8 files changed, 718 insertions, 528 deletions
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c
index 7f924fbe39..5699568998 100644
--- a/src/lib/libcrypto/x509/x509_att.c
+++ b/src/lib/libcrypto/x509/x509_att.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -65,134 +65,152 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
+int
+X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
 {
        return sk_X509_ATTRIBUTE_num(x);
 }
-int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+int
-                          int lastpos)
+X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+    int lastpos)
 {
        ASN1_OBJECT *obj;
-        obj=OBJ_nid2obj(nid);
+        obj = OBJ_nid2obj(nid);
-        if (obj == NULL) return(-2);
+        if (obj == NULL)
-        return(X509at_get_attr_by_OBJ(x,obj,lastpos));
+                return (-2);
+        return (X509at_get_attr_by_OBJ(x, obj, lastpos));
 }
-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
+int
-                          int lastpos)
+X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
+    int lastpos)
 {
        int n;
        X509_ATTRIBUTE *ex;
-        if (sk == NULL) return(-1);
+        if (sk == NULL)
+                return (-1);
        lastpos++;
        if (lastpos < 0)
-                lastpos=0;
+                lastpos = 0;
-        n=sk_X509_ATTRIBUTE_num(sk);
+        n = sk_X509_ATTRIBUTE_num(sk);
-        for ( ; lastpos < n; lastpos++) {
+        for (; lastpos < n; lastpos++) {
-                ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
+                ex = sk_X509_ATTRIBUTE_value(sk, lastpos);
-                if (OBJ_cmp(ex->object,obj) == 0)
+                if (OBJ_cmp(ex->object, obj) == 0)
-                        return(lastpos);
+                        return (lastpos);
-                }
+        }
-        return(-1);
+        return (-1);
 }
-X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
+X509_ATTRIBUTE *
+X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
 {
        if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
                return NULL;
        else
-                return sk_X509_ATTRIBUTE_value(x,loc);
+                return sk_X509_ATTRIBUTE_value(x, loc);
 }
-X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
+X509_ATTRIBUTE *
+X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
 {
        X509_ATTRIBUTE *ret;
        if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
-                return(NULL);
+                return (NULL);
-        ret=sk_X509_ATTRIBUTE_delete(x,loc);
+        ret = sk_X509_ATTRIBUTE_delete(x, loc);
-        return(ret);
+        return (ret);
 }
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+STACK_OF(X509_ATTRIBUTE) *
-                                         X509_ATTRIBUTE *attr)
+X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, X509_ATTRIBUTE *attr)
 {
-        X509_ATTRIBUTE *new_attr=NULL;
+        X509_ATTRIBUTE *new_attr = NULL;
-        STACK_OF(X509_ATTRIBUTE) *sk=NULL;
+        STACK_OF(X509_ATTRIBUTE) *sk = NULL;
        if (x == NULL) {
                X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
                goto err2;
-        } 
+        }
        if (*x == NULL) {
-                if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
+                if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
                        goto err;
        } else
                sk= *x;
-        if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
+        if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL)
                goto err2;
-        if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
+        if (!sk_X509_ATTRIBUTE_push(sk, new_attr))
                goto err;
        if (*x == NULL)
-                *x=sk;
+                *x = sk;
-        return(sk);
+        return (sk);
 err:
-        X509err(X509_F_X509AT_ADD1_ATTR,ERR_R_MALLOC_FAILURE);
+        X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
 err2:
-        if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
+        if (new_attr != NULL)
-        if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
+                X509_ATTRIBUTE_free(new_attr);
-        return(NULL);
+        if (sk != NULL)
+                sk_X509_ATTRIBUTE_free(sk);
+        return (NULL);
 }
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
+STACK_OF(X509_ATTRIBUTE) *
-                        const ASN1_OBJECT *obj, int type,
+X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, const ASN1_OBJECT *obj,
-                        const unsigned char *bytes, int len)
+    int type, const unsigned char *bytes, int len)
 {
        X509_ATTRIBUTE *attr;
        STACK_OF(X509_ATTRIBUTE) *ret;
        attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
-        if(!attr) return 0;
+        if (!attr)
+                return 0;
        ret = X509at_add1_attr(x, attr);
        X509_ATTRIBUTE_free(attr);
        return ret;
 }
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
+STACK_OF(X509_ATTRIBUTE) *
-                        int nid, int type,
+X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, int nid, int type,
-                        const unsigned char *bytes, int len)
+    const unsigned char *bytes, int len)
 {
        X509_ATTRIBUTE *attr;
        STACK_OF(X509_ATTRIBUTE) *ret;
        attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
-        if(!attr) return 0;
+        if (!attr)
+                return 0;
        ret = X509at_add1_attr(x, attr);
        X509_ATTRIBUTE_free(attr);
        return ret;
 }
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
+STACK_OF(X509_ATTRIBUTE) *
-                        const char *attrname, int type,
+X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, const char *attrname,
-                        const unsigned char *bytes, int len)
+    int type, const unsigned char *bytes, int len)
 {
        X509_ATTRIBUTE *attr;
        STACK_OF(X509_ATTRIBUTE) *ret;
        attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
-        if(!attr) return 0;
+        if (!attr)
+                return 0;
        ret = X509at_add1_attr(x, attr);
        X509_ATTRIBUTE_free(attr);
        return ret;
 }
-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
+void *
-                                ASN1_OBJECT *obj, int lastpos, int type)
+X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, ASN1_OBJECT *obj,
+    int lastpos, int type)
 {
        int i;
        X509_ATTRIBUTE *at;
        i = X509at_get_attr_by_OBJ(x, obj, lastpos);
        if (i == -1)
                return NULL;
@@ -204,96 +222,112 @@ void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
        return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
 }
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+X509_ATTRIBUTE *
-             int atrtype, const void *data, int len)
+X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, int atrtype,
+    const void *data, int len)
 {
        ASN1_OBJECT *obj;
        X509_ATTRIBUTE *ret;
-        obj=OBJ_nid2obj(nid);
+        obj = OBJ_nid2obj(nid);
        if (obj == NULL) {
-                X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
+                X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,
-                return(NULL);
+                    X509_R_UNKNOWN_NID);
+                return (NULL);
        }
-        ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
+        ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len);
-        if (ret == NULL) ASN1_OBJECT_free(obj);
+        if (ret == NULL)
-        return(ret);
+                ASN1_OBJECT_free(obj);
+        return (ret);
 }
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+X509_ATTRIBUTE *
-             const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
+X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, const ASN1_OBJECT *obj,
+    int atrtype, const void *data, int len)
 {
        X509_ATTRIBUTE *ret;
        if ((attr == NULL) || (*attr == NULL)) {
-                if ((ret=X509_ATTRIBUTE_new()) == NULL) {
+                if ((ret = X509_ATTRIBUTE_new()) == NULL) {
-                        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
+                        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,
-                        return(NULL);
+                            ERR_R_MALLOC_FAILURE);
+                        return (NULL);
                }
-        }
+        } else
-        else
                ret= *attr;
-        if (!X509_ATTRIBUTE_set1_object(ret,obj))
+        if (!X509_ATTRIBUTE_set1_object(ret, obj))
                goto err;
-        if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
+        if (!X509_ATTRIBUTE_set1_data(ret, atrtype, data, len))
                goto err;
-        if ((attr != NULL) && (*attr == NULL)) *attr=ret;
+        if ((attr != NULL) && (*attr == NULL))
-        return(ret);
+                *attr = ret;
+        return (ret);
 err:
        if ((attr == NULL) || (ret != *attr))
                X509_ATTRIBUTE_free(ret);
-        return(NULL);
+        return (NULL);
 }
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+X509_ATTRIBUTE *
-                const char *atrname, int type, const unsigned char *bytes, int len)
+X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, const char *atrname,
+    int type, const unsigned char *bytes, int len)
 {
        ASN1_OBJECT *obj;
        X509_ATTRIBUTE *nattr;
-        obj=OBJ_txt2obj(atrname, 0);
+        obj = OBJ_txt2obj(atrname, 0);
        if (obj == NULL) {
                X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
-                                                X509_R_INVALID_FIELD_NAME);
+                    X509_R_INVALID_FIELD_NAME);
                ERR_add_error_data(2, "name=", atrname);
-                return(NULL);
+                return (NULL);
        }
-        nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
+        nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len);
        ASN1_OBJECT_free(obj);
        return nattr;
 }
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
+int
+X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
 {
        if ((attr == NULL) || (obj == NULL))
-                return(0);
+                return (0);
        ASN1_OBJECT_free(attr->object);
-        attr->object=OBJ_dup(obj);
+        attr->object = OBJ_dup(obj);
-        return(1);
+        return (1);
 }
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
+int
+X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data,
+    int len)
 {
        ASN1_TYPE *ttmp;
        ASN1_STRING *stmp = NULL;
        int atype = 0;
-        if (!attr) return 0;
-        if(attrtype & MBSTRING_FLAG) {
+        if (!attr)
+                return 0;
+        if (attrtype & MBSTRING_FLAG) {
                stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
-                                                OBJ_obj2nid(attr->object));
+                    OBJ_obj2nid(attr->object));
-                if(!stmp) {
+                if (!stmp) {
-                        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
+                        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA,
+                            ERR_R_ASN1_LIB);
                        return 0;
                }
                atype = stmp->type;
        } else if (len != -1){
-                if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
+                if (!(stmp = ASN1_STRING_type_new(attrtype)))
-                if(!ASN1_STRING_set(stmp, data, len)) goto err;
+                        goto err;
+                if (!ASN1_STRING_set(stmp, data, len))
+                        goto err;
                atype = attrtype;
        }
-        if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
+        if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
+                goto err;
        attr->single = 0;
        /* This is a bit naughty because the attribute should really have
         * at least one value but some types use and zero length SET and
@@ -301,49 +335,64 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat
         */
        if (attrtype == 0)
                return 1;
-        if(!(ttmp = ASN1_TYPE_new())) goto err;
+        if (!(ttmp = ASN1_TYPE_new()))
+                goto err;
        if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
                if (!ASN1_TYPE_set1(ttmp, attrtype, data))
                        goto err;
        } else
                ASN1_TYPE_set(ttmp, atype, stmp);
-        if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
+        if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
+                goto err;
        return 1;
-        err:
+err:
        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
        return 0;
 }
-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
+int
+X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
 {
-        if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);
+        if (!attr->single)
-        if(attr->value.single) return 1;
+                return sk_ASN1_TYPE_num(attr->value.set);
+        if (attr->value.single)
+                return 1;
        return 0;
 }
-ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
+ASN1_OBJECT *
+X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
 {
-        if (attr == NULL) return(NULL);
+        if (attr == NULL)
-        return(attr->object);
+                return (NULL);
+        return (attr->object);
 }
-void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
+void *
-                                        int atrtype, void *data)
+X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, void *data)
 {
        ASN1_TYPE *ttmp;
        ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
-        if(!ttmp) return NULL;
+        if (!ttmp)
-        if(atrtype != ASN1_TYPE_get(ttmp)){
+                return NULL;
+        if (atrtype != ASN1_TYPE_get(ttmp)){
                X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
                return NULL;
        }
        return ttmp->value.ptr;
 }
-ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
+ASN1_TYPE *
+X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
 {
-        if (attr == NULL) return(NULL);
+        if (attr == NULL)
-        if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
+                return (NULL);
-        if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);
+        if (idx >= X509_ATTRIBUTE_count(attr))
-        else return attr->value.single;
+                return NULL;
+        if (!attr->single)
+                return sk_ASN1_TYPE_value(attr->value.set, idx);
+        else
+                return attr->value.single;
 }
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c
index 87c4596414..b6b3423e3f 100644
--- a/src/lib/libcrypto/x509/x509_cmp.c
+++ b/src/lib/libcrypto/x509/x509_cmp.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -64,105 +64,121 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
+int
+X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
 {
        int i;
-        X509_CINF *ai,*bi;
+        X509_CINF *ai, *bi;
-        ai=a->cert_info;
+        ai = a->cert_info;
-        bi=b->cert_info;
+        bi = b->cert_info;
-        i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
+        i = M_ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber);
-        if (i) return(i);
+        if (i)
-        return(X509_NAME_cmp(ai->issuer,bi->issuer));
+                return (i);
+        return (X509_NAME_cmp(ai->issuer, bi->issuer));
 }
 #ifndef OPENSSL_NO_MD5
-unsigned long X509_issuer_and_serial_hash(X509 *a)
+unsigned long
+X509_issuer_and_serial_hash(X509 *a)
 {
-        unsigned long ret=0;
+        unsigned long ret = 0;
        EVP_MD_CTX ctx;
        unsigned char md[16];
        char *f;
        EVP_MD_CTX_init(&ctx);
-        f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
+        f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
        if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
                goto err;
-        if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f)))
+        if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f)))
                goto err;
        free(f);
-        if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
+        if (!EVP_DigestUpdate(&ctx,
-                (unsigned long)a->cert_info->serialNumber->length))
+            (unsigned char *)a->cert_info->serialNumber->data,
+            (unsigned long)a->cert_info->serialNumber->length))
                goto err;
-        if (!EVP_DigestFinal_ex(&ctx,&(md[0]),NULL))
+        if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL))
                goto err;
-        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+        ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
-                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+            ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)) &
-                )&0xffffffffL;
+            0xffffffffL;
-        err:
+err:
        EVP_MD_CTX_cleanup(&ctx);
-        return(ret);
+        return (ret);
 }
 #endif
-        
-int X509_issuer_name_cmp(const X509 *a, const X509 *b)
+int
+X509_issuer_name_cmp(const X509 *a, const X509 *b)
 {
-        return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
+        return (X509_NAME_cmp(a->cert_info->issuer, b->cert_info->issuer));
 }
-int X509_subject_name_cmp(const X509 *a, const X509 *b)
+int
+X509_subject_name_cmp(const X509 *a, const X509 *b)
 {
-        return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
+        return (X509_NAME_cmp(a->cert_info->subject, b->cert_info->subject));
 }
-int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
+int
+X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
 {
-        return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
+        return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer));
 }
 #ifndef OPENSSL_NO_SHA
-int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
+int
+X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
 {
        return memcmp(a->sha1_hash, b->sha1_hash, 20);
 }
 #endif
-X509_NAME *X509_get_issuer_name(X509 *a)
+X509_NAME *
+X509_get_issuer_name(X509 *a)
 {
-        return(a->cert_info->issuer);
+        return (a->cert_info->issuer);
 }
-unsigned long X509_issuer_name_hash(X509 *x)
+unsigned long
+X509_issuer_name_hash(X509 *x)
 {
-        return(X509_NAME_hash(x->cert_info->issuer));
+        return (X509_NAME_hash(x->cert_info->issuer));
 }
 #ifndef OPENSSL_NO_MD5
-unsigned long X509_issuer_name_hash_old(X509 *x)
+unsigned long
+X509_issuer_name_hash_old(X509 *x)
 {
-        return(X509_NAME_hash_old(x->cert_info->issuer));
+        return (X509_NAME_hash_old(x->cert_info->issuer));
 }
 #endif
-X509_NAME *X509_get_subject_name(X509 *a)
+X509_NAME *
+X509_get_subject_name(X509 *a)
 {
-        return(a->cert_info->subject);
+        return (a->cert_info->subject);
 }
-ASN1_INTEGER *X509_get_serialNumber(X509 *a)
+ASN1_INTEGER *
+X509_get_serialNumber(X509 *a)
 {
-        return(a->cert_info->serialNumber);
+        return (a->cert_info->serialNumber);
 }
-unsigned long X509_subject_name_hash(X509 *x)
+unsigned long
+X509_subject_name_hash(X509 *x)
 {
-        return(X509_NAME_hash(x->cert_info->subject));
+        return (X509_NAME_hash(x->cert_info->subject));
 }
 #ifndef OPENSSL_NO_MD5
-unsigned long X509_subject_name_hash_old(X509 *x)
+unsigned long
+X509_subject_name_hash_old(X509 *x)
 {
-        return(X509_NAME_hash_old(x->cert_info->subject));
+        return (X509_NAME_hash_old(x->cert_info->subject));
 }
 #endif
@@ -176,7 +192,8 @@ unsigned long X509_subject_name_hash_old(X509 *x)
 * where the "depth-first" constification tree has to halt
 * with an evil cast.
 */
-int X509_cmp(const X509 *a, const X509 *b)
+int
+X509_cmp(const X509 *a, const X509 *b)
 {
        /* ensure hash is valid */
        X509_check_purpose((X509 *)a, -1, 0);
@@ -186,49 +203,44 @@ int X509_cmp(const X509 *a, const X509 *b)
 }
 #endif
+int
-int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
+X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
 {
        int ret;
        /* Ensure canonical encoding is present and up to date */
        if (!a->canon_enc || a->modified) {
                ret = i2d_X509_NAME((X509_NAME *)a, NULL);
                if (ret < 0)
                        return -2;
        }
        if (!b->canon_enc || b->modified) {
                ret = i2d_X509_NAME((X509_NAME *)b, NULL);
                if (ret < 0)
                        return -2;
        }
        ret = a->canon_enclen - b->canon_enclen;
        if (ret)
                return ret;
        return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
 }
-unsigned long X509_NAME_hash(X509_NAME *x)
+unsigned long
+X509_NAME_hash(X509_NAME *x)
 {
-        unsigned long ret=0;
+        unsigned long ret = 0;
        unsigned char md[SHA_DIGEST_LENGTH];
        /* Make sure X509_NAME structure contains valid cached encoding */
-        i2d_X509_NAME(x,NULL);
+        i2d_X509_NAME(x, NULL);
        if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(),
-                NULL))
+            NULL))
                return 0;
-        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+        ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
-                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+            ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)) &
-                )&0xffffffffL;
+            0xffffffffL;
-        return(ret);
+        return (ret);
 }
@@ -236,82 +248,92 @@ unsigned long X509_NAME_hash(X509_NAME *x)
 /* I now DER encode the name and hash it.  Since I cache the DER encoding,
 * this is reasonably efficient. */
-unsigned long X509_NAME_hash_old(X509_NAME *x)
+unsigned long
+X509_NAME_hash_old(X509_NAME *x)
 {
        EVP_MD_CTX md_ctx;
-        unsigned long ret=0;
+        unsigned long ret = 0;
        unsigned char md[16];
        /* Make sure X509_NAME structure contains valid cached encoding */
-        i2d_X509_NAME(x,NULL);
+        i2d_X509_NAME(x, NULL);
        EVP_MD_CTX_init(&md_ctx);
        EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
+        if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) &&
-            && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
+            EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) &&
-            && EVP_DigestFinal_ex(&md_ctx,md,NULL))
+            EVP_DigestFinal_ex(&md_ctx, md, NULL))
-                ret=(((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+                ret = (((unsigned long)md[0]) |
-                     ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+                    ((unsigned long)md[1] << 8L) |
-                     )&0xffffffffL;
+                    ((unsigned long)md[2] << 16L) |
+                    ((unsigned long)md[3] << 24L)) &
+                    0xffffffffL;
        EVP_MD_CTX_cleanup(&md_ctx);
-        return(ret);
+        return (ret);
 }
 #endif
 /* Search a stack of X509 for a match */
-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+X509 *
-                ASN1_INTEGER *serial)
+X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+    ASN1_INTEGER *serial)
 {
        int i;
        X509_CINF cinf;
-        X509 x,*x509=NULL;
+        X509 x, *x509 = NULL;
-        if(!sk) return NULL;
+        if (!sk)
+                return NULL;
-        x.cert_info= &cinf;
+        x.cert_info = &cinf;
-        cinf.serialNumber=serial;
+        cinf.serialNumber = serial;
-        cinf.issuer=name;
+        cinf.issuer = name;
-        for (i=0; i<sk_X509_num(sk); i++) {
+        for (i = 0; i < sk_X509_num(sk); i++) {
-                x509=sk_X509_value(sk,i);
+                x509 = sk_X509_value(sk, i);
-                if (X509_issuer_and_serial_cmp(x509,&x) == 0)
+                if (X509_issuer_and_serial_cmp(x509, &x) == 0)
-                        return(x509);
+                        return (x509);
        }
-        return(NULL);
+        return (NULL);
 }
-X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
+X509 *
+X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
 {
        X509 *x509;
        int i;
-        for (i=0; i<sk_X509_num(sk); i++) {
+        for (i = 0; i < sk_X509_num(sk); i++) {
-                x509=sk_X509_value(sk,i);
+                x509 = sk_X509_value(sk, i);
-                if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
+                if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0)
-                        return(x509);
+                        return (x509);
        }
-        return(NULL);
+        return (NULL);
 }
-EVP_PKEY *X509_get_pubkey(X509 *x)
+EVP_PKEY *
+X509_get_pubkey(X509 *x)
 {
        if ((x == NULL) || (x->cert_info == NULL))
-                return(NULL);
+                return (NULL);
-        return(X509_PUBKEY_get(x->cert_info->key));
+        return (X509_PUBKEY_get(x->cert_info->key));
 }
-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+ASN1_BIT_STRING *
+X509_get0_pubkey_bitstr(const X509 *x)
 {
-        if(!x) return NULL;
+        if (!x)
+                return NULL;
        return x->cert_info->key->public_key;
 }
-int X509_check_private_key(X509 *x, EVP_PKEY *k)
+int
+X509_check_private_key(X509 *x, EVP_PKEY *k)
 {
        EVP_PKEY *xk;
        int ret;
-        xk=X509_get_pubkey(x);
+        xk = X509_get_pubkey(x);
        if (xk)
                ret = EVP_PKEY_cmp(xk, k);
@@ -322,13 +344,16 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
        case 1:
                break;
        case 0:
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+                X509err(X509_F_X509_CHECK_PRIVATE_KEY,
+                    X509_R_KEY_VALUES_MISMATCH);
                break;
        case -1:
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
+                X509err(X509_F_X509_CHECK_PRIVATE_KEY,
+                    X509_R_KEY_TYPE_MISMATCH);
                break;
        case -2:
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
+                X509err(X509_F_X509_CHECK_PRIVATE_KEY,
+                    X509_R_UNKNOWN_KEY_TYPE);
        }
        if (xk)
                EVP_PKEY_free(xk);
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c
index ed051093ac..5ccd434665 100644
--- a/src/lib/libcrypto/x509/x509_d2.c
+++ b/src/lib/libcrypto/x509/x509_d2.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -62,44 +62,48 @@
 #include <openssl/x509.h>
 #ifndef OPENSSL_NO_STDIO
-int X509_STORE_set_default_paths(X509_STORE *ctx)
+int
+X509_STORE_set_default_paths(X509_STORE *ctx)
 {
        X509_LOOKUP *lookup;
-        lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
+        lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
-        if (lookup == NULL) return(0);
+        if (lookup == NULL)
-        X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+                return (0);
+        X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+        lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
+        if (lookup == NULL)
+                return (0);
+        X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
-        lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
-        if (lookup == NULL) return(0);
-        X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-        
        /* clear any errors */
        ERR_clear_error();
-        return(1);
+        return (1);
 }
-int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
+int
-                const char *path)
+X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *path)
 {
        X509_LOOKUP *lookup;
        if (file != NULL) {
-                lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
+                lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
-                if (lookup == NULL) return(0);
+                if (lookup == NULL)
-                if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
+                        return (0);
-                    return(0);
+                if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1)
+                        return (0);
        }
        if (path != NULL) {
-                lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
+                lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
-                if (lookup == NULL) return(0);
+                if (lookup == NULL)
-                if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
+                        return (0);
-                    return(0);
+                if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1)
+                        return (0);
        }
        if ((path == NULL) && (file == NULL))
-                return(0);
+                return (0);
-        return(1);
+        return (1);
 }
 #endif
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c
index e0ac151a76..66cbe37bac 100644
--- a/src/lib/libcrypto/x509/x509_def.c
+++ b/src/lib/libcrypto/x509/x509_def.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -61,21 +61,38 @@
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
-const char *X509_get_default_private_dir(void)
+const char *
-        { return(X509_PRIVATE_DIR); }
+X509_get_default_private_dir(void)
-        
+{
-const char *X509_get_default_cert_area(void)
+        return (X509_PRIVATE_DIR);
-        { return(X509_CERT_AREA); }
+}
-const char *X509_get_default_cert_dir(void)
+const char *
-        { return(X509_CERT_DIR); }
+X509_get_default_cert_area(void)
+{
+        return (X509_CERT_AREA);
+}
-const char *X509_get_default_cert_file(void)
+const char *
-        { return(X509_CERT_FILE); }
+X509_get_default_cert_dir(void)
+{
+        return (X509_CERT_DIR);
+}
-const char *X509_get_default_cert_dir_env(void)
+const char *
-        { return(X509_CERT_DIR_EVP); }
+X509_get_default_cert_file(void)
+{
+        return (X509_CERT_FILE);
+}
-const char *X509_get_default_cert_file_env(void)
+const char *
-        { return(X509_CERT_FILE_EVP); }
+X509_get_default_cert_dir_env(void)
+{
+        return (X509_CERT_DIR_EVP);
+}
+const char *
+X509_get_default_cert_file_env(void)
+{
+        return (X509_CERT_FILE_EVP);
+}
diff --git a/src/lib/libssl/src/crypto/x509/x509_att.c b/src/lib/libssl/src/crypto/x509/x509_att.c
index 7f924fbe39..5699568998 100644
--- a/src/lib/libssl/src/crypto/x509/x509_att.c
+++ b/src/lib/libssl/src/crypto/x509/x509_att.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -65,134 +65,152 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
+int
+X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
 {
        return sk_X509_ATTRIBUTE_num(x);
 }
-int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+int
-                          int lastpos)
+X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+    int lastpos)
 {
        ASN1_OBJECT *obj;
-        obj=OBJ_nid2obj(nid);
+        obj = OBJ_nid2obj(nid);
-        if (obj == NULL) return(-2);
+        if (obj == NULL)
-        return(X509at_get_attr_by_OBJ(x,obj,lastpos));
+                return (-2);
+        return (X509at_get_attr_by_OBJ(x, obj, lastpos));
 }
-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
+int
-                          int lastpos)
+X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
+    int lastpos)
 {
        int n;
        X509_ATTRIBUTE *ex;
-        if (sk == NULL) return(-1);
+        if (sk == NULL)
+                return (-1);
        lastpos++;
        if (lastpos < 0)
-                lastpos=0;
+                lastpos = 0;
-        n=sk_X509_ATTRIBUTE_num(sk);
+        n = sk_X509_ATTRIBUTE_num(sk);
-        for ( ; lastpos < n; lastpos++) {
+        for (; lastpos < n; lastpos++) {
-                ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
+                ex = sk_X509_ATTRIBUTE_value(sk, lastpos);
-                if (OBJ_cmp(ex->object,obj) == 0)
+                if (OBJ_cmp(ex->object, obj) == 0)
-                        return(lastpos);
+                        return (lastpos);
-                }
+        }
-        return(-1);
+        return (-1);
 }
-X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
+X509_ATTRIBUTE *
+X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
 {
        if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
                return NULL;
        else
-                return sk_X509_ATTRIBUTE_value(x,loc);
+                return sk_X509_ATTRIBUTE_value(x, loc);
 }
-X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
+X509_ATTRIBUTE *
+X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
 {
        X509_ATTRIBUTE *ret;
        if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
-                return(NULL);
+                return (NULL);
-        ret=sk_X509_ATTRIBUTE_delete(x,loc);
+        ret = sk_X509_ATTRIBUTE_delete(x, loc);
-        return(ret);
+        return (ret);
 }
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+STACK_OF(X509_ATTRIBUTE) *
-                                         X509_ATTRIBUTE *attr)
+X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, X509_ATTRIBUTE *attr)
 {
-        X509_ATTRIBUTE *new_attr=NULL;
+        X509_ATTRIBUTE *new_attr = NULL;
-        STACK_OF(X509_ATTRIBUTE) *sk=NULL;
+        STACK_OF(X509_ATTRIBUTE) *sk = NULL;
        if (x == NULL) {
                X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
                goto err2;
-        } 
+        }
        if (*x == NULL) {
-                if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
+                if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
                        goto err;
        } else
                sk= *x;
-        if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
+        if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL)
                goto err2;
-        if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
+        if (!sk_X509_ATTRIBUTE_push(sk, new_attr))
                goto err;
        if (*x == NULL)
-                *x=sk;
+                *x = sk;
-        return(sk);
+        return (sk);
 err:
-        X509err(X509_F_X509AT_ADD1_ATTR,ERR_R_MALLOC_FAILURE);
+        X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
 err2:
-        if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
+        if (new_attr != NULL)
-        if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
+                X509_ATTRIBUTE_free(new_attr);
-        return(NULL);
+        if (sk != NULL)
+                sk_X509_ATTRIBUTE_free(sk);
+        return (NULL);
 }
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
+STACK_OF(X509_ATTRIBUTE) *
-                        const ASN1_OBJECT *obj, int type,
+X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, const ASN1_OBJECT *obj,
-                        const unsigned char *bytes, int len)
+    int type, const unsigned char *bytes, int len)
 {
        X509_ATTRIBUTE *attr;
        STACK_OF(X509_ATTRIBUTE) *ret;
        attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
-        if(!attr) return 0;
+        if (!attr)
+                return 0;
        ret = X509at_add1_attr(x, attr);
        X509_ATTRIBUTE_free(attr);
        return ret;
 }
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
+STACK_OF(X509_ATTRIBUTE) *
-                        int nid, int type,
+X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, int nid, int type,
-                        const unsigned char *bytes, int len)
+    const unsigned char *bytes, int len)
 {
        X509_ATTRIBUTE *attr;
        STACK_OF(X509_ATTRIBUTE) *ret;
        attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
-        if(!attr) return 0;
+        if (!attr)
+                return 0;
        ret = X509at_add1_attr(x, attr);
        X509_ATTRIBUTE_free(attr);
        return ret;
 }
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
+STACK_OF(X509_ATTRIBUTE) *
-                        const char *attrname, int type,
+X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, const char *attrname,
-                        const unsigned char *bytes, int len)
+    int type, const unsigned char *bytes, int len)
 {
        X509_ATTRIBUTE *attr;
        STACK_OF(X509_ATTRIBUTE) *ret;
        attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
-        if(!attr) return 0;
+        if (!attr)
+                return 0;
        ret = X509at_add1_attr(x, attr);
        X509_ATTRIBUTE_free(attr);
        return ret;
 }
-void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
+void *
-                                ASN1_OBJECT *obj, int lastpos, int type)
+X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x, ASN1_OBJECT *obj,
+    int lastpos, int type)
 {
        int i;
        X509_ATTRIBUTE *at;
        i = X509at_get_attr_by_OBJ(x, obj, lastpos);
        if (i == -1)
                return NULL;
@@ -204,96 +222,112 @@ void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
        return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
 }
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+X509_ATTRIBUTE *
-             int atrtype, const void *data, int len)
+X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, int atrtype,
+    const void *data, int len)
 {
        ASN1_OBJECT *obj;
        X509_ATTRIBUTE *ret;
-        obj=OBJ_nid2obj(nid);
+        obj = OBJ_nid2obj(nid);
        if (obj == NULL) {
-                X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
+                X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,
-                return(NULL);
+                    X509_R_UNKNOWN_NID);
+                return (NULL);
        }
-        ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
+        ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len);
-        if (ret == NULL) ASN1_OBJECT_free(obj);
+        if (ret == NULL)
-        return(ret);
+                ASN1_OBJECT_free(obj);
+        return (ret);
 }
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+X509_ATTRIBUTE *
-             const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
+X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, const ASN1_OBJECT *obj,
+    int atrtype, const void *data, int len)
 {
        X509_ATTRIBUTE *ret;
        if ((attr == NULL) || (*attr == NULL)) {
-                if ((ret=X509_ATTRIBUTE_new()) == NULL) {
+                if ((ret = X509_ATTRIBUTE_new()) == NULL) {
-                        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
+                        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,
-                        return(NULL);
+                            ERR_R_MALLOC_FAILURE);
+                        return (NULL);
                }
-        }
+        } else
-        else
                ret= *attr;
-        if (!X509_ATTRIBUTE_set1_object(ret,obj))
+        if (!X509_ATTRIBUTE_set1_object(ret, obj))
                goto err;
-        if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
+        if (!X509_ATTRIBUTE_set1_data(ret, atrtype, data, len))
                goto err;
-        if ((attr != NULL) && (*attr == NULL)) *attr=ret;
+        if ((attr != NULL) && (*attr == NULL))
-        return(ret);
+                *attr = ret;
+        return (ret);
 err:
        if ((attr == NULL) || (ret != *attr))
                X509_ATTRIBUTE_free(ret);
-        return(NULL);
+        return (NULL);
 }
-X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+X509_ATTRIBUTE *
-                const char *atrname, int type, const unsigned char *bytes, int len)
+X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, const char *atrname,
+    int type, const unsigned char *bytes, int len)
 {
        ASN1_OBJECT *obj;
        X509_ATTRIBUTE *nattr;
-        obj=OBJ_txt2obj(atrname, 0);
+        obj = OBJ_txt2obj(atrname, 0);
        if (obj == NULL) {
                X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
-                                                X509_R_INVALID_FIELD_NAME);
+                    X509_R_INVALID_FIELD_NAME);
                ERR_add_error_data(2, "name=", atrname);
-                return(NULL);
+                return (NULL);
        }
-        nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
+        nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len);
        ASN1_OBJECT_free(obj);
        return nattr;
 }
-int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
+int
+X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
 {
        if ((attr == NULL) || (obj == NULL))
-                return(0);
+                return (0);
        ASN1_OBJECT_free(attr->object);
-        attr->object=OBJ_dup(obj);
+        attr->object = OBJ_dup(obj);
-        return(1);
+        return (1);
 }
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
+int
+X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data,
+    int len)
 {
        ASN1_TYPE *ttmp;
        ASN1_STRING *stmp = NULL;
        int atype = 0;
-        if (!attr) return 0;
-        if(attrtype & MBSTRING_FLAG) {
+        if (!attr)
+                return 0;
+        if (attrtype & MBSTRING_FLAG) {
                stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
-                                                OBJ_obj2nid(attr->object));
+                    OBJ_obj2nid(attr->object));
-                if(!stmp) {
+                if (!stmp) {
-                        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
+                        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA,
+                            ERR_R_ASN1_LIB);
                        return 0;
                }
                atype = stmp->type;
        } else if (len != -1){
-                if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
+                if (!(stmp = ASN1_STRING_type_new(attrtype)))
-                if(!ASN1_STRING_set(stmp, data, len)) goto err;
+                        goto err;
+                if (!ASN1_STRING_set(stmp, data, len))
+                        goto err;
                atype = attrtype;
        }
-        if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
+        if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
+                goto err;
        attr->single = 0;
        /* This is a bit naughty because the attribute should really have
         * at least one value but some types use and zero length SET and
@@ -301,49 +335,64 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *dat
         */
        if (attrtype == 0)
                return 1;
-        if(!(ttmp = ASN1_TYPE_new())) goto err;
+        if (!(ttmp = ASN1_TYPE_new()))
+                goto err;
        if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
                if (!ASN1_TYPE_set1(ttmp, attrtype, data))
                        goto err;
        } else
                ASN1_TYPE_set(ttmp, atype, stmp);
-        if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
+        if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
+                goto err;
        return 1;
-        err:
+err:
        X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
        return 0;
 }
-int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
+int
+X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
 {
-        if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);
+        if (!attr->single)
-        if(attr->value.single) return 1;
+                return sk_ASN1_TYPE_num(attr->value.set);
+        if (attr->value.single)
+                return 1;
        return 0;
 }
-ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
+ASN1_OBJECT *
+X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
 {
-        if (attr == NULL) return(NULL);
+        if (attr == NULL)
-        return(attr->object);
+                return (NULL);
+        return (attr->object);
 }
-void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
+void *
-                                        int atrtype, void *data)
+X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, void *data)
 {
        ASN1_TYPE *ttmp;
        ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
-        if(!ttmp) return NULL;
+        if (!ttmp)
-        if(atrtype != ASN1_TYPE_get(ttmp)){
+                return NULL;
+        if (atrtype != ASN1_TYPE_get(ttmp)){
                X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
                return NULL;
        }
        return ttmp->value.ptr;
 }
-ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
+ASN1_TYPE *
+X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
 {
-        if (attr == NULL) return(NULL);
+        if (attr == NULL)
-        if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
+                return (NULL);
-        if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);
+        if (idx >= X509_ATTRIBUTE_count(attr))
-        else return attr->value.single;
+                return NULL;
+        if (!attr->single)
+                return sk_ASN1_TYPE_value(attr->value.set, idx);
+        else
+                return attr->value.single;
 }
diff --git a/src/lib/libssl/src/crypto/x509/x509_cmp.c b/src/lib/libssl/src/crypto/x509/x509_cmp.c
index 87c4596414..b6b3423e3f 100644
--- a/src/lib/libssl/src/crypto/x509/x509_cmp.c
+++ b/src/lib/libssl/src/crypto/x509/x509_cmp.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -64,105 +64,121 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
-int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
+int
+X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
 {
        int i;
-        X509_CINF *ai,*bi;
+        X509_CINF *ai, *bi;
-        ai=a->cert_info;
+        ai = a->cert_info;
-        bi=b->cert_info;
+        bi = b->cert_info;
-        i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
+        i = M_ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber);
-        if (i) return(i);
+        if (i)
-        return(X509_NAME_cmp(ai->issuer,bi->issuer));
+                return (i);
+        return (X509_NAME_cmp(ai->issuer, bi->issuer));
 }
 #ifndef OPENSSL_NO_MD5
-unsigned long X509_issuer_and_serial_hash(X509 *a)
+unsigned long
+X509_issuer_and_serial_hash(X509 *a)
 {
-        unsigned long ret=0;
+        unsigned long ret = 0;
        EVP_MD_CTX ctx;
        unsigned char md[16];
        char *f;
        EVP_MD_CTX_init(&ctx);
-        f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
+        f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
        if (!EVP_DigestInit_ex(&ctx, EVP_md5(), NULL))
                goto err;
-        if (!EVP_DigestUpdate(&ctx,(unsigned char *)f,strlen(f)))
+        if (!EVP_DigestUpdate(&ctx, (unsigned char *)f, strlen(f)))
                goto err;
        free(f);
-        if(!EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
+        if (!EVP_DigestUpdate(&ctx,
-                (unsigned long)a->cert_info->serialNumber->length))
+            (unsigned char *)a->cert_info->serialNumber->data,
+            (unsigned long)a->cert_info->serialNumber->length))
                goto err;
-        if (!EVP_DigestFinal_ex(&ctx,&(md[0]),NULL))
+        if (!EVP_DigestFinal_ex(&ctx, &(md[0]), NULL))
                goto err;
-        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+        ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
-                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+            ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)) &
-                )&0xffffffffL;
+            0xffffffffL;
-        err:
+err:
        EVP_MD_CTX_cleanup(&ctx);
-        return(ret);
+        return (ret);
 }
 #endif
-        
-int X509_issuer_name_cmp(const X509 *a, const X509 *b)
+int
+X509_issuer_name_cmp(const X509 *a, const X509 *b)
 {
-        return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
+        return (X509_NAME_cmp(a->cert_info->issuer, b->cert_info->issuer));
 }
-int X509_subject_name_cmp(const X509 *a, const X509 *b)
+int
+X509_subject_name_cmp(const X509 *a, const X509 *b)
 {
-        return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
+        return (X509_NAME_cmp(a->cert_info->subject, b->cert_info->subject));
 }
-int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
+int
+X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
 {
-        return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
+        return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer));
 }
 #ifndef OPENSSL_NO_SHA
-int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
+int
+X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
 {
        return memcmp(a->sha1_hash, b->sha1_hash, 20);
 }
 #endif
-X509_NAME *X509_get_issuer_name(X509 *a)
+X509_NAME *
+X509_get_issuer_name(X509 *a)
 {
-        return(a->cert_info->issuer);
+        return (a->cert_info->issuer);
 }
-unsigned long X509_issuer_name_hash(X509 *x)
+unsigned long
+X509_issuer_name_hash(X509 *x)
 {
-        return(X509_NAME_hash(x->cert_info->issuer));
+        return (X509_NAME_hash(x->cert_info->issuer));
 }
 #ifndef OPENSSL_NO_MD5
-unsigned long X509_issuer_name_hash_old(X509 *x)
+unsigned long
+X509_issuer_name_hash_old(X509 *x)
 {
-        return(X509_NAME_hash_old(x->cert_info->issuer));
+        return (X509_NAME_hash_old(x->cert_info->issuer));
 }
 #endif
-X509_NAME *X509_get_subject_name(X509 *a)
+X509_NAME *
+X509_get_subject_name(X509 *a)
 {
-        return(a->cert_info->subject);
+        return (a->cert_info->subject);
 }
-ASN1_INTEGER *X509_get_serialNumber(X509 *a)
+ASN1_INTEGER *
+X509_get_serialNumber(X509 *a)
 {
-        return(a->cert_info->serialNumber);
+        return (a->cert_info->serialNumber);
 }
-unsigned long X509_subject_name_hash(X509 *x)
+unsigned long
+X509_subject_name_hash(X509 *x)
 {
-        return(X509_NAME_hash(x->cert_info->subject));
+        return (X509_NAME_hash(x->cert_info->subject));
 }
 #ifndef OPENSSL_NO_MD5
-unsigned long X509_subject_name_hash_old(X509 *x)
+unsigned long
+X509_subject_name_hash_old(X509 *x)
 {
-        return(X509_NAME_hash_old(x->cert_info->subject));
+        return (X509_NAME_hash_old(x->cert_info->subject));
 }
 #endif
@@ -176,7 +192,8 @@ unsigned long X509_subject_name_hash_old(X509 *x)
 * where the "depth-first" constification tree has to halt
 * with an evil cast.
 */
-int X509_cmp(const X509 *a, const X509 *b)
+int
+X509_cmp(const X509 *a, const X509 *b)
 {
        /* ensure hash is valid */
        X509_check_purpose((X509 *)a, -1, 0);
@@ -186,49 +203,44 @@ int X509_cmp(const X509 *a, const X509 *b)
 }
 #endif
+int
-int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
+X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
 {
        int ret;
        /* Ensure canonical encoding is present and up to date */
        if (!a->canon_enc || a->modified) {
                ret = i2d_X509_NAME((X509_NAME *)a, NULL);
                if (ret < 0)
                        return -2;
        }
        if (!b->canon_enc || b->modified) {
                ret = i2d_X509_NAME((X509_NAME *)b, NULL);
                if (ret < 0)
                        return -2;
        }
        ret = a->canon_enclen - b->canon_enclen;
        if (ret)
                return ret;
        return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
 }
-unsigned long X509_NAME_hash(X509_NAME *x)
+unsigned long
+X509_NAME_hash(X509_NAME *x)
 {
-        unsigned long ret=0;
+        unsigned long ret = 0;
        unsigned char md[SHA_DIGEST_LENGTH];
        /* Make sure X509_NAME structure contains valid cached encoding */
-        i2d_X509_NAME(x,NULL);
+        i2d_X509_NAME(x, NULL);
        if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(),
-                NULL))
+            NULL))
                return 0;
-        ret=(   ((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+        ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
-                ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+            ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)) &
-                )&0xffffffffL;
+            0xffffffffL;
-        return(ret);
+        return (ret);
 }
@@ -236,82 +248,92 @@ unsigned long X509_NAME_hash(X509_NAME *x)
 /* I now DER encode the name and hash it.  Since I cache the DER encoding,
 * this is reasonably efficient. */
-unsigned long X509_NAME_hash_old(X509_NAME *x)
+unsigned long
+X509_NAME_hash_old(X509_NAME *x)
 {
        EVP_MD_CTX md_ctx;
-        unsigned long ret=0;
+        unsigned long ret = 0;
        unsigned char md[16];
        /* Make sure X509_NAME structure contains valid cached encoding */
-        i2d_X509_NAME(x,NULL);
+        i2d_X509_NAME(x, NULL);
        EVP_MD_CTX_init(&md_ctx);
        EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-        if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL)
+        if (EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL) &&
-            && EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length)
+            EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length) &&
-            && EVP_DigestFinal_ex(&md_ctx,md,NULL))
+            EVP_DigestFinal_ex(&md_ctx, md, NULL))
-                ret=(((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
+                ret = (((unsigned long)md[0]) |
-                     ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
+                    ((unsigned long)md[1] << 8L) |
-                     )&0xffffffffL;
+                    ((unsigned long)md[2] << 16L) |
+                    ((unsigned long)md[3] << 24L)) &
+                    0xffffffffL;
        EVP_MD_CTX_cleanup(&md_ctx);
-        return(ret);
+        return (ret);
 }
 #endif
 /* Search a stack of X509 for a match */
-X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+X509 *
-                ASN1_INTEGER *serial)
+X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+    ASN1_INTEGER *serial)
 {
        int i;
        X509_CINF cinf;
-        X509 x,*x509=NULL;
+        X509 x, *x509 = NULL;
-        if(!sk) return NULL;
+        if (!sk)
+                return NULL;
-        x.cert_info= &cinf;
+        x.cert_info = &cinf;
-        cinf.serialNumber=serial;
+        cinf.serialNumber = serial;
-        cinf.issuer=name;
+        cinf.issuer = name;
-        for (i=0; i<sk_X509_num(sk); i++) {
+        for (i = 0; i < sk_X509_num(sk); i++) {
-                x509=sk_X509_value(sk,i);
+                x509 = sk_X509_value(sk, i);
-                if (X509_issuer_and_serial_cmp(x509,&x) == 0)
+                if (X509_issuer_and_serial_cmp(x509, &x) == 0)
-                        return(x509);
+                        return (x509);
        }
-        return(NULL);
+        return (NULL);
 }
-X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
+X509 *
+X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
 {
        X509 *x509;
        int i;
-        for (i=0; i<sk_X509_num(sk); i++) {
+        for (i = 0; i < sk_X509_num(sk); i++) {
-                x509=sk_X509_value(sk,i);
+                x509 = sk_X509_value(sk, i);
-                if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
+                if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0)
-                        return(x509);
+                        return (x509);
        }
-        return(NULL);
+        return (NULL);
 }
-EVP_PKEY *X509_get_pubkey(X509 *x)
+EVP_PKEY *
+X509_get_pubkey(X509 *x)
 {
        if ((x == NULL) || (x->cert_info == NULL))
-                return(NULL);
+                return (NULL);
-        return(X509_PUBKEY_get(x->cert_info->key));
+        return (X509_PUBKEY_get(x->cert_info->key));
 }
-ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+ASN1_BIT_STRING *
+X509_get0_pubkey_bitstr(const X509 *x)
 {
-        if(!x) return NULL;
+        if (!x)
+                return NULL;
        return x->cert_info->key->public_key;
 }
-int X509_check_private_key(X509 *x, EVP_PKEY *k)
+int
+X509_check_private_key(X509 *x, EVP_PKEY *k)
 {
        EVP_PKEY *xk;
        int ret;
-        xk=X509_get_pubkey(x);
+        xk = X509_get_pubkey(x);
        if (xk)
                ret = EVP_PKEY_cmp(xk, k);
@@ -322,13 +344,16 @@ int X509_check_private_key(X509 *x, EVP_PKEY *k)
        case 1:
                break;
        case 0:
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
+                X509err(X509_F_X509_CHECK_PRIVATE_KEY,
+                    X509_R_KEY_VALUES_MISMATCH);
                break;
        case -1:
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
+                X509err(X509_F_X509_CHECK_PRIVATE_KEY,
+                    X509_R_KEY_TYPE_MISMATCH);
                break;
        case -2:
-                X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
+                X509err(X509_F_X509_CHECK_PRIVATE_KEY,
+                    X509_R_UNKNOWN_KEY_TYPE);
        }
        if (xk)
                EVP_PKEY_free(xk);
diff --git a/src/lib/libssl/src/crypto/x509/x509_d2.c b/src/lib/libssl/src/crypto/x509/x509_d2.c
index ed051093ac..5ccd434665 100644
--- a/src/lib/libssl/src/crypto/x509/x509_d2.c
+++ b/src/lib/libssl/src/crypto/x509/x509_d2.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -62,44 +62,48 @@
 #include <openssl/x509.h>
 #ifndef OPENSSL_NO_STDIO
-int X509_STORE_set_default_paths(X509_STORE *ctx)
+int
+X509_STORE_set_default_paths(X509_STORE *ctx)
 {
        X509_LOOKUP *lookup;
-        lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
+        lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
-        if (lookup == NULL) return(0);
+        if (lookup == NULL)
-        X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+                return (0);
+        X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+        lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
+        if (lookup == NULL)
+                return (0);
+        X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
-        lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
-        if (lookup == NULL) return(0);
-        X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-        
        /* clear any errors */
        ERR_clear_error();
-        return(1);
+        return (1);
 }
-int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
+int
-                const char *path)
+X509_STORE_load_locations(X509_STORE *ctx, const char *file, const char *path)
 {
        X509_LOOKUP *lookup;
        if (file != NULL) {
-                lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
+                lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
-                if (lookup == NULL) return(0);
+                if (lookup == NULL)
-                if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
+                        return (0);
-                    return(0);
+                if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1)
+                        return (0);
        }
        if (path != NULL) {
-                lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
+                lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
-                if (lookup == NULL) return(0);
+                if (lookup == NULL)
-                if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
+                        return (0);
-                    return(0);
+                if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1)
+                        return (0);
        }
        if ((path == NULL) && (file == NULL))
-                return(0);
+                return (0);
-        return(1);
+        return (1);
 }
 #endif
diff --git a/src/lib/libssl/src/crypto/x509/x509_def.c b/src/lib/libssl/src/crypto/x509/x509_def.c
index e0ac151a76..66cbe37bac 100644
--- a/src/lib/libssl/src/crypto/x509/x509_def.c
+++ b/src/lib/libssl/src/crypto/x509/x509_def.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -61,21 +61,38 @@
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
-const char *X509_get_default_private_dir(void)
+const char *
-        { return(X509_PRIVATE_DIR); }
+X509_get_default_private_dir(void)
-        
+{
-const char *X509_get_default_cert_area(void)
+        return (X509_PRIVATE_DIR);
-        { return(X509_CERT_AREA); }
+}
-const char *X509_get_default_cert_dir(void)
+const char *
-        { return(X509_CERT_DIR); }
+X509_get_default_cert_area(void)
+{
+        return (X509_CERT_AREA);
+}
-const char *X509_get_default_cert_file(void)
+const char *
-        { return(X509_CERT_FILE); }
+X509_get_default_cert_dir(void)
+{
+        return (X509_CERT_DIR);
+}
-const char *X509_get_default_cert_dir_env(void)
+const char *
-        { return(X509_CERT_DIR_EVP); }
+X509_get_default_cert_file(void)
+{
+        return (X509_CERT_FILE);
+}
-const char *X509_get_default_cert_file_env(void)
+const char *
-        { return(X509_CERT_FILE_EVP); }
+X509_get_default_cert_dir_env(void)
+{
+        return (X509_CERT_DIR_EVP);
+}
+const char *
+X509_get_default_cert_file_env(void)
+{
+        return (X509_CERT_FILE_EVP);
+}