14 files changed, 414 insertions, 406 deletions
diff --git a/src/lib/libcrypto/asn1/i2d_pr.c b/src/lib/libcrypto/asn1/i2d_pr.c
index 7175748601..3340e6ce39 100644
--- a/src/lib/libcrypto/asn1/i2d_pr.c
+++ b/src/lib/libcrypto/asn1/i2d_pr.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -62,18 +62,18 @@
 #include <openssl/x509.h>
 #include "asn1_locl.h"
-int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
+int
+i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 {
        if (a->ameth && a->ameth->old_priv_encode) {
                return a->ameth->old_priv_encode(a, pp);
        }
        if (a->ameth && a->ameth->priv_encode) {
                PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
-                int ret = i2d_PKCS8_PRIV_KEY_INFO(p8,pp);
+                int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
                PKCS8_PRIV_KEY_INFO_free(p8);
                return ret;
-}       
+        }
-        ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+        ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-        return(-1);
+        return (-1);
 }
diff --git a/src/lib/libcrypto/asn1/i2d_pu.c b/src/lib/libcrypto/asn1/i2d_pu.c
index 08b438115d..8ac271e056 100644
--- a/src/lib/libcrypto/asn1/i2d_pu.c
+++ b/src/lib/libcrypto/asn1/i2d_pu.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -71,24 +71,24 @@
 #include <openssl/ec.h>
 #endif
-int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
+int
+i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 {
        switch (a->type) {
 #ifndef OPENSSL_NO_RSA
        case EVP_PKEY_RSA:
-                return(i2d_RSAPublicKey(a->pkey.rsa,pp));
+                return (i2d_RSAPublicKey(a->pkey.rsa, pp));
 #endif
 #ifndef OPENSSL_NO_DSA
        case EVP_PKEY_DSA:
-                return(i2d_DSAPublicKey(a->pkey.dsa,pp));
+                return (i2d_DSAPublicKey(a->pkey.dsa, pp));
 #endif
 #ifndef OPENSSL_NO_EC
        case EVP_PKEY_EC:
-                return(i2o_ECPublicKey(a->pkey.ec, pp));
+                return (i2o_ECPublicKey(a->pkey.ec, pp));
 #endif
        default:
-                ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+                ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-                return(-1);
+                return (-1);
        }
 }
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c
index 0a378759f9..0e58baf1b5 100644
--- a/src/lib/libcrypto/asn1/n_pkey.c
+++ b/src/lib/libcrypto/asn1/n_pkey.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -69,15 +69,13 @@
 #ifndef OPENSSL_NO_RC4
-typedef struct netscape_pkey_st
+typedef struct netscape_pkey_st {
-{
        long version;
        X509_ALGOR *algor;
        ASN1_OCTET_STRING *private_key;
 } NETSCAPE_PKEY;
-typedef struct netscape_encrypted_pkey_st
+typedef struct netscape_encrypted_pkey_st {
-{
        ASN1_OCTET_STRING *os;
        /* This is the same structure as DigestInfo so use it:
         * although this isn't really anything to do with
@@ -93,7 +91,7 @@ ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
 } ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
 DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY, NETSCAPE_ENCRYPTED_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
 ASN1_SEQUENCE(NETSCAPE_PKEY) = {
@@ -103,61 +101,59 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = {
 } ASN1_SEQUENCE_END(NETSCAPE_PKEY)
 DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY, NETSCAPE_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
 static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-                          int (*cb)(char *buf, int len, const char *prompt,
+    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey);
-                                    int verify),
-                          int sgckey);
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
+int
-                     int (*cb)(char *buf, int len, const char *prompt,
+i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
-                               int verify))
+    int (*cb)(char *buf, int len, const char *prompt, int verify))
 {
        return i2d_RSA_NET(a, pp, cb, 0);
 }
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
+int
-                int (*cb)(char *buf, int len, const char *prompt, int verify),
+i2d_RSA_NET(const RSA *a, unsigned char **pp,
-                int sgckey)
+    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
 {
        int i, j, ret = 0;
        int rsalen, pkeylen, olen;
        NETSCAPE_PKEY *pkey = NULL;
        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-        unsigned char buf[256],*zz;
+        unsigned char buf[256], *zz;
        unsigned char key[EVP_MAX_KEY_LENGTH];
        EVP_CIPHER_CTX ctx;
        EVP_CIPHER_CTX_init(&ctx);
-        if (a == NULL) return(0);
+        if (a == NULL)
+                return (0);
-        if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
+        if ((pkey = NETSCAPE_PKEY_new()) == NULL)
-        if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
+                goto err;
+        if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
+                goto err;
        pkey->version = 0;
-        pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
+        pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
-        if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+        if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
-        pkey->algor->parameter->type=V_ASN1_NULL;
+                goto err;
+        pkey->algor->parameter->type = V_ASN1_NULL;
        rsalen = i2d_RSAPrivateKey(a, NULL);
        /* Fake some octet strings just for the initial length
         * calculation.
         */
+        pkey->private_key->length = rsalen;
-        pkey->private_key->length=rsalen;
+        pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL);
-        pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
        enckey->enckey->digest->length = pkeylen;
        enckey->os->length = 11;        /* "private-key" */
+        enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4);
-        enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
+        if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
-        if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+                goto err;
-        enckey->enckey->algor->parameter->type=V_ASN1_NULL;
+        enckey->enckey->algor->parameter->type = V_ASN1_NULL;
        if (pp == NULL) {
                olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
@@ -166,59 +162,58 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
                return olen;
        }
        /* Since its RC4 encrypted length is actual length */
-        if ((zz=(unsigned char *)malloc(rsalen)) == NULL) {
+        if ((zz = (unsigned char *)malloc(rsalen)) == NULL) {
-                ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        pkey->private_key->data = zz;
        /* Write out private key encoding */
-        i2d_RSAPrivateKey(a,&zz);
+        i2d_RSAPrivateKey(a, &zz);
-        if ((zz=malloc(pkeylen)) == NULL) {
+        if ((zz = malloc(pkeylen)) == NULL) {
-                ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
-                ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        enckey->enckey->digest->data = zz;
-        i2d_NETSCAPE_PKEY(pkey,&zz);
+        i2d_NETSCAPE_PKEY(pkey, &zz);
        /* Wipe the private key encoding */
        OPENSSL_cleanse(pkey->private_key->data, rsalen);
-                
        if (cb == NULL)
-                cb=EVP_read_pw_string;
+                cb = EVP_read_pw_string;
-        i=cb((char *)buf,256,"Enter Private Key password:",1);
+        i = cb((char *)buf, 256, "Enter Private Key password:", 1);
        if (i != 0) {
-                ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ);
+                ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
                goto err;
        }
        i = strlen((char *)buf);
        /* If the key is used for SGC the algorithm is modified a little. */
-        if(sgckey) {
+        if (sgckey) {
                if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
                        goto err;
                memcpy(buf + 16, "SGCKEYSALT", 10);
                i = 26;
-}
+        }
-        if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))
+        if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
                goto err;
-        OPENSSL_cleanse(buf,256);
+        OPENSSL_cleanse(buf, 256);
        /* Encrypt private key in place */
        zz = enckey->enckey->digest->data;
-        if (!EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL))
+        if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
                goto err;
-        if (!EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen))
+        if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen))
                goto err;
-        if (!EVP_EncryptFinal_ex(&ctx,zz + i,&j))
+        if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j))
                goto err;
        ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
@@ -226,110 +221,116 @@ err:
        EVP_CIPHER_CTX_cleanup(&ctx);
        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
        NETSCAPE_PKEY_free(pkey);
-        return(ret);
+        return (ret);
 }
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
+RSA *
-                      int (*cb)(char *buf, int len, const char *prompt,
+d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
-                                int verify))
+    int (*cb)(char *buf, int len, const char *prompt, int verify))
 {
        return d2i_RSA_NET(a, pp, length, cb, 0);
 }
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
+RSA *
-                 int (*cb)(char *buf, int len, const char *prompt, int verify),
+d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-                 int sgckey)
+    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
 {
-        RSA *ret=NULL;
+        RSA *ret = NULL;
        const unsigned char *p;
        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
        p = *pp;
        enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
-        if(!enckey) {
+        if (!enckey) {
-                ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR);
+                ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR);
                return NULL;
-}
+        }
        if ((enckey->os->length != 11) || (strncmp("private-key",
-                (char *)enckey->os->data,11) != 0)) {
+        (char *)enckey->os->data, 11) != 0)) {
-                ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
+                ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
                return NULL;
        }
        if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
-                ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+                ASN1err(ASN1_F_D2I_RSA_NET,
+                    ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
                goto err;
-}
+        }
        if (cb == NULL)
-                cb=EVP_read_pw_string;
+                cb = EVP_read_pw_string;
-        if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
+        if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb,
+            sgckey)) == NULL)
+                goto err;
        *pp = p;
-        err:
+err:
        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
        return ret;
 }
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+static RSA *
-                          int (*cb)(char *buf, int len, const char *prompt,
+d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-                                    int verify), int sgckey)
+    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
 {
-        NETSCAPE_PKEY *pkey=NULL;
+        NETSCAPE_PKEY *pkey = NULL;
-        RSA *ret=NULL;
+        RSA *ret = NULL;
-        int i,j;
+        int i, j;
        unsigned char buf[256];
        const unsigned char *zz;
        unsigned char key[EVP_MAX_KEY_LENGTH];
        EVP_CIPHER_CTX ctx;
        EVP_CIPHER_CTX_init(&ctx);
-        i=cb((char *)buf,256,"Enter Private Key password:",0);
+        i=cb((char *)buf,256, "Enter Private Key password:",0);
        if (i != 0) {
-                ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ);
+                ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
                goto err;
        }
        i = strlen((char *)buf);
-        if(sgckey){
+        if (sgckey){
                if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
                        goto err;
                memcpy(buf + 16, "SGCKEYSALT", 10);
                i = 26;
-}
+        }
-                
-        if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))
+        if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
                goto err;
-        OPENSSL_cleanse(buf,256);
+        OPENSSL_cleanse(buf, 256);
-        if (!EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL))
+        if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
                goto err;
-        if (!EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length))
+        if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length))
                goto err;
-        if (!EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j))
+        if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
                goto err;
-        os->length=i+j;
+        os->length = i + j;
-        zz=os->data;
+        zz = os->data;
-        if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL) {
+        if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
-                ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
+                ASN1err(ASN1_F_D2I_RSA_NET_2,
+                    ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
                goto err;
        }
-                
-        zz=pkey->private_key->data;
+        zz = pkey->private_key->data;
-        if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL) {
+        if ((ret = d2i_RSAPrivateKey(a, &zz,
-                ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
+            pkey->private_key->length)) == NULL) {
+                ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
                goto err;
        }
 err:
        EVP_CIPHER_CTX_cleanup(&ctx);
        NETSCAPE_PKEY_free(pkey);
-        return(ret);
+        return (ret);
 }
 #endif /* OPENSSL_NO_RC4 */
@@ -337,7 +338,7 @@ err:
 #else /* !OPENSSL_NO_RSA */
 # if PEDANTIC
-static void *dummy=&dummy;
+static void *dummy = &dummy;
 # endif
 #endif
diff --git a/src/lib/libcrypto/asn1/nsseq.c b/src/lib/libcrypto/asn1/nsseq.c
index b8c4202230..3e7c73cb91 100644
--- a/src/lib/libcrypto/asn1/nsseq.c
+++ b/src/lib/libcrypto/asn1/nsseq.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -62,10 +62,10 @@
 #include <openssl/x509.h>
 #include <openssl/objects.h>
-static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                                                        void *exarg)
+nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
-        if(operation == ASN1_OP_NEW_POST) {
+        if (operation == ASN1_OP_NEW_POST) {
                NETSCAPE_CERT_SEQUENCE *nsseq;
                nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
                nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c
index 390305ad38..28caebd5c2 100644
--- a/src/lib/libcrypto/asn1/p5_pbe.c
+++ b/src/lib/libcrypto/asn1/p5_pbe.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -74,28 +74,29 @@ IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
 /* Set an algorithm identifier for a PKCS#5 PBE algorithm */
-int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+int
-                                const unsigned char *salt, int saltlen)
+PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+    const unsigned char *salt, int saltlen)
 {
-        PBEPARAM *pbe=NULL;
+        PBEPARAM *pbe = NULL;
-        ASN1_STRING *pbe_str=NULL;
+        ASN1_STRING *pbe_str = NULL;
        unsigned char *sstr;
        pbe = PBEPARAM_new();
        if (!pbe) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
                goto err;
        }
-        if(iter <= 0)
+        if (iter <= 0)
                iter = PKCS5_DEFAULT_ITER;
        if (!ASN1_INTEGER_set(pbe->iter, iter)) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        if (!saltlen)
                saltlen = PKCS5_SALT_LEN;
        if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        sstr = ASN1_STRING_data(pbe->salt);
@@ -104,8 +105,8 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
        else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
                goto err;
-        if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
+        if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
                goto err;
        }
@@ -125,17 +126,17 @@ err:
 /* Return an algorithm identifier for a PKCS#5 PBE algorithm */
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+X509_ALGOR *
-                                const unsigned char *salt, int saltlen)
+PKCS5_pbe_set(int alg, int iter, const unsigned char *salt, int saltlen)
 {
        X509_ALGOR *ret;
        ret = X509_ALGOR_new();
        if (!ret) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
-        if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen)) 
+        if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen))
                return ret;
        X509_ALGOR_free(ret);
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
index 01563a68fd..8917cc4ccf 100644
--- a/src/lib/libcrypto/asn1/p5_pbev2.c
+++ b/src/lib/libcrypto/asn1/p5_pbev2.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -86,9 +86,9 @@ IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
 * Extended version to allow application supplied PRF NID and IV.
 */
-X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+X509_ALGOR *
-                                 unsigned char *salt, int saltlen,
+PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
-                                 unsigned char *aiv, int prf_nid)
+    int saltlen, unsigned char *aiv, int prf_nid)
 {
        X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
        int alg_nid, keylen;
@@ -98,27 +98,30 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
        ASN1_OBJECT *obj;
        alg_nid = EVP_CIPHER_type(cipher);
-        if(alg_nid == NID_undef) {
+        if (alg_nid == NID_undef) {
                ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
-                                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
                goto err;
        }
        obj = OBJ_nid2obj(alg_nid);
-        if(!(pbe2 = PBE2PARAM_new())) goto merr;
+        if (!(pbe2 = PBE2PARAM_new()))
+                goto merr;
        /* Setup the AlgorithmIdentifier for the encryption scheme */
        scheme = pbe2->encryption;
        scheme->algorithm = obj;
-        if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
+        if (!(scheme->parameter = ASN1_TYPE_new()))
+                goto merr;
        /* Create random IV */
        if (EVP_CIPHER_iv_length(cipher)) {
                if (aiv)
                        memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
-                else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+                else if (RAND_pseudo_bytes(iv,
-                        goto err;
+                    EVP_CIPHER_iv_length(cipher)) < 0)
+                        goto err;
        }
        EVP_CIPHER_CTX_init(&ctx);
@@ -126,16 +129,16 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
        /* Dummy cipherinit to just setup the IV, and PRF */
        if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
                goto err;
-        if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
+        if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
                ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
-                                        ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+                ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
                EVP_CIPHER_CTX_cleanup(&ctx);
                goto err;
        }
        /* If prf NID unspecified see if cipher has a preference.
         * An error is OK here: just means use default PRF.
         */
-        if ((prf_nid == -1) && 
+        if ((prf_nid == -1) &&
            EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
                ERR_clear_error();
                prf_nid = NID_hmacWithSHA1;
@@ -144,7 +147,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
        /* If its RC2 then we'd better setup the key length */
-        if(alg_nid == NID_rc2_cbc)
+        if (alg_nid == NID_rc2_cbc)
                keylen = EVP_CIPHER_key_length(cipher);
        else
                keylen = -1;
@@ -160,15 +163,17 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
        /* Now set up top level AlgorithmIdentifier */
-        if(!(ret = X509_ALGOR_new())) goto merr;
+        if (!(ret = X509_ALGOR_new()))
-        if(!(ret->parameter = ASN1_TYPE_new())) goto merr;
+                goto merr;
+        if (!(ret->parameter = ASN1_TYPE_new()))
+                goto merr;
        ret->algorithm = OBJ_nid2obj(NID_pbes2);
        /* Encode PBE2PARAM into parameter */
-        if(!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
+        if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
-                                 &ret->parameter->value.sequence)) goto merr;
+                &ret->parameter->value.sequence)) goto merr;
        ret->parameter->type = V_ASN1_SEQUENCE;
        PBE2PARAM_free(pbe2);
@@ -177,34 +182,35 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
        return ret;
 merr:
-        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,ERR_R_MALLOC_FAILURE);
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
-        err:
+err:
        PBE2PARAM_free(pbe2);
        /* Note 'scheme' is freed as part of pbe2 */
        X509_ALGOR_free(kalg);
        X509_ALGOR_free(ret);
        return NULL;
 }
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+X509_ALGOR *
-                                 unsigned char *salt, int saltlen)
+PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
+    int saltlen)
 {
        return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
 }
-X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+X509_ALGOR *
-                                int prf_nid, int keylen)
+PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid,
+    int keylen)
 {
        X509_ALGOR *keyfunc = NULL;
        PBKDF2PARAM *kdf = NULL;
        ASN1_OCTET_STRING *osalt = NULL;
-        if(!(kdf = PBKDF2PARAM_new()))
+        if (!(kdf = PBKDF2PARAM_new()))
                goto merr;
-        if(!(osalt = M_ASN1_OCTET_STRING_new()))
+        if (!(osalt = M_ASN1_OCTET_STRING_new()))
                goto merr;
        kdf->salt->value.octet_string = osalt;
@@ -222,20 +228,20 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
        else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0)
                goto merr;
-        if(iter <= 0)
+        if (iter <= 0)
                iter = PKCS5_DEFAULT_ITER;
-        if(!ASN1_INTEGER_set(kdf->iter, iter))
+        if (!ASN1_INTEGER_set(kdf->iter, iter))
                goto merr;
        /* If have a key len set it up */
-        if(keylen > 0) {
+        if (keylen > 0) {
-                if(!(kdf->keylength = M_ASN1_INTEGER_new()))
+                if (!(kdf->keylength = M_ASN1_INTEGER_new()))
                        goto merr;
-                if(!ASN1_INTEGER_set (kdf->keylength, keylen))
+                if (!ASN1_INTEGER_set (kdf->keylength, keylen))
                        goto merr;
-                }
+        }
        /* prf can stay NULL if we are using hmacWithSHA1 */
        if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
@@ -243,7 +249,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
                if (!kdf->prf)
                        goto merr;
                X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
-                                        V_ASN1_NULL, NULL);
+                V_ASN1_NULL, NULL);
        }
        /* Finally setup the keyfunc structure */
@@ -256,11 +262,11 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
        /* Encode PBKDF2PARAM into parameter of pbe2 */
-        if(!(keyfunc->parameter = ASN1_TYPE_new()))
+        if (!(keyfunc->parameter = ASN1_TYPE_new()))
                goto merr;
-        if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
+        if (!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
-                         &keyfunc->parameter->value.sequence))
+                &keyfunc->parameter->value.sequence))
                goto merr;
        keyfunc->parameter->type = V_ASN1_SEQUENCE;
@@ -268,9 +274,8 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
        return keyfunc;
 merr:
-        ASN1err(ASN1_F_PKCS5_PBKDF2_SET,ERR_R_MALLOC_FAILURE);
+        ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE);
        PBKDF2PARAM_free(kdf);
        X509_ALGOR_free(keyfunc);
        return NULL;
 }
diff --git a/src/lib/libcrypto/asn1/p8_pkey.c b/src/lib/libcrypto/asn1/p8_pkey.c
index c95d7e55a0..6c5577ee1e 100644
--- a/src/lib/libcrypto/asn1/p8_pkey.c
+++ b/src/lib/libcrypto/asn1/p8_pkey.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -62,16 +62,16 @@
 #include <openssl/x509.h>
 /* Minor tweak to operation: zero private key data */
-static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                                                        void *exarg)
+pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
        /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
-        if(operation == ASN1_OP_FREE_PRE) {
+        if (operation == ASN1_OP_FREE_PRE) {
                PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
                if (key->pkey->value.octet_string)
-                OPENSSL_cleanse(key->pkey->value.octet_string->data,
+                        OPENSSL_cleanse(key->pkey->value.octet_string->data,
-                        key->pkey->value.octet_string->length);
+                            key->pkey->value.octet_string->length);
-}
+        }
        return 1;
 }
@@ -84,12 +84,12 @@ ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
 IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
-int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
+int
-                                        int version,
+PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
-                                        int ptype, void *pval,
+    int ptype, void *pval, unsigned char *penc, int penclen)
-                                        unsigned char *penc, int penclen)
 {
        unsigned char **ppenc = NULL;
        if (version >= 0) {
                if (!ASN1_INTEGER_set(priv->version, version))
                        return 0;
@@ -118,14 +118,13 @@ int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
        return 1;
 }
-int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
+int
-                const unsigned char **pk, int *ppklen,
+PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen,
-                X509_ALGOR **pa,
+    X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8)
-                PKCS8_PRIV_KEY_INFO *p8)
 {
        if (ppkalg)
                *ppkalg = p8->pkeyalg->algorithm;
-        if(p8->pkey->type == V_ASN1_OCTET_STRING) {
+        if (p8->pkey->type == V_ASN1_OCTET_STRING) {
                p8->broken = PKCS8_OK;
                if (pk) {
                        *pk = p8->pkey->value.octet_string->data;
@@ -137,11 +136,9 @@ int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
                        *pk = p8->pkey->value.sequence->data;
                        *ppklen = p8->pkey->value.sequence->length;
                }
-        }
+        } else
-        else
                return 0;
        if (pa)
                *pa = p8->pkeyalg;
        return 1;
 }
diff --git a/src/lib/libssl/src/crypto/asn1/i2d_pr.c b/src/lib/libssl/src/crypto/asn1/i2d_pr.c
index 7175748601..3340e6ce39 100644
--- a/src/lib/libssl/src/crypto/asn1/i2d_pr.c
+++ b/src/lib/libssl/src/crypto/asn1/i2d_pr.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -62,18 +62,18 @@
 #include <openssl/x509.h>
 #include "asn1_locl.h"
-int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
+int
+i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
 {
        if (a->ameth && a->ameth->old_priv_encode) {
                return a->ameth->old_priv_encode(a, pp);
        }
        if (a->ameth && a->ameth->priv_encode) {
                PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
-                int ret = i2d_PKCS8_PRIV_KEY_INFO(p8,pp);
+                int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
                PKCS8_PRIV_KEY_INFO_free(p8);
                return ret;
-}       
+        }
-        ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+        ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-        return(-1);
+        return (-1);
 }
diff --git a/src/lib/libssl/src/crypto/asn1/i2d_pu.c b/src/lib/libssl/src/crypto/asn1/i2d_pu.c
index 08b438115d..8ac271e056 100644
--- a/src/lib/libssl/src/crypto/asn1/i2d_pu.c
+++ b/src/lib/libssl/src/crypto/asn1/i2d_pu.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -71,24 +71,24 @@
 #include <openssl/ec.h>
 #endif
-int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
+int
+i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
 {
        switch (a->type) {
 #ifndef OPENSSL_NO_RSA
        case EVP_PKEY_RSA:
-                return(i2d_RSAPublicKey(a->pkey.rsa,pp));
+                return (i2d_RSAPublicKey(a->pkey.rsa, pp));
 #endif
 #ifndef OPENSSL_NO_DSA
        case EVP_PKEY_DSA:
-                return(i2d_DSAPublicKey(a->pkey.dsa,pp));
+                return (i2d_DSAPublicKey(a->pkey.dsa, pp));
 #endif
 #ifndef OPENSSL_NO_EC
        case EVP_PKEY_EC:
-                return(i2o_ECPublicKey(a->pkey.ec, pp));
+                return (i2o_ECPublicKey(a->pkey.ec, pp));
 #endif
        default:
-                ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+                ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-                return(-1);
+                return (-1);
        }
 }
diff --git a/src/lib/libssl/src/crypto/asn1/n_pkey.c b/src/lib/libssl/src/crypto/asn1/n_pkey.c
index 0a378759f9..0e58baf1b5 100644
--- a/src/lib/libssl/src/crypto/asn1/n_pkey.c
+++ b/src/lib/libssl/src/crypto/asn1/n_pkey.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -69,15 +69,13 @@
 #ifndef OPENSSL_NO_RC4
-typedef struct netscape_pkey_st
+typedef struct netscape_pkey_st {
-{
        long version;
        X509_ALGOR *algor;
        ASN1_OCTET_STRING *private_key;
 } NETSCAPE_PKEY;
-typedef struct netscape_encrypted_pkey_st
+typedef struct netscape_encrypted_pkey_st {
-{
        ASN1_OCTET_STRING *os;
        /* This is the same structure as DigestInfo so use it:
         * although this isn't really anything to do with
@@ -93,7 +91,7 @@ ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
 } ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
 DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY, NETSCAPE_ENCRYPTED_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
 ASN1_SEQUENCE(NETSCAPE_PKEY) = {
@@ -103,61 +101,59 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = {
 } ASN1_SEQUENCE_END(NETSCAPE_PKEY)
 DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
-DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY, NETSCAPE_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
 static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-                          int (*cb)(char *buf, int len, const char *prompt,
+    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey);
-                                    int verify),
-                          int sgckey);
-int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
+int
-                     int (*cb)(char *buf, int len, const char *prompt,
+i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
-                               int verify))
+    int (*cb)(char *buf, int len, const char *prompt, int verify))
 {
        return i2d_RSA_NET(a, pp, cb, 0);
 }
-int i2d_RSA_NET(const RSA *a, unsigned char **pp,
+int
-                int (*cb)(char *buf, int len, const char *prompt, int verify),
+i2d_RSA_NET(const RSA *a, unsigned char **pp,
-                int sgckey)
+    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
 {
        int i, j, ret = 0;
        int rsalen, pkeylen, olen;
        NETSCAPE_PKEY *pkey = NULL;
        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-        unsigned char buf[256],*zz;
+        unsigned char buf[256], *zz;
        unsigned char key[EVP_MAX_KEY_LENGTH];
        EVP_CIPHER_CTX ctx;
        EVP_CIPHER_CTX_init(&ctx);
-        if (a == NULL) return(0);
+        if (a == NULL)
+                return (0);
-        if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
+        if ((pkey = NETSCAPE_PKEY_new()) == NULL)
-        if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
+                goto err;
+        if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
+                goto err;
        pkey->version = 0;
-        pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
+        pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
-        if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+        if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
-        pkey->algor->parameter->type=V_ASN1_NULL;
+                goto err;
+        pkey->algor->parameter->type = V_ASN1_NULL;
        rsalen = i2d_RSAPrivateKey(a, NULL);
        /* Fake some octet strings just for the initial length
         * calculation.
         */
+        pkey->private_key->length = rsalen;
-        pkey->private_key->length=rsalen;
+        pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL);
-        pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
        enckey->enckey->digest->length = pkeylen;
        enckey->os->length = 11;        /* "private-key" */
+        enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4);
-        enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
+        if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
-        if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
+                goto err;
-        enckey->enckey->algor->parameter->type=V_ASN1_NULL;
+        enckey->enckey->algor->parameter->type = V_ASN1_NULL;
        if (pp == NULL) {
                olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
@@ -166,59 +162,58 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
                return olen;
        }
        /* Since its RC4 encrypted length is actual length */
-        if ((zz=(unsigned char *)malloc(rsalen)) == NULL) {
+        if ((zz = (unsigned char *)malloc(rsalen)) == NULL) {
-                ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        pkey->private_key->data = zz;
        /* Write out private key encoding */
-        i2d_RSAPrivateKey(a,&zz);
+        i2d_RSAPrivateKey(a, &zz);
-        if ((zz=malloc(pkeylen)) == NULL) {
+        if ((zz = malloc(pkeylen)) == NULL) {
-                ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
-                ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        enckey->enckey->digest->data = zz;
-        i2d_NETSCAPE_PKEY(pkey,&zz);
+        i2d_NETSCAPE_PKEY(pkey, &zz);
        /* Wipe the private key encoding */
        OPENSSL_cleanse(pkey->private_key->data, rsalen);
-                
        if (cb == NULL)
-                cb=EVP_read_pw_string;
+                cb = EVP_read_pw_string;
-        i=cb((char *)buf,256,"Enter Private Key password:",1);
+        i = cb((char *)buf, 256, "Enter Private Key password:", 1);
        if (i != 0) {
-                ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ);
+                ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
                goto err;
        }
        i = strlen((char *)buf);
        /* If the key is used for SGC the algorithm is modified a little. */
-        if(sgckey) {
+        if (sgckey) {
                if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
                        goto err;
                memcpy(buf + 16, "SGCKEYSALT", 10);
                i = 26;
-}
+        }
-        if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))
+        if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
                goto err;
-        OPENSSL_cleanse(buf,256);
+        OPENSSL_cleanse(buf, 256);
        /* Encrypt private key in place */
        zz = enckey->enckey->digest->data;
-        if (!EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL))
+        if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
                goto err;
-        if (!EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen))
+        if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen))
                goto err;
-        if (!EVP_EncryptFinal_ex(&ctx,zz + i,&j))
+        if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j))
                goto err;
        ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
@@ -226,110 +221,116 @@ err:
        EVP_CIPHER_CTX_cleanup(&ctx);
        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
        NETSCAPE_PKEY_free(pkey);
-        return(ret);
+        return (ret);
 }
-RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
+RSA *
-                      int (*cb)(char *buf, int len, const char *prompt,
+d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
-                                int verify))
+    int (*cb)(char *buf, int len, const char *prompt, int verify))
 {
        return d2i_RSA_NET(a, pp, length, cb, 0);
 }
-RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
+RSA *
-                 int (*cb)(char *buf, int len, const char *prompt, int verify),
+d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-                 int sgckey)
+    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
 {
-        RSA *ret=NULL;
+        RSA *ret = NULL;
        const unsigned char *p;
        NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
        p = *pp;
        enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
-        if(!enckey) {
+        if (!enckey) {
-                ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR);
+                ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR);
                return NULL;
-}
+        }
        if ((enckey->os->length != 11) || (strncmp("private-key",
-                (char *)enckey->os->data,11) != 0)) {
+        (char *)enckey->os->data, 11) != 0)) {
-                ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
+                ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
                NETSCAPE_ENCRYPTED_PKEY_free(enckey);
                return NULL;
        }
        if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
-                ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+                ASN1err(ASN1_F_D2I_RSA_NET,
+                    ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
                goto err;
-}
+        }
        if (cb == NULL)
-                cb=EVP_read_pw_string;
+                cb = EVP_read_pw_string;
-        if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
+        if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb,
+            sgckey)) == NULL)
+                goto err;
        *pp = p;
-        err:
+err:
        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
        return ret;
 }
-static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
+static RSA *
-                          int (*cb)(char *buf, int len, const char *prompt,
+d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-                                    int verify), int sgckey)
+    int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey)
 {
-        NETSCAPE_PKEY *pkey=NULL;
+        NETSCAPE_PKEY *pkey = NULL;
-        RSA *ret=NULL;
+        RSA *ret = NULL;
-        int i,j;
+        int i, j;
        unsigned char buf[256];
        const unsigned char *zz;
        unsigned char key[EVP_MAX_KEY_LENGTH];
        EVP_CIPHER_CTX ctx;
        EVP_CIPHER_CTX_init(&ctx);
-        i=cb((char *)buf,256,"Enter Private Key password:",0);
+        i=cb((char *)buf,256, "Enter Private Key password:",0);
        if (i != 0) {
-                ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ);
+                ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
                goto err;
        }
        i = strlen((char *)buf);
-        if(sgckey){
+        if (sgckey){
                if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
                        goto err;
                memcpy(buf + 16, "SGCKEYSALT", 10);
                i = 26;
-}
+        }
-                
-        if (!EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL))
+        if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL))
                goto err;
-        OPENSSL_cleanse(buf,256);
+        OPENSSL_cleanse(buf, 256);
-        if (!EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL))
+        if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
                goto err;
-        if (!EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length))
+        if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length))
                goto err;
-        if (!EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j))
+        if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
                goto err;
-        os->length=i+j;
+        os->length = i + j;
-        zz=os->data;
+        zz = os->data;
-        if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL) {
+        if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
-                ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
+                ASN1err(ASN1_F_D2I_RSA_NET_2,
+                    ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
                goto err;
        }
-                
-        zz=pkey->private_key->data;
+        zz = pkey->private_key->data;
-        if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL) {
+        if ((ret = d2i_RSAPrivateKey(a, &zz,
-                ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
+            pkey->private_key->length)) == NULL) {
+                ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
                goto err;
        }
 err:
        EVP_CIPHER_CTX_cleanup(&ctx);
        NETSCAPE_PKEY_free(pkey);
-        return(ret);
+        return (ret);
 }
 #endif /* OPENSSL_NO_RC4 */
@@ -337,7 +338,7 @@ err:
 #else /* !OPENSSL_NO_RSA */
 # if PEDANTIC
-static void *dummy=&dummy;
+static void *dummy = &dummy;
 # endif
 #endif
diff --git a/src/lib/libssl/src/crypto/asn1/nsseq.c b/src/lib/libssl/src/crypto/asn1/nsseq.c
index b8c4202230..3e7c73cb91 100644
--- a/src/lib/libssl/src/crypto/asn1/nsseq.c
+++ b/src/lib/libssl/src/crypto/asn1/nsseq.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -62,10 +62,10 @@
 #include <openssl/x509.h>
 #include <openssl/objects.h>
-static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                                                        void *exarg)
+nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
-        if(operation == ASN1_OP_NEW_POST) {
+        if (operation == ASN1_OP_NEW_POST) {
                NETSCAPE_CERT_SEQUENCE *nsseq;
                nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
                nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
diff --git a/src/lib/libssl/src/crypto/asn1/p5_pbe.c b/src/lib/libssl/src/crypto/asn1/p5_pbe.c
index 390305ad38..28caebd5c2 100644
--- a/src/lib/libssl/src/crypto/asn1/p5_pbe.c
+++ b/src/lib/libssl/src/crypto/asn1/p5_pbe.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -74,28 +74,29 @@ IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
 /* Set an algorithm identifier for a PKCS#5 PBE algorithm */
-int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+int
-                                const unsigned char *salt, int saltlen)
+PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+    const unsigned char *salt, int saltlen)
 {
-        PBEPARAM *pbe=NULL;
+        PBEPARAM *pbe = NULL;
-        ASN1_STRING *pbe_str=NULL;
+        ASN1_STRING *pbe_str = NULL;
        unsigned char *sstr;
        pbe = PBEPARAM_new();
        if (!pbe) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
                goto err;
        }
-        if(iter <= 0)
+        if (iter <= 0)
                iter = PKCS5_DEFAULT_ITER;
        if (!ASN1_INTEGER_set(pbe->iter, iter)) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        if (!saltlen)
                saltlen = PKCS5_SALT_LEN;
        if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
                goto err;
        }
        sstr = ASN1_STRING_data(pbe->salt);
@@ -104,8 +105,8 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
        else if (RAND_pseudo_bytes(sstr, saltlen) < 0)
                goto err;
-        if(!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
+        if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
                goto err;
        }
@@ -125,17 +126,17 @@ err:
 /* Return an algorithm identifier for a PKCS#5 PBE algorithm */
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+X509_ALGOR *
-                                const unsigned char *salt, int saltlen)
+PKCS5_pbe_set(int alg, int iter, const unsigned char *salt, int saltlen)
 {
        X509_ALGOR *ret;
        ret = X509_ALGOR_new();
        if (!ret) {
-                ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
                return NULL;
        }
-        if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen)) 
+        if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen))
                return ret;
        X509_ALGOR_free(ret);
diff --git a/src/lib/libssl/src/crypto/asn1/p5_pbev2.c b/src/lib/libssl/src/crypto/asn1/p5_pbev2.c
index 01563a68fd..8917cc4ccf 100644
--- a/src/lib/libssl/src/crypto/asn1/p5_pbev2.c
+++ b/src/lib/libssl/src/crypto/asn1/p5_pbev2.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -86,9 +86,9 @@ IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
 * Extended version to allow application supplied PRF NID and IV.
 */
-X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+X509_ALGOR *
-                                 unsigned char *salt, int saltlen,
+PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
-                                 unsigned char *aiv, int prf_nid)
+    int saltlen, unsigned char *aiv, int prf_nid)
 {
        X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
        int alg_nid, keylen;
@@ -98,27 +98,30 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
        ASN1_OBJECT *obj;
        alg_nid = EVP_CIPHER_type(cipher);
-        if(alg_nid == NID_undef) {
+        if (alg_nid == NID_undef) {
                ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
-                                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
                goto err;
        }
        obj = OBJ_nid2obj(alg_nid);
-        if(!(pbe2 = PBE2PARAM_new())) goto merr;
+        if (!(pbe2 = PBE2PARAM_new()))
+                goto merr;
        /* Setup the AlgorithmIdentifier for the encryption scheme */
        scheme = pbe2->encryption;
        scheme->algorithm = obj;
-        if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
+        if (!(scheme->parameter = ASN1_TYPE_new()))
+                goto merr;
        /* Create random IV */
        if (EVP_CIPHER_iv_length(cipher)) {
                if (aiv)
                        memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
-                else if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+                else if (RAND_pseudo_bytes(iv,
-                        goto err;
+                    EVP_CIPHER_iv_length(cipher)) < 0)
+                        goto err;
        }
        EVP_CIPHER_CTX_init(&ctx);
@@ -126,16 +129,16 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
        /* Dummy cipherinit to just setup the IV, and PRF */
        if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
                goto err;
-        if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
+        if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
                ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
-                                        ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+                ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
                EVP_CIPHER_CTX_cleanup(&ctx);
                goto err;
        }
        /* If prf NID unspecified see if cipher has a preference.
         * An error is OK here: just means use default PRF.
         */
-        if ((prf_nid == -1) && 
+        if ((prf_nid == -1) &&
            EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
                ERR_clear_error();
                prf_nid = NID_hmacWithSHA1;
@@ -144,7 +147,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
        /* If its RC2 then we'd better setup the key length */
-        if(alg_nid == NID_rc2_cbc)
+        if (alg_nid == NID_rc2_cbc)
                keylen = EVP_CIPHER_key_length(cipher);
        else
                keylen = -1;
@@ -160,15 +163,17 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
        /* Now set up top level AlgorithmIdentifier */
-        if(!(ret = X509_ALGOR_new())) goto merr;
+        if (!(ret = X509_ALGOR_new()))
-        if(!(ret->parameter = ASN1_TYPE_new())) goto merr;
+                goto merr;
+        if (!(ret->parameter = ASN1_TYPE_new()))
+                goto merr;
        ret->algorithm = OBJ_nid2obj(NID_pbes2);
        /* Encode PBE2PARAM into parameter */
-        if(!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
+        if (!ASN1_item_pack(pbe2, ASN1_ITEM_rptr(PBE2PARAM),
-                                 &ret->parameter->value.sequence)) goto merr;
+                &ret->parameter->value.sequence)) goto merr;
        ret->parameter->type = V_ASN1_SEQUENCE;
        PBE2PARAM_free(pbe2);
@@ -177,34 +182,35 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
        return ret;
 merr:
-        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,ERR_R_MALLOC_FAILURE);
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
-        err:
+err:
        PBE2PARAM_free(pbe2);
        /* Note 'scheme' is freed as part of pbe2 */
        X509_ALGOR_free(kalg);
        X509_ALGOR_free(ret);
        return NULL;
 }
-X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+X509_ALGOR *
-                                 unsigned char *salt, int saltlen)
+PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
+    int saltlen)
 {
        return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
 }
-X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+X509_ALGOR *
-                                int prf_nid, int keylen)
+PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid,
+    int keylen)
 {
        X509_ALGOR *keyfunc = NULL;
        PBKDF2PARAM *kdf = NULL;
        ASN1_OCTET_STRING *osalt = NULL;
-        if(!(kdf = PBKDF2PARAM_new()))
+        if (!(kdf = PBKDF2PARAM_new()))
                goto merr;
-        if(!(osalt = M_ASN1_OCTET_STRING_new()))
+        if (!(osalt = M_ASN1_OCTET_STRING_new()))
                goto merr;
        kdf->salt->value.octet_string = osalt;
@@ -222,20 +228,20 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
        else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0)
                goto merr;
-        if(iter <= 0)
+        if (iter <= 0)
                iter = PKCS5_DEFAULT_ITER;
-        if(!ASN1_INTEGER_set(kdf->iter, iter))
+        if (!ASN1_INTEGER_set(kdf->iter, iter))
                goto merr;
        /* If have a key len set it up */
-        if(keylen > 0) {
+        if (keylen > 0) {
-                if(!(kdf->keylength = M_ASN1_INTEGER_new()))
+                if (!(kdf->keylength = M_ASN1_INTEGER_new()))
                        goto merr;
-                if(!ASN1_INTEGER_set (kdf->keylength, keylen))
+                if (!ASN1_INTEGER_set (kdf->keylength, keylen))
                        goto merr;
-                }
+        }
        /* prf can stay NULL if we are using hmacWithSHA1 */
        if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
@@ -243,7 +249,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
                if (!kdf->prf)
                        goto merr;
                X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
-                                        V_ASN1_NULL, NULL);
+                V_ASN1_NULL, NULL);
        }
        /* Finally setup the keyfunc structure */
@@ -256,11 +262,11 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
        /* Encode PBKDF2PARAM into parameter of pbe2 */
-        if(!(keyfunc->parameter = ASN1_TYPE_new()))
+        if (!(keyfunc->parameter = ASN1_TYPE_new()))
                goto merr;
-        if(!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
+        if (!ASN1_item_pack(kdf, ASN1_ITEM_rptr(PBKDF2PARAM),
-                         &keyfunc->parameter->value.sequence))
+                &keyfunc->parameter->value.sequence))
                goto merr;
        keyfunc->parameter->type = V_ASN1_SEQUENCE;
@@ -268,9 +274,8 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
        return keyfunc;
 merr:
-        ASN1err(ASN1_F_PKCS5_PBKDF2_SET,ERR_R_MALLOC_FAILURE);
+        ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE);
        PBKDF2PARAM_free(kdf);
        X509_ALGOR_free(keyfunc);
        return NULL;
 }
diff --git a/src/lib/libssl/src/crypto/asn1/p8_pkey.c b/src/lib/libssl/src/crypto/asn1/p8_pkey.c
index c95d7e55a0..6c5577ee1e 100644
--- a/src/lib/libssl/src/crypto/asn1/p8_pkey.c
+++ b/src/lib/libssl/src/crypto/asn1/p8_pkey.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -62,16 +62,16 @@
 #include <openssl/x509.h>
 /* Minor tweak to operation: zero private key data */
-static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                                                        void *exarg)
+pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
        /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
-        if(operation == ASN1_OP_FREE_PRE) {
+        if (operation == ASN1_OP_FREE_PRE) {
                PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
                if (key->pkey->value.octet_string)
-                OPENSSL_cleanse(key->pkey->value.octet_string->data,
+                        OPENSSL_cleanse(key->pkey->value.octet_string->data,
-                        key->pkey->value.octet_string->length);
+                            key->pkey->value.octet_string->length);
-}
+        }
        return 1;
 }
@@ -84,12 +84,12 @@ ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
 IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
-int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
+int
-                                        int version,
+PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
-                                        int ptype, void *pval,
+    int ptype, void *pval, unsigned char *penc, int penclen)
-                                        unsigned char *penc, int penclen)
 {
        unsigned char **ppenc = NULL;
        if (version >= 0) {
                if (!ASN1_INTEGER_set(priv->version, version))
                        return 0;
@@ -118,14 +118,13 @@ int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
        return 1;
 }
-int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
+int
-                const unsigned char **pk, int *ppklen,
+PKCS8_pkey_get0(ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen,
-                X509_ALGOR **pa,
+    X509_ALGOR **pa, PKCS8_PRIV_KEY_INFO *p8)
-                PKCS8_PRIV_KEY_INFO *p8)
 {
        if (ppkalg)
                *ppkalg = p8->pkeyalg->algorithm;
-        if(p8->pkey->type == V_ASN1_OCTET_STRING) {
+        if (p8->pkey->type == V_ASN1_OCTET_STRING) {
                p8->broken = PKCS8_OK;
                if (pk) {
                        *pk = p8->pkey->value.octet_string->data;
@@ -137,11 +136,9 @@ int PKCS8_pkey_get0(ASN1_OBJECT **ppkalg,
                        *pk = p8->pkey->value.sequence->data;
                        *ppklen = p8->pkey->value.sequence->length;
                }
-        }
+        } else
-        else
                return 0;
        if (pa)
                *pa = p8->pkeyalg;
        return 1;
 }