34 files changed, 1324 insertions, 1030 deletions
diff --git a/src/lib/libcrypto/asn1/x_algor.c b/src/lib/libcrypto/asn1/x_algor.c
index 7ae473485c..65f81e8692 100644
--- a/src/lib/libcrypto/asn1/x_algor.c
+++ b/src/lib/libcrypto/asn1/x_algor.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -66,8 +66,8 @@ ASN1_SEQUENCE(X509_ALGOR) = {
        ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
 } ASN1_SEQUENCE_END(X509_ALGOR)
-ASN1_ITEM_TEMPLATE(X509_ALGORS) = 
+ASN1_ITEM_TEMPLATE(X509_ALGORS) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
 ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
 IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
@@ -77,7 +77,8 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
 IMPLEMENT_STACK_OF(X509_ALGOR)
 IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
-int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
+int
+X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
 {
        if (!alg)
                return 0;
@@ -93,20 +94,20 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
                alg->algorithm = aobj;
        }
        if (ptype == 0)
-                return 1;       
+                return 1;
        if (ptype == V_ASN1_UNDEF) {
                if (alg->parameter) {
                        ASN1_TYPE_free(alg->parameter);
                        alg->parameter = NULL;
                }
-        }
+        } else
-        else
                ASN1_TYPE_set(alg->parameter, ptype, pval);
        return 1;
 }
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+void
-                                                X509_ALGOR *algor)
+X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+    X509_ALGOR *algor)
 {
        if (paobj)
                *paobj = algor->algorithm;
@@ -114,8 +115,7 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
                if (algor->parameter == NULL) {
                        *pptype = V_ASN1_UNDEF;
                        return;
-                }
+                } else
-                else
                        *pptype = algor->parameter->type;
                if (ppval)
                        *ppval = algor->parameter->value.ptr;
@@ -124,7 +124,8 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
 /* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
-void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
+void
+X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
 {
        int param_type;
@@ -134,5 +135,4 @@ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
                param_type = V_ASN1_NULL;
        X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
 }
diff --git a/src/lib/libcrypto/asn1/x_attrib.c b/src/lib/libcrypto/asn1/x_attrib.c
index e620e1224e..248a6efa4e 100644
--- a/src/lib/libcrypto/asn1/x_attrib.c
+++ b/src/lib/libcrypto/asn1/x_attrib.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -96,23 +96,30 @@ ASN1_SEQUENCE(X509_ATTRIBUTE) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
+X509_ATTRIBUTE *
+X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
 {
-        X509_ATTRIBUTE *ret=NULL;
+        X509_ATTRIBUTE *ret = NULL;
-        ASN1_TYPE *val=NULL;
+        ASN1_TYPE *val = NULL;
+        if ((ret = X509_ATTRIBUTE_new()) == NULL)
+                return (NULL);
+        ret->object = OBJ_nid2obj(nid);
+        ret->single = 0;
+        if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL)
+                goto err;
+        if ((val = ASN1_TYPE_new()) == NULL)
+                goto err;
+        if (!sk_ASN1_TYPE_push(ret->value.set, val))
+                goto err;
-        if ((ret=X509_ATTRIBUTE_new()) == NULL)
+        ASN1_TYPE_set(val, atrtype, value);
-                return(NULL);
+        return (ret);
-        ret->object=OBJ_nid2obj(nid);
-        ret->single=0;
-        if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
-        if ((val=ASN1_TYPE_new()) == NULL) goto err;
-        if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
-        ASN1_TYPE_set(val,atrtype,value);
-        return(ret);
 err:
-        if (ret != NULL) X509_ATTRIBUTE_free(ret);
+        if (ret != NULL)
-        if (val != NULL) ASN1_TYPE_free(val);
+                X509_ATTRIBUTE_free(ret);
-        return(NULL);
+        if (val != NULL)
+                ASN1_TYPE_free(val);
+        return (NULL);
 }
diff --git a/src/lib/libcrypto/asn1/x_bignum.c b/src/lib/libcrypto/asn1/x_bignum.c
index 9cf3204a1b..bc74164fdc 100644
--- a/src/lib/libcrypto/asn1/x_bignum.c
+++ b/src/lib/libcrypto/asn1/x_bignum.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -72,11 +72,14 @@
 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+    const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+    int utype, char *free_cont, const ASN1_ITEM *it);
 static ASN1_PRIMITIVE_FUNCS bignum_pf = {
-        NULL, 0,
+        NULL,
+        0,
        bn_new,
        bn_free,
        0,
@@ -85,55 +88,69 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf = {
 };
 ASN1_ITEM_start(BIGNUM)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
 ASN1_ITEM_end(BIGNUM)
 ASN1_ITEM_start(CBIGNUM)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
 ASN1_ITEM_end(CBIGNUM)
-static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int
+bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
        *pval = (ASN1_VALUE *)BN_new();
-        if(*pval) return 1;
+        if (*pval)
-        else return 0;
+                return 1;
+        else
+                return 0;
 }
-static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static void
+bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-        if(!*pval) return;
+        if (!*pval)
-        if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
+                return;
-        else BN_free((BIGNUM *)*pval);
+        if (it->size & BN_SENSITIVE)
+                BN_clear_free((BIGNUM *)*pval);
+        else
+                BN_free((BIGNUM *)*pval);
        *pval = NULL;
 }
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+static int
+bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
 {
        BIGNUM *bn;
        int pad;
-        if(!*pval) return -1;
+        if (!*pval)
+                return -1;
        bn = (BIGNUM *)*pval;
        /* If MSB set in an octet we need a padding byte */
-        if(BN_num_bits(bn) & 0x7) pad = 0;
+        if (BN_num_bits(bn) & 0x7)
-        else pad = 1;
+                pad = 0;
-        if(cont) {
+        else
-                if(pad) *cont++ = 0;
+                pad = 1;
+        if (cont) {
+                if (pad)
+                        *cont++ = 0;
                BN_bn2bin(bn, cont);
        }
        return pad + BN_num_bytes(bn);
 }
-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+static int
-                  int utype, char *free_cont, const ASN1_ITEM *it)
+bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
+    char *free_cont, const ASN1_ITEM *it)
 {
        BIGNUM *bn;
-        if(!*pval) bn_new(pval, it);
-        bn  = (BIGNUM *)*pval;
+        if (!*pval)
-        if(!BN_bin2bn(cont, len, bn)) {
+                bn_new(pval, it);
+        bn = (BIGNUM *)*pval;
+        if (!BN_bin2bn(cont, len, bn)) {
                bn_free(pval, it);
                return 0;
        }
        return 1;
 }
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
index ea94f026b2..674cca4a1c 100644
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ b/src/lib/libcrypto/asn1/x_crl.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -64,23 +64,23 @@
 #include <openssl/x509v3.h>
 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
-                                const X509_REVOKED * const *b);
+    const X509_REVOKED * const *b);
 static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
 ASN1_SEQUENCE(X509_REVOKED) = {
-        ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REVOKED, serialNumber, ASN1_INTEGER),
-        ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
+        ASN1_SIMPLE(X509_REVOKED, revocationDate, ASN1_TIME),
-        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+        ASN1_SEQUENCE_OF_OPT(X509_REVOKED, extensions, X509_EXTENSION)
 } ASN1_SEQUENCE_END(X509_REVOKED)
 static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
-static int def_crl_lookup(X509_CRL *crl,
+static int def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret,
-                X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer);
+    ASN1_INTEGER *serial, X509_NAME *issuer);
-static X509_CRL_METHOD int_crl_meth =
+static X509_CRL_METHOD int_crl_meth = {
-{
+        0,
+        0,
        0,
-        0,0,
        def_crl_lookup,
        def_crl_verify
 };
@@ -91,18 +91,19 @@ static const X509_CRL_METHOD *default_crl_method = &int_crl_meth;
 * Since we cache the original encoding the signature wont be affected by
 * reordering of the revoked field.
 */
-static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                                                                void *exarg)
+crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
        X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
-        if(!a || !a->revoked) return 1;
+        if (!a || !a->revoked)
-        switch(operation) {
+                return 1;
+        switch (operation) {
                /* Just set cmp function here. We don't sort because that
                 * would affect the output of X509_CRL_print().
                 */
        case ASN1_OP_D2I_POST:
-                (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
+                (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp);
                break;
        }
        return 1;
@@ -123,9 +124,9 @@ ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
 * Check for unhandled critical CRL entry extensions.
 */
-static int crl_set_issuers(X509_CRL *crl)
+static int
+crl_set_issuers(X509_CRL *crl)
 {
        int i, j;
        GENERAL_NAMES *gens, *gtmp;
        STACK_OF(X509_REVOKED) *revoked;
@@ -138,9 +139,8 @@ static int crl_set_issuers(X509_CRL *crl)
                STACK_OF(X509_EXTENSION) *exts;
                ASN1_ENUMERATED *reason;
                X509_EXTENSION *ext;
-                gtmp = X509_REVOKED_get_ext_d2i(rev, 
+                gtmp = X509_REVOKED_get_ext_d2i(rev, NID_certificate_issuer,
-                                                NID_certificate_issuer,
+                    &j, NULL);
-                                                &j, NULL);
                if (!gtmp && (j != -1)) {
                        crl->flags |= EXFLAG_INVALID;
                        return 1;
@@ -159,7 +159,7 @@ static int crl_set_issuers(X509_CRL *crl)
                rev->issuer = gens;
                reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason,
-                                                                &j, NULL);
+                    &j, NULL);
                if (!reason && (j != -1)) {
                        crl->flags |= EXFLAG_INVALID;
                        return 1;
@@ -169,7 +169,7 @@ static int crl_set_issuers(X509_CRL *crl)
                        rev->reason = ASN1_ENUMERATED_get(reason);
                        ASN1_ENUMERATED_free(reason);
                } else
-                        rev->reason = CRL_REASON_NONE;  
+                        rev->reason = CRL_REASON_NONE;
                /* Check for critical CRL entry extensions */
@@ -179,32 +179,29 @@ static int crl_set_issuers(X509_CRL *crl)
                        ext = sk_X509_EXTENSION_value(exts, j);
                        if (ext->critical > 0) {
                                if (OBJ_obj2nid(ext->object) ==
-                                        NID_certificate_issuer)
+                                    NID_certificate_issuer)
                                        continue;
                                crl->flags |= EXFLAG_CRITICAL;
                                break;
                        }
                }
        }
        return 1;
 }
 /* The X509_CRL structure needs a bit of customisation. Cache some extensions
 * and hash of the whole CRL.
 */
-static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                                                                void *exarg)
+crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
        X509_CRL *crl = (X509_CRL *)*pval;
        STACK_OF(X509_EXTENSION) *exts;
        X509_EXTENSION *ext;
        int idx;
-        switch(operation) {
+        switch (operation) {
        case ASN1_OP_NEW_POST:
                crl->idp = NULL;
                crl->akid = NULL;
@@ -223,23 +220,23 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
 #endif
                crl->idp = X509_CRL_get_ext_d2i(crl,
-                                NID_issuing_distribution_point, NULL, NULL);
+                    NID_issuing_distribution_point, NULL, NULL);
                if (crl->idp)
                        setup_idp(crl, crl->idp);
                crl->akid = X509_CRL_get_ext_d2i(crl,
-                                NID_authority_key_identifier, NULL, NULL);      
+                    NID_authority_key_identifier, NULL, NULL);
                crl->crl_number = X509_CRL_get_ext_d2i(crl,
-                                NID_crl_number, NULL, NULL);    
+                    NID_crl_number, NULL, NULL);
                crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
-                                NID_delta_crl, NULL, NULL);     
+                    NID_delta_crl, NULL, NULL);
                /* Delta CRLs must have CRL number */
                if (crl->base_crl_number && !crl->crl_number)
                        crl->flags |= EXFLAG_INVALID;
-                /* See if we have any unhandled critical CRL extensions and 
+                /* See if we have any unhandled critical CRL extensions and
                 * indicate this in a flag. We only currently handle IDP so
                 * anything else critical sets the flag.
                 *
@@ -257,15 +254,14 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                                crl->flags |= EXFLAG_FRESHEST;
                        if (ext->critical > 0) {
                                /* We handle IDP and deltas */
-                                if ((nid == NID_issuing_distribution_point)
+                                if ((nid == NID_issuing_distribution_point) ||
-                                        || (nid == NID_delta_crl))
+                                    (nid == NID_delta_crl))
                                        break;;
                                crl->flags |= EXFLAG_CRITICAL;
                                break;
                        }
                }
                if (!crl_set_issuers(crl))
                        return 0;
@@ -294,9 +290,11 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 /* Convert IDP into a more convenient form */
-static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
+static void
+setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
 {
        int idp_only = 0;
        /* Set various flags according to IDP */
        crl->idp_flags |= IDP_PRESENT;
        if (idp->onlyuser > 0) {
@@ -324,7 +322,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
                        crl->idp_reasons = idp->onlysomereasons->data[0];
                if (idp->onlysomereasons->length > 1)
                        crl->idp_reasons |=
-                                (idp->onlysomereasons->data[1] << 8);
+                            (idp->onlysomereasons->data[1] << 8);
                crl->idp_reasons &= CRLDP_ALL_REASONS;
        }
@@ -342,60 +340,65 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
 IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
-static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
+static int
-                        const X509_REVOKED * const *b)
+X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b)
 {
        return(ASN1_STRING_cmp(
-                (ASN1_STRING *)(*a)->serialNumber,
+            (ASN1_STRING *)(*a)->serialNumber,
-                (ASN1_STRING *)(*b)->serialNumber));
+            (ASN1_STRING *)(*b)->serialNumber));
 }
-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+int
+X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
 {
        X509_CRL_INFO *inf;
        inf = crl->crl;
-        if(!inf->revoked)
+        if (!inf->revoked)
                inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
-        if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+        if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
                ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
                return 0;
-}
+        }
        inf->enc.modified = 1;
        return 1;
 }
-int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
+int
+X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
 {
        if (crl->meth->crl_verify)
                return crl->meth->crl_verify(crl, r);
        return 0;
 }
-int X509_CRL_get0_by_serial(X509_CRL *crl,
+int
-                X509_REVOKED **ret, ASN1_INTEGER *serial)
+X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret,
+    ASN1_INTEGER *serial)
 {
        if (crl->meth->crl_lookup)
                return crl->meth->crl_lookup(crl, ret, serial, NULL);
        return 0;
 }
-int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
+int
+X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
 {
        if (crl->meth->crl_lookup)
                return crl->meth->crl_lookup(crl, ret,
-                                                X509_get_serialNumber(x),
+                    X509_get_serialNumber(x), X509_get_issuer_name(x));
-                                                X509_get_issuer_name(x));
        return 0;
 }
-static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
+static int
+def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
 {
        return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
-                crl->sig_alg, crl->signature,crl->crl,r));
+            crl->sig_alg, crl->signature, crl->crl, r));
 }
-static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
+static int
-                                                X509_REVOKED *rev)
+crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, X509_REVOKED *rev)
 {
        int i;
@@ -421,11 +424,13 @@ static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
 }
-static int def_crl_lookup(X509_CRL *crl,
+static int
-                X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer)
+def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial,
+    X509_NAME *issuer)
 {
        X509_REVOKED rtmp, *rev;
        int idx;
        rtmp.serialNumber = serial;
        /* Sort revoked into serial number order if not already sorted.
         * Do this under a lock to avoid race condition.
@@ -436,10 +441,10 @@ static int def_crl_lookup(X509_CRL *crl,
                CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
        }
        idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
-        if(idx < 0)
+        if (idx < 0)
                return 0;
        /* Need to look for matching name */
-        for(;idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) {
+        for (; idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) {
                rev = sk_X509_REVOKED_value(crl->crl->revoked, idx);
                if (ASN1_INTEGER_cmp(rev->serialNumber, serial))
                        return 0;
@@ -454,22 +459,24 @@ static int def_crl_lookup(X509_CRL *crl,
        return 0;
 }
-void X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
+void
+X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
 {
        if (meth == NULL)
                default_crl_method = &int_crl_meth;
-        else 
+        else
                default_crl_method = meth;
 }
-X509_CRL_METHOD *X509_CRL_METHOD_new(
+X509_CRL_METHOD *
-        int (*crl_init)(X509_CRL *crl),
+X509_CRL_METHOD_new(int (*crl_init)(X509_CRL *crl),
-        int (*crl_free)(X509_CRL *crl),
+    int (*crl_free)(X509_CRL *crl),
-        int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
+    int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
-                                ASN1_INTEGER *ser, X509_NAME *issuer),
+    ASN1_INTEGER *ser, X509_NAME *issuer),
-        int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk))
+    int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk))
 {
        X509_CRL_METHOD *m;
        m = malloc(sizeof(X509_CRL_METHOD));
        if (!m)
                return NULL;
@@ -481,19 +488,22 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(
        return m;
 }
-void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
+void
+X509_CRL_METHOD_free(X509_CRL_METHOD *m)
 {
        if (!(m->flags & X509_CRL_METHOD_DYNAMIC))
                return;
        free(m);
 }
-void X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
+void
+X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
 {
        crl->meth_data = dat;
 }
-void *X509_CRL_get_meth_data(X509_CRL *crl)
+void *
+X509_CRL_get_meth_data(X509_CRL *crl)
 {
        return crl->meth_data;
 }
diff --git a/src/lib/libcrypto/asn1/x_exten.c b/src/lib/libcrypto/asn1/x_exten.c
index 3a21239926..5b3f49ed0f 100644
--- a/src/lib/libcrypto/asn1/x_exten.c
+++ b/src/lib/libcrypto/asn1/x_exten.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -67,8 +67,8 @@ ASN1_SEQUENCE(X509_EXTENSION) = {
        ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(X509_EXTENSION)
-ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = 
+ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
 ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
 IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
diff --git a/src/lib/libcrypto/asn1/x_info.c b/src/lib/libcrypto/asn1/x_info.c
index 07ce15dbd7..4d3e2ebd17 100644
--- a/src/lib/libcrypto/asn1/x_info.c
+++ b/src/lib/libcrypto/asn1/x_info.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -62,42 +62,49 @@
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
-X509_INFO *X509_INFO_new(void)
+X509_INFO *
+X509_INFO_new(void)
 {
-        X509_INFO *ret=NULL;
+        X509_INFO *ret = NULL;
-        ret=(X509_INFO *)malloc(sizeof(X509_INFO));
+        ret = (X509_INFO *)malloc(sizeof(X509_INFO));
        if (ret == NULL) {
-                ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE);
-                return(NULL);
+                return (NULL);
        }
- 
-        ret->enc_cipher.cipher=NULL;
+        ret->enc_cipher.cipher = NULL;
-        ret->enc_len=0;
+        ret->enc_len = 0;
-        ret->enc_data=NULL;
+        ret->enc_data = NULL;
- 
-        ret->references=1;
+        ret->references = 1;
-        ret->x509=NULL;
+        ret->x509 = NULL;
-        ret->crl=NULL;
+        ret->crl = NULL;
-        ret->x_pkey=NULL;
+        ret->x_pkey = NULL;
-        return(ret);
+        return (ret);
 }
-void X509_INFO_free(X509_INFO *x)
+void
+X509_INFO_free(X509_INFO *x)
 {
        int i;
-        if (x == NULL) return;
+        if (x == NULL)
+                return;
-        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
+        i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_INFO);
-        if (i > 0) return;
+        if (i > 0)
+                return;
-        if (x->x509 != NULL) X509_free(x->x509);
+        if (x->x509 != NULL)
-        if (x->crl != NULL) X509_CRL_free(x->crl);
+                X509_free(x->x509);
-        if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
+        if (x->crl != NULL)
-        if (x->enc_data != NULL) free(x->enc_data);
+                X509_CRL_free(x->crl);
+        if (x->x_pkey != NULL)
+                X509_PKEY_free(x->x_pkey);
+        if (x->enc_data != NULL)
+                free(x->enc_data);
        free(x);
 }
 IMPLEMENT_STACK_OF(X509_INFO)
diff --git a/src/lib/libcrypto/asn1/x_long.c b/src/lib/libcrypto/asn1/x_long.c
index 1417284d3c..81dcc4fc29 100644
--- a/src/lib/libcrypto/asn1/x_long.c
+++ b/src/lib/libcrypto/asn1/x_long.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -84,25 +84,29 @@ static ASN1_PRIMITIVE_FUNCS long_pf = {
 };
 ASN1_ITEM_start(LONG)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
 ASN1_ITEM_end(LONG)
 ASN1_ITEM_start(ZLONG)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
 ASN1_ITEM_end(ZLONG)
-static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int
+long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
        *(long *)pval = it->size;
        return 1;
 }
-static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static void
+long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
        *(long *)pval = it->size;
 }
-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+static int
+long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+    const ASN1_ITEM *it)
 {
        long ltmp;
        unsigned long utmp;
@@ -113,58 +117,70 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A
        /* use memcpy, because we may not be long aligned */
        memcpy(&ltmp, cp, sizeof(long));
-        if(ltmp == it->size) return -1;
+        if (ltmp == it->size)
+                return -1;
        /* Convert the long to positive: we subtract one if negative so
         * we can cleanly handle the padding if only the MSB of the leading
-         * octet is set. 
+         * octet is set.
         */
-        if(ltmp < 0) utmp = -ltmp - 1;
+        if (ltmp < 0)
-        else utmp = ltmp;
+                utmp = -ltmp - 1;
+        else
+                utmp = ltmp;
        clen = BN_num_bits_word(utmp);
        /* If MSB of leading octet set we need to pad */
-        if(!(clen & 0x7)) pad = 1;
+        if (!(clen & 0x7))
-        else pad = 0;
+                pad = 1;
+        else
+                pad = 0;
        /* Convert number of bits to number of octets */
        clen = (clen + 7) >> 3;
-        if(cont) {
+        if (cont) {
-                if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
+                if (pad)
-                for(i = clen - 1; i >= 0; i--) {
+                        *cont++ = (ltmp < 0) ? 0xff : 0;
+                for (i = clen - 1; i >= 0; i--) {
                        cont[i] = (unsigned char)(utmp & 0xff);
-                        if(ltmp < 0) cont[i] ^= 0xff;
+                        if (ltmp < 0)
+                                cont[i] ^= 0xff;
                        utmp >>= 8;
                }
        }
        return clen + pad;
 }
-static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+static int
-                    int utype, char *free_cont, const ASN1_ITEM *it)
+long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
+    char *free_cont, const ASN1_ITEM *it)
 {
        int neg, i;
        long ltmp;
        unsigned long utmp = 0;
        char *cp = (char *)pval;
-        if(len > (int)sizeof(long)) {
+        if (len > (int)sizeof(long)) {
                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
                return 0;
        }
        /* Is it negative? */
-        if(len && (cont[0] & 0x80)) neg = 1;
+        if (len && (cont[0] & 0x80))
-        else neg = 0;
+                neg = 1;
+        else
+                neg = 0;
        utmp = 0;
-        for(i = 0; i < len; i++) {
+        for (i = 0; i < len; i++) {
                utmp <<= 8;
-                if(neg) utmp |= cont[i] ^ 0xff;
+                if (neg)
-                else utmp |= cont[i];
+                        utmp |= cont[i] ^ 0xff;
+                else
+                        utmp |= cont[i];
        }
        ltmp = (long)utmp;
-        if(neg) {
+        if (neg) {
                ltmp++;
                ltmp = -ltmp;
        }
-        if(ltmp == it->size) {
+        if (ltmp == it->size) {
                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
                return 0;
        }
@@ -172,8 +188,9 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
        return 1;
 }
-static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                        int indent, const ASN1_PCTX *pctx)
+long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent,
+    const ASN1_PCTX *pctx)
 {
        return BIO_printf(out, "%ld\n", *(long *)pval);
 }
diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c
index d10ac5acd1..70459babc4 100644
--- a/src/lib/libcrypto/asn1/x_name.c
+++ b/src/lib/libcrypto/asn1/x_name.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -66,13 +66,12 @@
 typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
 DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
-static int x509_name_ex_d2i(ASN1_VALUE **val,
+static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in,
-                                const unsigned char **in, long len,
+    long len, const ASN1_ITEM *it, int tag, int aclass, char opt,
-                                const ASN1_ITEM *it,
+    ASN1_TLC *ctx);
-                                int tag, int aclass, char opt, ASN1_TLC *ctx);
 static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
-                                const ASN1_ITEM *it, int tag, int aclass);
+    const ASN1_ITEM *it, int tag, int aclass);
 static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
 static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
@@ -80,13 +79,10 @@ static int x509_name_encode(X509_NAME *a);
 static int x509_name_canon(X509_NAME *a);
 static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in);
 static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname,
-                          unsigned char **in);
+    unsigned char **in);
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, int indent,
-static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+    const char *fname, const ASN1_PCTX *pctx);
-                                                int indent,
-                                                const char *fname, 
-                                                const ASN1_PCTX *pctx);
 ASN1_SEQUENCE(X509_NAME_ENTRY) = {
        ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
@@ -101,11 +97,11 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
 */
 ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
 ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
 ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
 ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
 /* Normally that's where it would end: we'd have two nested STACK structures
@@ -124,26 +120,30 @@ const ASN1_EXTERN_FUNCS x509_name_ff = {
        x509_name_ex_print
 };
-IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)
 IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+static int
+x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
 {
        X509_NAME *ret = NULL;
        ret = malloc(sizeof(X509_NAME));
-        if(!ret) goto memerr;
+        if (!ret)
-        if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
+                goto memerr;
+        if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
+                goto memerr;
+        if ((ret->bytes = BUF_MEM_new()) == NULL)
                goto memerr;
-        if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
        ret->canon_enc = NULL;
        ret->canon_enclen = 0;
-        ret->modified=1;
+        ret->modified = 1;
        *val = (ASN1_VALUE *)ret;
        return 1;
- memerr:
+memerr:
        ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
        if (ret) {
                if (ret->entries)
@@ -153,54 +153,64 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
        return 0;
 }
-static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static void
+x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
        X509_NAME *a;
-        if(!pval || !*pval)
-            return;
+        if (!pval || !*pval)
+                return;
        a = (X509_NAME *)*pval;
        BUF_MEM_free(a->bytes);
-        sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+        sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
        if (a->canon_enc)
                free(a->canon_enc);
        free(a);
        *pval = NULL;
 }
-static int x509_name_ex_d2i(ASN1_VALUE **val,
+static int
-                        const unsigned char **in, long len, const ASN1_ITEM *it,
+x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
-                                int tag, int aclass, char opt, ASN1_TLC *ctx)
+    const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx)
 {
        const unsigned char *p = *in, *q;
-        union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+        union {
-                ASN1_VALUE *a; } intname = {NULL};
+                STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
-        union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
+                ASN1_VALUE *a;
+        } intname = {NULL};
+        union {
+                X509_NAME *x;
+                ASN1_VALUE *a;
+        } nm = {NULL};
        int i, j, ret;
        STACK_OF(X509_NAME_ENTRY) *entries;
        X509_NAME_ENTRY *entry;
        q = p;
        /* Get internal representation of Name */
-        ret = ASN1_item_ex_d2i(&intname.a,
+        ret = ASN1_item_ex_d2i(&intname.a, &p, len,
-                               &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+            ASN1_ITEM_rptr(X509_NAME_INTERNAL), tag, aclass, opt, ctx);
-                               tag, aclass, opt, ctx);
-        
+        if (ret <= 0)
-        if(ret <= 0) return ret;
+                return ret;
-        if(*val) x509_name_ex_free(val, NULL);
+        if (*val)
-        if(!x509_name_ex_new(&nm.a, NULL)) goto err;
+                x509_name_ex_free(val, NULL);
+        if (!x509_name_ex_new(&nm.a, NULL))
+                goto err;
        /* We've decoded it: now cache encoding */
-        if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err;
+        if (!BUF_MEM_grow(nm.x->bytes, p - q))
+                goto err;
        memcpy(nm.x->bytes->data, q, p - q);
        /* Convert internal representation to X509_NAME structure */
-        for(i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
+        for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
                entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
-                for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+                for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
                        entry = sk_X509_NAME_ENTRY_value(entries, j);
                        entry->set = i;
-                        if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
+                        if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
                                goto err;
                }
                sk_X509_NAME_ENTRY_free(entries);
@@ -213,90 +223,104 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
        *val = nm.a;
        *in = p;
        return ret;
 err:
-        if (nm.x != NULL)
+        if (nm.x != NULL)
                X509_NAME_free(nm.x);
        ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
        return 0;
 }
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+static int
+x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it,
+    int tag, int aclass)
 {
        int ret;
        X509_NAME *a = (X509_NAME *)*val;
-        if(a->modified) {
+        if (a->modified) {
                ret = x509_name_encode(a);
-                if(ret < 0)
+                if (ret < 0)
                        return ret;
                ret = x509_name_canon(a);
-                if(ret < 0)
+                if (ret < 0)
                        return ret;
        }
        ret = a->bytes->length;
-        if(out != NULL) {
+        if (out != NULL) {
-                memcpy(*out,a->bytes->data,ret);
+                memcpy(*out, a->bytes->data, ret);
-                *out+=ret;
+                *out += ret;
        }
        return ret;
 }
-static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
+static void
+local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
 {
        sk_X509_NAME_ENTRY_free(ne);
 }
-static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
+static void
+local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
 {
        sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
 }
-static int x509_name_encode(X509_NAME *a)
+static int
+x509_name_encode(X509_NAME *a)
 {
-        union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+        union {
-                ASN1_VALUE *a; } intname = {NULL};
+                STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+                ASN1_VALUE *a;
+        } intname = {NULL};
        int len;
        unsigned char *p;
        STACK_OF(X509_NAME_ENTRY) *entries = NULL;
        X509_NAME_ENTRY *entry;
        int i, set = -1;
        intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
-        if(!intname.s) goto memerr;
+        if (!intname.s)
-        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+                goto memerr;
+        for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
                entry = sk_X509_NAME_ENTRY_value(a->entries, i);
-                if(entry->set != set) {
+                if (entry->set != set) {
                        entries = sk_X509_NAME_ENTRY_new_null();
-                        if(!entries) goto memerr;
+                        if (!entries)
-                        if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s,
+                                goto memerr;
-                                                             entries))
+                        if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s,
+                            entries))
                                goto memerr;
                        set = entry->set;
                }
-                if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
+                if (!sk_X509_NAME_ENTRY_push(entries, entry))
+                        goto memerr;
        }
        len = ASN1_item_ex_i2d(&intname.a, NULL,
-                               ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+            ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-        if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
+        if (!BUF_MEM_grow(a->bytes, len))
-        p=(unsigned char *)a->bytes->data;
+                goto memerr;
-        ASN1_item_ex_i2d(&intname.a,
+        p = (unsigned char *)a->bytes->data;
-                         &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+        ASN1_item_ex_i2d(&intname.a, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+            -1, -1);
        sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
-                                             local_sk_X509_NAME_ENTRY_free);
+            local_sk_X509_NAME_ENTRY_free);
        a->modified = 0;
        return len;
 memerr:
        sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
-                                             local_sk_X509_NAME_ENTRY_free);
+            local_sk_X509_NAME_ENTRY_free);
        ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
        return -1;
 }
-static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+static int
-                                                int indent,
+x509_name_ex_print(BIO *out, ASN1_VALUE **pval, int indent, const char *fname,
-                                                const char *fname, 
+    const ASN1_PCTX *pctx)
-                                                const ASN1_PCTX *pctx)
 {
-        if (X509_NAME_print_ex(out, (X509_NAME *)*pval,
+        if (X509_NAME_print_ex(out, (X509_NAME *)*pval, indent,
-                                        indent, pctx->nm_flags) <= 0)
+            pctx->nm_flags) <= 0)
                return 0;
        return 2;
 }
@@ -314,7 +338,8 @@ static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
 * dirName can also be checked with a simple memcmp().
 */
-static int x509_name_canon(X509_NAME *a)
+static int
+x509_name_canon(X509_NAME *a)
 {
        unsigned char *p;
        STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
@@ -325,22 +350,22 @@ static int x509_name_canon(X509_NAME *a)
        if (a->canon_enc) {
                free(a->canon_enc);
                a->canon_enc = NULL;
-                }
+        }
        /* Special case: empty X509_NAME => null encoding */
        if (sk_X509_NAME_ENTRY_num(a->entries) == 0) {
                a->canon_enclen = 0;
                return 1;
        }
        intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
-        if(!intname)
+        if (!intname)
                goto err;
-        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
                entry = sk_X509_NAME_ENTRY_value(a->entries, i);
-                if(entry->set != set) {
+                if (entry->set != set) {
                        entries = sk_X509_NAME_ENTRY_new_null();
-                        if(!entries)
+                        if (!entries)
                                goto err;
-                        if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
+                        if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
                                goto err;
                        set = entry->set;
                }
@@ -348,33 +373,27 @@ static int x509_name_canon(X509_NAME *a)
                tmpentry->object = OBJ_dup(entry->object);
                if (!asn1_string_canon(tmpentry->value, entry->value))
                        goto err;
-                if(!sk_X509_NAME_ENTRY_push(entries, tmpentry))
+                if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))
                        goto err;
                tmpentry = NULL;
        }
        /* Finally generate encoding */
        a->canon_enclen = i2d_name_canon(intname, NULL);
        p = malloc(a->canon_enclen);
        if (!p)
                goto err;
        a->canon_enc = p;
        i2d_name_canon(intname, &p);
        ret = 1;
-        err:
+err:
        if (tmpentry)
                X509_NAME_ENTRY_free(tmpentry);
        if (intname)
                sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
-                                        local_sk_X509_NAME_ENTRY_pop_free);
+                    local_sk_X509_NAME_ENTRY_pop_free);
        return ret;
 }
@@ -384,9 +403,10 @@ static int x509_name_canon(X509_NAME *a)
        (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \
        | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
        | B_ASN1_VISIBLESTRING)
-        
-static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
+static int
+asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
 {
        unsigned char *to, *from;
        int len, i;
@@ -415,7 +435,7 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
         */
        /* Ignore leading spaces */
-        while((len > 0) && !(*from & 0x80) && isspace(*from)) {
+        while ((len > 0) && !(*from & 0x80) && isspace(*from)) {
                from++;
                len--;
        }
@@ -431,24 +451,24 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
        to = out->data;
        i = 0;
-        while(i < len) {
+        while (i < len) {
                /* If MSB set just copy across */
                if (*from & 0x80) {
                        *to++ = *from++;
                        i++;
-                        }
+                }
                /* Collapse multiple spaces */
                else if (isspace(*from)) {
                        /* Copy one space across */
                        *to++ = ' ';
                        /* Ignore subsequent spaces. Note: don't need to
-                         * check len here because we know the last 
+                         * check len here because we know the last
                         * character is a non-space so we can't overflow.
                         */
                        do {
                                from++;
                                i++;
-                        } while(!(*from & 0x80) && isspace(*from));
+                        } while (!(*from & 0x80) && isspace(*from));
                } else {
                        *to++ = tolower(*from);
                        from++;
@@ -459,11 +479,10 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
        out->length = to - out->data;
        return 1;
 }
-static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
+static int
-                          unsigned char **in)
+i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname, unsigned char **in)
 {
        int i, len, ltmp;
        ASN1_VALUE *v;
@@ -473,7 +492,7 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
        for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) {
                v = sk_ASN1_VALUE_value(intname, i);
                ltmp = ASN1_item_ex_i2d(&v, in,
-                        ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
+                    ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
                if (ltmp < 0)
                        return ltmp;
                len += ltmp;
@@ -481,21 +500,23 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
        return len;
 }
-int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
+int
+X509_NAME_set(X509_NAME **xn, X509_NAME *name)
 {
        X509_NAME *in;
-        if (!xn || !name) return(0);
+        if (!xn || !name)
+                return (0);
        if (*xn != name) {
-                in=X509_NAME_dup(name);
+                in = X509_NAME_dup(name);
                if (in != NULL) {
                        X509_NAME_free(*xn);
-                        *xn=in;
+                        *xn = in;
                }
        }
-        return(*xn != NULL);
+        return (*xn != NULL);
 }
-        
 IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
 IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
diff --git a/src/lib/libcrypto/asn1/x_nx509.c b/src/lib/libcrypto/asn1/x_nx509.c
index fbd9a22db3..538a9f95eb 100644
--- a/src/lib/libcrypto/asn1/x_nx509.c
+++ b/src/lib/libcrypto/asn1/x_nx509.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -69,4 +69,3 @@ ASN1_SEQUENCE(NETSCAPE_X509) = {
 } ASN1_SEQUENCE_END(NETSCAPE_X509)
 IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509)
diff --git a/src/lib/libcrypto/asn1/x_pkey.c b/src/lib/libcrypto/asn1/x_pkey.c
index eac134a1ee..d18b8f6f5e 100644
--- a/src/lib/libcrypto/asn1/x_pkey.c
+++ b/src/lib/libcrypto/asn1/x_pkey.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -64,75 +64,85 @@
 #include <openssl/x509.h>
 /* need to implement */
-int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
+int
+i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
 {
-        return(0);
+        return (0);
 }
-X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
+X509_PKEY *
+d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
 {
        int i;
-        M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
+        M_ASN1_D2I_vars(a, X509_PKEY *, X509_PKEY_new);
        M_ASN1_D2I_Init();
        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get_x(X509_ALGOR,ret->enc_algor,d2i_X509_ALGOR);
+        M_ASN1_D2I_get_x(X509_ALGOR, ret->enc_algor, d2i_X509_ALGOR);
-        M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->enc_pkey,d2i_ASN1_OCTET_STRING);
+        M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->enc_pkey,
+            d2i_ASN1_OCTET_STRING);
-        ret->cipher.cipher=EVP_get_cipherbyname(
+        ret->cipher.cipher = EVP_get_cipherbyname(
-                OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
+            OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
        if (ret->cipher.cipher == NULL) {
-                c.error=ASN1_R_UNSUPPORTED_CIPHER;
+                c.error = ASN1_R_UNSUPPORTED_CIPHER;
-                c.line=__LINE__;
+                c.line = __LINE__;
                goto err;
        }
        if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) {
-                i=ret->enc_algor->parameter->value.octet_string->length;
+                i = ret->enc_algor->parameter->value.octet_string->length;
                if (i > EVP_MAX_IV_LENGTH) {
-                        c.error=ASN1_R_IV_TOO_LARGE;
+                        c.error = ASN1_R_IV_TOO_LARGE;
-                        c.line=__LINE__;
+                        c.line = __LINE__;
                        goto err;
                }
                memcpy(ret->cipher.iv,
-                        ret->enc_algor->parameter->value.octet_string->data,i);
+                    ret->enc_algor->parameter->value.octet_string->data, i);
-        }
+        } else
-        else
+                memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
-                memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+        M_ASN1_D2I_Finish(a, X509_PKEY_free, ASN1_F_D2I_X509_PKEY);
-        M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
 }
-X509_PKEY *X509_PKEY_new(void)
+X509_PKEY *
+X509_PKEY_new(void)
 {
-        X509_PKEY *ret=NULL;
+        X509_PKEY *ret = NULL;
        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret,X509_PKEY);
+        M_ASN1_New_Malloc(ret, X509_PKEY);
-        ret->version=0;
+        ret->version = 0;
-        M_ASN1_New(ret->enc_algor,X509_ALGOR_new);
+        M_ASN1_New(ret->enc_algor, X509_ALGOR_new);
-        M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new);
+        M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new);
-        ret->dec_pkey=NULL;
+        ret->dec_pkey = NULL;
-        ret->key_length=0;
+        ret->key_length = 0;
-        ret->key_data=NULL;
+        ret->key_data = NULL;
-        ret->key_free=0;
+        ret->key_free = 0;
-        ret->cipher.cipher=NULL;
+        ret->cipher.cipher = NULL;
-        memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+        memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
-        ret->references=1;
+        ret->references = 1;
-        return(ret);
+        return (ret);
        M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
 }
-void X509_PKEY_free(X509_PKEY *x)
+void
+X509_PKEY_free(X509_PKEY *x)
 {
        int i;
-        if (x == NULL) return;
+        if (x == NULL)
+                return;
-        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);
+        i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY);
-        if (i > 0) return;
+        if (i > 0)
+                return;
-        if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
+        if (x->enc_algor != NULL)
-        if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey);
+                X509_ALGOR_free(x->enc_algor);
-        if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
+        if (x->enc_pkey != NULL)
-        if ((x->key_data != NULL) && (x->key_free)) free(x->key_data);
+                M_ASN1_OCTET_STRING_free(x->enc_pkey);
+        if (x->dec_pkey != NULL)
+                EVP_PKEY_free(x->dec_pkey);
+        if ((x->key_data != NULL) && (x->key_free))
+                free(x->key_data);
        free(x);
 }
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
index 1d6ab6580a..df915e2dfd 100644
--- a/src/lib/libcrypto/asn1/x_pubkey.c
+++ b/src/lib/libcrypto/asn1/x_pubkey.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -69,8 +69,8 @@
 #endif
 /* Minor tweak to operation: free up EVP_PKEY */
-static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                        void *exarg)
+pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
        if (operation == ASN1_OP_FREE_POST) {
                X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
@@ -86,54 +86,61 @@ ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
-int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
+int
+X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 {
-        X509_PUBKEY *pk=NULL;
+        X509_PUBKEY *pk = NULL;
-        if (x == NULL) return(0);
+        if (x == NULL)
+                return (0);
-        if ((pk=X509_PUBKEY_new()) == NULL) goto error;
+        if ((pk = X509_PUBKEY_new()) == NULL)
+                goto error;
        if (pkey->ameth) {
                if (pkey->ameth->pub_encode) {
                        if (!pkey->ameth->pub_encode(pk, pkey)) {
                                X509err(X509_F_X509_PUBKEY_SET,
-                                        X509_R_PUBLIC_KEY_ENCODE_ERROR);
+                                    X509_R_PUBLIC_KEY_ENCODE_ERROR);
                                goto error;
                        }
                } else {
                        X509err(X509_F_X509_PUBKEY_SET,
-                                X509_R_METHOD_NOT_SUPPORTED);
+                            X509_R_METHOD_NOT_SUPPORTED);
                        goto error;
                }
        } else {
-                X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
+                X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM);
                goto error;
        }
        if (*x != NULL)
                X509_PUBKEY_free(*x);
-        *x=pk;
+        *x = pk;
        return 1;
 error:
-        if (pk != NULL) X509_PUBKEY_free(pk);
+        if (pk != NULL)
+                X509_PUBKEY_free(pk);
        return 0;
 }
-EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+EVP_PKEY *
+X509_PUBKEY_get(X509_PUBKEY *key)
 {
-        EVP_PKEY *ret=NULL;
+        EVP_PKEY *ret = NULL;
-        if (key == NULL) goto error;
+        if (key == NULL)
+                goto error;
        if (key->pkey != NULL) {
                CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
                return key->pkey;
        }
-        if (key->public_key == NULL) goto error;
+        if (key->public_key == NULL)
+                goto error;
        if ((ret = EVP_PKEY_new()) == NULL) {
                X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
@@ -141,14 +148,14 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
        }
        if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) {
-                X509err(X509_F_X509_PUBKEY_GET,X509_R_UNSUPPORTED_ALGORITHM);
+                X509err(X509_F_X509_PUBKEY_GET, X509_R_UNSUPPORTED_ALGORITHM);
                goto error;
        }
        if (ret->ameth->pub_decode) {
                if (!ret->ameth->pub_decode(ret, key)) {
                        X509err(X509_F_X509_PUBKEY_GET,
-                                                X509_R_PUBLIC_KEY_DECODE_ERROR);
+                            X509_R_PUBLIC_KEY_DECODE_ERROR);
                        goto error;
                }
        } else {
@@ -170,39 +177,44 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
        return ret;
-        error:
+error:
        if (ret != NULL)
                EVP_PKEY_free(ret);
-        return(NULL);
+        return (NULL);
 }
 /* Now two pseudo ASN1 routines that take an EVP_PKEY structure
 * and encode or decode as X509_PUBKEY
 */
-EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,
+EVP_PKEY *
-             long length)
+d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
 {
        X509_PUBKEY *xpk;
        EVP_PKEY *pktmp;
        xpk = d2i_X509_PUBKEY(NULL, pp, length);
-        if(!xpk) return NULL;
+        if (!xpk)
+                return NULL;
        pktmp = X509_PUBKEY_get(xpk);
        X509_PUBKEY_free(xpk);
-        if(!pktmp) return NULL;
+        if (!pktmp)
-        if(a) {
+                return NULL;
+        if (a) {
                EVP_PKEY_free(*a);
                *a = pktmp;
        }
        return pktmp;
 }
-int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
+int
+i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
 {
-        X509_PUBKEY *xpk=NULL;
+        X509_PUBKEY *xpk = NULL;
        int ret;
-        if(!a) return 0;
+        if (!a)
-        if(!X509_PUBKEY_set(&xpk, a)) return 0;
+                return 0;
+        if (!X509_PUBKEY_set(&xpk, a))
+                return 0;
        ret = i2d_X509_PUBKEY(xpk, pp);
        X509_PUBKEY_free(xpk);
        return ret;
@@ -212,18 +224,20 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
 * keys
 */
 #ifndef OPENSSL_NO_RSA
-RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
+RSA *
-             long length)
+d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length)
 {
        EVP_PKEY *pkey;
        RSA *key;
        const unsigned char *q;
        q = *pp;
        pkey = d2i_PUBKEY(NULL, &q, length);
-        if (!pkey) return NULL;
+        if (!pkey)
+                return NULL;
        key = EVP_PKEY_get1_RSA(pkey);
        EVP_PKEY_free(pkey);
-        if (!key) return NULL;
+        if (!key)
+                return NULL;
        *pp = q;
        if (a) {
                RSA_free(*a);
@@ -232,11 +246,13 @@ RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
        return key;
 }
-int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
+int
+i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
 {
        EVP_PKEY *pktmp;
        int ret;
-        if (!a) return 0;
+        if (!a)
+                return 0;
        pktmp = EVP_PKEY_new();
        if (!pktmp) {
                ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
@@ -250,18 +266,20 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
 #endif
 #ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
+DSA *
-             long length)
+d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
 {
        EVP_PKEY *pkey;
        DSA *key;
        const unsigned char *q;
        q = *pp;
        pkey = d2i_PUBKEY(NULL, &q, length);
-        if (!pkey) return NULL;
+        if (!pkey)
+                return NULL;
        key = EVP_PKEY_get1_DSA(pkey);
        EVP_PKEY_free(pkey);
-        if (!key) return NULL;
+        if (!key)
+                return NULL;
        *pp = q;
        if (a) {
                DSA_free(*a);
@@ -270,13 +288,15 @@ DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
        return key;
 }
-int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
+int
+i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
 {
        EVP_PKEY *pktmp;
        int ret;
-        if(!a) return 0;
+        if (!a)
+                return 0;
        pktmp = EVP_PKEY_new();
-        if(!pktmp) {
+        if (!pktmp) {
                ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
                return 0;
        }
@@ -288,44 +308,49 @@ int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
 #endif
 #ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
+EC_KEY *
+d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
 {
        EVP_PKEY *pkey;
        EC_KEY *key;
        const unsigned char *q;
        q = *pp;
        pkey = d2i_PUBKEY(NULL, &q, length);
-        if (!pkey) return(NULL);
+        if (!pkey)
+                return (NULL);
        key = EVP_PKEY_get1_EC_KEY(pkey);
        EVP_PKEY_free(pkey);
-        if (!key)  return(NULL);
+        if (!key)
+                return (NULL);
        *pp = q;
        if (a) {
                EC_KEY_free(*a);
                *a = key;
        }
-        return(key);
+        return (key);
 }
-int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
+int
+i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
 {
        EVP_PKEY *pktmp;
        int ret;
-        if (!a) return(0);
+        if (!a)
+                return (0);
        if ((pktmp = EVP_PKEY_new()) == NULL) {
                ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
-                return(0);
+                return (0);
        }
        EVP_PKEY_set1_EC_KEY(pktmp, a);
        ret = i2d_PUBKEY(pktmp, pp);
        EVP_PKEY_free(pktmp);
-        return(ret);
+        return (ret);
 }
 #endif
-int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+int
-                                        int ptype, void *pval,
+X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype,
-                                        unsigned char *penc, int penclen)
+    void *pval, unsigned char *penc, int penclen)
 {
        if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
                return 0;
@@ -334,17 +359,16 @@ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                        free(pub->public_key->data);
                pub->public_key->data = penc;
                pub->public_key->length = penclen;
-                /* Set number of unused bits to zero */
+                /* Set number of unused bits to zero */
                pub->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-                pub->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+                pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
        }
        return 1;
 }
-int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+int
-                const unsigned char **pk, int *ppklen,
+X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk,
-                X509_ALGOR **pa,
+    int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub)
-                X509_PUBKEY *pub)
 {
        if (ppkalg)
                *ppkalg = pub->algor->algorithm;
diff --git a/src/lib/libcrypto/asn1/x_req.c b/src/lib/libcrypto/asn1/x_req.c
index d57555827c..442f56a144 100644
--- a/src/lib/libcrypto/asn1/x_req.c
+++ b/src/lib/libcrypto/asn1/x_req.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -66,7 +66,7 @@
 * encode the attributes field if it is empty. This is in
 * violation of PKCS#10 but we need to tolerate it. We do
 * this by making the attributes field OPTIONAL then using
- * the callback to initialise it to an empty STACK. 
+ * the callback to initialise it to an empty STACK.
 *
 * This means that the field will be correctly encoded unless
 * we NULL out the field.
@@ -79,14 +79,15 @@
 *
 */
-static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                                                        void *exarg)
+rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
        X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
-        if(operation == ASN1_OP_NEW_POST) {
+        if (operation == ASN1_OP_NEW_POST) {
                rinf->attributes = sk_X509_ATTRIBUTE_new_null();
-                if(!rinf->attributes) return 0;
+                if (!rinf->attributes)
+                        return 0;
        }
        return 1;
 }
diff --git a/src/lib/libcrypto/asn1/x_sig.c b/src/lib/libcrypto/asn1/x_sig.c
index 42efa86c1c..5c9aef0365 100644
--- a/src/lib/libcrypto/asn1/x_sig.c
+++ b/src/lib/libcrypto/asn1/x_sig.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
diff --git a/src/lib/libcrypto/asn1/x_spki.c b/src/lib/libcrypto/asn1/x_spki.c
index 2aece077c5..34fe81443c 100644
--- a/src/lib/libcrypto/asn1/x_spki.c
+++ b/src/lib/libcrypto/asn1/x_spki.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
diff --git a/src/lib/libcrypto/asn1/x_val.c b/src/lib/libcrypto/asn1/x_val.c
index dc17c67758..6436f0cb55 100644
--- a/src/lib/libcrypto/asn1/x_val.c
+++ b/src/lib/libcrypto/asn1/x_val.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
diff --git a/src/lib/libcrypto/asn1/x_x509.c b/src/lib/libcrypto/asn1/x_x509.c
index 20448a8e3b..e7d613e20f 100644
--- a/src/lib/libcrypto/asn1/x_x509.c
+++ b/src/lib/libcrypto/asn1/x_x509.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -81,15 +81,15 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
 extern void policy_cache_free(X509_POLICY_CACHE *cache);
-static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                                                                void *exarg)
+x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
        X509 *ret = (X509 *)*pval;
-        switch(operation) {
+        switch (operation) {
        case ASN1_OP_NEW_POST:
-                ret->valid=0;
+                ret->valid = 0;
                ret->name = NULL;
                ret->ex_flags = 0;
                ret->ex_pathlen = -1;
@@ -105,8 +105,9 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                break;
        case ASN1_OP_D2I_POST:
-                if (ret->name != NULL) free(ret->name);
+                if (ret->name != NULL)
-                ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+                        free(ret->name);
+                ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0);
                break;
        case ASN1_OP_FREE_POST:
@@ -122,14 +123,12 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
                ASIdentifiers_free(ret->rfc3779_asid);
 #endif
+                if (ret->name != NULL)
-                if (ret->name != NULL) free(ret->name);
+                        free(ret->name);
                break;
        }
        return 1;
 }
 ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
@@ -141,21 +140,24 @@ ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509)
-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+int
-             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
 {
        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
-                                new_func, dup_func, free_func);
+            new_func, dup_func, free_func);
 }
-int X509_set_ex_data(X509 *r, int idx, void *arg)
+int
+X509_set_ex_data(X509 *r, int idx, void *arg)
 {
-        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
 }
-void *X509_get_ex_data(X509 *r, int idx)
+void *
+X509_get_ex_data(X509 *r, int idx)
 {
-        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        return (CRYPTO_get_ex_data(&r->ex_data, idx));
 }
 /* X509_AUX ASN1 routines. X509_AUX is the name given to
@@ -166,29 +168,38 @@ void *X509_get_ex_data(X509 *r, int idx)
 *
 */
-X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
+X509 *
+d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
 {
        const unsigned char *q;
        X509 *ret;
        /* Save start position */
        q = *pp;
        ret = d2i_X509(a, pp, length);
        /* If certificate unreadable then forget it */
-        if(!ret) return NULL;
+        if (!ret)
+                return NULL;
        /* update length */
        length -= *pp - q;
-        if(!length) return ret;
+        if (!length)
-        if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
+                return ret;
+        if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
+                goto err;
        return ret;
-        err:
+err:
        X509_free(ret);
        return NULL;
 }
-int i2d_X509_AUX(X509 *a, unsigned char **pp)
+int
+i2d_X509_AUX(X509 *a, unsigned char **pp)
 {
        int length;
        length = i2d_X509(a, pp);
-        if(a) length += i2d_X509_CERT_AUX(a->aux, pp);
+        if (a)
+                length += i2d_X509_CERT_AUX(a->aux, pp);
        return length;
 }
diff --git a/src/lib/libcrypto/asn1/x_x509a.c b/src/lib/libcrypto/asn1/x_x509a.c
index 287d780830..69ea725709 100644
--- a/src/lib/libcrypto/asn1/x_x509a.c
+++ b/src/lib/libcrypto/asn1/x_x509a.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -66,7 +66,7 @@
 * user modifiable data about a certificate. This data is
 * appended to the X509 encoding when the *_X509_AUX routines
 * are used. This means that the "traditional" X509 routines
- * will simply ignore the extra data. 
+ * will simply ignore the extra data.
 */
 static X509_CERT_AUX *aux_get(X509 *x);
@@ -81,14 +81,18 @@ ASN1_SEQUENCE(X509_CERT_AUX) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
-static X509_CERT_AUX *aux_get(X509 *x)
+static X509_CERT_AUX *
+aux_get(X509 *x)
 {
-        if(!x) return NULL;
+        if (!x)
-        if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL;
+                return NULL;
+        if (!x->aux && !(x->aux = X509_CERT_AUX_new()))
+                return NULL;
        return x->aux;
 }
-int X509_alias_set1(X509 *x, unsigned char *name, int len)
+int
+X509_alias_set1(X509 *x, unsigned char *name, int len)
 {
        X509_CERT_AUX *aux;
        if (!name) {
@@ -98,12 +102,15 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len)
                x->aux->alias = NULL;
                return 1;
        }
-        if(!(aux = aux_get(x))) return 0;
+        if (!(aux = aux_get(x)))
-        if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;
+                return 0;
+        if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new()))
+                return 0;
        return ASN1_STRING_set(aux->alias, name, len);
 }
-int X509_keyid_set1(X509 *x, unsigned char *id, int len)
+int
+X509_keyid_set1(X509 *x, unsigned char *id, int len)
 {
        X509_CERT_AUX *aux;
        if (!id) {
@@ -113,58 +120,74 @@ int X509_keyid_set1(X509 *x, unsigned char *id, int len)
                x->aux->keyid = NULL;
                return 1;
        }
-        if(!(aux = aux_get(x))) return 0;
+        if (!(aux = aux_get(x)))
-        if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
+                return 0;
+        if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new()))
+                return 0;
        return ASN1_STRING_set(aux->keyid, id, len);
 }
-unsigned char *X509_alias_get0(X509 *x, int *len)
+unsigned char *
+X509_alias_get0(X509 *x, int *len)
 {
-        if(!x->aux || !x->aux->alias) return NULL;
+        if (!x->aux || !x->aux->alias)
-        if(len) *len = x->aux->alias->length;
+                return NULL;
+        if (len)
+                *len = x->aux->alias->length;
        return x->aux->alias->data;
 }
-unsigned char *X509_keyid_get0(X509 *x, int *len)
+unsigned char *
+X509_keyid_get0(X509 *x, int *len)
 {
-        if(!x->aux || !x->aux->keyid) return NULL;
+        if (!x->aux || !x->aux->keyid)
-        if(len) *len = x->aux->keyid->length;
+                return NULL;
+        if (len)
+                *len = x->aux->keyid->length;
        return x->aux->keyid->data;
 }
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
+int
+X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
 {
        X509_CERT_AUX *aux;
        ASN1_OBJECT *objtmp;
-        if(!(objtmp = OBJ_dup(obj))) return 0;
+        if (!(objtmp = OBJ_dup(obj)))
-        if(!(aux = aux_get(x))) return 0;
+                return 0;
-        if(!aux->trust
+        if (!(aux = aux_get(x)))
-                && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
+                return 0;
+        if (!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null()))
+                return 0;
        return sk_ASN1_OBJECT_push(aux->trust, objtmp);
 }
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
+int
+X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
 {
        X509_CERT_AUX *aux;
        ASN1_OBJECT *objtmp;
-        if(!(objtmp = OBJ_dup(obj))) return 0;
+        if (!(objtmp = OBJ_dup(obj)))
-        if(!(aux = aux_get(x))) return 0;
+                return 0;
-        if(!aux->reject
+        if (!(aux = aux_get(x)))
-                && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0;
+                return 0;
+        if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null()))
+                return 0;
        return sk_ASN1_OBJECT_push(aux->reject, objtmp);
 }
-void X509_trust_clear(X509 *x)
+void
+X509_trust_clear(X509 *x)
 {
-        if(x->aux && x->aux->trust) {
+        if (x->aux && x->aux->trust) {
                sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
                x->aux->trust = NULL;
        }
 }
-void X509_reject_clear(X509 *x)
+void
+X509_reject_clear(X509 *x)
 {
-        if(x->aux && x->aux->reject) {
+        if (x->aux && x->aux->reject) {
                sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
                x->aux->reject = NULL;
        }
diff --git a/src/lib/libssl/src/crypto/asn1/x_algor.c b/src/lib/libssl/src/crypto/asn1/x_algor.c
index 7ae473485c..65f81e8692 100644
--- a/src/lib/libssl/src/crypto/asn1/x_algor.c
+++ b/src/lib/libssl/src/crypto/asn1/x_algor.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -66,8 +66,8 @@ ASN1_SEQUENCE(X509_ALGOR) = {
        ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
 } ASN1_SEQUENCE_END(X509_ALGOR)
-ASN1_ITEM_TEMPLATE(X509_ALGORS) = 
+ASN1_ITEM_TEMPLATE(X509_ALGORS) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
 ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
 IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
@@ -77,7 +77,8 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
 IMPLEMENT_STACK_OF(X509_ALGOR)
 IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
-int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
+int
+X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
 {
        if (!alg)
                return 0;
@@ -93,20 +94,20 @@ int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
                alg->algorithm = aobj;
        }
        if (ptype == 0)
-                return 1;       
+                return 1;
        if (ptype == V_ASN1_UNDEF) {
                if (alg->parameter) {
                        ASN1_TYPE_free(alg->parameter);
                        alg->parameter = NULL;
                }
-        }
+        } else
-        else
                ASN1_TYPE_set(alg->parameter, ptype, pval);
        return 1;
 }
-void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+void
-                                                X509_ALGOR *algor)
+X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
+    X509_ALGOR *algor)
 {
        if (paobj)
                *paobj = algor->algorithm;
@@ -114,8 +115,7 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
                if (algor->parameter == NULL) {
                        *pptype = V_ASN1_UNDEF;
                        return;
-                }
+                } else
-                else
                        *pptype = algor->parameter->type;
                if (ppval)
                        *ppval = algor->parameter->value.ptr;
@@ -124,7 +124,8 @@ void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
 /* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
-void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
+void
+X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
 {
        int param_type;
@@ -134,5 +135,4 @@ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
                param_type = V_ASN1_NULL;
        X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_attrib.c b/src/lib/libssl/src/crypto/asn1/x_attrib.c
index e620e1224e..248a6efa4e 100644
--- a/src/lib/libssl/src/crypto/asn1/x_attrib.c
+++ b/src/lib/libssl/src/crypto/asn1/x_attrib.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -96,23 +96,30 @@ ASN1_SEQUENCE(X509_ATTRIBUTE) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
-X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
+X509_ATTRIBUTE *
+X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
 {
-        X509_ATTRIBUTE *ret=NULL;
+        X509_ATTRIBUTE *ret = NULL;
-        ASN1_TYPE *val=NULL;
+        ASN1_TYPE *val = NULL;
+        if ((ret = X509_ATTRIBUTE_new()) == NULL)
+                return (NULL);
+        ret->object = OBJ_nid2obj(nid);
+        ret->single = 0;
+        if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL)
+                goto err;
+        if ((val = ASN1_TYPE_new()) == NULL)
+                goto err;
+        if (!sk_ASN1_TYPE_push(ret->value.set, val))
+                goto err;
-        if ((ret=X509_ATTRIBUTE_new()) == NULL)
+        ASN1_TYPE_set(val, atrtype, value);
-                return(NULL);
+        return (ret);
-        ret->object=OBJ_nid2obj(nid);
-        ret->single=0;
-        if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
-        if ((val=ASN1_TYPE_new()) == NULL) goto err;
-        if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
-        ASN1_TYPE_set(val,atrtype,value);
-        return(ret);
 err:
-        if (ret != NULL) X509_ATTRIBUTE_free(ret);
+        if (ret != NULL)
-        if (val != NULL) ASN1_TYPE_free(val);
+                X509_ATTRIBUTE_free(ret);
-        return(NULL);
+        if (val != NULL)
+                ASN1_TYPE_free(val);
+        return (NULL);
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_bignum.c b/src/lib/libssl/src/crypto/asn1/x_bignum.c
index 9cf3204a1b..bc74164fdc 100644
--- a/src/lib/libssl/src/crypto/asn1/x_bignum.c
+++ b/src/lib/libssl/src/crypto/asn1/x_bignum.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -72,11 +72,14 @@
 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+    const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+    int utype, char *free_cont, const ASN1_ITEM *it);
 static ASN1_PRIMITIVE_FUNCS bignum_pf = {
-        NULL, 0,
+        NULL,
+        0,
        bn_new,
        bn_free,
        0,
@@ -85,55 +88,69 @@ static ASN1_PRIMITIVE_FUNCS bignum_pf = {
 };
 ASN1_ITEM_start(BIGNUM)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
 ASN1_ITEM_end(BIGNUM)
 ASN1_ITEM_start(CBIGNUM)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
 ASN1_ITEM_end(CBIGNUM)
-static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int
+bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
        *pval = (ASN1_VALUE *)BN_new();
-        if(*pval) return 1;
+        if (*pval)
-        else return 0;
+                return 1;
+        else
+                return 0;
 }
-static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static void
+bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-        if(!*pval) return;
+        if (!*pval)
-        if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
+                return;
-        else BN_free((BIGNUM *)*pval);
+        if (it->size & BN_SENSITIVE)
+                BN_clear_free((BIGNUM *)*pval);
+        else
+                BN_free((BIGNUM *)*pval);
        *pval = NULL;
 }
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+static int
+bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
 {
        BIGNUM *bn;
        int pad;
-        if(!*pval) return -1;
+        if (!*pval)
+                return -1;
        bn = (BIGNUM *)*pval;
        /* If MSB set in an octet we need a padding byte */
-        if(BN_num_bits(bn) & 0x7) pad = 0;
+        if (BN_num_bits(bn) & 0x7)
-        else pad = 1;
+                pad = 0;
-        if(cont) {
+        else
-                if(pad) *cont++ = 0;
+                pad = 1;
+        if (cont) {
+                if (pad)
+                        *cont++ = 0;
                BN_bn2bin(bn, cont);
        }
        return pad + BN_num_bytes(bn);
 }
-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+static int
-                  int utype, char *free_cont, const ASN1_ITEM *it)
+bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
+    char *free_cont, const ASN1_ITEM *it)
 {
        BIGNUM *bn;
-        if(!*pval) bn_new(pval, it);
-        bn  = (BIGNUM *)*pval;
+        if (!*pval)
-        if(!BN_bin2bn(cont, len, bn)) {
+                bn_new(pval, it);
+        bn = (BIGNUM *)*pval;
+        if (!BN_bin2bn(cont, len, bn)) {
                bn_free(pval, it);
                return 0;
        }
        return 1;
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_crl.c b/src/lib/libssl/src/crypto/asn1/x_crl.c
index ea94f026b2..674cca4a1c 100644
--- a/src/lib/libssl/src/crypto/asn1/x_crl.c
+++ b/src/lib/libssl/src/crypto/asn1/x_crl.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -64,23 +64,23 @@
 #include <openssl/x509v3.h>
 static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
-                                const X509_REVOKED * const *b);
+    const X509_REVOKED * const *b);
 static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
 ASN1_SEQUENCE(X509_REVOKED) = {
-        ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REVOKED, serialNumber, ASN1_INTEGER),
-        ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
+        ASN1_SIMPLE(X509_REVOKED, revocationDate, ASN1_TIME),
-        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+        ASN1_SEQUENCE_OF_OPT(X509_REVOKED, extensions, X509_EXTENSION)
 } ASN1_SEQUENCE_END(X509_REVOKED)
 static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
-static int def_crl_lookup(X509_CRL *crl,
+static int def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret,
-                X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer);
+    ASN1_INTEGER *serial, X509_NAME *issuer);
-static X509_CRL_METHOD int_crl_meth =
+static X509_CRL_METHOD int_crl_meth = {
-{
+        0,
+        0,
        0,
-        0,0,
        def_crl_lookup,
        def_crl_verify
 };
@@ -91,18 +91,19 @@ static const X509_CRL_METHOD *default_crl_method = &int_crl_meth;
 * Since we cache the original encoding the signature wont be affected by
 * reordering of the revoked field.
 */
-static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                                                                void *exarg)
+crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
        X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
-        if(!a || !a->revoked) return 1;
+        if (!a || !a->revoked)
-        switch(operation) {
+                return 1;
+        switch (operation) {
                /* Just set cmp function here. We don't sort because that
                 * would affect the output of X509_CRL_print().
                 */
        case ASN1_OP_D2I_POST:
-                (void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
+                (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp);
                break;
        }
        return 1;
@@ -123,9 +124,9 @@ ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
 * Check for unhandled critical CRL entry extensions.
 */
-static int crl_set_issuers(X509_CRL *crl)
+static int
+crl_set_issuers(X509_CRL *crl)
 {
        int i, j;
        GENERAL_NAMES *gens, *gtmp;
        STACK_OF(X509_REVOKED) *revoked;
@@ -138,9 +139,8 @@ static int crl_set_issuers(X509_CRL *crl)
                STACK_OF(X509_EXTENSION) *exts;
                ASN1_ENUMERATED *reason;
                X509_EXTENSION *ext;
-                gtmp = X509_REVOKED_get_ext_d2i(rev, 
+                gtmp = X509_REVOKED_get_ext_d2i(rev, NID_certificate_issuer,
-                                                NID_certificate_issuer,
+                    &j, NULL);
-                                                &j, NULL);
                if (!gtmp && (j != -1)) {
                        crl->flags |= EXFLAG_INVALID;
                        return 1;
@@ -159,7 +159,7 @@ static int crl_set_issuers(X509_CRL *crl)
                rev->issuer = gens;
                reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason,
-                                                                &j, NULL);
+                    &j, NULL);
                if (!reason && (j != -1)) {
                        crl->flags |= EXFLAG_INVALID;
                        return 1;
@@ -169,7 +169,7 @@ static int crl_set_issuers(X509_CRL *crl)
                        rev->reason = ASN1_ENUMERATED_get(reason);
                        ASN1_ENUMERATED_free(reason);
                } else
-                        rev->reason = CRL_REASON_NONE;  
+                        rev->reason = CRL_REASON_NONE;
                /* Check for critical CRL entry extensions */
@@ -179,32 +179,29 @@ static int crl_set_issuers(X509_CRL *crl)
                        ext = sk_X509_EXTENSION_value(exts, j);
                        if (ext->critical > 0) {
                                if (OBJ_obj2nid(ext->object) ==
-                                        NID_certificate_issuer)
+                                    NID_certificate_issuer)
                                        continue;
                                crl->flags |= EXFLAG_CRITICAL;
                                break;
                        }
                }
        }
        return 1;
 }
 /* The X509_CRL structure needs a bit of customisation. Cache some extensions
 * and hash of the whole CRL.
 */
-static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                                                                void *exarg)
+crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
        X509_CRL *crl = (X509_CRL *)*pval;
        STACK_OF(X509_EXTENSION) *exts;
        X509_EXTENSION *ext;
        int idx;
-        switch(operation) {
+        switch (operation) {
        case ASN1_OP_NEW_POST:
                crl->idp = NULL;
                crl->akid = NULL;
@@ -223,23 +220,23 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL);
 #endif
                crl->idp = X509_CRL_get_ext_d2i(crl,
-                                NID_issuing_distribution_point, NULL, NULL);
+                    NID_issuing_distribution_point, NULL, NULL);
                if (crl->idp)
                        setup_idp(crl, crl->idp);
                crl->akid = X509_CRL_get_ext_d2i(crl,
-                                NID_authority_key_identifier, NULL, NULL);      
+                    NID_authority_key_identifier, NULL, NULL);
                crl->crl_number = X509_CRL_get_ext_d2i(crl,
-                                NID_crl_number, NULL, NULL);    
+                    NID_crl_number, NULL, NULL);
                crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
-                                NID_delta_crl, NULL, NULL);     
+                    NID_delta_crl, NULL, NULL);
                /* Delta CRLs must have CRL number */
                if (crl->base_crl_number && !crl->crl_number)
                        crl->flags |= EXFLAG_INVALID;
-                /* See if we have any unhandled critical CRL extensions and 
+                /* See if we have any unhandled critical CRL extensions and
                 * indicate this in a flag. We only currently handle IDP so
                 * anything else critical sets the flag.
                 *
@@ -257,15 +254,14 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                                crl->flags |= EXFLAG_FRESHEST;
                        if (ext->critical > 0) {
                                /* We handle IDP and deltas */
-                                if ((nid == NID_issuing_distribution_point)
+                                if ((nid == NID_issuing_distribution_point) ||
-                                        || (nid == NID_delta_crl))
+                                    (nid == NID_delta_crl))
                                        break;;
                                crl->flags |= EXFLAG_CRITICAL;
                                break;
                        }
                }
                if (!crl_set_issuers(crl))
                        return 0;
@@ -294,9 +290,11 @@ static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
 /* Convert IDP into a more convenient form */
-static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
+static void
+setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
 {
        int idp_only = 0;
        /* Set various flags according to IDP */
        crl->idp_flags |= IDP_PRESENT;
        if (idp->onlyuser > 0) {
@@ -324,7 +322,7 @@ static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
                        crl->idp_reasons = idp->onlysomereasons->data[0];
                if (idp->onlysomereasons->length > 1)
                        crl->idp_reasons |=
-                                (idp->onlysomereasons->data[1] << 8);
+                            (idp->onlysomereasons->data[1] << 8);
                crl->idp_reasons &= CRLDP_ALL_REASONS;
        }
@@ -342,60 +340,65 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
 IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
-static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
+static int
-                        const X509_REVOKED * const *b)
+X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b)
 {
        return(ASN1_STRING_cmp(
-                (ASN1_STRING *)(*a)->serialNumber,
+            (ASN1_STRING *)(*a)->serialNumber,
-                (ASN1_STRING *)(*b)->serialNumber));
+            (ASN1_STRING *)(*b)->serialNumber));
 }
-int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+int
+X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
 {
        X509_CRL_INFO *inf;
        inf = crl->crl;
-        if(!inf->revoked)
+        if (!inf->revoked)
                inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
-        if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+        if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
                ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
                return 0;
-}
+        }
        inf->enc.modified = 1;
        return 1;
 }
-int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
+int
+X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
 {
        if (crl->meth->crl_verify)
                return crl->meth->crl_verify(crl, r);
        return 0;
 }
-int X509_CRL_get0_by_serial(X509_CRL *crl,
+int
-                X509_REVOKED **ret, ASN1_INTEGER *serial)
+X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret,
+    ASN1_INTEGER *serial)
 {
        if (crl->meth->crl_lookup)
                return crl->meth->crl_lookup(crl, ret, serial, NULL);
        return 0;
 }
-int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
+int
+X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
 {
        if (crl->meth->crl_lookup)
                return crl->meth->crl_lookup(crl, ret,
-                                                X509_get_serialNumber(x),
+                    X509_get_serialNumber(x), X509_get_issuer_name(x));
-                                                X509_get_issuer_name(x));
        return 0;
 }
-static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
+static int
+def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
 {
        return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
-                crl->sig_alg, crl->signature,crl->crl,r));
+            crl->sig_alg, crl->signature, crl->crl, r));
 }
-static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
+static int
-                                                X509_REVOKED *rev)
+crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, X509_REVOKED *rev)
 {
        int i;
@@ -421,11 +424,13 @@ static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
 }
-static int def_crl_lookup(X509_CRL *crl,
+static int
-                X509_REVOKED **ret, ASN1_INTEGER *serial, X509_NAME *issuer)
+def_crl_lookup(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial,
+    X509_NAME *issuer)
 {
        X509_REVOKED rtmp, *rev;
        int idx;
        rtmp.serialNumber = serial;
        /* Sort revoked into serial number order if not already sorted.
         * Do this under a lock to avoid race condition.
@@ -436,10 +441,10 @@ static int def_crl_lookup(X509_CRL *crl,
                CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
        }
        idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
-        if(idx < 0)
+        if (idx < 0)
                return 0;
        /* Need to look for matching name */
-        for(;idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) {
+        for (; idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) {
                rev = sk_X509_REVOKED_value(crl->crl->revoked, idx);
                if (ASN1_INTEGER_cmp(rev->serialNumber, serial))
                        return 0;
@@ -454,22 +459,24 @@ static int def_crl_lookup(X509_CRL *crl,
        return 0;
 }
-void X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
+void
+X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
 {
        if (meth == NULL)
                default_crl_method = &int_crl_meth;
-        else 
+        else
                default_crl_method = meth;
 }
-X509_CRL_METHOD *X509_CRL_METHOD_new(
+X509_CRL_METHOD *
-        int (*crl_init)(X509_CRL *crl),
+X509_CRL_METHOD_new(int (*crl_init)(X509_CRL *crl),
-        int (*crl_free)(X509_CRL *crl),
+    int (*crl_free)(X509_CRL *crl),
-        int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
+    int (*crl_lookup)(X509_CRL *crl, X509_REVOKED **ret,
-                                ASN1_INTEGER *ser, X509_NAME *issuer),
+    ASN1_INTEGER *ser, X509_NAME *issuer),
-        int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk))
+    int (*crl_verify)(X509_CRL *crl, EVP_PKEY *pk))
 {
        X509_CRL_METHOD *m;
        m = malloc(sizeof(X509_CRL_METHOD));
        if (!m)
                return NULL;
@@ -481,19 +488,22 @@ X509_CRL_METHOD *X509_CRL_METHOD_new(
        return m;
 }
-void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
+void
+X509_CRL_METHOD_free(X509_CRL_METHOD *m)
 {
        if (!(m->flags & X509_CRL_METHOD_DYNAMIC))
                return;
        free(m);
 }
-void X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
+void
+X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
 {
        crl->meth_data = dat;
 }
-void *X509_CRL_get_meth_data(X509_CRL *crl)
+void *
+X509_CRL_get_meth_data(X509_CRL *crl)
 {
        return crl->meth_data;
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_exten.c b/src/lib/libssl/src/crypto/asn1/x_exten.c
index 3a21239926..5b3f49ed0f 100644
--- a/src/lib/libssl/src/crypto/asn1/x_exten.c
+++ b/src/lib/libssl/src/crypto/asn1/x_exten.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -67,8 +67,8 @@ ASN1_SEQUENCE(X509_EXTENSION) = {
        ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(X509_EXTENSION)
-ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = 
+ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
 ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
 IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
diff --git a/src/lib/libssl/src/crypto/asn1/x_info.c b/src/lib/libssl/src/crypto/asn1/x_info.c
index 07ce15dbd7..4d3e2ebd17 100644
--- a/src/lib/libssl/src/crypto/asn1/x_info.c
+++ b/src/lib/libssl/src/crypto/asn1/x_info.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -62,42 +62,49 @@
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
-X509_INFO *X509_INFO_new(void)
+X509_INFO *
+X509_INFO_new(void)
 {
-        X509_INFO *ret=NULL;
+        X509_INFO *ret = NULL;
-        ret=(X509_INFO *)malloc(sizeof(X509_INFO));
+        ret = (X509_INFO *)malloc(sizeof(X509_INFO));
        if (ret == NULL) {
-                ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
+                ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE);
-                return(NULL);
+                return (NULL);
        }
- 
-        ret->enc_cipher.cipher=NULL;
+        ret->enc_cipher.cipher = NULL;
-        ret->enc_len=0;
+        ret->enc_len = 0;
-        ret->enc_data=NULL;
+        ret->enc_data = NULL;
- 
-        ret->references=1;
+        ret->references = 1;
-        ret->x509=NULL;
+        ret->x509 = NULL;
-        ret->crl=NULL;
+        ret->crl = NULL;
-        ret->x_pkey=NULL;
+        ret->x_pkey = NULL;
-        return(ret);
+        return (ret);
 }
-void X509_INFO_free(X509_INFO *x)
+void
+X509_INFO_free(X509_INFO *x)
 {
        int i;
-        if (x == NULL) return;
+        if (x == NULL)
+                return;
-        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
+        i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_INFO);
-        if (i > 0) return;
+        if (i > 0)
+                return;
-        if (x->x509 != NULL) X509_free(x->x509);
+        if (x->x509 != NULL)
-        if (x->crl != NULL) X509_CRL_free(x->crl);
+                X509_free(x->x509);
-        if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
+        if (x->crl != NULL)
-        if (x->enc_data != NULL) free(x->enc_data);
+                X509_CRL_free(x->crl);
+        if (x->x_pkey != NULL)
+                X509_PKEY_free(x->x_pkey);
+        if (x->enc_data != NULL)
+                free(x->enc_data);
        free(x);
 }
 IMPLEMENT_STACK_OF(X509_INFO)
diff --git a/src/lib/libssl/src/crypto/asn1/x_long.c b/src/lib/libssl/src/crypto/asn1/x_long.c
index 1417284d3c..81dcc4fc29 100644
--- a/src/lib/libssl/src/crypto/asn1/x_long.c
+++ b/src/lib/libssl/src/crypto/asn1/x_long.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -84,25 +84,29 @@ static ASN1_PRIMITIVE_FUNCS long_pf = {
 };
 ASN1_ITEM_start(LONG)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
 ASN1_ITEM_end(LONG)
 ASN1_ITEM_start(ZLONG)
-        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
 ASN1_ITEM_end(ZLONG)
-static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int
+long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
        *(long *)pval = it->size;
        return 1;
 }
-static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static void
+long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
        *(long *)pval = it->size;
 }
-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+static int
+long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+    const ASN1_ITEM *it)
 {
        long ltmp;
        unsigned long utmp;
@@ -113,58 +117,70 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A
        /* use memcpy, because we may not be long aligned */
        memcpy(&ltmp, cp, sizeof(long));
-        if(ltmp == it->size) return -1;
+        if (ltmp == it->size)
+                return -1;
        /* Convert the long to positive: we subtract one if negative so
         * we can cleanly handle the padding if only the MSB of the leading
-         * octet is set. 
+         * octet is set.
         */
-        if(ltmp < 0) utmp = -ltmp - 1;
+        if (ltmp < 0)
-        else utmp = ltmp;
+                utmp = -ltmp - 1;
+        else
+                utmp = ltmp;
        clen = BN_num_bits_word(utmp);
        /* If MSB of leading octet set we need to pad */
-        if(!(clen & 0x7)) pad = 1;
+        if (!(clen & 0x7))
-        else pad = 0;
+                pad = 1;
+        else
+                pad = 0;
        /* Convert number of bits to number of octets */
        clen = (clen + 7) >> 3;
-        if(cont) {
+        if (cont) {
-                if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
+                if (pad)
-                for(i = clen - 1; i >= 0; i--) {
+                        *cont++ = (ltmp < 0) ? 0xff : 0;
+                for (i = clen - 1; i >= 0; i--) {
                        cont[i] = (unsigned char)(utmp & 0xff);
-                        if(ltmp < 0) cont[i] ^= 0xff;
+                        if (ltmp < 0)
+                                cont[i] ^= 0xff;
                        utmp >>= 8;
                }
        }
        return clen + pad;
 }
-static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+static int
-                    int utype, char *free_cont, const ASN1_ITEM *it)
+long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype,
+    char *free_cont, const ASN1_ITEM *it)
 {
        int neg, i;
        long ltmp;
        unsigned long utmp = 0;
        char *cp = (char *)pval;
-        if(len > (int)sizeof(long)) {
+        if (len > (int)sizeof(long)) {
                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
                return 0;
        }
        /* Is it negative? */
-        if(len && (cont[0] & 0x80)) neg = 1;
+        if (len && (cont[0] & 0x80))
-        else neg = 0;
+                neg = 1;
+        else
+                neg = 0;
        utmp = 0;
-        for(i = 0; i < len; i++) {
+        for (i = 0; i < len; i++) {
                utmp <<= 8;
-                if(neg) utmp |= cont[i] ^ 0xff;
+                if (neg)
-                else utmp |= cont[i];
+                        utmp |= cont[i] ^ 0xff;
+                else
+                        utmp |= cont[i];
        }
        ltmp = (long)utmp;
-        if(neg) {
+        if (neg) {
                ltmp++;
                ltmp = -ltmp;
        }
-        if(ltmp == it->size) {
+        if (ltmp == it->size) {
                ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
                return 0;
        }
@@ -172,8 +188,9 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
        return 1;
 }
-static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                        int indent, const ASN1_PCTX *pctx)
+long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent,
+    const ASN1_PCTX *pctx)
 {
        return BIO_printf(out, "%ld\n", *(long *)pval);
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_name.c b/src/lib/libssl/src/crypto/asn1/x_name.c
index d10ac5acd1..70459babc4 100644
--- a/src/lib/libssl/src/crypto/asn1/x_name.c
+++ b/src/lib/libssl/src/crypto/asn1/x_name.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -66,13 +66,12 @@
 typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
 DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
-static int x509_name_ex_d2i(ASN1_VALUE **val,
+static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in,
-                                const unsigned char **in, long len,
+    long len, const ASN1_ITEM *it, int tag, int aclass, char opt,
-                                const ASN1_ITEM *it,
+    ASN1_TLC *ctx);
-                                int tag, int aclass, char opt, ASN1_TLC *ctx);
 static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
-                                const ASN1_ITEM *it, int tag, int aclass);
+    const ASN1_ITEM *it, int tag, int aclass);
 static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
 static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
@@ -80,13 +79,10 @@ static int x509_name_encode(X509_NAME *a);
 static int x509_name_canon(X509_NAME *a);
 static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in);
 static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname,
-                          unsigned char **in);
+    unsigned char **in);
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, int indent,
-static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+    const char *fname, const ASN1_PCTX *pctx);
-                                                int indent,
-                                                const char *fname, 
-                                                const ASN1_PCTX *pctx);
 ASN1_SEQUENCE(X509_NAME_ENTRY) = {
        ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
@@ -101,11 +97,11 @@ IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
 */
 ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
 ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
 ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
-        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+    ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
 ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
 /* Normally that's where it would end: we'd have two nested STACK structures
@@ -124,26 +120,30 @@ const ASN1_EXTERN_FUNCS x509_name_ff = {
        x509_name_ex_print
 };
-IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)
 IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
-static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+static int
+x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
 {
        X509_NAME *ret = NULL;
        ret = malloc(sizeof(X509_NAME));
-        if(!ret) goto memerr;
+        if (!ret)
-        if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
+                goto memerr;
+        if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
+                goto memerr;
+        if ((ret->bytes = BUF_MEM_new()) == NULL)
                goto memerr;
-        if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
        ret->canon_enc = NULL;
        ret->canon_enclen = 0;
-        ret->modified=1;
+        ret->modified = 1;
        *val = (ASN1_VALUE *)ret;
        return 1;
- memerr:
+memerr:
        ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
        if (ret) {
                if (ret->entries)
@@ -153,54 +153,64 @@ static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
        return 0;
 }
-static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static void
+x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
        X509_NAME *a;
-        if(!pval || !*pval)
-            return;
+        if (!pval || !*pval)
+                return;
        a = (X509_NAME *)*pval;
        BUF_MEM_free(a->bytes);
-        sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
+        sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
        if (a->canon_enc)
                free(a->canon_enc);
        free(a);
        *pval = NULL;
 }
-static int x509_name_ex_d2i(ASN1_VALUE **val,
+static int
-                        const unsigned char **in, long len, const ASN1_ITEM *it,
+x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
-                                int tag, int aclass, char opt, ASN1_TLC *ctx)
+    const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx)
 {
        const unsigned char *p = *in, *q;
-        union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+        union {
-                ASN1_VALUE *a; } intname = {NULL};
+                STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
-        union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
+                ASN1_VALUE *a;
+        } intname = {NULL};
+        union {
+                X509_NAME *x;
+                ASN1_VALUE *a;
+        } nm = {NULL};
        int i, j, ret;
        STACK_OF(X509_NAME_ENTRY) *entries;
        X509_NAME_ENTRY *entry;
        q = p;
        /* Get internal representation of Name */
-        ret = ASN1_item_ex_d2i(&intname.a,
+        ret = ASN1_item_ex_d2i(&intname.a, &p, len,
-                               &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+            ASN1_ITEM_rptr(X509_NAME_INTERNAL), tag, aclass, opt, ctx);
-                               tag, aclass, opt, ctx);
-        
+        if (ret <= 0)
-        if(ret <= 0) return ret;
+                return ret;
-        if(*val) x509_name_ex_free(val, NULL);
+        if (*val)
-        if(!x509_name_ex_new(&nm.a, NULL)) goto err;
+                x509_name_ex_free(val, NULL);
+        if (!x509_name_ex_new(&nm.a, NULL))
+                goto err;
        /* We've decoded it: now cache encoding */
-        if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err;
+        if (!BUF_MEM_grow(nm.x->bytes, p - q))
+                goto err;
        memcpy(nm.x->bytes->data, q, p - q);
        /* Convert internal representation to X509_NAME structure */
-        for(i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
+        for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
                entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
-                for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+                for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
                        entry = sk_X509_NAME_ENTRY_value(entries, j);
                        entry->set = i;
-                        if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
+                        if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
                                goto err;
                }
                sk_X509_NAME_ENTRY_free(entries);
@@ -213,90 +223,104 @@ static int x509_name_ex_d2i(ASN1_VALUE **val,
        *val = nm.a;
        *in = p;
        return ret;
 err:
-        if (nm.x != NULL)
+        if (nm.x != NULL)
                X509_NAME_free(nm.x);
        ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
        return 0;
 }
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+static int
+x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it,
+    int tag, int aclass)
 {
        int ret;
        X509_NAME *a = (X509_NAME *)*val;
-        if(a->modified) {
+        if (a->modified) {
                ret = x509_name_encode(a);
-                if(ret < 0)
+                if (ret < 0)
                        return ret;
                ret = x509_name_canon(a);
-                if(ret < 0)
+                if (ret < 0)
                        return ret;
        }
        ret = a->bytes->length;
-        if(out != NULL) {
+        if (out != NULL) {
-                memcpy(*out,a->bytes->data,ret);
+                memcpy(*out, a->bytes->data, ret);
-                *out+=ret;
+                *out += ret;
        }
        return ret;
 }
-static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
+static void
+local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
 {
        sk_X509_NAME_ENTRY_free(ne);
 }
-static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
+static void
+local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
 {
        sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
 }
-static int x509_name_encode(X509_NAME *a)
+static int
+x509_name_encode(X509_NAME *a)
 {
-        union { STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+        union {
-                ASN1_VALUE *a; } intname = {NULL};
+                STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+                ASN1_VALUE *a;
+        } intname = {NULL};
        int len;
        unsigned char *p;
        STACK_OF(X509_NAME_ENTRY) *entries = NULL;
        X509_NAME_ENTRY *entry;
        int i, set = -1;
        intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
-        if(!intname.s) goto memerr;
+        if (!intname.s)
-        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+                goto memerr;
+        for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
                entry = sk_X509_NAME_ENTRY_value(a->entries, i);
-                if(entry->set != set) {
+                if (entry->set != set) {
                        entries = sk_X509_NAME_ENTRY_new_null();
-                        if(!entries) goto memerr;
+                        if (!entries)
-                        if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s,
+                                goto memerr;
-                                                             entries))
+                        if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s,
+                            entries))
                                goto memerr;
                        set = entry->set;
                }
-                if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
+                if (!sk_X509_NAME_ENTRY_push(entries, entry))
+                        goto memerr;
        }
        len = ASN1_item_ex_i2d(&intname.a, NULL,
-                               ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+            ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-        if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
+        if (!BUF_MEM_grow(a->bytes, len))
-        p=(unsigned char *)a->bytes->data;
+                goto memerr;
-        ASN1_item_ex_i2d(&intname.a,
+        p = (unsigned char *)a->bytes->data;
-                         &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+        ASN1_item_ex_i2d(&intname.a, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+            -1, -1);
        sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
-                                             local_sk_X509_NAME_ENTRY_free);
+            local_sk_X509_NAME_ENTRY_free);
        a->modified = 0;
        return len;
 memerr:
        sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
-                                             local_sk_X509_NAME_ENTRY_free);
+            local_sk_X509_NAME_ENTRY_free);
        ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
        return -1;
 }
-static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+static int
-                                                int indent,
+x509_name_ex_print(BIO *out, ASN1_VALUE **pval, int indent, const char *fname,
-                                                const char *fname, 
+    const ASN1_PCTX *pctx)
-                                                const ASN1_PCTX *pctx)
 {
-        if (X509_NAME_print_ex(out, (X509_NAME *)*pval,
+        if (X509_NAME_print_ex(out, (X509_NAME *)*pval, indent,
-                                        indent, pctx->nm_flags) <= 0)
+            pctx->nm_flags) <= 0)
                return 0;
        return 2;
 }
@@ -314,7 +338,8 @@ static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
 * dirName can also be checked with a simple memcmp().
 */
-static int x509_name_canon(X509_NAME *a)
+static int
+x509_name_canon(X509_NAME *a)
 {
        unsigned char *p;
        STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
@@ -325,22 +350,22 @@ static int x509_name_canon(X509_NAME *a)
        if (a->canon_enc) {
                free(a->canon_enc);
                a->canon_enc = NULL;
-                }
+        }
        /* Special case: empty X509_NAME => null encoding */
        if (sk_X509_NAME_ENTRY_num(a->entries) == 0) {
                a->canon_enclen = 0;
                return 1;
        }
        intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
-        if(!intname)
+        if (!intname)
                goto err;
-        for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
                entry = sk_X509_NAME_ENTRY_value(a->entries, i);
-                if(entry->set != set) {
+                if (entry->set != set) {
                        entries = sk_X509_NAME_ENTRY_new_null();
-                        if(!entries)
+                        if (!entries)
                                goto err;
-                        if(!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
+                        if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
                                goto err;
                        set = entry->set;
                }
@@ -348,33 +373,27 @@ static int x509_name_canon(X509_NAME *a)
                tmpentry->object = OBJ_dup(entry->object);
                if (!asn1_string_canon(tmpentry->value, entry->value))
                        goto err;
-                if(!sk_X509_NAME_ENTRY_push(entries, tmpentry))
+                if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))
                        goto err;
                tmpentry = NULL;
        }
        /* Finally generate encoding */
        a->canon_enclen = i2d_name_canon(intname, NULL);
        p = malloc(a->canon_enclen);
        if (!p)
                goto err;
        a->canon_enc = p;
        i2d_name_canon(intname, &p);
        ret = 1;
-        err:
+err:
        if (tmpentry)
                X509_NAME_ENTRY_free(tmpentry);
        if (intname)
                sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
-                                        local_sk_X509_NAME_ENTRY_pop_free);
+                    local_sk_X509_NAME_ENTRY_pop_free);
        return ret;
 }
@@ -384,9 +403,10 @@ static int x509_name_canon(X509_NAME *a)
        (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \
        | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
        | B_ASN1_VISIBLESTRING)
-        
-static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
+static int
+asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
 {
        unsigned char *to, *from;
        int len, i;
@@ -415,7 +435,7 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
         */
        /* Ignore leading spaces */
-        while((len > 0) && !(*from & 0x80) && isspace(*from)) {
+        while ((len > 0) && !(*from & 0x80) && isspace(*from)) {
                from++;
                len--;
        }
@@ -431,24 +451,24 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
        to = out->data;
        i = 0;
-        while(i < len) {
+        while (i < len) {
                /* If MSB set just copy across */
                if (*from & 0x80) {
                        *to++ = *from++;
                        i++;
-                        }
+                }
                /* Collapse multiple spaces */
                else if (isspace(*from)) {
                        /* Copy one space across */
                        *to++ = ' ';
                        /* Ignore subsequent spaces. Note: don't need to
-                         * check len here because we know the last 
+                         * check len here because we know the last
                         * character is a non-space so we can't overflow.
                         */
                        do {
                                from++;
                                i++;
-                        } while(!(*from & 0x80) && isspace(*from));
+                        } while (!(*from & 0x80) && isspace(*from));
                } else {
                        *to++ = tolower(*from);
                        from++;
@@ -459,11 +479,10 @@ static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
        out->length = to - out->data;
        return 1;
 }
-static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
+static int
-                          unsigned char **in)
+i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname, unsigned char **in)
 {
        int i, len, ltmp;
        ASN1_VALUE *v;
@@ -473,7 +492,7 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
        for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) {
                v = sk_ASN1_VALUE_value(intname, i);
                ltmp = ASN1_item_ex_i2d(&v, in,
-                        ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
+                    ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
                if (ltmp < 0)
                        return ltmp;
                len += ltmp;
@@ -481,21 +500,23 @@ static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname,
        return len;
 }
-int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
+int
+X509_NAME_set(X509_NAME **xn, X509_NAME *name)
 {
        X509_NAME *in;
-        if (!xn || !name) return(0);
+        if (!xn || !name)
+                return (0);
        if (*xn != name) {
-                in=X509_NAME_dup(name);
+                in = X509_NAME_dup(name);
                if (in != NULL) {
                        X509_NAME_free(*xn);
-                        *xn=in;
+                        *xn = in;
                }
        }
-        return(*xn != NULL);
+        return (*xn != NULL);
 }
-        
 IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
 IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
diff --git a/src/lib/libssl/src/crypto/asn1/x_nx509.c b/src/lib/libssl/src/crypto/asn1/x_nx509.c
index fbd9a22db3..538a9f95eb 100644
--- a/src/lib/libssl/src/crypto/asn1/x_nx509.c
+++ b/src/lib/libssl/src/crypto/asn1/x_nx509.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -69,4 +69,3 @@ ASN1_SEQUENCE(NETSCAPE_X509) = {
 } ASN1_SEQUENCE_END(NETSCAPE_X509)
 IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_X509)
diff --git a/src/lib/libssl/src/crypto/asn1/x_pkey.c b/src/lib/libssl/src/crypto/asn1/x_pkey.c
index eac134a1ee..d18b8f6f5e 100644
--- a/src/lib/libssl/src/crypto/asn1/x_pkey.c
+++ b/src/lib/libssl/src/crypto/asn1/x_pkey.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -64,75 +64,85 @@
 #include <openssl/x509.h>
 /* need to implement */
-int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
+int
+i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
 {
-        return(0);
+        return (0);
 }
-X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
+X509_PKEY *
+d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
 {
        int i;
-        M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
+        M_ASN1_D2I_vars(a, X509_PKEY *, X509_PKEY_new);
        M_ASN1_D2I_Init();
        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get_x(X509_ALGOR,ret->enc_algor,d2i_X509_ALGOR);
+        M_ASN1_D2I_get_x(X509_ALGOR, ret->enc_algor, d2i_X509_ALGOR);
-        M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->enc_pkey,d2i_ASN1_OCTET_STRING);
+        M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->enc_pkey,
+            d2i_ASN1_OCTET_STRING);
-        ret->cipher.cipher=EVP_get_cipherbyname(
+        ret->cipher.cipher = EVP_get_cipherbyname(
-                OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
+            OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
        if (ret->cipher.cipher == NULL) {
-                c.error=ASN1_R_UNSUPPORTED_CIPHER;
+                c.error = ASN1_R_UNSUPPORTED_CIPHER;
-                c.line=__LINE__;
+                c.line = __LINE__;
                goto err;
        }
        if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) {
-                i=ret->enc_algor->parameter->value.octet_string->length;
+                i = ret->enc_algor->parameter->value.octet_string->length;
                if (i > EVP_MAX_IV_LENGTH) {
-                        c.error=ASN1_R_IV_TOO_LARGE;
+                        c.error = ASN1_R_IV_TOO_LARGE;
-                        c.line=__LINE__;
+                        c.line = __LINE__;
                        goto err;
                }
                memcpy(ret->cipher.iv,
-                        ret->enc_algor->parameter->value.octet_string->data,i);
+                    ret->enc_algor->parameter->value.octet_string->data, i);
-        }
+        } else
-        else
+                memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
-                memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+        M_ASN1_D2I_Finish(a, X509_PKEY_free, ASN1_F_D2I_X509_PKEY);
-        M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
 }
-X509_PKEY *X509_PKEY_new(void)
+X509_PKEY *
+X509_PKEY_new(void)
 {
-        X509_PKEY *ret=NULL;
+        X509_PKEY *ret = NULL;
        ASN1_CTX c;
-        M_ASN1_New_Malloc(ret,X509_PKEY);
+        M_ASN1_New_Malloc(ret, X509_PKEY);
-        ret->version=0;
+        ret->version = 0;
-        M_ASN1_New(ret->enc_algor,X509_ALGOR_new);
+        M_ASN1_New(ret->enc_algor, X509_ALGOR_new);
-        M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new);
+        M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new);
-        ret->dec_pkey=NULL;
+        ret->dec_pkey = NULL;
-        ret->key_length=0;
+        ret->key_length = 0;
-        ret->key_data=NULL;
+        ret->key_data = NULL;
-        ret->key_free=0;
+        ret->key_free = 0;
-        ret->cipher.cipher=NULL;
+        ret->cipher.cipher = NULL;
-        memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
+        memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
-        ret->references=1;
+        ret->references = 1;
-        return(ret);
+        return (ret);
        M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
 }
-void X509_PKEY_free(X509_PKEY *x)
+void
+X509_PKEY_free(X509_PKEY *x)
 {
        int i;
-        if (x == NULL) return;
+        if (x == NULL)
+                return;
-        i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);
+        i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY);
-        if (i > 0) return;
+        if (i > 0)
+                return;
-        if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
+        if (x->enc_algor != NULL)
-        if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey);
+                X509_ALGOR_free(x->enc_algor);
-        if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
+        if (x->enc_pkey != NULL)
-        if ((x->key_data != NULL) && (x->key_free)) free(x->key_data);
+                M_ASN1_OCTET_STRING_free(x->enc_pkey);
+        if (x->dec_pkey != NULL)
+                EVP_PKEY_free(x->dec_pkey);
+        if ((x->key_data != NULL) && (x->key_free))
+                free(x->key_data);
        free(x);
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_pubkey.c b/src/lib/libssl/src/crypto/asn1/x_pubkey.c
index 1d6ab6580a..df915e2dfd 100644
--- a/src/lib/libssl/src/crypto/asn1/x_pubkey.c
+++ b/src/lib/libssl/src/crypto/asn1/x_pubkey.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -69,8 +69,8 @@
 #endif
 /* Minor tweak to operation: free up EVP_PKEY */
-static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                        void *exarg)
+pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
        if (operation == ASN1_OP_FREE_POST) {
                X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
@@ -86,54 +86,61 @@ ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
-int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
+int
+X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
 {
-        X509_PUBKEY *pk=NULL;
+        X509_PUBKEY *pk = NULL;
-        if (x == NULL) return(0);
+        if (x == NULL)
+                return (0);
-        if ((pk=X509_PUBKEY_new()) == NULL) goto error;
+        if ((pk = X509_PUBKEY_new()) == NULL)
+                goto error;
        if (pkey->ameth) {
                if (pkey->ameth->pub_encode) {
                        if (!pkey->ameth->pub_encode(pk, pkey)) {
                                X509err(X509_F_X509_PUBKEY_SET,
-                                        X509_R_PUBLIC_KEY_ENCODE_ERROR);
+                                    X509_R_PUBLIC_KEY_ENCODE_ERROR);
                                goto error;
                        }
                } else {
                        X509err(X509_F_X509_PUBKEY_SET,
-                                X509_R_METHOD_NOT_SUPPORTED);
+                            X509_R_METHOD_NOT_SUPPORTED);
                        goto error;
                }
        } else {
-                X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
+                X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM);
                goto error;
        }
        if (*x != NULL)
                X509_PUBKEY_free(*x);
-        *x=pk;
+        *x = pk;
        return 1;
 error:
-        if (pk != NULL) X509_PUBKEY_free(pk);
+        if (pk != NULL)
+                X509_PUBKEY_free(pk);
        return 0;
 }
-EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+EVP_PKEY *
+X509_PUBKEY_get(X509_PUBKEY *key)
 {
-        EVP_PKEY *ret=NULL;
+        EVP_PKEY *ret = NULL;
-        if (key == NULL) goto error;
+        if (key == NULL)
+                goto error;
        if (key->pkey != NULL) {
                CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
                return key->pkey;
        }
-        if (key->public_key == NULL) goto error;
+        if (key->public_key == NULL)
+                goto error;
        if ((ret = EVP_PKEY_new()) == NULL) {
                X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
@@ -141,14 +148,14 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
        }
        if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) {
-                X509err(X509_F_X509_PUBKEY_GET,X509_R_UNSUPPORTED_ALGORITHM);
+                X509err(X509_F_X509_PUBKEY_GET, X509_R_UNSUPPORTED_ALGORITHM);
                goto error;
        }
        if (ret->ameth->pub_decode) {
                if (!ret->ameth->pub_decode(ret, key)) {
                        X509err(X509_F_X509_PUBKEY_GET,
-                                                X509_R_PUBLIC_KEY_DECODE_ERROR);
+                            X509_R_PUBLIC_KEY_DECODE_ERROR);
                        goto error;
                }
        } else {
@@ -170,39 +177,44 @@ EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
        return ret;
-        error:
+error:
        if (ret != NULL)
                EVP_PKEY_free(ret);
-        return(NULL);
+        return (NULL);
 }
 /* Now two pseudo ASN1 routines that take an EVP_PKEY structure
 * and encode or decode as X509_PUBKEY
 */
-EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,
+EVP_PKEY *
-             long length)
+d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
 {
        X509_PUBKEY *xpk;
        EVP_PKEY *pktmp;
        xpk = d2i_X509_PUBKEY(NULL, pp, length);
-        if(!xpk) return NULL;
+        if (!xpk)
+                return NULL;
        pktmp = X509_PUBKEY_get(xpk);
        X509_PUBKEY_free(xpk);
-        if(!pktmp) return NULL;
+        if (!pktmp)
-        if(a) {
+                return NULL;
+        if (a) {
                EVP_PKEY_free(*a);
                *a = pktmp;
        }
        return pktmp;
 }
-int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
+int
+i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
 {
-        X509_PUBKEY *xpk=NULL;
+        X509_PUBKEY *xpk = NULL;
        int ret;
-        if(!a) return 0;
+        if (!a)
-        if(!X509_PUBKEY_set(&xpk, a)) return 0;
+                return 0;
+        if (!X509_PUBKEY_set(&xpk, a))
+                return 0;
        ret = i2d_X509_PUBKEY(xpk, pp);
        X509_PUBKEY_free(xpk);
        return ret;
@@ -212,18 +224,20 @@ int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
 * keys
 */
 #ifndef OPENSSL_NO_RSA
-RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
+RSA *
-             long length)
+d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length)
 {
        EVP_PKEY *pkey;
        RSA *key;
        const unsigned char *q;
        q = *pp;
        pkey = d2i_PUBKEY(NULL, &q, length);
-        if (!pkey) return NULL;
+        if (!pkey)
+                return NULL;
        key = EVP_PKEY_get1_RSA(pkey);
        EVP_PKEY_free(pkey);
-        if (!key) return NULL;
+        if (!key)
+                return NULL;
        *pp = q;
        if (a) {
                RSA_free(*a);
@@ -232,11 +246,13 @@ RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
        return key;
 }
-int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
+int
+i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
 {
        EVP_PKEY *pktmp;
        int ret;
-        if (!a) return 0;
+        if (!a)
+                return 0;
        pktmp = EVP_PKEY_new();
        if (!pktmp) {
                ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
@@ -250,18 +266,20 @@ int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
 #endif
 #ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
+DSA *
-             long length)
+d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
 {
        EVP_PKEY *pkey;
        DSA *key;
        const unsigned char *q;
        q = *pp;
        pkey = d2i_PUBKEY(NULL, &q, length);
-        if (!pkey) return NULL;
+        if (!pkey)
+                return NULL;
        key = EVP_PKEY_get1_DSA(pkey);
        EVP_PKEY_free(pkey);
-        if (!key) return NULL;
+        if (!key)
+                return NULL;
        *pp = q;
        if (a) {
                DSA_free(*a);
@@ -270,13 +288,15 @@ DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
        return key;
 }
-int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
+int
+i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
 {
        EVP_PKEY *pktmp;
        int ret;
-        if(!a) return 0;
+        if (!a)
+                return 0;
        pktmp = EVP_PKEY_new();
-        if(!pktmp) {
+        if (!pktmp) {
                ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
                return 0;
        }
@@ -288,44 +308,49 @@ int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
 #endif
 #ifndef OPENSSL_NO_EC
-EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
+EC_KEY *
+d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
 {
        EVP_PKEY *pkey;
        EC_KEY *key;
        const unsigned char *q;
        q = *pp;
        pkey = d2i_PUBKEY(NULL, &q, length);
-        if (!pkey) return(NULL);
+        if (!pkey)
+                return (NULL);
        key = EVP_PKEY_get1_EC_KEY(pkey);
        EVP_PKEY_free(pkey);
-        if (!key)  return(NULL);
+        if (!key)
+                return (NULL);
        *pp = q;
        if (a) {
                EC_KEY_free(*a);
                *a = key;
        }
-        return(key);
+        return (key);
 }
-int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
+int
+i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
 {
        EVP_PKEY *pktmp;
        int ret;
-        if (!a) return(0);
+        if (!a)
+                return (0);
        if ((pktmp = EVP_PKEY_new()) == NULL) {
                ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
-                return(0);
+                return (0);
        }
        EVP_PKEY_set1_EC_KEY(pktmp, a);
        ret = i2d_PUBKEY(pktmp, pp);
        EVP_PKEY_free(pktmp);
-        return(ret);
+        return (ret);
 }
 #endif
-int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+int
-                                        int ptype, void *pval,
+X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype,
-                                        unsigned char *penc, int penclen)
+    void *pval, unsigned char *penc, int penclen)
 {
        if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
                return 0;
@@ -334,17 +359,16 @@ int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
                        free(pub->public_key->data);
                pub->public_key->data = penc;
                pub->public_key->length = penclen;
-                /* Set number of unused bits to zero */
+                /* Set number of unused bits to zero */
                pub->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-                pub->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+                pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
        }
        return 1;
 }
-int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+int
-                const unsigned char **pk, int *ppklen,
+X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk,
-                X509_ALGOR **pa,
+    int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub)
-                X509_PUBKEY *pub)
 {
        if (ppkalg)
                *ppkalg = pub->algor->algorithm;
diff --git a/src/lib/libssl/src/crypto/asn1/x_req.c b/src/lib/libssl/src/crypto/asn1/x_req.c
index d57555827c..442f56a144 100644
--- a/src/lib/libssl/src/crypto/asn1/x_req.c
+++ b/src/lib/libssl/src/crypto/asn1/x_req.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -66,7 +66,7 @@
 * encode the attributes field if it is empty. This is in
 * violation of PKCS#10 but we need to tolerate it. We do
 * this by making the attributes field OPTIONAL then using
- * the callback to initialise it to an empty STACK. 
+ * the callback to initialise it to an empty STACK.
 *
 * This means that the field will be correctly encoded unless
 * we NULL out the field.
@@ -79,14 +79,15 @@
 *
 */
-static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                                                        void *exarg)
+rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
        X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
-        if(operation == ASN1_OP_NEW_POST) {
+        if (operation == ASN1_OP_NEW_POST) {
                rinf->attributes = sk_X509_ATTRIBUTE_new_null();
-                if(!rinf->attributes) return 0;
+                if (!rinf->attributes)
+                        return 0;
        }
        return 1;
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_sig.c b/src/lib/libssl/src/crypto/asn1/x_sig.c
index 42efa86c1c..5c9aef0365 100644
--- a/src/lib/libssl/src/crypto/asn1/x_sig.c
+++ b/src/lib/libssl/src/crypto/asn1/x_sig.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
diff --git a/src/lib/libssl/src/crypto/asn1/x_spki.c b/src/lib/libssl/src/crypto/asn1/x_spki.c
index 2aece077c5..34fe81443c 100644
--- a/src/lib/libssl/src/crypto/asn1/x_spki.c
+++ b/src/lib/libssl/src/crypto/asn1/x_spki.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
diff --git a/src/lib/libssl/src/crypto/asn1/x_val.c b/src/lib/libssl/src/crypto/asn1/x_val.c
index dc17c67758..6436f0cb55 100644
--- a/src/lib/libssl/src/crypto/asn1/x_val.c
+++ b/src/lib/libssl/src/crypto/asn1/x_val.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
diff --git a/src/lib/libssl/src/crypto/asn1/x_x509.c b/src/lib/libssl/src/crypto/asn1/x_x509.c
index 20448a8e3b..e7d613e20f 100644
--- a/src/lib/libssl/src/crypto/asn1/x_x509.c
+++ b/src/lib/libssl/src/crypto/asn1/x_x509.c
@@ -5,21 +5,21 @@
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
- * 
+ *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
@@ -34,10 +34,10 @@
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
- * 
+ *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
@@ -81,15 +81,15 @@ IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
 extern void policy_cache_free(X509_POLICY_CACHE *cache);
-static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+static int
-                                                                void *exarg)
+x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
        X509 *ret = (X509 *)*pval;
-        switch(operation) {
+        switch (operation) {
        case ASN1_OP_NEW_POST:
-                ret->valid=0;
+                ret->valid = 0;
                ret->name = NULL;
                ret->ex_flags = 0;
                ret->ex_pathlen = -1;
@@ -105,8 +105,9 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                break;
        case ASN1_OP_D2I_POST:
-                if (ret->name != NULL) free(ret->name);
+                if (ret->name != NULL)
-                ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
+                        free(ret->name);
+                ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0);
                break;
        case ASN1_OP_FREE_POST:
@@ -122,14 +123,12 @@ static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
                sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
                ASIdentifiers_free(ret->rfc3779_asid);
 #endif
+                if (ret->name != NULL)
-                if (ret->name != NULL) free(ret->name);
+                        free(ret->name);
                break;
        }
        return 1;
 }
 ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
@@ -141,21 +140,24 @@ ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509)
-int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+int
-             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
 {
        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
-                                new_func, dup_func, free_func);
+            new_func, dup_func, free_func);
 }
-int X509_set_ex_data(X509 *r, int idx, void *arg)
+int
+X509_set_ex_data(X509 *r, int idx, void *arg)
 {
-        return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+        return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
 }
-void *X509_get_ex_data(X509 *r, int idx)
+void *
+X509_get_ex_data(X509 *r, int idx)
 {
-        return(CRYPTO_get_ex_data(&r->ex_data,idx));
+        return (CRYPTO_get_ex_data(&r->ex_data, idx));
 }
 /* X509_AUX ASN1 routines. X509_AUX is the name given to
@@ -166,29 +168,38 @@ void *X509_get_ex_data(X509 *r, int idx)
 *
 */
-X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
+X509 *
+d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
 {
        const unsigned char *q;
        X509 *ret;
        /* Save start position */
        q = *pp;
        ret = d2i_X509(a, pp, length);
        /* If certificate unreadable then forget it */
-        if(!ret) return NULL;
+        if (!ret)
+                return NULL;
        /* update length */
        length -= *pp - q;
-        if(!length) return ret;
+        if (!length)
-        if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
+                return ret;
+        if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
+                goto err;
        return ret;
-        err:
+err:
        X509_free(ret);
        return NULL;
 }
-int i2d_X509_AUX(X509 *a, unsigned char **pp)
+int
+i2d_X509_AUX(X509 *a, unsigned char **pp)
 {
        int length;
        length = i2d_X509(a, pp);
-        if(a) length += i2d_X509_CERT_AUX(a->aux, pp);
+        if (a)
+                length += i2d_X509_CERT_AUX(a->aux, pp);
        return length;
 }
diff --git a/src/lib/libssl/src/crypto/asn1/x_x509a.c b/src/lib/libssl/src/crypto/asn1/x_x509a.c
index 287d780830..69ea725709 100644
--- a/src/lib/libssl/src/crypto/asn1/x_x509a.c
+++ b/src/lib/libssl/src/crypto/asn1/x_x509a.c
@@ -10,7 +10,7 @@
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
@@ -66,7 +66,7 @@
 * user modifiable data about a certificate. This data is
 * appended to the X509 encoding when the *_X509_AUX routines
 * are used. This means that the "traditional" X509 routines
- * will simply ignore the extra data. 
+ * will simply ignore the extra data.
 */
 static X509_CERT_AUX *aux_get(X509 *x);
@@ -81,14 +81,18 @@ ASN1_SEQUENCE(X509_CERT_AUX) = {
 IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
-static X509_CERT_AUX *aux_get(X509 *x)
+static X509_CERT_AUX *
+aux_get(X509 *x)
 {
-        if(!x) return NULL;
+        if (!x)
-        if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL;
+                return NULL;
+        if (!x->aux && !(x->aux = X509_CERT_AUX_new()))
+                return NULL;
        return x->aux;
 }
-int X509_alias_set1(X509 *x, unsigned char *name, int len)
+int
+X509_alias_set1(X509 *x, unsigned char *name, int len)
 {
        X509_CERT_AUX *aux;
        if (!name) {
@@ -98,12 +102,15 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len)
                x->aux->alias = NULL;
                return 1;
        }
-        if(!(aux = aux_get(x))) return 0;
+        if (!(aux = aux_get(x)))
-        if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;
+                return 0;
+        if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new()))
+                return 0;
        return ASN1_STRING_set(aux->alias, name, len);
 }
-int X509_keyid_set1(X509 *x, unsigned char *id, int len)
+int
+X509_keyid_set1(X509 *x, unsigned char *id, int len)
 {
        X509_CERT_AUX *aux;
        if (!id) {
@@ -113,58 +120,74 @@ int X509_keyid_set1(X509 *x, unsigned char *id, int len)
                x->aux->keyid = NULL;
                return 1;
        }
-        if(!(aux = aux_get(x))) return 0;
+        if (!(aux = aux_get(x)))
-        if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
+                return 0;
+        if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new()))
+                return 0;
        return ASN1_STRING_set(aux->keyid, id, len);
 }
-unsigned char *X509_alias_get0(X509 *x, int *len)
+unsigned char *
+X509_alias_get0(X509 *x, int *len)
 {
-        if(!x->aux || !x->aux->alias) return NULL;
+        if (!x->aux || !x->aux->alias)
-        if(len) *len = x->aux->alias->length;
+                return NULL;
+        if (len)
+                *len = x->aux->alias->length;
        return x->aux->alias->data;
 }
-unsigned char *X509_keyid_get0(X509 *x, int *len)
+unsigned char *
+X509_keyid_get0(X509 *x, int *len)
 {
-        if(!x->aux || !x->aux->keyid) return NULL;
+        if (!x->aux || !x->aux->keyid)
-        if(len) *len = x->aux->keyid->length;
+                return NULL;
+        if (len)
+                *len = x->aux->keyid->length;
        return x->aux->keyid->data;
 }
-int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
+int
+X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
 {
        X509_CERT_AUX *aux;
        ASN1_OBJECT *objtmp;
-        if(!(objtmp = OBJ_dup(obj))) return 0;
+        if (!(objtmp = OBJ_dup(obj)))
-        if(!(aux = aux_get(x))) return 0;
+                return 0;
-        if(!aux->trust
+        if (!(aux = aux_get(x)))
-                && !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
+                return 0;
+        if (!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null()))
+                return 0;
        return sk_ASN1_OBJECT_push(aux->trust, objtmp);
 }
-int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
+int
+X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
 {
        X509_CERT_AUX *aux;
        ASN1_OBJECT *objtmp;
-        if(!(objtmp = OBJ_dup(obj))) return 0;
+        if (!(objtmp = OBJ_dup(obj)))
-        if(!(aux = aux_get(x))) return 0;
+                return 0;
-        if(!aux->reject
+        if (!(aux = aux_get(x)))
-                && !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0;
+                return 0;
+        if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null()))
+                return 0;
        return sk_ASN1_OBJECT_push(aux->reject, objtmp);
 }
-void X509_trust_clear(X509 *x)
+void
+X509_trust_clear(X509 *x)
 {
-        if(x->aux && x->aux->trust) {
+        if (x->aux && x->aux->trust) {
                sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
                x->aux->trust = NULL;
        }
 }
-void X509_reject_clear(X509 *x)
+void
+X509_reject_clear(X509 *x)
 {
-        if(x->aux && x->aux->reject) {
+        if (x->aux && x->aux->reject) {
                sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
                x->aux->reject = NULL;
        }