*ssl_get_message)(SSL *s, int st1, int stn, int mt, long
+        long (*ssl_get_message)(SSL *s, int st1, int stn, int mt,
-                max, int *ok);
+            long max, int *ok);
-        int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len, 
+        int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf,
-                int peek);
+            int len, int peek);
        int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
        int (*ssl_dispatch_alert)(SSL *s);
-        long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg);
+        long (*ssl_ctrl)(SSL *s, int cmd, long larg, void *parg);
-        long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg);
+        long (*ssl_ctx_ctrl)(SSL_CTX *ctx, int cmd, long larg, void *parg);
        const SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr);
-        int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr);
+        int (*put_cipher_by_char)(const SSL_CIPHER *cipher, unsigned char *ptr);
        int (*ssl_pending)(const SSL *s);
        int (*num_ciphers)(void);
        const SSL_CIPHER *(*get_cipher)(unsigned ncipher);
@@ -438,7 +436,7 @@ struct ssl_method_st
        int (*ssl_version)(void);
        long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)(void));
        long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)(void));
-        };
+};
 /* Lets make this into an ASN.1 type structure as follows
 * SSL_SESSION_ID ::= SEQUENCE {
@@ -465,8 +463,7 @@ struct ssl_method_st
 * Look in ssl/ssl_asn1.c for more details
 * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
 */
-struct ssl_session_st
+struct ssl_session_st {
-        {
        int ssl_version;        /* what ssl version session info is
                                 * being kept in here? */
@@ -485,8 +482,8 @@ struct ssl_session_st
        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
 #ifndef OPENSSL_NO_KRB5
-        unsigned int krb5_client_princ_len;
+        unsigned int krb5_client_princ_len;
-        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
+        unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH];
 #endif /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_PSK
        char *psk_identity_hint;
@@ -526,7 +523,7 @@ struct ssl_session_st
        /* These are used to make removal of session-ids more
         * efficient and to implement a maximum cache size. */
-        struct ssl_session_st *prev,*next;
+        struct ssl_session_st *prev, *next;
 #ifndef OPENSSL_NO_TLSEXT
        char *tlsext_hostname;
 #ifndef OPENSSL_NO_EC
@@ -543,7 +540,7 @@ struct ssl_session_st
 #ifndef OPENSSL_NO_SRP
        char *srp_username;
 #endif
-        };
+};
 #endif
@@ -684,8 +681,11 @@ struct ssl_session_st
 #define SSL_get_secure_renegotiation_support(ssl) \
        SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p,
-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
+    int version, int content_type, const void *buf, size_t len, SSL *ssl,
+    void *arg));
+void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
+    int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
 #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
 #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
@@ -693,8 +693,7 @@ void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int con
 #ifndef OPENSSL_NO_SSL_INTERN
-typedef struct srp_ctx_st
+typedef struct srp_ctx_st {
-        {
        /* param for all the callbacks */
        void *SRP_cb_arg;
        /* set client Hello login callback */
@@ -705,13 +704,13 @@ typedef struct srp_ctx_st
        char *(*SRP_give_srp_client_pwd_callback)(SSL *, void *);
        char *login;
-        BIGNUM *N,*g,*s,*B,*A;
+        BIGNUM *N, *g, *s, *B, *A;
-        BIGNUM *a,*b,*v;
+        BIGNUM *a, *b, *v;
        char *info;
        int strength;
        unsigned long srp_Mask;
-        } SRP_CTX;
+} SRP_CTX;
 #endif
@@ -721,9 +720,9 @@ int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
 int SSL_SRP_CTX_free(SSL *ctx);
 int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
 int SSL_srp_server_param_with_username(SSL *s, int *ad);
-int SRP_generate_server_master_secret(SSL *s,unsigned char *master_key);
+int SRP_generate_server_master_secret(SSL *s, unsigned char *master_key);
 int SRP_Calc_A_param(SSL *s);
-int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);
+int SRP_generate_client_master_secret(SSL *s, unsigned char *master_key);
 #endif
@@ -745,14 +744,13 @@ int SRP_generate_client_master_secret(SSL *s,unsigned char *master_key);
 * returns in this case. It is also an error for the callback to set the size to
 * zero. */
 typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
-                                unsigned int *id_len);
+    unsigned int *id_len);
 typedef struct ssl_comp_st SSL_COMP;
 #ifndef OPENSSL_NO_SSL_INTERN
-struct ssl_comp_st
+struct ssl_comp_st {
-        {
        int id;
        const char *name;
 #ifndef OPENSSL_NO_COMP
@@ -760,13 +758,12 @@ struct ssl_comp_st
 #else
        char *method;
 #endif
-        };
+};
 DECLARE_STACK_OF(SSL_COMP)
 DECLARE_LHASH_OF(SSL_SESSION);
-struct ssl_ctx_st
+struct ssl_ctx_st {
-        {
        const SSL_METHOD *method;
        STACK_OF(SSL_CIPHER) *cipher_list;
@@ -801,13 +798,12 @@ struct ssl_ctx_st
         * If remove_session_cb is not null, it will be called when
         * a session-id is removed from the cache.  After the call,
         * OpenSSL will SSL_SESSION_free() it. */
-        int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess);
+        int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
-        void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess);
+        void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
        SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
-                unsigned char *data,int len,int *copy);
+        unsigned char *data, int len, int *copy);
-        struct
+        struct {
-                {
                int sess_connect;       /* SSL new conn - started */
                int sess_connect_renegotiate;/* SSL reneg - requested */
                int sess_connect_good;  /* SSL new conne/reneg - finished */
@@ -824,7 +820,7 @@ struct ssl_ctx_st
                                         * indicates that the application is
                                         * supplying session-id's from other
                                         * processes - spooky :-) */
-                } stats;
+        } stats;
        int references;
@@ -843,19 +839,19 @@ struct ssl_ctx_st
        /* get client cert callback */
        int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-    /* cookie generate callback */
+        /* cookie generate callback */
-    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, 
+        int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
-        unsigned int *cookie_len);
+        unsigned int *cookie_len);
-    /* verify cookie callback */
+        /* verify cookie callback */
-    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, 
+        int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
-        unsigned int cookie_len);
+        unsigned int cookie_len);
        CRYPTO_EX_DATA ex_data;
-        const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */
+        const EVP_MD *rsa_md5;  /* For SSLv2 - name is 'ssl2-md5' */
        const EVP_MD *md5;      /* For SSLv3/TLSv1 'ssl3-md5' */
-        const EVP_MD *sha1;   /* For SSLv3/TLSv1 'ssl3->sha1' */
+        const EVP_MD *sha1;     /* For SSLv3/TLSv1 'ssl3->sha1' */
        STACK_OF(X509) *extra_certs;
        STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
@@ -879,7 +875,8 @@ struct ssl_ctx_st
        int read_ahead;
        /* callback that allows applications to peek at protocol messages */
-        void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+        void (*msg_callback)(int write_p, int version, int content_type,
+            const void *buf, size_t len, SSL *ssl, void *arg);
        void *msg_callback_arg;
        int verify_mode;
@@ -920,10 +917,8 @@ struct ssl_ctx_st
        unsigned char tlsext_tick_hmac_key[16];
        unsigned char tlsext_tick_aes_key[16];
        /* Callback to support customisation of ticket key setting */
-        int (*tlsext_ticket_key_cb)(SSL *ssl,
+        int (*tlsext_ticket_key_cb)(SSL *ssl, unsigned char *name,
-                                        unsigned char *name, unsigned char *iv,
+            unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
-                                        EVP_CIPHER_CTX *ectx,
-                                        HMAC_CTX *hctx, int enc);
        /* certificate status request info */
        /* Callback for status request */
@@ -931,17 +926,18 @@ struct ssl_ctx_st
        void *tlsext_status_arg;
        /* draft-rescorla-tls-opaque-prf-input-00.txt information */
-        int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput, size_t len, void *arg);
+        int (*tlsext_opaque_prf_input_callback)(SSL *, void *peerinput,
+            size_t len, void *arg);
        void *tlsext_opaque_prf_input_callback_arg;
 #endif
 #ifndef OPENSSL_NO_PSK
        char *psk_identity_hint;
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
+        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
-                unsigned int max_identity_len, unsigned char *psk,
+            char *identity, unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len);
+            unsigned int max_psk_len);
        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len);
+            unsigned char *psk, unsigned int max_psk_len);
 #endif
 #ifndef OPENSSL_NO_BUF_FREELISTS
@@ -963,21 +959,20 @@ struct ssl_ctx_st
        /* For a server, this contains a callback function by which the set of
         * advertised protocols can be provided. */
        int (*next_protos_advertised_cb)(SSL *s, const unsigned char **buf,
-                                         unsigned int *len, void *arg);
+            unsigned int *len, void *arg);
        void *next_protos_advertised_cb_arg;
        /* For a client, this contains a callback function that selects the
         * next protocol from the list provided by the server. */
        int (*next_proto_select_cb)(SSL *s, unsigned char **out,
-                                    unsigned char *outlen,
+            unsigned char *outlen, const unsigned char *in,
-                                    const unsigned char *in,
+            unsigned int inlen, void *arg);
-                                    unsigned int inlen,
-                                    void *arg);
        void *next_proto_select_cb_arg;
 # endif
-        /* SRTP profiles we are willing to do from RFC 5764 */
+        /* SRTP profiles we are willing to do from RFC 5764 */
-        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  
+        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
 #endif
-        };
+};
 #endif
@@ -1018,42 +1013,49 @@ LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
 #define SSL_CTX_sess_cache_full(ctx) \
        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx, int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess));
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl, SSL_SESSION *sess);
+    int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess));
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx, void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess));
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+    SSL_SESSION *sess);
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,int len,int *copy));
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
-SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl, unsigned char *Data, int len, int *copy);
+    void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess));
-void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,int type,int val));
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl,int type,int val);
+    SSL_SESSION *sess);
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+    SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, unsigned char *data,
+    int len, int *copy));
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
+    unsigned char *Data, int len, int *copy);
+void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,
+    int type, int val));
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type,
+    int val);
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+    int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
+    EVP_PKEY **pkey);
 #ifndef OPENSSL_NO_ENGINE
 int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
 #endif
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx, int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len));
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx, int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie, unsigned int cookie_len));
+    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
+    unsigned int *cookie_len));
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+    int (*app_verify_cookie_cb)(SSL *ssl, unsigned char *cookie,
+    unsigned int cookie_len));
 #ifndef OPENSSL_NO_NEXTPROTONEG
-void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
+void
-                                           int (*cb) (SSL *ssl,
+SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
-                                                      const unsigned char **out,
+    const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
-                                                      unsigned int *outlen,
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
-                                                      void *arg),
+    unsigned char **out, unsigned char *outlen, const unsigned char *in,
-                                           void *arg);
+    unsigned int inlen, void *arg), void *arg);
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
-                                      int (*cb) (SSL *ssl,
-                                                 unsigned char **out,
-                                                 unsigned char *outlen,
-                                                 const unsigned char *in,
-                                                 unsigned int inlen,
-                                                 void *arg),
-                                      void *arg);
 int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-                          const unsigned char *in, unsigned int inlen,
+    const unsigned char *in, unsigned int inlen, const unsigned char *client,
-                          const unsigned char *client, unsigned int client_len);
+    unsigned int client_len);
-void SSL_get0_next_proto_negotiated(const SSL *s,
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-                                    const unsigned char **data, unsigned *len);
+    unsigned *len);
 #define OPENSSL_NPN_UNSUPPORTED 0
 #define OPENSSL_NPN_NEGOTIATED  1
@@ -1065,20 +1067,20 @@ void SSL_get0_next_proto_negotiated(const SSL *s,
 * resulting identity/psk */
 #define PSK_MAX_IDENTITY_LEN 128
 #define PSK_MAX_PSK_LEN 256
-void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, 
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx,
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
+    unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
-                char *identity, unsigned int max_identity_len, unsigned char *psk,
+    char *identity, unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len));
+    unsigned int max_psk_len));
-void SSL_set_psk_client_callback(SSL *ssl, 
+void SSL_set_psk_client_callback(SSL *ssl,
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, 
+    unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
-                char *identity, unsigned int max_identity_len, unsigned char *psk,
+    char *identity, unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len));
+    unsigned int max_psk_len));
-void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, 
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx,
-        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+    unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len));
+    unsigned char *psk, unsigned int max_psk_len));
 void SSL_set_psk_server_callback(SSL *ssl,
-        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
+    unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len));
+    unsigned char *psk, unsigned int max_psk_len));
 int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
 int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
 const char *SSL_get_psk_identity_hint(const SSL *s);
@@ -1101,8 +1103,7 @@ const char *SSL_get_psk_identity(const SSL *s);
 #ifndef OPENSSL_NO_SSL_INTERN
-struct ssl_st
+struct ssl_st {
-        {
        /* protocol version
         * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
         */
@@ -1146,9 +1147,9 @@ struct ssl_st
        int server;     /* are we the server side? - mostly used by SSL_clear*/
        int new_session;/* Generate a new session or reuse an old one.
-                         * NB: For servers, the 'new' session may actually be a previously
+                         * NB: For servers, the 'new' session may actually be a previously
-                         * cached session or even the previous session unless
+                         * cached session or even the previous session unless
-                         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
+                         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
        int quiet_shutdown;/* don't send shutdown packets */
        int shutdown;   /* we have shut things down, 0x01 sent, 0x02
                         * for received */
@@ -1156,7 +1157,7 @@ struct ssl_st
        int rstate;     /* where we are when reading */
        BUF_MEM *init_buf;      /* buffer used during init */
-        void *init_msg;         /* pointer to handshake message body, set by ssl3_get_message() */
+        void *init_msg;         /* pointer to handshake message body, set by ssl3_get_message() */
        int init_num;           /* amount read/written */
        int init_off;           /* amount read/written */
@@ -1169,10 +1170,11 @@ struct ssl_st
        struct dtls1_state_st *d1; /* DTLSv1 variables */
        int read_ahead;         /* Read as many input bytes as possible
-                                 * (for non-blocking reads) */
+                                 * (for non-blocking reads) */
        /* callback that allows applications to peek at protocol messages */
-        void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
+        void (*msg_callback)(int write_p, int version, int content_type,
+            const void *buf, size_t len, SSL *ssl, void *arg);
        void *msg_callback_arg;
        int hit;                /* reusing a previous session */
@@ -1190,9 +1192,10 @@ struct ssl_st
        /* These are the ones being used, the ones in SSL_SESSION are
         * the ones to be 'copied' into these ones */
-        int mac_flags; 
+        int mac_flags;
        EVP_CIPHER_CTX *enc_read_ctx;           /* cryptographic state */
-        EVP_MD_CTX *read_hash;          /* used for mac generation */
+        EVP_MD_CTX *read_hash;                  /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
        COMP_CTX *expand;                       /* uncompress */
 #else
@@ -1200,11 +1203,12 @@ struct ssl_st
 #endif
        EVP_CIPHER_CTX *enc_write_ctx;          /* cryptographic state */
-        EVP_MD_CTX *write_hash;         /* used for mac generation */
+        EVP_MD_CTX *write_hash;                 /* used for mac generation */
 #ifndef OPENSSL_NO_COMP
        COMP_CTX *compress;                     /* compression */
 #else
-        char *compress; 
+        char *compress;
 #endif
        /* session info */
@@ -1235,21 +1239,22 @@ struct ssl_st
        int error_code;         /* actual code */
 #ifndef OPENSSL_NO_KRB5
-        KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
+        KSSL_CTX *kssl_ctx;     /* Kerberos 5 context */
 #endif  /* OPENSSL_NO_KRB5 */
 #ifndef OPENSSL_NO_PSK
-        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint, char *identity,
+        unsigned int (*psk_client_callback)(SSL *ssl, const char *hint,
-                unsigned int max_identity_len, unsigned char *psk,
+            char *identity, unsigned int max_identity_len, unsigned char *psk,
-                unsigned int max_psk_len);
+            unsigned int max_psk_len);
        unsigned int (*psk_server_callback)(SSL *ssl, const char *identity,
-                unsigned char *psk, unsigned int max_psk_len);
+            unsigned char *psk, unsigned int max_psk_len);
 #endif
        SSL_CTX *ctx;
        /* set this flag to 1 and a sleep(1) is put into all SSL_read()
         * and SSL_write() calls, good for nbio debuging :-) */
-        int debug;      
+        int debug;
        /* extra application data */
        long verify_result;
@@ -1269,15 +1274,14 @@ struct ssl_st
 #ifndef OPENSSL_NO_TLSEXT
        /* TLS extension debug callback */
        void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
-                                        unsigned char *data, int len,
+            unsigned char *data, int len, void *arg);
-                                        void *arg);
        void *tlsext_debug_arg;
        char *tlsext_hostname;
-        int servername_done;   /* no further mod of servername 
+        int servername_done;    /* no further mod of servername 
-                                  0 : call the servername extension callback.
+                                   0 : call the servername extension callback.
-                                  1 : prepare 2, allow last ack just after in server callback.
+                                   1 : prepare 2, allow last ack just after in server callback.
-                                  2 : don't call servername callback, no ack in server hello
+                                   2 : don't call servername callback, no ack in server hello
-                               */
+                                   */
        /* certificate status request info */
        /* Status type or -1 if no status type */
        int tlsext_status_type;
@@ -1330,28 +1334,28 @@ struct ssl_st
 #define session_ctx initial_ctx
-        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;  /* What we'll do */
+        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;       /* What we'll do */
-        SRTP_PROTECTION_PROFILE *srtp_profile;            /* What's been chosen */
+        SRTP_PROTECTION_PROFILE *srtp_profile;                  /* What's been chosen */
-        unsigned int tlsext_heartbeat;  /* Is use of the Heartbeat extension negotiated?
+        unsigned int tlsext_heartbeat;  /* Is use of the Heartbeat extension negotiated?
-                                           0: disabled
+                                           0: disabled
-                                           1: enabled
+                                           1: enabled
-                                           2: enabled, but not allowed to send Requests
+                                           2: enabled, but not allowed to send Requests
-                                         */
+                                           */
        unsigned int tlsext_hb_pending; /* Indicates if a HeartbeatRequest is in flight */
-        unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
+        unsigned int tlsext_hb_seq;     /* HeartbeatRequest sequence number */
 #else
 #define session_ctx ctx
 #endif /* OPENSSL_NO_TLSEXT */
        int renegotiate;/* 1 if we are renegotiating.
-                         * 2 if we are a server and are inside a handshake
+                         * 2 if we are a server and are inside a handshake
                         * (i.e. not just sending a HelloRequest) */
 #ifndef OPENSSL_NO_SRP
        SRP_CTX srp_ctx; /* ctx for SRP authentication */
 #endif
-        };
+};
 #endif
@@ -1361,10 +1365,10 @@ struct ssl_st
 #include <openssl/ssl2.h>
 #include <openssl/ssl3.h>
-#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
+#include <openssl/tls1.h>       /* This is mostly sslv3 with a few tweaks */
-#include <openssl/dtls1.h> /* Datagram TLS */
+#include <openssl/dtls1.h>      /* Datagram TLS */
 #include <openssl/ssl23.h>
-#include <openssl/srtp.h>  /* Support for the use_srtp extension */
+#include <openssl/srtp.h>       /* Support for the use_srtp extension */
 #ifdef  __cplusplus
 extern "C" {
@@ -1417,9 +1421,9 @@ extern "C" {
 /* The following 2 states are kept in ssl->rstate when reads fail,
 * you should not need these */
-#define SSL_ST_READ_HEADER                      0xF0
+#define SSL_ST_READ_HEADER              0xF0
-#define SSL_ST_READ_BODY                        0xF1
+#define SSL_ST_READ_BODY                0xF1
-#define SSL_ST_READ_DONE                        0xF2
+#define SSL_ST_READ_DONE                0xF2
 /* Obtain latest Finished message
 *   -- that we sent (SSL_get_finished)
@@ -1646,28 +1650,27 @@ DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
 #ifndef OPENSSL_NO_BIO
 BIO_METHOD *BIO_f_ssl(void);
-BIO *BIO_new_ssl(SSL_CTX *ctx,int client);
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
 BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
 BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-int BIO_ssl_copy_session_id(BIO *to,BIO *from);
+int BIO_ssl_copy_session_id(BIO *to, BIO *from);
 void BIO_ssl_shutdown(BIO *ssl_bio);
 #endif
-int     SSL_CTX_set_cipher_list(SSL_CTX *,const char *str);
+int     SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
 SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
 void    SSL_CTX_free(SSL_CTX *);
-long SSL_CTX_set_timeout(SSL_CTX *ctx,long t);
+long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
 long SSL_CTX_get_timeout(const SSL_CTX *ctx);
 X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
-void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *);
+void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
 int SSL_want(const SSL *s);
 int     SSL_clear(SSL *s);
-void    SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm);
+void    SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
 const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-int     SSL_CIPHER_get_bits(const SSL_CIPHER *c,int *alg_bits);
+int     SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
 char *  SSL_CIPHER_get_version(const SSL_CIPHER *c);
 const char *    SSL_CIPHER_get_name(const SSL_CIPHER *c);
 unsigned long   SSL_CIPHER_get_id(const SSL_CIPHER *c);
@@ -1675,7 +1678,7 @@ unsigned long 	SSL_CIPHER_get_id(const SSL_CIPHER *c);
 int     SSL_get_fd(const SSL *s);
 int     SSL_get_rfd(const SSL *s);
 int     SSL_get_wfd(const SSL *s);
-const char  * SSL_get_cipher_list(const SSL *s,int n);
+const char  * SSL_get_cipher_list(const SSL *s, int n);
 char *  SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
 int     SSL_get_read_ahead(const SSL * s);
 int     SSL_pending(const SSL *s);
@@ -1685,7 +1688,7 @@ int	SSL_set_rfd(SSL *s, int fd);
 int     SSL_set_wfd(SSL *s, int fd);
 #endif
 #ifndef OPENSSL_NO_BIO
-void    SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio);
+void    SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
 BIO *   SSL_get_rbio(const SSL *s);
 BIO *   SSL_get_wbio(const SSL *s);
 #endif
@@ -1693,16 +1696,16 @@ int	SSL_set_cipher_list(SSL *s, const char *str);
 void    SSL_set_read_ahead(SSL *s, int yes);
 int     SSL_get_verify_mode(const SSL *s);
 int     SSL_get_verify_depth(const SSL *s);
-int     (*SSL_get_verify_callback(const SSL *s))(int,X509_STORE_CTX *);
+int     (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *);
 void    SSL_set_verify(SSL *s, int mode,
-                       int (*callback)(int ok,X509_STORE_CTX *ctx));
+            int (*callback)(int ok, X509_STORE_CTX *ctx));
 void    SSL_set_verify_depth(SSL *s, int depth);
 #ifndef OPENSSL_NO_RSA
 int     SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
 #endif
 int     SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len);
 int     SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int     SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, const unsigned char *d, long len);
+int     SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len);
 int     SSL_use_certificate(SSL *ssl, X509 *x);
 int     SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
@@ -1716,9 +1719,9 @@ int	SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
 int     SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
 STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
 int     SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-                                            const char *file);
+            const char *file);
 int     SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-                                            const char *dir);
+            const char *dir);
 #endif
 void    SSL_load_error_strings(void );
@@ -1730,32 +1733,34 @@ long	SSL_SESSION_get_time(const SSL_SESSION *s);
 long    SSL_SESSION_set_time(SSL_SESSION *s, long t);
 long    SSL_SESSION_get_timeout(const SSL_SESSION *s);
 long    SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-void    SSL_copy_session_id(SSL *to,const SSL *from);
+void    SSL_copy_session_id(SSL *to, const SSL *from);
 X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
-int SSL_SESSION_set1_id_context(SSL_SESSION *s,const unsigned char *sid_ctx,
+int
-                               unsigned int sid_ctx_len);
+SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+unsigned int sid_ctx_len);
 SSL_SESSION *SSL_SESSION_new(void);
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+const unsigned char
-                                        unsigned int *len);
+*SSL_SESSION_get_id(const SSL_SESSION *s,
+unsigned int *len);
 unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
 #ifndef OPENSSL_NO_FP_API
-int     SSL_SESSION_print_fp(FILE *fp,const SSL_SESSION *ses);
+int     SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
 #endif
 #ifndef OPENSSL_NO_BIO
-int     SSL_SESSION_print(BIO *fp,const SSL_SESSION *ses);
+int     SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
 #endif
 void    SSL_SESSION_free(SSL_SESSION *ses);
-int     i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp);
+int     i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
 int     SSL_set_session(SSL *to, SSL_SESSION *session);
 int     SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-int     SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c);
+int     SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
 int     SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
 int     SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
 int     SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
-                                        unsigned int id_len);
+            unsigned int id_len);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,const unsigned char **pp,
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
-                             long length);
+            long length);
 #ifdef HEADER_X509_H
 X509 *  SSL_get_peer_certificate(const SSL *s);
@@ -1765,18 +1770,17 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
 int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
 int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int,X509_STORE_CTX *);
+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
-void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
-                        int (*callback)(int, X509_STORE_CTX *));
+    int (*callback)(int, X509_STORE_CTX *));
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth);
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg);
 #ifndef OPENSSL_NO_RSA
 int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
 #endif
 int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
 int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
-int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx,
+int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);
-        const unsigned char *d, long len);
 int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
 int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
@@ -1786,12 +1790,10 @@ void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
 int SSL_CTX_check_private_key(const SSL_CTX *ctx);
 int SSL_check_private_key(const SSL *ctx);
-int     SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx,
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
-                                       unsigned int sid_ctx_len);
-SSL *   SSL_new(SSL_CTX *ctx);
+SSL *SSL_new(SSL_CTX *ctx);
-int     SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx,
+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
-                                   unsigned int sid_ctx_len);
 int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
 int SSL_set_purpose(SSL *s, int purpose);
@@ -1802,21 +1804,16 @@ int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
 int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
 #ifndef OPENSSL_NO_SRP
-int SSL_CTX_set_srp_username(SSL_CTX *ctx,char *name);
+int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
-int SSL_CTX_set_srp_password(SSL_CTX *ctx,char *password);
+int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
 int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
-int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx, char *(*cb)(SSL *, void *));
-                                        char *(*cb)(SSL *,void *));
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx, int (*cb)(SSL *, void *));
-int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx, int (*cb)(SSL *, int *, void *));
-                                          int (*cb)(SSL *,void *));
-int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
-                                      int (*cb)(SSL *,int *,void *));
 int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
-int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g, BIGNUM *sa, BIGNUM *v, char *info);
-                             BIGNUM *sa, BIGNUM *v, char *info);
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass, const char *grp);
-int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
-                                const char *grp);
 BIGNUM *SSL_get_srp_g(SSL *s);
 BIGNUM *SSL_get_srp_N(SSL *s);
@@ -1828,15 +1825,15 @@ char *SSL_get_srp_userinfo(SSL *s);
 void    SSL_free(SSL *ssl);
 int     SSL_accept(SSL *ssl);
 int     SSL_connect(SSL *ssl);
-int     SSL_read(SSL *ssl,void *buf,int num);
+int     SSL_read(SSL *ssl, void *buf, int num);
-int     SSL_peek(SSL *ssl,void *buf,int num);
+int     SSL_peek(SSL *ssl, void *buf, int num);
-int     SSL_write(SSL *ssl,const void *buf,int num);
+int     SSL_write(SSL *ssl, const void *buf, int num);
-long    SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg);
+long    SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
 long    SSL_callback_ctrl(SSL *, int, void (*)(void));
-long    SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg);
+long    SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
 long    SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
-int     SSL_get_error(const SSL *s,int ret_code);
+int     SSL_get_error(const SSL *s, int ret_code);
 const char *SSL_get_version(const SSL *s);
 /* This sets the 'default' SSL version that SSL_new() will create */
@@ -1852,7 +1849,7 @@ const SSL_METHOD *SSLv3_method(void);		/* SSLv3 */
 const SSL_METHOD *SSLv3_server_method(void);    /* SSLv3 */
 const SSL_METHOD *SSLv3_client_method(void);    /* SSLv3 */
-const SSL_METHOD *SSLv23_method(void);  /* SSLv3 but can rollback to v2 */
+const SSL_METHOD *SSLv23_method(void);          /* SSLv3 but can rollback to v2 */
 const SSL_METHOD *SSLv23_server_method(void);   /* SSLv3 but can rollback to v2 */
 const SSL_METHOD *SSLv23_client_method(void);   /* SSLv3 but can rollback to v2 */
@@ -1892,8 +1889,8 @@ void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
 void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
 STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
 STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
-int SSL_add_client_CA(SSL *ssl,X509 *x);
+int SSL_add_client_CA(SSL *ssl, X509 *x);
-int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x);
+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
 void SSL_set_connect_state(SSL *s);
 void SSL_set_accept_state(SSL *s);
@@ -1902,7 +1899,7 @@ long SSL_get_default_timeout(const SSL *s);
 int SSL_library_init(void );
-char *SSL_CIPHER_description(const SSL_CIPHER *,char *buf,int size);
+char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
 STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk);
 SSL *SSL_dup(SSL *ssl);
@@ -1919,35 +1916,36 @@ int SSL_get_shutdown(const SSL *ssl);
 int SSL_version(const SSL *ssl);
 int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
 int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
-        const char *CApath);
+    const char *CApath);
 #define SSL_get0_session SSL_get_session /* just peek at pointer */
 SSL_SESSION *SSL_get_session(const SSL *ssl);
 SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
 SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
 SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
 void SSL_set_info_callback(SSL *ssl,
-                           void (*cb)(const SSL *ssl,int type,int val));
+    void (*cb)(const SSL *ssl, int type, int val));
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl,int type,int val);
+void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val);
 int SSL_state(const SSL *ssl);
 void SSL_set_state(SSL *ssl, int state);
-void SSL_set_verify_result(SSL *ssl,long v);
+void SSL_set_verify_result(SSL *ssl, long v);
 long SSL_get_verify_result(const SSL *ssl);
-int SSL_set_ex_data(SSL *ssl,int idx,void *data);
+int SSL_set_ex_data(SSL *ssl, int idx, void *data);
-void *SSL_get_ex_data(const SSL *ssl,int idx);
+void *SSL_get_ex_data(const SSL *ssl, int idx);
 int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data);
+int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss,int idx);
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
-int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+int SSL_SESSION_get_ex_new_index(long argl, void *argp,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+    CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+    CRYPTO_EX_free *free_func);
-int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data);
+int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
-void *SSL_CTX_get_ex_data(const SSL_CTX *ssl,int idx);
+void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
 int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
+    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
 int SSL_get_ex_data_X509_STORE_CTX_idx(void );
@@ -1980,31 +1978,25 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
 #define SSL_set_max_send_fragment(ssl,m) \
        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
-     /* NB: the keylength is only applicable when is_export is true */
+/* NB: the keylength is only applicable when is_export is true */
 #ifndef OPENSSL_NO_RSA
 void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
-                                  RSA *(*cb)(SSL *ssl,int is_export,
+    RSA *(*cb)(SSL *ssl, int is_export, int keylength));
-                                             int keylength));
 void SSL_set_tmp_rsa_callback(SSL *ssl,
-                                  RSA *(*cb)(SSL *ssl,int is_export,
+    RSA *(*cb)(SSL *ssl, int is_export, int keylength));
-                                             int keylength));
 #endif
 #ifndef OPENSSL_NO_DH
 void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
-                                 DH *(*dh)(SSL *ssl,int is_export,
+    DH *(*dh)(SSL *ssl, int is_export, int keylength));
-                                           int keylength));
 void SSL_set_tmp_dh_callback(SSL *ssl,
-                                 DH *(*dh)(SSL *ssl,int is_export,
+    DH *(*dh)(SSL *ssl, int is_export, int keylength));
-                                           int keylength));
 #endif
 #ifndef OPENSSL_NO_ECDH
 void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
-                                 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+    EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
-                                           int keylength));
 void SSL_set_tmp_ecdh_callback(SSL *ssl,
-                                 EC_KEY *(*ecdh)(SSL *ssl,int is_export,
+    EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
-                                           int keylength));
 #endif
 #ifndef OPENSSL_NO_COMP
@@ -2012,23 +2004,24 @@ const COMP_METHOD *SSL_get_current_compression(SSL *s);
 const COMP_METHOD *SSL_get_current_expansion(SSL *s);
 const char *SSL_COMP_get_name(const COMP_METHOD *comp);
 STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
 #else
 const void *SSL_get_current_compression(SSL *s);
 const void *SSL_get_current_expansion(SSL *s);
 const char *SSL_COMP_get_name(const void *comp);
 void *SSL_COMP_get_compression_methods(void);
-int SSL_COMP_add_compression_method(int id,void *cm);
+int SSL_COMP_add_compression_method(int id, void *cm);
 #endif
 /* TLS extensions functions */
 int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
-int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
+int SSL_set_session_ticket_ext_cb(SSL *s,
-                                  void *arg);
+    tls_session_ticket_ext_cb_fn cb, void *arg);
 /* Pre-shared secret session resumption functions */
-int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
+int SSL_set_session_secret_cb(SSL *s,
+    tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
 void SSL_set_debug(SSL *s, int debug);
 int SSL_cache_hit(SSL *s);
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h
index 29033c8be7..4052b11868 100644
--- a/src/lib/libssl/ssl2.h
+++ b/src/lib/libssl/ssl2.h
@@ -100,7 +100,7 @@ extern "C" {
 #define SSL2_CK_DES_192_EDE3_CBC_WITH_MD5       0x020700c0
 #define SSL2_CK_DES_192_EDE3_CBC_WITH_SHA       0x020701c0 /* v3 */
 #define SSL2_CK_RC4_64_WITH_MD5                 0x02080080 /* MS hack */
- 
 #define SSL2_CK_DES_64_CFB64_WITH_MD5_1         0x02ff0800 /* SSLeay */
 #define SSL2_CK_NULL                            0x02ff0810 /* SSLeay */
@@ -133,8 +133,8 @@ extern "C" {
 /* Upper/Lower Bounds */
 #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS      256
-#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    32767u  /* 2^15-1 */
+#define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER    32767u  /* 2^15-1 */
-#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER    16383 /* 2^14-1 */
+#define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER    16383   /* 2^14-1 */
 #define SSL2_CHALLENGE_LENGTH   16
 /*#define SSL2_CHALLENGE_LENGTH 32 */
@@ -153,8 +153,7 @@ extern "C" {
 #ifndef OPENSSL_NO_SSL_INTERN
-typedef struct ssl2_state_st
+typedef struct ssl2_state_st {
-        {
        int three_byte_header;
        int clear_text;         /* clear text */
        int escape;             /* not used in SSLv2 */
@@ -167,8 +166,8 @@ typedef struct ssl2_state_st
        const unsigned char *wpend_buf;
        int wpend_off;  /* offset to data to write */
-        int wpend_len;  /* number of bytes passwd to write */
+        int wpend_len;  /* number of bytes passwd to write */
-        int wpend_ret;  /* number of bytes to return to caller */
+        int wpend_ret;  /* number of bytes to return to caller */
        /* buffer raw data */
        int rbuf_left;
@@ -191,7 +190,7 @@ typedef struct ssl2_state_st
        unsigned char *read_key;
        unsigned char *write_key;
-                /* Stuff specifically to do with this SSL session */
+        /* Stuff specifically to do with this SSL session */
        unsigned int challenge_length;
        unsigned char challenge[SSL2_MAX_CHALLENGE_LENGTH];
        unsigned int conn_id_length;
@@ -202,20 +201,23 @@ typedef struct ssl2_state_st
        unsigned long read_sequence;
        unsigned long write_sequence;
-        struct  {
+        struct {
                unsigned int conn_id_length;
-                unsigned int cert_type; 
+                unsigned int cert_type;
                unsigned int cert_length;
-                unsigned int csl; 
+                unsigned int csl;
                unsigned int clear;
-                unsigned int enc; 
+                unsigned int enc;
                unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
                unsigned int cipher_spec_length;
                unsigned int session_id_length;
                unsigned int clen;
                unsigned int rlen;
-                } tmp;
+        } tmp;
-        } SSL2_STATE;
+} SSL2_STATE;
 #endif
@@ -265,4 +267,3 @@ typedef struct ssl2_state_st
 }
 #endif
 #endif
diff --git a/src/lib/libssl/ssl23.h b/src/lib/libssl/ssl23.h
index d3228983c7..4e28a06796 100644
--- a/src/lib/libssl/ssl23.h
+++ b/src/lib/libssl/ssl23.h
@@ -80,4 +80,3 @@ extern "C" {
 }
 #endif
 #endif
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
index cb8b2492ec..2b25357917 100644
--- a/src/lib/libssl/ssl3.h
+++ b/src/lib/libssl/ssl3.h
@@ -163,13 +163,13 @@ extern "C" {
 #define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
 #if 0
-        #define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
+#define SSL3_CK_FZA_DMS_NULL_SHA                0x0300001C
-        #define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
+#define SSL3_CK_FZA_DMS_FZA_SHA                 0x0300001D
-        #if 0 /* Because it clashes with KRB5, is never used any more, and is safe
+#if 0 /* Because it clashes with KRB5, is never used any more, and is safe
-                 to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
+         to remove according to David Hopwood <david.hopwood@zetnet.co.uk>
-                 of the ietf-tls list */
+         of the ietf-tls list */
-        #define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
+#define SSL3_CK_FZA_DMS_RC4_SHA                 0x0300001E
-        #endif
+#endif
 #endif
 /*    VRS Additional Kerberos5 entries
@@ -222,9 +222,9 @@ extern "C" {
 #define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
 #if 0
-        #define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
+#define SSL3_TXT_FZA_DMS_NULL_SHA               "FZA-NULL-SHA"
-        #define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
+#define SSL3_TXT_FZA_DMS_FZA_SHA                "FZA-FZA-CBC-SHA"
-        #define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
+#define SSL3_TXT_FZA_DMS_RC4_SHA                "FZA-RC4-SHA"
 #endif
 #define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
@@ -342,11 +342,10 @@ extern "C" {
 #define TLS1_HB_REQUEST         1
 #define TLS1_HB_RESPONSE        2
-        
 #ifndef OPENSSL_NO_SSL_INTERN
-typedef struct ssl3_record_st
+typedef struct ssl3_record_st {
-        {
 /*r */  int type;               /* type of record */
 /*rw*/  unsigned int length;    /* How many bytes available */
 /*r */  unsigned int off;       /* read/write offset into 'buf' */
@@ -355,16 +354,15 @@ typedef struct ssl3_record_st
 /*r */  unsigned char *comp;    /* only used with decompression - malloc()ed */
 /*r */  unsigned long epoch;    /* epoch number, needed by DTLS1 */
 /*r */  unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
-        } SSL3_RECORD;
+} SSL3_RECORD;
-typedef struct ssl3_buffer_st
+typedef struct ssl3_buffer_st {
-        {
+        unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
-        unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
                                 * see ssl3_setup_buffers() */
-        size_t len;             /* buffer size */
+        size_t len;             /* buffer size */
-        int offset;             /* where to 'copy from' */
+        int offset;             /* where to 'copy from' */
-        int left;               /* how many bytes left */
+        int left;               /* how many bytes left */
-        } SSL3_BUFFER;
+} SSL3_BUFFER;
 #endif
@@ -388,7 +386,7 @@ typedef struct ssl3_buffer_st
 #define TLS1_FLAGS_TLS_PADDING_BUG              0x0008
 #define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
 #define TLS1_FLAGS_KEEP_HANDSHAKE               0x0020
- 
 /* SSL3_FLAGS_SGC_RESTART_DONE is set when we
 * restart a handshake because of MS SGC and so prevents us
 * from restarting the handshake in a loop. It's reset on a
@@ -402,8 +400,7 @@ typedef struct ssl3_buffer_st
 #ifndef OPENSSL_NO_SSL_INTERN
-typedef struct ssl3_state_st
+typedef struct ssl3_state_st {
-        {
        long flags;
        int delay_buf_pop_ret;
@@ -471,7 +468,8 @@ typedef struct ssl3_state_st
        /* Opaque PRF input as used for the current handshake.
         * These fields are used only if TLSEXT_TYPE_opaque_prf_input is defined
-         * (otherwise, they are merely present to improve binary compatibility) */
+         * (otherwise, they are merely present to improve binary compatibility)
+         */
        void *client_opaque_prf_input;
        size_t client_opaque_prf_input_len;
        void *server_opaque_prf_input;
@@ -501,7 +499,7 @@ typedef struct ssl3_state_st
 #endif
                /* used when SSL_ST_FLUSH_DATA is entered */
-                int next_state;                 
+                int next_state;
                int reuse_message;
@@ -526,17 +524,18 @@ typedef struct ssl3_state_st
                char *new_compression;
 #endif
                int cert_request;
-                } tmp;
+        } tmp;
-        /* Connection binding to prevent renegotiation attacks */
+        /* Connection binding to prevent renegotiation attacks */
-        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_client_finished_len;
+        unsigned char previous_client_finished_len;
-        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_server_finished_len;
+        unsigned char previous_server_finished_len;
-        int send_connection_binding; /* TODOEKR */
+        int send_connection_binding; /* TODOEKR */
 #ifndef OPENSSL_NO_NEXTPROTONEG
-        /* Set if we saw the Next Protocol Negotiation extension from our peer. */
+        /* Set if we saw the Next Protocol Negotiation extension from our peer.
+         */
        int next_proto_neg_seen;
 #endif
@@ -548,7 +547,7 @@ typedef struct ssl3_state_st
        char is_probably_safari;
 #endif /* !OPENSSL_NO_EC */
 #endif /* !OPENSSL_NO_TLSEXT */
-        } SSL3_STATE;
+} SSL3_STATE;
 #endif
@@ -690,4 +689,3 @@ typedef struct ssl3_state_st
 }
 #endif
 #endif
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 7311d984ae..203a47480f 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -480,21 +480,19 @@
 #define NAMED_CURVE_TYPE           3
 #endif  /* OPENSSL_NO_EC */
-typedef struct cert_pkey_st
+typedef struct cert_pkey_st {
-        {
        X509 *x509;
        EVP_PKEY *privatekey;
        /* Digest to use when signing */
        const EVP_MD *digest;
-        } CERT_PKEY;
+} CERT_PKEY;
-typedef struct cert_st
+typedef struct cert_st {
-        {
        /* Current active set */
        CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array
                         * Probably it would make more sense to store
                         * an index, not a pointer. */
- 
        /* The following masks are for the key and auth
         * algorithms that are supported by the certs below */
        int valid;
@@ -504,26 +502,25 @@ typedef struct cert_st
        unsigned long export_mask_a;
 #ifndef OPENSSL_NO_RSA
        RSA *rsa_tmp;
-        RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize);
+        RSA *(*rsa_tmp_cb)(SSL *ssl, int is_export, int keysize);
 #endif
 #ifndef OPENSSL_NO_DH
        DH *dh_tmp;
-        DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize);
+        DH *(*dh_tmp_cb)(SSL *ssl, int is_export, int keysize);
 #endif
 #ifndef OPENSSL_NO_ECDH
        EC_KEY *ecdh_tmp;
        /* Callback for generating ephemeral ECDH keys */
-        EC_KEY *(*ecdh_tmp_cb)(SSL *ssl,int is_export,int keysize);
+        EC_KEY *(*ecdh_tmp_cb)(SSL *ssl, int is_export, int keysize);
 #endif
        CERT_PKEY pkeys[SSL_PKEY_NUM];
        int references; /* >1 only if SSL_copy_session_id is used */
-        } CERT;
+} CERT;
-typedef struct sess_cert_st
+typedef struct sess_cert_st {
-        {
        STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */
        /* The 'peer_...' members are used only by clients. */
@@ -545,7 +542,7 @@ typedef struct sess_cert_st
 #endif
        int references; /* actually always 1 at the moment */
-        } SESS_CERT;
+} SESS_CERT;
 /*#define MAC_DEBUG     */
@@ -568,12 +565,12 @@ typedef struct sess_cert_st
 /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
 * It is a bit of a mess of functions, but hell, think of it as
 * an opaque structure :-) */
-typedef struct ssl3_enc_method
+typedef struct ssl3_enc_method {
-        {
        int (*enc)(SSL *, int);
        int (*mac)(SSL *, unsigned char *, int);
        int (*setup_key_block)(SSL *);
-        int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
+        int (*generate_master_secret)(SSL *, unsigned char *,
+            unsigned char *, int);
        int (*change_cipher_state)(SSL *, int);
        int (*final_finish_mac)(SSL *,  const char *, int, unsigned char *);
        int finish_mac_length;
@@ -584,33 +581,29 @@ typedef struct ssl3_enc_method
        int server_finished_label_len;
        int (*alert_value)(int);
        int (*export_keying_material)(SSL *, unsigned char *, size_t,
-                                      const char *, size_t,
+            const char *, size_t, const unsigned char *, size_t,
-                                      const unsigned char *, size_t,
+            int use_context);
-                                      int use_context);
+} SSL3_ENC_METHOD;
-        } SSL3_ENC_METHOD;
 #ifndef OPENSSL_NO_COMP
 /* Used for holding the relevant compression methods loaded into SSL_CTX */
-typedef struct ssl3_comp_st
+typedef struct ssl3_comp_st {
-        {
        int comp_id;    /* The identifier byte for this compression type */
        char *name;     /* Text name used for the compression type */
        COMP_METHOD *method; /* The method :-) */
-        } SSL3_COMP;
+} SSL3_COMP;
 #endif
 #ifndef OPENSSL_NO_BUF_FREELISTS
-typedef struct ssl3_buf_freelist_st
+typedef struct ssl3_buf_freelist_st {
-        {
        size_t chunklen;
        unsigned int len;
        struct ssl3_buf_freelist_entry_st *head;
-        } SSL3_BUF_FREELIST;
+} SSL3_BUF_FREELIST;
-typedef struct ssl3_buf_freelist_entry_st
+typedef struct ssl3_buf_freelist_entry_st {
-        {
        struct ssl3_buf_freelist_entry_st *next;
-        } SSL3_BUF_FREELIST_ENTRY;
+} SSL3_BUF_FREELIST_ENTRY;
 #endif
 extern SSL3_ENC_METHOD ssl3_undef_enc_method;
@@ -822,32 +815,33 @@ SESS_CERT *ssl_sess_cert_new(void);
 void ssl_sess_cert_free(SESS_CERT *sc);
 int ssl_set_peer_cert_type(SESS_CERT *c, int type);
 int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, unsigned char *session,int len, const unsigned char *limit);
+int ssl_get_prev_session(SSL *s, unsigned char *session, int len,
-int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b);
+    const unsigned char *limit);
-DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER,
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
-                                  ssl_cipher_id);
+DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
 int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap,
-                        const SSL_CIPHER * const *bp);
+    const SSL_CIPHER * const *bp);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, unsigned char *p,
-                                               STACK_OF(SSL_CIPHER) **skp);
+    int num, STACK_OF(SSL_CIPHER) **skp);
-int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p,
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
-                             int (*put_cb)(const SSL_CIPHER *, unsigned char *));
+    unsigned char *p, int (*put_cb)(const SSL_CIPHER *, unsigned char *));
 STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
-                                             STACK_OF(SSL_CIPHER) **pref,
+    STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) **sorted,
-                                             STACK_OF(SSL_CIPHER) **sorted,
+    const char *rule_str);
-                                             const char *rule_str);
 void ssl_update_cache(SSL *s, int mode);
-int ssl_cipher_get_evp(const SSL_SESSION *s,const EVP_CIPHER **enc,
+int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
-                       const EVP_MD **md,int *mac_pkey_type,int *mac_secret_size, SSL_COMP **comp);
+    const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size,
-int ssl_get_handshake_digest(int i,long *mask,const EVP_MD **md);                          
+    SSL_COMP **comp);
-int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk);
+int ssl_get_handshake_digest(int i, long *mask, const EVP_MD **md);
+int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
 int ssl_undefined_function(SSL *s);
 int ssl_undefined_void_function(void);
 int ssl_undefined_const_function(const SSL *s);
 CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
 X509 *ssl_get_server_send_cert(const SSL *);
-EVP_PKEY *ssl_get_sign_pkey(SSL *s,const SSL_CIPHER *c, const EVP_MD **pmd);
+EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd);
-int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
+int ssl_cert_type(X509 *x, EVP_PKEY *pkey);
 void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher);
 STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
 int ssl_verify_alarm_type(long type);
@@ -856,14 +850,14 @@ int ssl_fill_hello_random(SSL *s, int server, unsigned char *field, int len);
 int ssl2_enc_init(SSL *s, int client);
 int ssl2_generate_key_material(SSL *s);
-void ssl2_enc(SSL *s,int send_data);
+void ssl2_enc(SSL *s, int send_data);
-void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
+void ssl2_mac(SSL *s, unsigned char *mac, int send_data);
 const SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
-int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
+int ssl2_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
 int ssl2_part_read(SSL *s, unsigned long f, int i);
 int ssl2_do_write(SSL *s);
 int ssl2_set_certificate(SSL *s, int type, int len, const unsigned char *data);
-void ssl2_return_error(SSL *s,int reason);
+void ssl2_return_error(SSL *s, int reason);
 void ssl2_write_error(SSL *s);
 int ssl2_num_ciphers(void);
 const SSL_CIPHER *ssl2_get_cipher(unsigned int u);
@@ -876,47 +870,50 @@ int	ssl2_peek(SSL *s, void *buf, int len);
 int     ssl2_write(SSL *s, const void *buf, int len);
 int     ssl2_shutdown(SSL *s);
 void    ssl2_clear(SSL *s);
-long    ssl2_ctrl(SSL *s,int cmd, long larg, void *parg);
+long    ssl2_ctrl(SSL *s, int cmd, long larg, void *parg);
-long    ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
+long    ssl2_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
-long    ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
+long    ssl2_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
-long    ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
+long    ssl2_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
 int     ssl2_pending(const SSL *s);
 long    ssl2_default_timeout(void );
 const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
-int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p);
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p);
 void ssl3_init_finished_mac(SSL *s);
 int ssl3_send_server_certificate(SSL *s);
 int ssl3_send_newsession_ticket(SSL *s);
 int ssl3_send_cert_status(SSL *s);
-int ssl3_get_finished(SSL *s,int state_a,int state_b);
+int ssl3_get_finished(SSL *s, int state_a, int state_b);
 int ssl3_setup_key_block(SSL *s);
-int ssl3_send_change_cipher_spec(SSL *s,int state_a,int state_b);
+int ssl3_send_change_cipher_spec(SSL *s, int state_a, int state_b);
-int ssl3_change_cipher_state(SSL *s,int which);
+int ssl3_change_cipher_state(SSL *s, int which);
 void ssl3_cleanup_key_block(SSL *s);
-int ssl3_do_write(SSL *s,int type);
+int ssl3_do_write(SSL *s, int type);
-int ssl3_send_alert(SSL *s,int level, int desc);
+int ssl3_send_alert(SSL *s, int level, int desc);
 int ssl3_generate_master_secret(SSL *s, unsigned char *out,
-        unsigned char *p, int len);
+    unsigned char *p, int len);
-int ssl3_get_req_cert_type(SSL *s,unsigned char *p);
+int ssl3_get_req_cert_type(SSL *s, unsigned char *p);
 long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
-int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen);
+int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen);
 int ssl3_num_ciphers(void);
 const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
-int ssl3_renegotiate(SSL *ssl); 
+int ssl3_renegotiate(SSL *ssl);
-int ssl3_renegotiate_check(SSL *ssl); 
+int ssl3_renegotiate_check(SSL *ssl);
 int ssl3_dispatch_alert(SSL *s);
 int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,unsigned char *p);
+int ssl3_final_finish_mac(SSL *s, const char *sender, int slen,
+    unsigned char *p);
 int ssl3_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len);
 int ssl3_enc(SSL *s, int send_data);
 int n_ssl3_mac(SSL *ssl, unsigned char *md, int send_data);
 void ssl3_free_digest_list(SSL *s);
 unsigned long ssl3_output_cert_chain(SSL *s, X509 *x);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt,
+SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
-                               STACK_OF(SSL_CIPHER) *srvr);
+    STACK_OF(SSL_CIPHER) *srvr);
 int     ssl3_setup_buffers(SSL *s);
 int     ssl3_setup_read_buffer(SSL *s);
 int     ssl3_setup_write_buffer(SSL *s);
@@ -932,10 +929,10 @@ int	ssl3_peek(SSL *s, void *buf, int len);
 int     ssl3_write(SSL *s, const void *buf, int len);
 int     ssl3_shutdown(SSL *s);
 void    ssl3_clear(SSL *s);
-long    ssl3_ctrl(SSL *s,int cmd, long larg, void *parg);
+long    ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
-long    ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg);
+long    ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
-long    ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
+long    ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
-long    ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)(void));
+long    ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
 int     ssl3_pending(const SSL *s);
 void ssl3_record_sequence_update(unsigned char *seq);
@@ -952,16 +949,16 @@ const SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p);
 long ssl23_default_timeout(void );
 long tls1_default_timeout(void);
-int dtls1_do_write(SSL *s,int type);
+int dtls1_do_write(SSL *s, int type);
 int ssl3_read_n(SSL *s, int n, int max, int extend);
 int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
 int ssl3_do_compress(SSL *ssl);
 int ssl3_do_uncompress(SSL *ssl);
 int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-        unsigned int len);
+    unsigned int len);
-unsigned char *dtls1_set_message_header(SSL *s, 
+unsigned char *dtls1_set_message_header(SSL *s, unsigned char *p,
-        unsigned char *p, unsigned char mt,     unsigned long len, 
+    unsigned char mt, unsigned long len, unsigned long frag_off,
-        unsigned long frag_off, unsigned long frag_len);
+    unsigned long frag_len);
 int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
 int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
@@ -971,8 +968,8 @@ int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen);
 unsigned long dtls1_output_cert_chain(SSL *s, X509 *x);
 int dtls1_read_failed(SSL *s, int code);
 int dtls1_buffer_message(SSL *s, int ccs);
-int dtls1_retransmit_message(SSL *s, unsigned short seq, 
+int dtls1_retransmit_message(SSL *s, unsigned short seq,
-        unsigned long frag_off, int *found);
+    unsigned long frag_off, int *found);
 int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
 int dtls1_retransmit_buffered_messages(SSL *s);
 void dtls1_clear_record_buffer(SSL *s);
@@ -1049,21 +1046,21 @@ int ssl23_write_bytes(SSL *s);
 int tls1_new(SSL *s);
 void tls1_free(SSL *s);
 void tls1_clear(SSL *s);
-long tls1_ctrl(SSL *s,int cmd, long larg, void *parg);
+long tls1_ctrl(SSL *s, int cmd, long larg, void *parg);
-long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)(void));
+long tls1_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
 int dtls1_new(SSL *s);
 int     dtls1_accept(SSL *s);
 int     dtls1_connect(SSL *s);
 void dtls1_free(SSL *s);
 void dtls1_clear(SSL *s);
-long dtls1_ctrl(SSL *s,int cmd, long larg, void *parg);
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
 int dtls1_shutdown(SSL *s);
 long dtls1_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok);
 int dtls1_get_record(SSL *s);
 int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-        unsigned int len, int create_empty_fragement);
+    unsigned int len, int create_empty_fragement);
 int dtls1_dispatch_alert(SSL *s);
 int dtls1_enc(SSL *s, int snd);
@@ -1073,15 +1070,14 @@ void ssl_free_wbio_buffer(SSL *s);
 int tls1_change_cipher_state(SSL *s, int which);
 int tls1_setup_key_block(SSL *s);
 int tls1_enc(SSL *s, int snd);
-int tls1_final_finish_mac(SSL *s,
+int tls1_final_finish_mac(SSL *s, const char *str, int slen, unsigned char *p);
-        const char *str, int slen, unsigned char *p);
 int tls1_cert_verify_mac(SSL *s, int md_nid, unsigned char *p);
 int tls1_mac(SSL *ssl, unsigned char *md, int snd);
 int tls1_generate_master_secret(SSL *s, unsigned char *out,
-        unsigned char *p, int len);
+    unsigned char *p, int len);
 int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-        const char *label, size_t llen,
+    const char *label, size_t llen, const unsigned char *p, size_t plen,
-        const unsigned char *p, size_t plen, int use_context);
+    int use_context);
 int tls1_alert_code(int code);
 int ssl3_alert_code(int code);
 int ssl_ok(SSL *s);
@@ -1098,10 +1094,16 @@ int tls1_ec_nid2curve_id(int nid);
 #endif /* OPENSSL_NO_EC */
 #ifndef OPENSSL_NO_TLSEXT
-unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
+unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p,
-unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p, unsigned char *limit); 
+    unsigned char *limit);
-int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
-int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data, unsigned char *d, int n, int *al);
+unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *p,
+    unsigned char *limit);
+int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **data,
+    unsigned char *d, int n, int *al);
+int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **data,
+    unsigned char *d, int n, int *al);
 int ssl_prepare_clienthello_tlsext(SSL *s);
 int ssl_prepare_serverhello_tlsext(SSL *s);
 int ssl_check_clienthello_tlsext_early(SSL *s);
@@ -1114,60 +1116,53 @@ int ssl_check_serverhello_tlsext(SSL *s);
 #define tlsext_tick_md  EVP_sha256
 #endif
 int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
-                                const unsigned char *limit, SSL_SESSION **ret);
+    const unsigned char *limit, SSL_SESSION **ret);
 int tls12_get_sigandhash(unsigned char *p, const EVP_PKEY *pk,
-                                const EVP_MD *md);
+    const EVP_MD *md);
 int tls12_get_sigid(const EVP_PKEY *pk);
 const EVP_MD *tls12_get_hash(unsigned char hash_alg);
 #endif
-EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash,const EVP_MD *md) ;
+EVP_MD_CTX* ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
 void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
-int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p,
-                                        int maxlen);
+    int *len, int maxlen);
-int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d,
-                                          int *al);
+    int len, int *al);
-int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len,
+int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p,
-                                        int maxlen);
+    int *len, int maxlen);
-int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len,
+int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d,
-                                          int *al);
+    int len, int *al);
 long ssl_get_algorithm2(SSL *s);
 int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize);
 int tls12_get_req_sig_algs(SSL *s, unsigned char *p);
-int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
+int ssl_add_clienthello_use_srtp_ext(SSL *s, unsigned char *p,
-int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
+    int *len, int maxlen);
-int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p, int *len, int maxlen);
+int ssl_parse_clienthello_use_srtp_ext(SSL *s, unsigned char *d,
-int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d, int len,int *al);
+    int len, int *al);
+int ssl_add_serverhello_use_srtp_ext(SSL *s, unsigned char *p,
+    int *len, int maxlen);
+int ssl_parse_serverhello_use_srtp_ext(SSL *s, unsigned char *d,
+    int len, int *al);
 /* s3_cbc.c */
-void ssl3_cbc_copy_mac(unsigned char* out,
+void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD *rec,
-                       const SSL3_RECORD *rec,
+    unsigned md_size, unsigned orig_len);
-                       unsigned md_size,unsigned orig_len);
+int ssl3_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
-int ssl3_cbc_remove_padding(const SSL* s,
+    unsigned block_size, unsigned mac_size);
-                            SSL3_RECORD *rec,
+int tls1_cbc_remove_padding(const SSL *s, SSL3_RECORD *rec,
-                            unsigned block_size,
+    unsigned block_size, unsigned mac_size);
-                            unsigned mac_size);
-int tls1_cbc_remove_padding(const SSL* s,
-                            SSL3_RECORD *rec,
-                            unsigned block_size,
-                            unsigned mac_size);
 char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
-void ssl3_cbc_digest_record(
+void ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
-        const EVP_MD_CTX *ctx,
+    size_t *md_out_size, const unsigned char header[13],
-        unsigned char* md_out,
+    const unsigned char *data, size_t data_plus_mac_size,
-        size_t* md_out_size,
+    size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
-        const unsigned char header[13],
+    unsigned mac_secret_length, char is_sslv3);
-        const unsigned char *data,
-        size_t data_plus_mac_size,
+void tls_fips_digest_extra(const EVP_CIPHER_CTX *cipher_ctx,
-        size_t data_plus_mac_plus_padding_size,
+    EVP_MD_CTX *mac_ctx, const unsigned char *data, size_t data_len,
-        const unsigned char *mac_secret,
+    size_t orig_len);
-        unsigned mac_secret_length,
-        char is_sslv3);
-void tls_fips_digest_extra(
-        const EVP_CIPHER_CTX *cipher_ctx, EVP_MD_CTX *mac_ctx,
-        const unsigned char *data, size_t data_len, size_t orig_len);
 #endif
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index 7e35f13849..95d6660ac3 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -240,9 +240,9 @@ extern "C" {
 #define TLSEXT_TYPE_session_ticket              35
 /* ExtensionType value from draft-rescorla-tls-opaque-prf-input-00.txt */
-#if 0 /* will have to be provided externally for now ,
+#if 0   /* will have to be provided externally for now ,
-       * i.e. build with -DTLSEXT_TYPE_opaque_prf_input=38183
+         * i.e. build with - DTLSEXT_TYPE_opaque_prf_input = 38183
-       * using whatever extension number you'd like to try */
+         * using whatever extension number you'd like to try */
 # define TLSEXT_TYPE_opaque_prf_input           ?? */
 #endif
@@ -295,8 +295,8 @@ int SSL_get_servername_type(const SSL *s);
 * It returns 1 on success and zero otherwise.
 */
 int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-        const char *label, size_t llen, const unsigned char *p, size_t plen,
+    const char *label, size_t llen, const unsigned char *p, size_t plen,
-        int use_context);
+    int use_context);
 #define SSL_set_tlsext_host_name(s,name) \
 SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
@@ -719,11 +719,10 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
 #endif
 /* TLS Session Ticket extension struct */
-struct tls_session_ticket_ext_st
+struct tls_session_ticket_ext_st {
-        {
        unsigned short length;
        void *data;
-        };
+};
 #ifdef  __cplusplus
 }